[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Thu Dec 8 12:33:02 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via e8a93291cac9a5ebf60f83d5f3cca2b757c32327 (commit)
via b1bbee13d9f4e55a8f5592c417dd336012cbeebe (commit)
from aff927e84c3bce5b7ebc2cc72f99a571ea89c2b1 (commit)
- Log -----------------------------------------------------------------
commit e8a93291cac9a5ebf60f83d5f3cca2b757c32327
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Dec 8 01:27:31 2016 +0100
Make sure that password_callback exercises UI
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
(cherry picked from commit 57c0f378b8fdbdc55dba783e9b744b8ed2132819)
commit b1bbee13d9f4e55a8f5592c417dd336012cbeebe
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Dec 7 22:44:47 2016 +0100
Add a test for the UI API
The best way to test the UI interface is currently by using an openssl
command that uses password_callback. The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
(cherry picked from commit 17ac8eaf611b588cca251ba63b187e7d9c7edb83)
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 28 +++++++++++-----------------
test/recipes/03-test_ui.t | 30 ++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 17 deletions(-)
create mode 100644 test/recipes/03-test_ui.t
diff --git a/apps/apps.c b/apps/apps.c
index cc557e5..cbf4e90 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -244,36 +244,27 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
int res = 0;
#ifndef OPENSSL_NO_UI
UI *ui = NULL;
- const char *prompt_info = NULL;
#endif
- const char *password = NULL;
PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
- if (cb_data) {
- if (cb_data->password)
- password = cb_data->password;
-#ifndef OPENSSL_NO_UI
- if (cb_data->prompt_info)
- prompt_info = cb_data->prompt_info;
-#endif
- }
-
- if (password) {
- res = strlen(password);
+#ifdef OPENSSL_NO_UI
+ if (cb_data != NULL && cb_data->password != NULL) {
+ res = strlen(cb_data->password);
if (res > bufsiz)
res = bufsiz;
- memcpy(buf, password, res);
- return res;
+ memcpy(buf, cb_data->password, res);
}
-
-#ifndef OPENSSL_NO_UI
+#else
ui = UI_new_method(ui_method);
if (ui) {
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
+ const char *prompt_info = NULL;
char *prompt;
+ if (cb_data != NULL && cb_data->prompt_info != NULL)
+ prompt_info = cb_data->prompt_info;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
@@ -284,6 +275,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+ /* We know that there is no previous user data to return to us */
+ (void)UI_add_user_data(ui, cb_data);
+
if (ok >= 0)
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
diff --git a/test/recipes/03-test_ui.t b/test/recipes/03-test_ui.t
new file mode 100644
index 0000000..b1065d1
--- /dev/null
+++ b/test/recipes/03-test_ui.t
@@ -0,0 +1,30 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+use OpenSSL::Test;
+
+setup("test_ui");
+
+plan tests => 1;
+
+note <<"EOF";
+The best way to test the UI interface is currently by using an openssl
+command that uses password_callback. The only one that does this is
+'genrsa'.
+Since password_callback uses a UI method derived from UI_OpenSSL(), it
+ensures that one gets tested well enough as well.
+EOF
+
+my $outfile = "rsa_$$.pem";
+ok(run(app(["openssl", "genrsa", "-passout", "pass:password", "-aes128",
+ "-out", $outfile])),
+ "Checking that genrsa with a password works properly");
+
+unlink $outfile;
More information about the openssl-commits
mailing list