Google Git
Sign in
flutter / third_party / openssl / c82c3462267afdbbaa53e11da0508ce4e03c02b3^! / .
commitc82c3462267afdbbaa53e11da0508ce4e03c02b3[log] [tgz]
authorRichard Levitte <levitte@openssl.org>Fri May 04 14:19:44 2018 +0200
committerRichard Levitte <levitte@openssl.org>Sat May 12 10:19:51 2018 +0200
tree68fe4c26a3262a1bb641e9ac74dd6c43eb68f629
parent34e4a964afacb48414e37a5b205ce9a349259e6b [diff]
In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length

Fixes #4716

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6173)

diff --git a/CHANGES b/CHANGES
index e8b92cc..c67a9c6 100644
--- a/CHANGES
+++ b/CHANGES

@@ -9,6 +9,10 @@
 
  Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
 
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
+
   *) Apply blinding to binary field modular inversion and remove patent
      pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation.
      [Billy Bob Brumley]

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5000f26..7c82561 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c

@@ -430,7 +430,7 @@
         keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
     else
         keylen = callback(buf, PEM_BUFSIZE, 0, u);
-    if (keylen <= 0) {
+    if (keylen < 0) {
         PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
         return 0;
     }

diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index e2c0f3d..ebc7fad 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c

@@ -124,7 +124,7 @@
         klen = cb(psbuf, PEM_BUFSIZE, 0, u);
     else
         klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-    if (klen <= 0) {
+    if (klen < 0) {
         PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
         X509_SIG_free(p8);
         return NULL;

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 8730a78..aa032d2 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c

@@ -60,7 +60,7 @@
             klen = cb(psbuf, PEM_BUFSIZE, 0, u);
         else
             klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-        if (klen <= 0) {
+        if (klen < 0) {
             PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
             X509_SIG_free(p8);
             goto err;

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 72ae5ab..281c6cd 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c

@@ -686,7 +686,7 @@
             inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
         else
             inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-        if (inlen <= 0) {
+        if (inlen < 0) {
             PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
             goto err;
         }