[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Richard Levitte levitte at openssl.org
Thu Apr 26 08:52:50 UTC 2018 

The branch OpenSSL_1_0_2-stable has been updated
       via  165a92dcb1caab4671edad5aea68c8f698f51180 (commit)
       via  3986986eba6c4e70499a8d24aa8d00e934b16d91 (commit)
      from  e77017b39c60ddbb4775e6b0d45a81fe7128caf7 (commit)


- Log -----------------------------------------------------------------
commit 165a92dcb1caab4671edad5aea68c8f698f51180
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Apr 25 22:53:40 2018 +0200

    PEM_def_callback(): use same parameter names as for pem_password_cb
    
    Add a bit more commentary to explain what's going on.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6080)
    
    (cherry picked from commit d6d94d339756332bbabe2a1032ac511ae31b3fdc)

commit 3986986eba6c4e70499a8d24aa8d00e934b16d91
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Apr 25 13:57:39 2018 +0200

    PEM_def_callback(): don't loop because of too short password given
    
    That error is already caught by EVP_read_pw_string_min, and causes
    this function to return -1, so the code detecting too short passwords
    in this function is practically dead.
    
    Fixes #5465
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6080)
    
    (cherry picked from commit 4977b4e9281c981efcf6a8b31378b8bbd6a8a96f)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pem/pem.h     |  3 ++-
 crypto/pem/pem_lib.c | 56 +++++++++++++++++++++-------------------------------
 2 files changed, 24 insertions(+), 35 deletions(-)

diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index aac72fb..9c1d939 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -442,7 +442,8 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
 int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                   unsigned int *siglen, EVP_PKEY *pkey);
 
-int PEM_def_callback(char *buf, int num, int w, void *key);
+/* The default pem_password_cb that's used internally */
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
 void PEM_proc_type(char *buf, int type);
 void PEM_dek_info(char *buf, const char *type, int len, char *str);
 
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 4d5f053..119cb4a 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -82,51 +82,39 @@ static int load_iv(char **fromp, unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
 int pem_check_suffix(const char *pem_str, const char *suffix);
 
-int PEM_def_callback(char *buf, int num, int w, void *key)
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
 {
-#ifdef OPENSSL_NO_FP_API
-    /*
-     * We should not ever call the default callback routine from windows.
-     */
-    PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (-1);
-#else
-    int i, j;
+    int i, min_len;
     const char *prompt;
-    if (key) {
-        i = strlen(key);
+
+    /* We assume that the user passes a default password as userdata */
+    if (userdata) {
+        i = strlen(userdata);
         i = (i > num) ? num : i;
-        memcpy(buf, key, i);
-        return (i);
+        memcpy(buf, userdata, i);
+        return i;
     }
 
     prompt = EVP_get_pw_prompt();
     if (prompt == NULL)
         prompt = "Enter PEM pass phrase:";
 
-    for (;;) {
-        /*
-         * We assume that w == 0 means decryption,
-         * while w == 1 means encryption
-         */
-        int min_len = w ? MIN_LENGTH : 0;
+    /*
+     * rwflag == 0 means decryption
+     * rwflag == 1 means encryption
+     *
+     * We assume that for encryption, we want a minimum length, while for
+     * decryption, we cannot know any minimum length, so we assume zero.
+     */
+    min_len = rwflag ? MIN_LENGTH : 0;
 
-        i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
-        if (i != 0) {
-            PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
-            memset(buf, 0, (unsigned int)num);
-            return (-1);
-        }
-        j = strlen(buf);
-        if (min_len && j < min_len) {
-            fprintf(stderr,
-                    "phrase is too short, needs to be at least %d chars\n",
-                    min_len);
-        } else
-            break;
+    i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag);
+    if (i != 0) {
+        PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+        memset(buf, 0, (unsigned int)num);
+        return -1;
     }
-    return (j);
-#endif
+    return strlen(buf);
 }
 
 void PEM_proc_type(char *buf, int type)

More information about the openssl-commits mailing list