STORE: Fix OSSL_STORE_attach() to check |ui_method| before use

ossl_pw_set_ui_method() demands that the passed |ui_method| be non-NULL, and OSSL_STORE_attach() didn't check it beforehand. While we're at it, we remove the passphrase caching that's set at the library level, and trust the implementations to deal with that on their own as needed. Fixes openssl#12830 Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl#12831)
littlepush · Sep 10, 2020 · 9f604ca · 9f604ca
1 parent 5a0991d
commit 9f604ca
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
@@ -135,9 +135,8 @@ OSSL_STORE_open_with_libctx(const char *uri,
         goto err;
     }
 
-    if ((ui_method != NULL
-         && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data))
-        || !ossl_pw_enable_passphrase_caching(&ctx->pwdata)) {
+    if (ui_method != NULL
+        && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
         ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
         goto err;
     }
@@ -421,7 +420,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
         }
     }
 
-    ossl_pw_clear_passphrase_cache(&ctx->pwdata);
     if (v != NULL)
         OSSL_TRACE1(STORE, "Got a %s\n",
                     OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
@@ -968,7 +966,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
         return NULL;
     }
 
-    (void)ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
+    if (ui_method != NULL
+        && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
+        OPENSSL_free(ctx);
+        return NULL;
+    }
     ctx->fetched_loader = fetched_loader;
     ctx->loader = loader;
     ctx->loader_ctx = loader_ctx;