From c82c3462267afdbbaa53e11da0508ce4e03c02b3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 May 2018 14:19:44 +0200 Subject: [PATCH] In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length Fixes #4716 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6173) --- CHANGES | 4 ++++ crypto/pem/pem_lib.c | 2 +- crypto/pem/pem_pk8.c | 2 +- crypto/pem/pem_pkey.c | 2 +- crypto/pem/pvkfmt.c | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index e8b92ccc02..c67a9c61ec 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + *) Apply blinding to binary field modular inversion and remove patent pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation. [Billy Bob Brumley] diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 5000f268b9..7c82561ba4 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -430,7 +430,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else keylen = callback(buf, PEM_BUFSIZE, 0, u); - if (keylen <= 0) { + if (keylen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return 0; } diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index e2c0f3de1d..ebc7fadc57 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -124,7 +124,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 8730a78913..aa032d2b1c 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -60,7 +60,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 72ae5ab257..281c6cd95a 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -686,7 +686,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } -- 2.25.1