From: Richard Levitte Date: Wed, 9 Sep 2020 03:29:56 +0000 (+0200) Subject: STORE: Fix OSSL_STORE_attach() to check |ui_method| before use X-Git-Tag: openssl-3.0.0-alpha7~322 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9f604ca13ddc99e17ba37fed9281fbd1b71149a9;p=thirdparty%2Fopenssl.git STORE: Fix OSSL_STORE_attach() to check |ui_method| before use ossl_pw_set_ui_method() demands that the passed |ui_method| be non-NULL, and OSSL_STORE_attach() didn't check it beforehand. While we're at it, we remove the passphrase caching that's set at the library level, and trust the implementations to deal with that on their own as needed. Fixes #12830 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12831) --- diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 89efe691da0..61558a9b6ef 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -135,9 +135,8 @@ OSSL_STORE_open_with_libctx(const char *uri, goto err; } - if ((ui_method != NULL - && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) - || !ossl_pw_enable_passphrase_caching(&ctx->pwdata)) { + if (ui_method != NULL + && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB); goto err; } @@ -421,7 +420,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) } } - ossl_pw_clear_passphrase_cache(&ctx->pwdata); if (v != NULL) OSSL_TRACE1(STORE, "Got a %s\n", OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v))); @@ -968,7 +966,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, return NULL; } - (void)ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data); + if (ui_method != NULL + && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) { + OPENSSL_free(ctx); + return NULL; + } ctx->fetched_loader = fetched_loader; ctx->loader = loader; ctx->loader_ctx = loader_ctx;