Commit 04858a4e authored by Richard Levitte's avatar Richard Levitte
Browse files

PEM_def_callback(): don't loop because of too short password given 



That error is already caught by EVP_read_pw_string_min, and causes
this function to return -1, so the code detecting too short passwords
in this function is practically dead.

Fixes #5465

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6080)

(cherry picked from commit 4977b4e9)
parent 00937429

crypto/pem/pem_lib.c

+12 −25
Original line number Diff line number Diff line
@@ -30,12 +30,8 @@ int pem_check_suffix(const char *pem_str, const char *suffix); 


int PEM_def_callback(char *buf, int num, int w, void *key)

{

#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)

    int i;

#else

    int i, j;

    int i, min_len;

    const char *prompt;

#endif



    if (key) {

        i = strlen(key);
@@ -52,12 +48,11 @@ int PEM_def_callback(char *buf, int num, int w, void *key) 
    if (prompt == NULL)

        prompt = "Enter PEM pass phrase:";



    for (;;) {

    /*

     * We assume that w == 0 means decryption,

     * while w == 1 means encryption

     */

        int min_len = w ? MIN_LENGTH : 0;

    min_len = w ? MIN_LENGTH : 0;



    i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);

    if (i != 0) {
@@ -65,15 +60,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) 
        memset(buf, 0, (unsigned int)num);

        return -1;

    }

        j = strlen(buf);

        if (min_len && j < min_len) {

            fprintf(stderr,

                    "phrase is too short, needs to be at least %d chars\n",

                    min_len);

        } else

            break;

    }

    return j;

    return strlen(buf);

#endif

}