diff options
author | Huw Jones <huw@huwcbjones.co.uk> | 2020-10-13 05:14:19 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-12 23:14:19 -0500 |
commit | cdd6696025b997646497b85cc0db6b27db12f92b (patch) | |
tree | fb83ab9cc05fcf99536761981247e9e603e2b819 /src/OpenSSL/crypto.py | |
parent | 83ef2306a1481e0cf7f53899c390497256711e29 (diff) | |
download | pyopenssl-git-cdd6696025b997646497b85cc0db6b27db12f92b.tar.gz |
crypto._PassphraseHelper: pass non-callable passphrase using callback (#947)
* crypto._PassphraseHelper: pass non-callable passphrase using callback
Fixes #945
Before this commit, we would pass a bytes passphrase as a null terminated string.
This causes issue when a randomly generated key's first byte is null because
OpenSSL rightly determines the key length is 0.
This commit modifies the passphrase helper to pass the passphrase via the
callback
* Update changelog to document bug fix
Diffstat (limited to 'src/OpenSSL/crypto.py')
-rw-r--r-- | src/OpenSSL/crypto.py | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index f89a28f..77fb821 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -2788,9 +2788,7 @@ class _PassphraseHelper(object): def callback(self): if self._passphrase is None: return _ffi.NULL - elif isinstance(self._passphrase, bytes): - return _ffi.NULL - elif callable(self._passphrase): + elif isinstance(self._passphrase, bytes) or callable(self._passphrase): return _ffi.callback("pem_password_cb", self._read_passphrase) else: raise TypeError( @@ -2801,9 +2799,7 @@ class _PassphraseHelper(object): def callback_args(self): if self._passphrase is None: return _ffi.NULL - elif isinstance(self._passphrase, bytes): - return self._passphrase - elif callable(self._passphrase): + elif isinstance(self._passphrase, bytes) or callable(self._passphrase): return _ffi.NULL else: raise TypeError( @@ -2823,12 +2819,15 @@ class _PassphraseHelper(object): def _read_passphrase(self, buf, size, rwflag, userdata): try: - if self._more_args: - result = self._passphrase(size, rwflag, userdata) + if callable(self._passphrase): + if self._more_args: + result = self._passphrase(size, rwflag, userdata) + else: + result = self._passphrase(rwflag) else: - result = self._passphrase(rwflag) + result = self._passphrase if not isinstance(result, bytes): - raise ValueError("String expected") + raise ValueError("Bytes expected") if len(result) > size: if self._truncate: result = result[:size] |