diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-23 11:40:13 -0800 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-23 11:41:09 -0800 |
| commit | 21b26f4890ecb5062f687baf47a5b69dcf72a7c2 (patch) | |
| tree | 88c977853f97f661d50b98a3b0262356990dfb80 | |
| parent | 6a986b04d1ee2c3205f7ed8ac3bd0ffa48e9d9c8 (diff) | |
| download | openssl-pkcs11-export-21b26f4890ecb5062f687baf47a5b69dcf72a7c2.tar.gz | |
Fix PIN passing
p11tool may not NULL terminate the pin (as allowed by pkcs11) but
openssl assumes it is, so copy it into a NULL terminated string to
make sure.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | crypto.c | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -162,6 +162,12 @@ int crypto_load_private_key(int sec_num, const unsigned char *pin, int pin_len) UI_METHOD *ui; const char *priv = cache_get_by_secnum(sec_num, "private key", NULL); const char *engine = cache_get_by_secnum(sec_num, "engine", NULL); + char auth[256]; + + /* pkcs11 pins may not be NULL terminated, but openssl expects + * its passwords to be */ + memcpy(auth, pin, pin_len); + auth[pin_len] = '\0'; if (!priv) { fprintf(stderr, "No 'private key' directive in section '%s'\n", @@ -183,7 +189,7 @@ int crypto_load_private_key(int sec_num, const unsigned char *pin, int pin_len) ENGINE_init(e); /* cast discards const which is respected by ui_read */ - pkey = ENGINE_load_private_key(e, priv, ui, (void *)pin); + pkey = ENGINE_load_private_key(e, priv, ui, (void *)auth); ENGINE_finish(e); } else { FILE *file; @@ -197,7 +203,7 @@ int crypto_load_private_key(int sec_num, const unsigned char *pin, int pin_len) priv, strerror(errno)); return -1; } - pkey = PEM_read_PrivateKey(file, NULL, pem_cb, (void *)pin); + pkey = PEM_read_PrivateKey(file, NULL, pem_cb, (void *)auth); } out: if (!pkey) { |