DESERIALIZER: Rethink password handling

The OSSL_DESERIALIZER API makes the incorrect assumption that the
caller must cipher and other pass phrase related parameters to the
individual desserializer implementations, when the reality is that
they only need a passphrase callback, and will be able to figure out
the rest themselves from the input they get.

We simplify it further by never passing any explicit passphrase to the
provider implementation, and simply have them call the passphrase
callback unconditionally when they need, leaving it to libcrypto code
to juggle explicit passphrases, cached passphrases and actual
passphrase callback calls.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12544)

1 files changed, 1 insertions, 2 deletions

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1a59d81624..11f230ae1c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5163,9 +5163,8 @@ OSSL_DESERIALIZER_settable_ctx_params   ?	3_0_0	EXIST::FUNCTION:
 OSSL_DESERIALIZER_CTX_new               ?	3_0_0	EXIST::FUNCTION:
 OSSL_DESERIALIZER_CTX_set_params        ?	3_0_0	EXIST::FUNCTION:
 OSSL_DESERIALIZER_CTX_free              ?	3_0_0	EXIST::FUNCTION:
-OSSL_DESERIALIZER_CTX_set_cipher        ?	3_0_0	EXIST::FUNCTION:
 OSSL_DESERIALIZER_CTX_set_passphrase    ?	3_0_0	EXIST::FUNCTION:
-OSSL_DESERIALIZER_CTX_set_passphrase_cb ?	3_0_0	EXIST::FUNCTION:
+OSSL_DESERIALIZER_CTX_set_pem_password_cb ?	3_0_0	EXIST::FUNCTION:
 OSSL_DESERIALIZER_CTX_set_passphrase_ui ?	3_0_0	EXIST::FUNCTION:
 OSSL_DESERIALIZER_from_bio              ?	3_0_0	EXIST::FUNCTION:
 OSSL_DESERIALIZER_from_fp               ?	3_0_0	EXIST::FUNCTION:STDIO