Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()

Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)

diff --git a/CHANGES.md b/CHANGES.md
index c4922be0321a454c7003d1bc96c6d08346c1f676..a542e253749a107a1fb799a475721b49a3230d46 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,8 +24,8 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
- * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty
-   passphrase strings.
+ * Fixed PEM_write_bio_PKCS8PrivateKey() and PEM_write_bio_PKCS8PrivateKey_nid()
+   to make it possible to use empty passphrase strings.
 
    *Darshan Sen*
 

diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 4742f02fef22c6f354ad9828166ac51022396f39..60ff09354b8003e66117af729da589b92a20cb94 100644 (file)
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
         if (enc || (nid != -1)) {
             if (kstr == NULL) {
                 klen = cb(buf, PEM_BUFSIZE, 1, u);
-                if (klen <= 0) {
+                if (klen < 0) {
                     ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY);
                     goto legacy_end;
                 }

diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index b4b53f67fc067538a380841b42b4a75449160dfe..b4a77f8500fc1cf010c2bc086965d2b3b3544c40 100644 (file)
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -165,6 +165,20 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
                                                      EVP_aes_256_cbc(),
                                                      NULL, 0, pass_cb_error,
                                                      NULL))
+#ifndef OPENSSL_NO_DES
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+            (const char *)~0, 0, NULL, NULL))
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            NULL, ""))
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            pass_cb, NULL))
+        || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            pass_cb_error, NULL))
+#endif
         /* Private key in text form */
         || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
         || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))