crypto: simplify missing passphrase detection · nodejs/node@fadcb2d (original) (raw)

`@@ -164,28 +164,8 @@ template int SSLWrap::SelectALPNCallback(

164

`unsigned int inlen,

165

`void* arg);

166

167

class PasswordCallbackInfo {

168

public:

169

explicit PasswordCallbackInfo(const char* passphrase)

170

: passphrase_(passphrase) {}

171

-

172

inline const char* GetPassword() {

173

needs_passphrase_ = true;

174

return passphrase_;

175

}

176

-

177

inline bool CalledButEmpty() {

178

return needs_passphrase_ && passphrase_ == nullptr;

179

}

180

-

181

private:

182

const char* passphrase_;

183

bool needs_passphrase_ = false;

184

};

185

-

186

167

`static int PasswordCallback(char* buf, int size, int rwflag, void* u) {

187

PasswordCallbackInfo* info = static_cast<PasswordCallbackInfo*>(u);

188

const char* passphrase = info->GetPassword();

168

const char* passphrase = static_cast<char*>(u);

189

169

`if (passphrase != nullptr) {

190

170

`size_t buflen = static_cast(size);

191

171

`size_t len = strlen(passphrase);

`@@ -195,7 +175,7 @@ static int PasswordCallback(char* buf, int size, int rwflag, void* u) {

195

175

`return len;

196

176

` }

197

177

198

return 0;

178

return -1;

199

179

200

180

201

181

`// Loads OpenSSL engine by engine id and returns it. The loaded engine

`@@ -730,12 +710,11 @@ void SecureContext::SetKey(const FunctionCallbackInfo& args) {

730

710

731

711

` node::Utf8Value passphrase(env->isolate(), args[1]);

732

712

733

PasswordCallbackInfo cb_info(len == 1 ? nullptr : *passphrase);

734

713

` EVPKeyPointer key(

735

714

`PEM_read_bio_PrivateKey(bio.get(),

736

715

`nullptr,

737

716

` PasswordCallback,

738

&cb_info));

717

*passphrase));

739

718

740

719

`if (!key) {

741

720

`unsigned long err = ERR_get_error(); // NOLINT(runtime/int)

`@@ -3136,7 +3115,8 @@ static ParseKeyResult ParsePrivateKey(EVPKeyPointer* pkey,

3136

3115

`const PrivateKeyEncodingConfig& config,

3137

3116

`const char* key,

3138

3117

`size_t key_len) {

3139

PasswordCallbackInfo pc_info(config.passphrase_.get());

3118

// OpenSSL needs a non-const pointer, that's why the const_cast is required.

3119

char* const passphrase = const_cast<char*>(config.passphrase_.get());

3140

3120

3141

3121

`if (config.format_ == kKeyFormatPEM) {

3142

3122

` BIOPointer bio(BIO_new_mem_buf(key, key_len));

`@@ -3146,7 +3126,7 @@ static ParseKeyResult ParsePrivateKey(EVPKeyPointer* pkey,

3146

3126

` pkey->reset(PEM_read_bio_PrivateKey(bio.get(),

3147

3127

`nullptr,

3148

3128

` PasswordCallback,

3149

&pc_info));

3129

passphrase));

3150

3130

` } else {

3151

3131

`CHECK_EQ(config.format_, kKeyFormatDER);

3152

3132

`@@ -3163,7 +3143,7 @@ static ParseKeyResult ParsePrivateKey(EVPKeyPointer* pkey,

3163

3143

` pkey->reset(d2i_PKCS8PrivateKey_bio(bio.get(),

3164

3144

`nullptr,

3165

3145

` PasswordCallback,

3166

&pc_info));

3146

passphrase));

3167

3147

` } else {

3168

3148

` PKCS8Pointer p8inf(d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), nullptr));

3169

3149

`if (p8inf)

`@@ -3177,13 +3157,17 @@ static ParseKeyResult ParsePrivateKey(EVPKeyPointer* pkey,

3177

3157

` }

3178

3158

3179

3159

`// OpenSSL can fail to parse the key but still return a non-null pointer.

3180

if (ERR_peek_error() != 0)

3160

unsigned long err = ERR_peek_error(); // NOLINT(runtime/int)

3161

if (err != 0)

3181

3162

` pkey->reset();

3182

3163

3183

3164

`if (*pkey)

3184

3165

`return ParseKeyResult::kParseKeyOk;

3185

if (pc_info.CalledButEmpty())

3186

return ParseKeyResult::kParseKeyNeedPassphrase;

3166

if (ERR_GET_LIB(err) == ERR_LIB_PEM &&

3167

ERR_GET_REASON(err) == PEM_R_BAD_PASSWORD_READ) {

3168

if (config.passphrase_.get() == nullptr)

3169

return ParseKeyResult::kParseKeyNeedPassphrase;

3170

}

3187

3171

`return ParseKeyResult::kParseKeyFailed;

3188

3172

3189

3173