Commit 3986986e authored by Richard Levitte's avatar Richard Levitte
Browse files

PEM_def_callback(): don't loop because of too short password given 



That error is already caught by EVP_read_pw_string_min, and causes
this function to return -1, so the code detecting too short passwords
in this function is practically dead.

Fixes #5465

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6080)

(cherry picked from commit 4977b4e9)
parent e77017b3

crypto/pem/pem_lib.c

+12 −29
Original line number Diff line number Diff line
@@ -84,14 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix); 


int PEM_def_callback(char *buf, int num, int w, void *key)

{

#ifdef OPENSSL_NO_FP_API

    /*

     * We should not ever call the default callback routine from windows.

     */

    PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

    return (-1);

#else

    int i, j;

    int i, min_len;

    const char *prompt;

    if (key) {

        i = strlen(key);
@@ -104,29 +97,19 @@ int PEM_def_callback(char *buf, int num, int w, void *key) 
    if (prompt == NULL)

        prompt = "Enter PEM pass phrase:";



    for (;;) {

    /*

     * We assume that w == 0 means decryption,

     * while w == 1 means encryption

     */

        int min_len = w ? MIN_LENGTH : 0;

    min_len = w ? MIN_LENGTH : 0;



    i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);

    if (i != 0) {

        PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);

        memset(buf, 0, (unsigned int)num);

            return (-1);

        return -1;

    }

        j = strlen(buf);

        if (min_len && j < min_len) {

            fprintf(stderr,

                    "phrase is too short, needs to be at least %d chars\n",

                    min_len);

        } else

            break;

    }

    return (j);

#endif

    return strlen(buf);

}



void PEM_proc_type(char *buf, int type)