PEM_def_callback(): don't loop because of too short password given

That error is already caught by EVP_read_pw_string_min, and causes
this function to return -1, so the code detecting too short passwords
in this function is practically dead.

Fixes #5465

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6080)
This commit is contained in:
Richard Levitte 2018-04-25 13:57:39 +02:00
parent e6a833cb97
commit 4977b4e928

View File

@ -30,7 +30,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
int PEM_def_callback(char *buf, int num, int w, void *key) int PEM_def_callback(char *buf, int num, int w, void *key)
{ {
int i, j; int i, min_len;
const char *prompt; const char *prompt;
if (key) { if (key) {
@ -44,12 +44,11 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
if (prompt == NULL) if (prompt == NULL)
prompt = "Enter PEM pass phrase:"; prompt = "Enter PEM pass phrase:";
for (;;) {
/* /*
* We assume that w == 0 means decryption, * We assume that w == 0 means decryption,
* while w == 1 means encryption * while w == 1 means encryption
*/ */
int min_len = w ? MIN_LENGTH : 0; min_len = w ? MIN_LENGTH : 0;
i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
if (i != 0) { if (i != 0) {
@ -57,15 +56,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
memset(buf, 0, (unsigned int)num); memset(buf, 0, (unsigned int)num);
return -1; return -1;
} }
j = strlen(buf); return strlen(buf);
if (min_len && j < min_len) {
fprintf(stderr,
"phrase is too short, needs to be at least %d chars\n",
min_len);
} else
break;
}
return j;
} }
void PEM_proc_type(char *buf, int type) void PEM_proc_type(char *buf, int type)