Skip to content

Commit 18ffcdd

Browse files
committed
Don't DES-encrypt priv keys without a passphrase
Per https://www.openssl.org/docs/crypto/pem.html, specifying to encrypt a private key with DES *without* providing a passphrase causes OpenSSL to prompt for the passphrase to use on the console -- which is problematic for GUI applications which generally lack a console. This modifies the behavior of RSAKeyImpl::save() so that DES encryption of private keys will not be attempted unless the passphrase argument is non-empty. This will also suppress OpenSSL's prompting for that passphrase on the console. Also added a case to the test suite.
1 parent 50f1f12 commit 18ffcdd

3 files changed

Lines changed: 27 additions & 2 deletions

File tree

Crypto/src/RSAKeyImpl.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -256,7 +256,7 @@ void RSAKeyImpl::save(const std::string& publicKeyFile, const std::string& priva
256256
{
257257
int rc = 0;
258258
if (privateKeyPassphrase.empty())
259-
rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 0, 0, 0, 0);
259+
rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
260260
else
261261
rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(),
262262
reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),
@@ -298,7 +298,7 @@ void RSAKeyImpl::save(std::ostream* pPublicKeyStream, std::ostream* pPrivateKeyS
298298
if (!bio) throw Poco::IOException("Cannot create BIO for writing public key");
299299
int rc = 0;
300300
if (privateKeyPassphrase.empty())
301-
rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 0, 0, 0, 0);
301+
rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
302302
else
303303
rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(),
304304
reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),

Crypto/testsuite/src/RSATest.cpp

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,29 @@ void RSATest::testNewKeys()
108108
}
109109

110110

111+
void RSATest::testNewKeysNoPassphrase()
112+
{
113+
RSAKey key(RSAKey::KL_1024, RSAKey::EXP_SMALL);
114+
std::ostringstream strPub;
115+
std::ostringstream strPriv;
116+
key.save(&strPub, &strPriv);
117+
std::string pubKey = strPub.str();
118+
std::string privKey = strPriv.str();
119+
120+
// now do the round trip
121+
std::istringstream iPub(pubKey);
122+
std::istringstream iPriv(privKey);
123+
RSAKey key2(&iPub, &iPriv);
124+
125+
std::istringstream iPriv2(privKey);
126+
RSAKey key3(0, &iPriv2);
127+
std::ostringstream strPub3;
128+
key3.save(&strPub3);
129+
std::string pubFromPrivate = strPub3.str();
130+
assert (pubFromPrivate == pubKey);
131+
}
132+
133+
111134
void RSATest::testSign()
112135
{
113136
std::string msg("Test this sign message");
@@ -244,6 +267,7 @@ CppUnit::Test* RSATest::suite()
244267
CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("RSATest");
245268

246269
CppUnit_addTest(pSuite, RSATest, testNewKeys);
270+
CppUnit_addTest(pSuite, RSATest, testNewKeysNoPassphrase);
247271
CppUnit_addTest(pSuite, RSATest, testSign);
248272
CppUnit_addTest(pSuite, RSATest, testSignSha256);
249273
CppUnit_addTest(pSuite, RSATest, testSignManipulated);

Crypto/testsuite/src/RSATest.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ class RSATest: public CppUnit::TestCase
2727
~RSATest();
2828

2929
void testNewKeys();
30+
void testNewKeysNoPassphrase();
3031
void testSign();
3132
void testSignSha256();
3233
void testSignManipulated();

0 commit comments

Comments
 (0)