Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()

Signed-off-by: N Darshan Sen <raisinten@gmail.com> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Paul Dale <pauli@openssl.org> Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17507)

Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()
Signed-off-by: N Darshan Sen <raisinten@gmail.com> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Paul Dale <pauli@openssl.org> Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17507)
1d28ada1 · Darshan Sen · Tomas Mraz · 59ccb72c · 1d28ada1 · 1d28ada1
隐藏空白更改
内联并排

Showing with 17 addition and 3 deletion

CHANGES.md CHANGES.md +2 -2

crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +1 -1

test/evp_pkey_provided_test.c test/evp_pkey_provided_test.c +14 -0

未找到文件。
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,8 +24,8 @@ OpenSSL 3.1

 ### Changes between 3.0 and 3.1 [xx XXX xxxx]

- * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty
-   passphrase strings.
+ * Fixed PEM_write_bio_PKCS8PrivateKey() and PEM_write_bio_PKCS8PrivateKey_nid()
+   to make it possible to use empty passphrase strings.

   *Darshan Sen*


--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
        if (enc || (nid != -1)) {
            if (kstr == NULL) {
                klen = cb(buf, PEM_BUFSIZE, 1, u);
-                if (klen <= 0) {
+                if (klen < 0) {
                    ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY);
                    goto legacy_end;
                }

--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -165,6 +165,20 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
                                                     EVP_aes_256_cbc(),
                                                     NULL, 0, pass_cb_error,
                                                     NULL))
+#ifndef OPENSSL_NO_DES
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+            (const char *)~0, 0, NULL, NULL))
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            NULL, ""))
+        || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            pass_cb, NULL))
+        || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
+            bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
+            pass_cb_error, NULL))
+#endif
        /* Private key in text form */
        || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
        || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))