[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Sat May 12 08:19:56 UTC 2018
The branch master has been updated
via c82c3462267afdbbaa53e11da0508ce4e03c02b3 (commit)
from 34e4a964afacb48414e37a5b205ce9a349259e6b (commit)
- Log -----------------------------------------------------------------
commit c82c3462267afdbbaa53e11da0508ce4e03c02b3
Author: Richard Levitte <levitte at openssl.org>
Date: Fri May 4 14:19:44 2018 +0200
In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length
Fixes #4716
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6173)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 4 ++++
crypto/pem/pem_lib.c | 2 +-
crypto/pem/pem_pk8.c | 2 +-
crypto/pem/pem_pkey.c | 2 +-
crypto/pem/pvkfmt.c | 2 +-
5 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/CHANGES b/CHANGES
index e8b92cc..c67a9c6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
+ *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+ now allow empty (zero character) pass phrases.
+ [Richard Levitte]
+
*) Apply blinding to binary field modular inversion and remove patent
pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation.
[Billy Bob Brumley]
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5000f26..7c82561 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -430,7 +430,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
else
keylen = callback(buf, PEM_BUFSIZE, 0, u);
- if (keylen <= 0) {
+ if (keylen < 0) {
PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
return 0;
}
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index e2c0f3d..ebc7fad 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -124,7 +124,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
- if (klen <= 0) {
+ if (klen < 0) {
PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
return NULL;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 8730a78..aa032d2 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -60,7 +60,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
- if (klen <= 0) {
+ if (klen < 0) {
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 72ae5ab..281c6cd 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -686,7 +686,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
- if (inlen <= 0) {
+ if (inlen < 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
goto err;
}
More information about the openssl-commits
mailing list