git.openssl.org Git - openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Mon, 27 Jul 2020 16:39:58 +0000 (18:39 +0200)
committer	Pauli <paul.dale@oracle.com>
	Sat, 1 Aug 2020 01:51:18 +0000 (11:51 +1000)
commit	4701f0a9a0ff08b354142c9f3b4797ff225d7c84
tree	2fa4c9cc64badbf7499b41e9f333dcc95c1a53a5	tree \| snapshot
parent	a6495479adfb8dc0b500030d4eeb007d9af4572a	commit \| diff

DESERIALIZER: Rethink password handling

The OSSL_DESERIALIZER API makes the incorrect assumption that the
caller must cipher and other pass phrase related parameters to the
individual desserializer implementations, when the reality is that
they only need a passphrase callback, and will be able to figure out
the rest themselves from the input they get.

We simplify it further by never passing any explicit passphrase to the
provider implementation, and simply have them call the passphrase
callback unconditionally when they need, leaving it to libcrypto code
to juggle explicit passphrases, cached passphrases and actual
passphrase callback calls.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12544)

crypto/serializer/deserializer_lib.c		diff \| blob \| history
crypto/serializer/deserializer_meth.c		diff \| blob \| history
crypto/serializer/deserializer_pkey.c		diff \| blob \| history
crypto/serializer/serdes_pass.c		diff \| blob \| history
crypto/serializer/serializer_local.h		diff \| blob \| history
doc/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.pod		diff \| blob \| history
include/openssl/deserializer.h		diff \| blob \| history
providers/implementations/serializers/deserialize_common.c		diff \| blob \| history
providers/implementations/serializers/deserialize_der2rsa.c		diff \| blob \| history
providers/implementations/serializers/deserialize_pem2der.c		diff \| blob \| history
providers/implementations/serializers/serializer_local.h		diff \| blob \| history
test/serdes_test.c		diff \| blob \| history
util/libcrypto.num		diff \| blob \| history