[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Richard Levitte levitte at openssl.org
Sat May 12 08:25:38 UTC 2018


The branch OpenSSL_1_0_2-stable has been updated
       via  18026c0215e942f0ad33a6012cb8cad2f51f841b (commit)
      from  0602a140aa22c7b695fcef4f5ae614dd612c3b7d (commit)


- Log -----------------------------------------------------------------
commit 18026c0215e942f0ad33a6012cb8cad2f51f841b
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 4 14:19:44 2018 +0200

    In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length
    
    Fixes #4716
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6173)
    
    (cherry picked from commit c82c3462267afdbbaa53e11da0508ce4e03c02b3)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES               | 4 ++++
 crypto/pem/pem_lib.c  | 2 +-
 crypto/pem/pem_pk8.c  | 2 +-
 crypto/pem/pem_pkey.c | 2 +-
 crypto/pem/pvkfmt.c   | 2 +-
 5 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 25b453e..f17fbbf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.0.2o and 1.0.2p [xx XXX xxxx]
 
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
+
   *) Certificate time validation (X509_cmp_time) enforces stricter
      compliance with RFC 5280. Fractional seconds and timezone offsets
      are no longer allowed.
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 119cb4a..eb59050 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -447,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
     else
         klen = callback(buf, PEM_BUFSIZE, 0, u);
-    if (klen <= 0) {
+    if (klen < 0) {
         PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
         return (0);
     }
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index daf210f..ae18d26 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
         klen = cb(psbuf, PEM_BUFSIZE, 0, u);
     else
         klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-    if (klen <= 0) {
+    if (klen < 0) {
         PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
         X509_SIG_free(p8);
         return NULL;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index e8b3a1b..a189cd2 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
             klen = cb(psbuf, PEM_BUFSIZE, 0, u);
         else
             klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-        if (klen <= 0) {
+        if (klen < 0) {
             PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
             X509_SIG_free(p8);
             goto err;
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 1ce5a1e..659b463 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
             inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
         else
             inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-        if (inlen <= 0) {
+        if (inlen < 0) {
             PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
             goto err;
         }


More information about the openssl-commits mailing list