diff options
| author | Richard Levitte <levitte@openssl.org> | 2018-04-25 13:57:39 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2018-04-26 10:49:49 +0200 |
| commit | 3986986eba6c4e70499a8d24aa8d00e934b16d91 (patch) | |
| tree | 4ba1661ed70a88d0f5ac42db7e6cfa355ceb7e78 /crypto | |
| parent | e77017b39c60ddbb4775e6b0d45a81fe7128caf7 (diff) | |
PEM_def_callback(): don't loop because of too short password given
That error is already caught by EVP_read_pw_string_min, and causes
this function to return -1, so the code detecting too short passwords
in this function is practically dead.
Fixes #5465
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6080)
(cherry picked from commit 4977b4e9281c981efcf6a8b31378b8bbd6a8a96f)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/pem/pem_lib.c | 41 |
1 files changed, 12 insertions, 29 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 4d5f053e46..c6cf63a24e 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -84,14 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix); int PEM_def_callback(char *buf, int num, int w, void *key) { -#ifdef OPENSSL_NO_FP_API - /* - * We should not ever call the default callback routine from windows. - */ - PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (-1); -#else - int i, j; + int i, min_len; const char *prompt; if (key) { i = strlen(key); @@ -104,29 +97,19 @@ int PEM_def_callback(char *buf, int num, int w, void *key) if (prompt == NULL) prompt = "Enter PEM pass phrase:"; - for (;;) { - /* - * We assume that w == 0 means decryption, - * while w == 1 means encryption - */ - int min_len = w ? MIN_LENGTH : 0; + /* + * We assume that w == 0 means decryption, + * while w == 1 means encryption + */ + min_len = w ? MIN_LENGTH : 0; - i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); - if (i != 0) { - PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); - memset(buf, 0, (unsigned int)num); - return (-1); - } - j = strlen(buf); - if (min_len && j < min_len) { - fprintf(stderr, - "phrase is too short, needs to be at least %d chars\n", - min_len); - } else - break; + i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); + if (i != 0) { + PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, (unsigned int)num); + return -1; } - return (j); -#endif + return strlen(buf); } void PEM_proc_type(char *buf, int type) |