Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to access passphrase within external provider? #16746

Closed
baentsch opened this issue Oct 5, 2021 · 6 comments
Closed

How to access passphrase within external provider? #16746

baentsch opened this issue Oct 5, 2021 · 6 comments
Labels
branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch branch: 3.0 Merge to openssl-3.0 branch triaged: question The issue contains a question

Comments

@baentsch
Copy link
Contributor

baentsch commented Oct 5, 2021

The documentation regarding the proper use of cbarg within a provider when implementing OSSL_FUNC_encoder_encode_fn is very brief; the code itself seems to suggest it is a (stack-based) struct ossl_passphrase_data_st, which seems to be inaccessible to (external) providers. Internal/libcrypto-based providers can (and do) make use of internal APIs to get access to passphrase information. However, this API set is not available to (external) providers, right?

So what mechanism is suggested to be used by external providers to obtain access to the passphrase, e.g., as set for encrypting private keys? Thanks in advance.
@baentsch baentsch added the issue: question The issue was opened to ask a question label Oct 5, 2021
@levitte
Copy link
Member

levitte commented Oct 5, 2021

The cbarg is passed to the password callback (OSSL_PASSPHRASE_CALLBACK). It's entirely up to that passphrase callback to define what cbarg actually is. To anyone else, it's simply a pointer that's passed on.

What are you trying to achieve? I might have an idea or two how to do that.

@levitte
Copy link
Member

levitte commented Oct 5, 2021

If you have an issue for this in your project, please point at it... it might be easier to discuss ideas there.

@baentsch
Copy link
Contributor Author

baentsch commented Oct 5, 2021

If you have an issue for this in your project, please point at it

OK, it's all part of open-quantum-safe/oqs-provider#2 . Will create suitable code pointers there and reference you.

@t8m t8m added branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch branch: 3.0 Merge to openssl-3.0 branch triaged: question The issue contains a question and removed issue: question The issue was opened to ask a question labels Oct 5, 2021
@baentsch baentsch mentioned this issue Oct 5, 2021
Closed
@mattcaswell
Copy link
Member

Is this issue resolved now?

@levitte
Copy link
Member

levitte commented Oct 7, 2021

Yes

@levitte levitte closed this as completed Oct 7, 2021
@baentsch
Copy link
Contributor Author

baentsch commented Oct 8, 2021

For the benefit of anyone looking for information in issues here's the solution in a nutshell: The OSSL_PASSPHRASE_CALLBACK pwcb function needs to be called in the encoder with parameters as documented here to prompt for or retrieve an already set passphrase. Thanks to @levitte for the explanation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch branch: 3.0 Merge to openssl-3.0 branch triaged: question The issue contains a question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@levitte @t8m @mattcaswell @baentsch