From 6eb6424a12dfa672afa8c2602a067699e09c0db9 Mon Sep 17 00:00:00 2001 From: Markus Goetz Date: Wed, 10 Mar 2010 13:37:04 +0100 Subject: QSslKey: Do not make OpenSSL prompt for a password on stdin Task-number: QTBUG-2515 Reviewed-by: Andreas Aardal Hanssen --- src/network/ssl/qsslkey.cpp | 4 +- tests/auto/qsslkey/rsa-with-passphrase.pem | 18 +++++++ tests/auto/qsslkey/rsa-without-passphrase.pem | 15 ++++++ tests/auto/qsslkey/tst_qsslkey.cpp | 72 +++++++++++++++++++++++++++ 4 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 tests/auto/qsslkey/rsa-with-passphrase.pem create mode 100644 tests/auto/qsslkey/rsa-without-passphrase.pem diff --git a/src/network/ssl/qsslkey.cpp b/src/network/ssl/qsslkey.cpp index 41b2384..da39662 100644 --- a/src/network/ssl/qsslkey.cpp +++ b/src/network/ssl/qsslkey.cpp @@ -119,9 +119,7 @@ void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhra if (!bio) return; - void *phrase = passPhrase.isEmpty() - ? (void *)0 - : (void *)passPhrase.constData(); + void *phrase = (void *)passPhrase.constData(); if (algorithm == QSsl::Rsa) { RSA *result = (type == QSsl::PublicKey) diff --git a/tests/auto/qsslkey/rsa-with-passphrase.pem b/tests/auto/qsslkey/rsa-with-passphrase.pem new file mode 100644 index 0000000..cb29bec --- /dev/null +++ b/tests/auto/qsslkey/rsa-with-passphrase.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,36BD1242254C5E1E + +sqt8qlQfkjJiz0djd0WYjhN/IGxA/nU/wVKuf5RWDAghDBrABzJ3dU4Jh1WIsS4+ +f22TBr6fwgjpPxGkt361Z9oxon/QeyBZLFtyUxnFSqZcVMMR3vndtMyYJbVKjRm1 +lvF3BjFWNh6+SZe20cut2GiUJDqhw7RbjaAN6LaCpFqwusY6vbjW6vzB8ezDvLou +5jQAkwArGoI0KqUMwBOYukiWdBA0iERavspKGRnB3mGtgv5ziTEFzx58mn1Lv3Qs +LYQqTYgzpFyAMP9SZaRv4m/y5O9foAXnlh0GhmDWBQ2D5flwZqrIAzoJ5BcZKU6/ +HJCh4snw3kheeE8NhrlzypEONedvu4ifUbqN5idMU7S4t40NAmQ/dF0Z4wDen/M/ +iFbt5tTWh6sXK82XzJtAfprH07odtJHK7CMeurCi5BupmnLtPbUrl6hpKItBzu+g +7MB5AyNk548V9Y8+kKBtEG5EgYZrMYX4yqQ+Z8F1hy0UUMXu9cAnO06OTavxLtWJ +ikmwYJNy421Hj+oZVSagCUILQyUfgx6fXWwDRqy/stlX+hpPPjVmd/A2WBm5x/Sf +5CGfUtddZRuAZpChBXV6a/R+nMzDXhkKl4XTkN8hg3yXLY6xy3CR3RIYDlKkn85y +VziP32V6Bc8ucGifsZLNnvj8CFXTZP+8CWun9yLSkcq+wm4cQOLswztEMA8bbPJQ +g7Gp59BC4ofN5bMZ1R1z+l96x+YMY9btkyjE1uEyRT88dHwxnkhC5AKBx2P6sg0C +doe5Dh8Ny5Ic24ibwyvZbAS46tSVdha7ACGnGXV4Z3iqBfN0b0UNmw== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/qsslkey/rsa-without-passphrase.pem b/tests/auto/qsslkey/rsa-without-passphrase.pem new file mode 100644 index 0000000..f7c834b --- /dev/null +++ b/tests/auto/qsslkey/rsa-without-passphrase.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC1mZlLC6g8/vaw8XEOQ59gwQ5WxIvcKCSx7B5SHaeN8zzbENpl +32BtyfrCccHF7j6qwfMZ2RwM5RTlFw/eBF4SSXAgp/P5CgcugSs1dOJUfPveos/5 +h3fmnUcKeQIU4m5EGcQicmR8//WUUfdtHDp/fJ0dRXcY2tTOx89vNPEtgwIDAQAB +AoGBAKqE2f4vqf/sYPPxInmEYclWPgKXd8R4JUy0LBxrIAQYXBJPluOFhmRQ/hdK +/eq/NTTd/UlOJhqtmJsstoeAjlsELl2AejX2n1B9aSffQ0WzdB5gVMNotPGRKRIG +eOq2pp2JOFkGps11LUAqDEMNUb3EV6HiBucoGEOUpdITLrRxAkEA4Ul3o44wMvIb +muwp7/erSvDMWRZ1GjksEmBMAHL6y8avZd9UgrjHeCy8uHXrT0id4Cig8FA+nQA5 +UwTr9y5e9wJBAM5bc8xuAuCg4Si3exssFfxQIxFTmPzhkVubglO9IcLqfXLl3k5S +CxgRb/4pBMKVRCMRXAkaZpjJqTIofjp4ptUCQQC4hySnot932zchPi9bjtGPII1A +q1RfllSy+I1IEOW745HnL3ZZXGCF3p71uCB1YFVwNdcc/51Jm9VYWr+sRx8hAkBL +KoTDsk7aA8AAVNVC0Iwxm/8qEIlpk8Ce3cZbOklR9pg7gf+4B6qC2dcxfT9+oWBw +ZaJgrn0wqkQ3QQi5w7kBAkBAR2tKc2OqnljMPnXYEreRyHHjhqCsJYFAE7u16cY/ +NQGJq9jBAD5WANclrYRxKtD6yohi+Y7Vi7+SXve3pGdF +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/qsslkey/tst_qsslkey.cpp b/tests/auto/qsslkey/tst_qsslkey.cpp index d156344..3c8ae11 100644 --- a/tests/auto/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/qsslkey/tst_qsslkey.cpp @@ -99,6 +99,7 @@ private slots: void toEncryptedPemOrDer_data(); void toEncryptedPemOrDer(); + void passphraseChecks(); #endif }; @@ -371,6 +372,77 @@ void tst_QSslKey::toEncryptedPemOrDer() // ### add a test to verify that public keys are _decrypted_ correctly (by the ctor) } +void tst_QSslKey::passphraseChecks() +{ + { + QString fileName(SRCDIR "/rsa-with-passphrase.pem"); + QFile keyFile(fileName); + QVERIFY(keyFile.exists()); + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(key.isNull()); // null passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); + QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); + QVERIFY(!key.isNull()); // correct passphrase + } + } + + { + // be sure and check a key without passphrase too + QString fileName(SRCDIR "/rsa-without-passphrase.pem"); + QFile keyFile(fileName); + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); // null passphrase => should be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); + QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work + } + } +} + #endif QTEST_MAIN(tst_QSslKey) -- cgit v0.12