In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length

author Richard Levitte <levitte@openssl.org>

Fri, 4 May 2018 12:19:44 +0000 (14:19 +0200)

committer Richard Levitte <levitte@openssl.org>

Sat, 12 May 2018 08:25:18 +0000 (10:25 +0200)
author Richard Levitte <levitte@openssl.org>
Fri, 4 May 2018 12:19:44 +0000 (14:19 +0200)
committer Richard Levitte <levitte@openssl.org>
Sat, 12 May 2018 08:25:18 +0000 (10:25 +0200)
diff --git a/CHANGES b/CHANGES

index 25b453e60406f9c23dbf3fda1dce1b0c4229934c..f17fbbf8371af19342de2d8957f66d0185b34987 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
  
   Changes between 1.0.2o and 1.0.2p [xx XXX xxxx]
  
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
+
    *) Certificate time validation (X509_cmp_time) enforces stricter
       compliance with RFC 5280. Fractional seconds and timezone offsets
       are no longer allowed.
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c

index 119cb4a6fd159cb86850ba24f267c46720c45642..eb59050659a7a3ea54188fe4459552a441529d6f 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -447,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
          klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
      else
          klen = callback(buf, PEM_BUFSIZE, 0, u);
-    if (klen <= 0) {
+    if (klen < 0) {
          PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
          return (0);
      }
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c

index daf210fde0f946fd80d7cee3d31d02e2f86d3786..ae18d26043efefcf7b6547d935e465ca10bf3f66 100644 (file)
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
          klen = cb(psbuf, PEM_BUFSIZE, 0, u);
      else
          klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-    if (klen <= 0) {
+    if (klen < 0) {
          PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
          X509_SIG_free(p8);
          return NULL;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c

index e8b3a1b92c8d5101d5211518fc1bfb87f6e45fda..a189cd274c3206d99febb41e9de73495ab94b277 100644 (file)
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
              klen = cb(psbuf, PEM_BUFSIZE, 0, u);
          else
              klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-        if (klen <= 0) {
+        if (klen < 0) {
              PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
              X509_SIG_free(p8);
              goto err;
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c

index 1ce5a1e319c56c069980c09c24a42d7ee48c1080..659b463941a3a6d9627bf2c39de9133d1e453603 100644 (file)
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
              inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
          else
              inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-        if (inlen <= 0) {
+        if (inlen < 0) {
              PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
              goto err;
          }
author	Richard Levitte <levitte@openssl.org>
	Fri, 4 May 2018 12:19:44 +0000 (14:19 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Sat, 12 May 2018 08:25:18 +0000 (10:25 +0200)
CHANGES		patch \| blob \| history
crypto/pem/pem_lib.c		patch \| blob \| history
crypto/pem/pem_pk8.c		patch \| blob \| history
crypto/pem/pem_pkey.c		patch \| blob \| history
crypto/pem/pvkfmt.c		patch \| blob \| history