diff options
author | Richard Levitte <levitte@openssl.org> | 2020-08-02 12:14:19 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-08-24 10:02:25 +0200 |
commit | a517edec0385280e31e2dc2912301501e6b0c4a3 (patch) | |
tree | 78538835d6f1fcc93a7c1a637931bf1f1f23d127 /crypto/encode_decode/encoder_local.h | |
parent | 14c8a3d118e3ec5d0179d45c7f227d29a52f7697 (diff) | |
download | openssl-new-a517edec0385280e31e2dc2912301501e6b0c4a3.tar.gz |
CORE: Generalise internal pass phrase prompter
The pass phrase prompter that's part of OSSL_ENCODER and OSSL_DECODER
is really a passphrase callback bridge between the diverse forms of
prompters that exist within OpenSSL: pem_password_cb, ui_method and
OSSL_PASSPHRASE_CALLBACK.
This can be generalised, to be re-used by other parts of OpenSSL, and
to thereby allow the users to specify whatever form of pass phrase
callback they need, while being able to pass that on to other APIs
that are called internally, in the form that those APIs demand.
Additionally, we throw in the possibility to cache pass phrases during
a "session" (we leave it to each API to define what a "session" is).
This is useful for any API that implements discovery and therefore may
need to get the same password more than once, such as OSSL_DECODER and
OSSL_STORE.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Diffstat (limited to 'crypto/encode_decode/encoder_local.h')
-rw-r--r-- | crypto/encode_decode/encoder_local.h | 44 |
1 files changed, 3 insertions, 41 deletions
diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h index 34931d4e43..749b2688e4 100644 --- a/crypto/encode_decode/encoder_local.h +++ b/crypto/encode_decode/encoder_local.h @@ -13,6 +13,7 @@ #include <openssl/encoder.h> #include <openssl/decoder.h> #include "internal/cryptlib.h" +#include "internal/passphrase.h" #include "internal/refcount.h" struct ossl_serdes_base_st { @@ -64,13 +65,7 @@ struct ossl_encoder_ctx_st { int (*do_output)(OSSL_ENCODER_CTX *ctx, BIO *out); /* For any function that needs a passphrase reader */ - const UI_METHOD *ui_method; - void *ui_data; - /* - * if caller used OSSL_ENCODER_CTX_set_passphrase_cb(), we need - * intermediary storage. - */ - UI_METHOD *allocated_ui_method; + struct ossl_passphrase_data_st pwdata; }; struct ossl_decoder_instance_st { @@ -103,38 +98,5 @@ struct ossl_decoder_ctx_st { void *construct_data; /* For any function that needs a passphrase reader */ - OSSL_PASSPHRASE_CALLBACK *passphrase_cb; - const UI_METHOD *ui_method; - void *ui_data; - /* - * if caller used OSSL_ENCODER_CTX_set_pem_password_cb(), we need - * intermediary storage. - */ - UI_METHOD *allocated_ui_method; - /* - * Because the same input may pass through more than one decoder, - * we cache any passphrase passed to us. The desrializing processor - * must clear this at the end of a run. - */ - unsigned char *cached_passphrase; - size_t cached_passphrase_len; - - /* - * Flag section. Keep these together - */ - - /* - * The passphrase was passed to us by the user. In that case, it - * should only be freed when freeing this context. - */ - unsigned int flag_user_passphrase:1; + struct ossl_passphrase_data_st pwdata; }; - -/* Passphrase callbacks, found in serdes_pass.c */ - -/* - * Encoders typically want to get an outgoing passphrase, while - * decoders typically want to get en incoming passphrase. - */ -OSSL_PASSPHRASE_CALLBACK ossl_encoder_passphrase_out_cb; -OSSL_PASSPHRASE_CALLBACK ossl_decoder_passphrase_in_cb; |