Don't require any length of password when decrypting

RT#2534 Reviewed-by: N Tim Hudson <tjh@openssl.org>

Don't require any length of password when decrypting
RT#2534 Reviewed-by: N Tim Hudson <tjh@openssl.org>
b160f282 · Richard Levitte · 8f41ff2d · b160f282
隐藏空白更改
内联并排

Showing with 9 addition and 3 deletion

crypto/pem/pem_lib.c crypto/pem/pem_lib.c +9 -3

未找到文件。
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -98,17 +98,23 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
        prompt = "Enter PEM pass phrase:";
    for (;;) {
-        i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
+        /*
+         * We assume that w == 0 means decryption,
+         * while w == 1 means encryption
+         */
+        int min_len = w ? MIN_LENGTH : 0;
+        i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
        if (i != 0) {
            PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
            memset(buf, 0, (unsigned int)num);
            return (-1);
        }
        j = strlen(buf);
-        if (j < MIN_LENGTH) {
+        if (min_len && j < min_len) {
            fprintf(stderr,
                    "phrase is too short, needs to be at least %d chars\n",
-                    MIN_LENGTH);
+                    min_len);
        } else
            break;
    }