crypto._PassphraseHelper: pass non-callable passphrase using callback (#947)

* crypto._PassphraseHelper: pass non-callable passphrase using callback Fixes #945 Before this commit, we would pass a bytes passphrase as a null terminated string. This causes issue when a randomly generated key's first byte is null because OpenSSL rightly determines the key length is 0. This commit modifies the passphrase helper to pass the passphrase via the callback * Update changelog to document bug fix
author: Huw Jones <huw@huwcbjones.co.uk> 2020-10-13 05:14:19 +0100
committer: GitHub <noreply@github.com> 2020-10-12 23:14:19 -0500
commit: cdd6696025b997646497b85cc0db6b27db12f92b (patch)
tree: fb83ab9cc05fcf99536761981247e9e603e2b819 /src/OpenSSL/crypto.py
parent: 83ef2306a1481e0cf7f53899c390497256711e29 (diff)
download: pyopenssl-cdd6696025b997646497b85cc0db6b27db12f92b.tar.gz
1 files changed, 9 insertions, 10 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index f89a28f..77fb821 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -2788,9 +2788,7 @@ class _PassphraseHelper(object):
     def callback(self):
         if self._passphrase is None:
             return _ffi.NULL
-        elif isinstance(self._passphrase, bytes):
-            return _ffi.NULL
-        elif callable(self._passphrase):
+        elif isinstance(self._passphrase, bytes) or callable(self._passphrase):
             return _ffi.callback("pem_password_cb", self._read_passphrase)
         else:
             raise TypeError(
@@ -2801,9 +2799,7 @@ class _PassphraseHelper(object):
     def callback_args(self):
         if self._passphrase is None:
             return _ffi.NULL
-        elif isinstance(self._passphrase, bytes):
-            return self._passphrase
-        elif callable(self._passphrase):
+        elif isinstance(self._passphrase, bytes) or callable(self._passphrase):
             return _ffi.NULL
         else:
             raise TypeError(
@@ -2823,12 +2819,15 @@ class _PassphraseHelper(object):
 
     def _read_passphrase(self, buf, size, rwflag, userdata):
         try:
-            if self._more_args:
-                result = self._passphrase(size, rwflag, userdata)
+            if callable(self._passphrase):
+                if self._more_args:
+                    result = self._passphrase(size, rwflag, userdata)
+                else:
+                    result = self._passphrase(rwflag)
             else:
-                result = self._passphrase(rwflag)
+                result = self._passphrase
             if not isinstance(result, bytes):
-                raise ValueError("String expected")
+                raise ValueError("Bytes expected")
             if len(result) > size:
                 if self._truncate:
                     result = result[:size]
author	Huw Jones <huw@huwcbjones.co.uk>	2020-10-13 05:14:19 +0100
committer	GitHub <noreply@github.com>	2020-10-12 23:14:19 -0500
commit	cdd6696025b997646497b85cc0db6b27db12f92b (patch)
tree	fb83ab9cc05fcf99536761981247e9e603e2b819 /src/OpenSSL/crypto.py
parent	83ef2306a1481e0cf7f53899c390497256711e29 (diff)
download	pyopenssl-cdd6696025b997646497b85cc0db6b27db12f92b.tar.gz