summaryrefslogtreecommitdiff
path: root/sshkey.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2018-10-11 10:29:29 +1100
committerDamien Miller <djm@mindrot.org>2018-10-11 10:29:29 +1100
commit12731158c75c8760a8bea06350eeb3e763fe1a07 (patch)
treec15f50b311052db4212680b829f40fe0298c0dde /sshkey.c
parentd1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 (diff)
supply callback to PEM_read_bio_PrivateKey
OpenSSL 1.1.0i has changed the behaviour of their PEM APIs, so that empty passphrases are interpreted differently. This probabalistically breaks loading some keys, because the PEM format is terrible and doesn't include a proper MAC. Avoid this by providing a basic callback to avoid passing empty passphrases to OpenSSL in cases where one is required. Based on patch from Jakub Jelen in bz#2913; ok dtucker@
Diffstat (limited to 'sshkey.c')
-rw-r--r--sshkey.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/sshkey.c b/sshkey.c
index e1e882b7..4a656f84 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -3914,6 +3914,20 @@ convert_libcrypto_error(void)
}
static int
+pem_passphrase_cb(char *buf, int size, int rwflag, void *u)
+{
+ char *p = (char *)u;
+ size_t len;
+
+ if (p == NULL || (len = strlen(p)) == 0)
+ return -1;
+ if (size < 0 || len > (size_t)size)
+ return -1;
+ memcpy(buf, p, len);
+ return (int)len;
+}
+
+static int
sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
const char *passphrase, struct sshkey **keyp)
{
@@ -3934,7 +3948,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
}
clear_libcrypto_errors();
- if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
+ if ((pk = PEM_read_bio_PrivateKey(bio, NULL, pem_passphrase_cb,
(char *)passphrase)) == NULL) {
/*
* libcrypto may return various ASN.1 errors when attempting