diff options
author | Darshan Sen <raisinten@gmail.com> | 2022-01-22 17:56:05 +0530 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-01-26 17:15:52 +0100 |
commit | 1d28ada1c39997c10fe5392f4235bbd2bc44b40f (patch) | |
tree | 14c32dd7ef4cf57393d59a39d4d332fc83706549 | |
parent | 59ccb72cd5cec3b4e312853621e12a68dacdbc7e (diff) | |
download | openssl-1d28ada1c39997c10fe5392f4235bbd2bc44b40f.tar.gz |
Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
-rw-r--r-- | CHANGES.md | 4 | ||||
-rw-r--r-- | crypto/pem/pem_pk8.c | 2 | ||||
-rw-r--r-- | test/evp_pkey_provided_test.c | 14 |
3 files changed, 17 insertions, 3 deletions
diff --git a/CHANGES.md b/CHANGES.md index c4922be032..a542e25374 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,8 +24,8 @@ OpenSSL 3.1 ### Changes between 3.0 and 3.1 [xx XXX xxxx] - * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty - passphrase strings. + * Fixed PEM_write_bio_PKCS8PrivateKey() and PEM_write_bio_PKCS8PrivateKey_nid() + to make it possible to use empty passphrase strings. *Darshan Sen* diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 4742f02fef..60ff09354b 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, if (enc || (nid != -1)) { if (kstr == NULL) { klen = cb(buf, PEM_BUFSIZE, 1, u); - if (klen <= 0) { + if (klen < 0) { ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY); goto legacy_end; } diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index b4b53f67fc..b4a77f8500 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -165,6 +165,20 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk) EVP_aes_256_cbc(), NULL, 0, pass_cb_error, NULL)) +#ifndef OPENSSL_NO_DES + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + (const char *)~0, 0, NULL, NULL)) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + NULL, "")) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + pass_cb, NULL)) + || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + pass_cb_error, NULL)) +#endif /* Private key in text form */ || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0) || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio)) |