PEM_def_callback(): don't loop because of too short password given

That error is already caught by EVP_read_pw_string_min, and causes this function to return -1, so the code detecting too short passwords in this function is practically dead. Fixes #5465 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080)
2025-01-18 13:44:20 +08:00 · 2018-04-25 13:57:39 +02:00 · 2018-04-25 13:57:39 +02:00 · 4977b4e928
commit 4977b4e928
parent e6a833cb97
1 changed files with 12 additions and 21 deletions
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@ -30,7 +30,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);

 int PEM_def_callback(char *buf, int num, int w, void *key)
 {
-    int i, j;
+    int i, min_len;
    const char *prompt;

    if (key) {
@ -44,12 +44,11 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
    if (prompt == NULL)
        prompt = "Enter PEM pass phrase:";

-    for (;;) {
    /*
     * We assume that w == 0 means decryption,
     * while w == 1 means encryption
     */
-        int min_len = w ? MIN_LENGTH : 0;
+    min_len = w ? MIN_LENGTH : 0;

    i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
    if (i != 0) {
@ -57,15 +56,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
        memset(buf, 0, (unsigned int)num);
        return -1;
    }
-        j = strlen(buf);
-        if (min_len && j < min_len) {
-            fprintf(stderr,
-                    "phrase is too short, needs to be at least %d chars\n",
-                    min_len);
-        } else
-            break;
-    }
-    return j;
+    return strlen(buf);
 }

 void PEM_proc_type(char *buf, int type)