diff options
author | Richard Levitte <levitte@openssl.org> | 2018-05-04 14:19:44 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2018-05-12 10:25:18 +0200 |
commit | 18026c0215e942f0ad33a6012cb8cad2f51f841b (patch) | |
tree | 3a4597638568099d94a293bf4ebe5179d5120594 | |
parent | 0602a140aa22c7b695fcef4f5ae614dd612c3b7d (diff) |
In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length
Fixes #4716
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6173)
(cherry picked from commit c82c3462267afdbbaa53e11da0508ce4e03c02b3)
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 2 | ||||
-rw-r--r-- | crypto/pem/pem_pk8.c | 2 | ||||
-rw-r--r-- | crypto/pem/pem_pkey.c | 2 | ||||
-rw-r--r-- | crypto/pem/pvkfmt.c | 2 |
5 files changed, 8 insertions, 4 deletions
@@ -9,6 +9,10 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + *) Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 119cb4a6fd..eb59050659 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -447,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else klen = callback(buf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return (0); } diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index daf210fde0..ae18d26043 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index e8b3a1b92c..a189cd274c 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 1ce5a1e319..659b463941 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } |