diff --git a/src/node_crypto.cc b/src/node_crypto.cc index c2e5b5120e1c77..d7f3cfc80e0904 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -204,7 +204,9 @@ static void crypto_lock_cb(int mode, int n, const char* file, int line) { } -static int CryptoPemCallback(char *buf, int size, int rwflag, void *u) { +// This callback is used by OpenSSL when it needs to query for the passphrase +// which may be used for encrypted PEM structures. +static int PasswordCallback(char *buf, int size, int rwflag, void *u) { if (u) { size_t buflen = static_cast(size); size_t len = strlen(static_cast(u)); @@ -460,7 +462,7 @@ void SecureContext::SetKey(const FunctionCallbackInfo& args) { EVP_PKEY* key = PEM_read_bio_PrivateKey(bio, nullptr, - CryptoPemCallback, + PasswordCallback, len == 1 ? nullptr : *passphrase); if (!key) { @@ -586,7 +588,7 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx, // that we are interested in ERR_clear_error(); - x = PEM_read_bio_X509_AUX(in, nullptr, CryptoPemCallback, nullptr); + x = PEM_read_bio_X509_AUX(in, nullptr, PasswordCallback, nullptr); if (x == nullptr) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); @@ -604,7 +606,7 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx, goto done; } - while ((extra = PEM_read_bio_X509(in, nullptr, CryptoPemCallback, nullptr))) { + while ((extra = PEM_read_bio_X509(in, nullptr, PasswordCallback, nullptr))) { if (sk_X509_push(extra_certs, extra)) continue; @@ -700,7 +702,7 @@ static X509_STORE* NewRootCertStore() { if (root_certs_vector.empty()) { for (size_t i = 0; i < arraysize(root_certs); i++) { BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i])); - X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); + X509 *x509 = PEM_read_bio_X509(bp, nullptr, PasswordCallback, nullptr); BIO_free(bp); // Parse errors from the built-in roots are fatal. @@ -743,7 +745,7 @@ void SecureContext::AddCACert(const FunctionCallbackInfo& args) { X509_STORE* cert_store = SSL_CTX_get_cert_store(sc->ctx_); while (X509* x509 = - PEM_read_bio_X509(bio, nullptr, CryptoPemCallback, nullptr)) { + PEM_read_bio_X509(bio, nullptr, PasswordCallback, nullptr)) { if (cert_store == root_cert_store) { cert_store = NewRootCertStore(); SSL_CTX_set_cert_store(sc->ctx_, cert_store); @@ -775,7 +777,7 @@ void SecureContext::AddCRL(const FunctionCallbackInfo& args) { return; X509_CRL* crl = - PEM_read_bio_X509_CRL(bio, nullptr, CryptoPemCallback, nullptr); + PEM_read_bio_X509_CRL(bio, nullptr, PasswordCallback, nullptr); if (crl == nullptr) { BIO_free_all(bio); @@ -814,7 +816,7 @@ static unsigned long AddCertsFromFile( // NOLINT(runtime/int) } while (X509* x509 = - PEM_read_bio_X509(bio, nullptr, CryptoPemCallback, nullptr)) { + PEM_read_bio_X509(bio, nullptr, PasswordCallback, nullptr)) { X509_STORE_add_cert(store, x509); X509_free(x509); } @@ -4080,7 +4082,7 @@ SignBase::Error Sign::SignFinal(const char* key_pem, pkey = PEM_read_bio_PrivateKey(bp, nullptr, - CryptoPemCallback, + PasswordCallback, const_cast(passphrase)); // Errors might be injected into OpenSSL's error stack @@ -4293,12 +4295,12 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem, // Split this out into a separate function once we have more than one // consumer of public keys. if (strncmp(key_pem, PUBLIC_KEY_PFX, PUBLIC_KEY_PFX_LEN) == 0) { - pkey = PEM_read_bio_PUBKEY(bp, nullptr, CryptoPemCallback, nullptr); + pkey = PEM_read_bio_PUBKEY(bp, nullptr, PasswordCallback, nullptr); if (pkey == nullptr) goto exit; } else if (strncmp(key_pem, PUBRSA_KEY_PFX, PUBRSA_KEY_PFX_LEN) == 0) { RSA* rsa = - PEM_read_bio_RSAPublicKey(bp, nullptr, CryptoPemCallback, nullptr); + PEM_read_bio_RSAPublicKey(bp, nullptr, PasswordCallback, nullptr); if (rsa) { pkey = EVP_PKEY_new(); if (pkey) @@ -4309,7 +4311,7 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem, goto exit; } else { // X.509 fallback - x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); + x509 = PEM_read_bio_X509(bp, nullptr, PasswordCallback, nullptr); if (x509 == nullptr) goto exit; @@ -4427,7 +4429,7 @@ bool PublicKeyCipher::Cipher(const char* key_pem, goto exit; } else if (operation == kPublic && strncmp(key_pem, CERTIFICATE_PFX, CERTIFICATE_PFX_LEN) == 0) { - x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); + x509 = PEM_read_bio_X509(bp, nullptr, PasswordCallback, nullptr); if (x509 == nullptr) goto exit; @@ -4437,7 +4439,7 @@ bool PublicKeyCipher::Cipher(const char* key_pem, } else { pkey = PEM_read_bio_PrivateKey(bp, nullptr, - CryptoPemCallback, + PasswordCallback, const_cast(passphrase)); if (pkey == nullptr) goto exit;