Commit 36d2517a authored by Richard Levitte's avatar Richard Levitte
Browse files

In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 



Fixes #4716

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6173)

(cherry picked from commit c82c3462)
parent f47bf4da

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -9,6 +9,10 @@ 














 Changes between 1.1.0h and 1.1.0i [xx XXX xxxx]



























  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we













     now allow empty (zero character) pass phrases.













     [Richard Levitte]



























  *) Certificate time validation (X509_cmp_time) enforces stricter















     compliance with RFC 5280. Fractional seconds and timezone offsets















     are no longer allowed.

































crypto/pem/pem_lib.c



+1
−1






























Original line number
Diff line number
Diff line








@@ -408,7 +408,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,













        keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);















    else















        keylen = callback(buf, PEM_BUFSIZE, 0, u);













    if (keylen <= 0) {













    if (keylen < 0) {















        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);















        return 0;















    }

































crypto/pem/pem_pk8.c



+1
−1






























Original line number
Diff line number
Diff line








@@ -124,7 +124,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,













        klen = cb(psbuf, PEM_BUFSIZE, 0, u);















    else















        klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);













    if (klen <= 0) {













    if (klen < 0) {















        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);















        X509_SIG_free(p8);















        return NULL;

































crypto/pem/pem_pkey.c



+1
−1






























Original line number
Diff line number
Diff line








@@ -59,7 +59,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,













            klen = cb(psbuf, PEM_BUFSIZE, 0, u);















        else















            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);













        if (klen <= 0) {













        if (klen < 0) {















            PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);















            X509_SIG_free(p8);















            goto err;

































crypto/pem/pvkfmt.c



+1
−1






























Original line number
Diff line number
Diff line








@@ -685,7 +685,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,













            inlen = cb(psbuf, PEM_BUFSIZE, 0, u);















        else















            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);













        if (inlen <= 0) {













        if (inlen < 0) {















            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);















            goto err;















        }