Don't DES-encrypt priv keys without a passphrase

Per https://www.openssl.org/docs/crypto/pem.html, specifying to encrypt a private key with DES *without* providing a passphrase causes OpenSSL to prompt for the passphrase to use on the console -- which is problematic for GUI applications which generally lack a console. This modifies the behavior of RSAKeyImpl::save() so that DES encryption of private keys will not be attempted unless the passphrase argument is non-empty. This will also suppress OpenSSL's prompting for that passphrase on the console. Also added a case to the test suite.
2025-10-31 10:37:46 +00:00 · 2014-10-13 13:33:22 -06:00
parent 50f1f12cab
commit 18ffcdd7c3
3 changed files with 27 additions and 2 deletions
--- a/Crypto/src/RSAKeyImpl.cpp
+++ b/Crypto/src/RSAKeyImpl.cpp
@@ -256,7 +256,7 @@ void RSAKeyImpl::save(const std::string& publicKeyFile, const std::string& priva
 			{
 				int rc = 0;
 				if (privateKeyPassphrase.empty())
-					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 0, 0, 0, 0);
+					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
 				else
 					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 
 						reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())), 
@@ -298,7 +298,7 @@ void RSAKeyImpl::save(std::ostream* pPublicKeyStream, std::ostream* pPrivateKeyS
 		if (!bio) throw Poco::IOException("Cannot create BIO for writing public key");
 		int rc = 0;
 		if (privateKeyPassphrase.empty())
-			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 0, 0, 0, 0);
+			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
 		else
 			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 
 				reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),