Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()

Signed-off-by: Darshan Sen <raisinten@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17507)
author: Darshan Sen <raisinten@gmail.com> 2022-01-22 17:56:05 +0530
committer: Tomas Mraz <tomas@openssl.org> 2022-01-26 17:15:52 +0100
commit: 1d28ada1c39997c10fe5392f4235bbd2bc44b40f (patch)
tree: 14c32dd7ef4cf57393d59a39d4d332fc83706549
parent: 59ccb72cd5cec3b4e312853621e12a68dacdbc7e (diff)
download: openssl-1d28ada1c39997c10fe5392f4235bbd2bc44b40f.tar.gz
3 files changed, 17 insertions, 3 deletions
diff --git a/CHANGES.md b/CHANGES.md
index c4922be032..a542e25374 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,8 +24,8 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
- * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty
-   passphrase strings.
+ * Fixed PEM_write_bio_PKCS8PrivateKey() and PEM_write_bio_PKCS8PrivateKey_nid()
+   to make it possible to use empty passphrase strings.
 
    *Darshan Sen*
 
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 4742f02fef..60ff09354b 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
         if (enc || (nid != -1)) {
             if (kstr == NULL) {
                 klen = cb(buf, PEM_BUFSIZE, 1, u);
-                if (klen <= 0) {
+                if (klen < 0) {
                     ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY);
                     goto legacy_end;
                 }
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index b4b53f67fc..b4a77f8500 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -165,6 +165,20 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
                                                      EVP_aes_256_cbc(),
                                                      NULL, 0, pass_cb_error,
                                                      NULL))
+#ifndef OPENSSL_NO_DES
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+            (const char *)~0, 0, NULL, NULL))
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            NULL, ""))
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            pass_cb, NULL))
+        || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            pass_cb_error, NULL))
+#endif
         /* Private key in text form */
         || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
         || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
author	Darshan Sen <raisinten@gmail.com>	2022-01-22 17:56:05 +0530
committer	Tomas Mraz <tomas@openssl.org>	2022-01-26 17:15:52 +0100
commit	1d28ada1c39997c10fe5392f4235bbd2bc44b40f (patch)
tree	14c32dd7ef4cf57393d59a39d4d332fc83706549
parent	59ccb72cd5cec3b4e312853621e12a68dacdbc7e (diff)
download	openssl-1d28ada1c39997c10fe5392f4235bbd2bc44b40f.tar.gz