[openssl] master update

Richard Levitte levitte at openssl.org
Thu Sep 10 11:41:29 UTC 2020 

The branch master has been updated
       via  9f604ca13ddc99e17ba37fed9281fbd1b71149a9 (commit)
      from  5a0991d0d94b966e0621b8123873b132877dc9d3 (commit)


- Log -----------------------------------------------------------------
commit 9f604ca13ddc99e17ba37fed9281fbd1b71149a9
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Sep 9 05:29:56 2020 +0200

    STORE: Fix OSSL_STORE_attach() to check |ui_method| before use
    
    ossl_pw_set_ui_method() demands that the passed |ui_method| be
    non-NULL, and OSSL_STORE_attach() didn't check it beforehand.
    
    While we're at it, we remove the passphrase caching that's set at the
    library level, and trust the implementations to deal with that on
    their own as needed.
    
    Fixes #12830
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12831)

-----------------------------------------------------------------------

Summary of changes:
 crypto/store/store_lib.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 89efe691da..61558a9b6e 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -135,9 +135,8 @@ OSSL_STORE_open_with_libctx(const char *uri,
         goto err;
     }
 
-    if ((ui_method != NULL
-         && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data))
-        || !ossl_pw_enable_passphrase_caching(&ctx->pwdata)) {
+    if (ui_method != NULL
+        && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
         ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
         goto err;
     }
@@ -421,7 +420,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
         }
     }
 
-    ossl_pw_clear_passphrase_cache(&ctx->pwdata);
     if (v != NULL)
         OSSL_TRACE1(STORE, "Got a %s\n",
                     OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
@@ -968,7 +966,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
         return NULL;
     }
 
-    (void)ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
+    if (ui_method != NULL
+        && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
+        OPENSSL_free(ctx);
+        return NULL;
+    }
     ctx->fetched_loader = fetched_loader;
     ctx->loader = loader;
     ctx->loader_ctx = loader_ctx;

More information about the openssl-commits mailing list