diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-07-21 14:47:50 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-07-22 21:54:29 +0900 |
commit | a896c3d1dfa090e92dec1abf8ac12843af6af721 (patch) | |
tree | 768a181b9267ac4ca9b9a9ffefe0e2c60d1974a7 | |
parent | 26f928baa819cf06a3efd435a8ec28731d1da3f8 (diff) | |
download | ruby-openssl-a896c3d1dfa090e92dec1abf8ac12843af6af721.tar.gz |
ossl_pem_passwd_cb: relax passphrase length constraint
The minimum passphrase length of 4 bytes is only a limitation of
PEM_def_callback() which isn't relevant here. Commit f38501249f33
introduced this bug.
-rw-r--r-- | ext/openssl/ossl.c | 15 | ||||
-rw-r--r-- | test/test_pkey_rsa.rb | 8 |
2 files changed, 9 insertions, 14 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index eb71b643..5a15c9ad 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -129,13 +129,6 @@ ossl_bin2hex(unsigned char *in, char *out, size_t inlen) /* * our default PEM callback */ - -/* - * OpenSSL requires passwords for PEM-encoded files to be at least four - * characters long. See crypto/pem/pem_lib.c (as of 1.0.2h) - */ -#define OSSL_MIN_PWD_LEN 4 - VALUE ossl_pem_passwd_value(VALUE pass) { @@ -144,8 +137,6 @@ ossl_pem_passwd_value(VALUE pass) StringValue(pass); - if (RSTRING_LEN(pass) < OSSL_MIN_PWD_LEN) - ossl_raise(eOSSLError, "password must be at least %d bytes", OSSL_MIN_PWD_LEN); /* PEM_BUFSIZE is currently used as the second argument of pem_password_cb, * that is +max_len+ of ossl_pem_passwd_cb() */ if (RSTRING_LEN(pass) > PEM_BUFSIZE) @@ -178,7 +169,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_) * bytes silently if the input is over 1024 bytes */ if (RB_TYPE_P(pass, T_STRING)) { len = RSTRING_LEN(pass); - if (len >= OSSL_MIN_PWD_LEN && len <= max_len) { + if (len <= max_len) { memcpy(buf, RSTRING_PTR(pass), len); return (int)len; } @@ -205,10 +196,6 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_) return -1; } len = RSTRING_LEN(pass); - if (len < OSSL_MIN_PWD_LEN) { - rb_warning("password must be at least %d bytes", OSSL_MIN_PWD_LEN); - continue; - } if (len > max_len) { rb_warning("password must not be longer than %d bytes", max_len); continue; diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb index b24f1d55..381e7603 100644 --- a/test/test_pkey_rsa.rb +++ b/test/test_pkey_rsa.rb @@ -242,6 +242,14 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert_equal pem, dup_public(RSA1024).export end + def test_pem_passwd + key = RSA1024 + pem3c = key.to_pem("aes-128-cbc", "key") + assert_match (/ENCRYPTED/), pem3c + assert_equal key.to_der, OpenSSL::PKey.read(pem3c, "key").to_der + assert_equal key.to_der, OpenSSL::PKey.read(pem3c) { "key" }.to_der + end + def test_dup key = OpenSSL::PKey::RSA.generate(256, 17) key2 = key.dup |