packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/backport-Check-password-length-only-when-verify-is-enabled.patch
fangxiuning 614a65544c patchs
2022-11-07 10:53:20 +08:00

31 lines
1010 B
Diff
Raw Blame History

From 0a9bb445893b4a98ad1588aef2d14c29e6c4c5e3 Mon Sep 17 00:00:00 2001
From: Daniel Fiala <daniel@openssl.org>
Date: Wed, 16 Mar 2022 07:42:55 +0100
Subject: [PATCH] Check password length only when verify is enabled.
Fixes #16231.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17899)
---
apps/apps.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apps/apps.c b/apps/apps.c
index 1a92271595..db5b48e4cf 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
if (cb_data != NULL && cb_data->password != NULL
&& *(const char*)cb_data->password != '\0')
pw_min_len = 1;
+ else if (!verify)
+ pw_min_len = 0;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
--
2.17.1
Reference in New Issue View Git Blame Copy Permalink