[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Thu Dec 8 12:33:02 UTC 2016 

The branch OpenSSL_1_1_0-stable has been updated
       via  e8a93291cac9a5ebf60f83d5f3cca2b757c32327 (commit)
       via  b1bbee13d9f4e55a8f5592c417dd336012cbeebe (commit)
      from  aff927e84c3bce5b7ebc2cc72f99a571ea89c2b1 (commit)


- Log -----------------------------------------------------------------
commit e8a93291cac9a5ebf60f83d5f3cca2b757c32327
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Dec 8 01:27:31 2016 +0100

    Make sure that password_callback exercises UI
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2040)
    (cherry picked from commit 57c0f378b8fdbdc55dba783e9b744b8ed2132819)

commit b1bbee13d9f4e55a8f5592c417dd336012cbeebe
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Dec 7 22:44:47 2016 +0100

    Add a test for the UI API
    
    The best way to test the UI interface is currently by using an openssl
    command that uses password_callback.  The only one that does this is
    'genrsa'.
    Since password_callback uses a UI method derived from UI_OpenSSL(), it
    ensures that one gets tested well enough as well.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2040)
    (cherry picked from commit 17ac8eaf611b588cca251ba63b187e7d9c7edb83)

-----------------------------------------------------------------------

Summary of changes:
 apps/apps.c               | 28 +++++++++++-----------------
 test/recipes/03-test_ui.t | 30 ++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 17 deletions(-)
 create mode 100644 test/recipes/03-test_ui.t

diff --git a/apps/apps.c b/apps/apps.c
index cc557e5..cbf4e90 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -244,36 +244,27 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
     int res = 0;
 #ifndef OPENSSL_NO_UI
     UI *ui = NULL;
-    const char *prompt_info = NULL;
 #endif
-    const char *password = NULL;
     PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
 
-    if (cb_data) {
-        if (cb_data->password)
-            password = cb_data->password;
-#ifndef OPENSSL_NO_UI
-        if (cb_data->prompt_info)
-            prompt_info = cb_data->prompt_info;
-#endif
-    }
-
-    if (password) {
-        res = strlen(password);
+#ifdef OPENSSL_NO_UI
+    if (cb_data != NULL && cb_data->password != NULL) {
+        res = strlen(cb_data->password);
         if (res > bufsiz)
             res = bufsiz;
-        memcpy(buf, password, res);
-        return res;
+        memcpy(buf, cb_data->password, res);
     }
-
-#ifndef OPENSSL_NO_UI
+#else
     ui = UI_new_method(ui_method);
     if (ui) {
         int ok = 0;
         char *buff = NULL;
         int ui_flags = 0;
+        const char *prompt_info = NULL;
         char *prompt;
 
+        if (cb_data != NULL && cb_data->prompt_info != NULL)
+            prompt_info = cb_data->prompt_info;
         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
         if (!prompt) {
             BIO_printf(bio_err, "Out of memory\n");
@@ -284,6 +275,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
         UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
 
+        /* We know that there is no previous user data to return to us */
+        (void)UI_add_user_data(ui, cb_data);
+
         if (ok >= 0)
             ok = UI_add_input_string(ui, prompt, ui_flags, buf,
                                      PW_MIN_LENGTH, bufsiz - 1);
diff --git a/test/recipes/03-test_ui.t b/test/recipes/03-test_ui.t
new file mode 100644
index 0000000..b1065d1
--- /dev/null
+++ b/test/recipes/03-test_ui.t
@@ -0,0 +1,30 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+use OpenSSL::Test;
+
+setup("test_ui");
+
+plan tests => 1;
+
+note <<"EOF";
+The best way to test the UI interface is currently by using an openssl
+command that uses password_callback.  The only one that does this is
+'genrsa'.
+Since password_callback uses a UI method derived from UI_OpenSSL(), it
+ensures that one gets tested well enough as well.
+EOF
+
+my $outfile = "rsa_$$.pem";
+ok(run(app(["openssl", "genrsa", "-passout", "pass:password", "-aes128",
+            "-out", $outfile])),
+   "Checking that genrsa with a password works properly");
+
+unlink $outfile;

More information about the openssl-commits mailing list