The branch OpenSSL_1_0_2-stable has been updated via 165a92dcb1caab4671edad5aea68c8f698f51180 (commit) via 3986986eba6c4e70499a8d24aa8d00e934b16d91 (commit) from e77017b39c60ddbb4775e6b0d45a81fe7128caf7 (commit)
- Log ----------------------------------------------------------------- commit 165a92dcb1caab4671edad5aea68c8f698f51180 Author: Richard Levitte <levi...@openssl.org> Date: Wed Apr 25 22:53:40 2018 +0200 PEM_def_callback(): use same parameter names as for pem_password_cb Add a bit more commentary to explain what's going on. Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080) (cherry picked from commit d6d94d339756332bbabe2a1032ac511ae31b3fdc) commit 3986986eba6c4e70499a8d24aa8d00e934b16d91 Author: Richard Levitte <levi...@openssl.org> Date: Wed Apr 25 13:57:39 2018 +0200 PEM_def_callback(): don't loop because of too short password given That error is already caught by EVP_read_pw_string_min, and causes this function to return -1, so the code detecting too short passwords in this function is practically dead. Fixes #5465 Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080) (cherry picked from commit 4977b4e9281c981efcf6a8b31378b8bbd6a8a96f) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem.h | 3 ++- crypto/pem/pem_lib.c | 56 +++++++++++++++++++++------------------------------- 2 files changed, 24 insertions(+), 35 deletions(-) diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index aac72fb..9c1d939 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -442,7 +442,8 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); -int PEM_def_callback(char *buf, int num, int w, void *key); +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 4d5f053..119cb4a 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -82,51 +82,39 @@ static int load_iv(char **fromp, unsigned char *to, int num); static int check_pem(const char *nm, const char *name); int pem_check_suffix(const char *pem_str, const char *suffix); -int PEM_def_callback(char *buf, int num, int w, void *key) +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) { -#ifdef OPENSSL_NO_FP_API - /* - * We should not ever call the default callback routine from windows. - */ - PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (-1); -#else - int i, j; + int i, min_len; const char *prompt; - if (key) { - i = strlen(key); + + /* We assume that the user passes a default password as userdata */ + if (userdata) { + i = strlen(userdata); i = (i > num) ? num : i; - memcpy(buf, key, i); - return (i); + memcpy(buf, userdata, i); + return i; } prompt = EVP_get_pw_prompt(); if (prompt == NULL) prompt = "Enter PEM pass phrase:"; - for (;;) { - /* - * We assume that w == 0 means decryption, - * while w == 1 means encryption - */ - int min_len = w ? MIN_LENGTH : 0; + /* + * rwflag == 0 means decryption + * rwflag == 1 means encryption + * + * We assume that for encryption, we want a minimum length, while for + * decryption, we cannot know any minimum length, so we assume zero. + */ + min_len = rwflag ? MIN_LENGTH : 0; - i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); - if (i != 0) { - PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); - memset(buf, 0, (unsigned int)num); - return (-1); - } - j = strlen(buf); - if (min_len && j < min_len) { - fprintf(stderr, - "phrase is too short, needs to be at least %d chars\n", - min_len); - } else - break; + i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag); + if (i != 0) { + PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, (unsigned int)num); + return -1; } - return (j); -#endif + return strlen(buf); } void PEM_proc_type(char *buf, int type) _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits