Commit 18026c02 authored by Richard Levitte's avatar Richard Levitte
Browse files

In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 



Fixes #4716

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6173)

(cherry picked from commit c82c3462)
parent 0602a140

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -9,6 +9,10 @@ 


 Changes between 1.0.2o and 1.0.2p [xx XXX xxxx]



  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we

     now allow empty (zero character) pass phrases.

     [Richard Levitte]



  *) Certificate time validation (X509_cmp_time) enforces stricter

     compliance with RFC 5280. Fractional seconds and timezone offsets

     are no longer allowed.

crypto/pem/pem_lib.c

+1 −1
Original line number Diff line number Diff line
@@ -447,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, 
        klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);

    else

        klen = callback(buf, PEM_BUFSIZE, 0, u);

    if (klen <= 0) {

    if (klen < 0) {

        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);

        return (0);

    }

crypto/pem/pem_pk8.c

+1 −1
Original line number Diff line number Diff line
@@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, 
        klen = cb(psbuf, PEM_BUFSIZE, 0, u);

    else

        klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);

    if (klen <= 0) {

    if (klen < 0) {

        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);

        X509_SIG_free(p8);

        return NULL;

crypto/pem/pem_pkey.c

+1 −1
Original line number Diff line number Diff line
@@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, 
            klen = cb(psbuf, PEM_BUFSIZE, 0, u);

        else

            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);

        if (klen <= 0) {

        if (klen < 0) {

            PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);

            X509_SIG_free(p8);

            goto err;

crypto/pem/pvkfmt.c

+1 −1
Original line number Diff line number Diff line
@@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, 
            inlen = cb(psbuf, PEM_BUFSIZE, 0, u);

        else

            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);

        if (inlen <= 0) {

        if (inlen < 0) {

            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);

            goto err;

        }