On Thu, 2009-04-23 at 14:20 +0200, The default queue via RT wrote:
> There is no need to reply to this message right now.
Unless, that is, I was dim enough to send a patch that didn't even
compile. Serves me right for cleaning it up to reduce the size of the
patch and then doing a test compile on the wrong version.
This one fixes the discrepancy about 'length' vs. 'len' in the
parameters of EVP_read_pw_string().
Index: crypto/evp/evp.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/crypto/evp/evp.h,v
retrieving revision 1.112.2.8
diff -u -p -r1.112.2.8 evp.h
--- crypto/evp/evp.h 17 Sep 2008 17:11:00 -0000 1.112.2.8
+++ crypto/evp/evp.h 22 Apr 2009 16:42:02 -0000
@@ -562,6 +562,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char
*prompt,int verify);
void EVP_set_pw_prompt(const char *prompt);
char * EVP_get_pw_prompt(void);
Index: crypto/evp/evp_key.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/crypto/evp/evp_key.c,v
retrieving revision 1.18.2.1
diff -u -p -r1.18.2.1 evp_key.c
--- crypto/evp/evp_key.c 1 Mar 2006 21:17:50 -0000 1.18.2.1
+++ crypto/evp/evp_key.c 22 Apr 2009 17:03:04 -0000
@@ -90,6 +90,11 @@ char *EVP_get_pw_prompt(void)
* this function will fail */
int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
{
+ return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+ }
+
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
int verify)
+ {
int ret;
char buff[BUFSIZ];
UI *ui;
@@ -97,10 +102,10 @@ int EVP_read_pw_string(char *buf, int le
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt=prompt_string;
ui = UI_new();
- UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+ UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
if (verify)
UI_add_verify_string(ui,prompt,0,
- buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+ buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
ret = UI_process(ui);
UI_free(ui);
OPENSSL_cleanse(buff,BUFSIZ);
Index: crypto/pem/pem_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/crypto/pem/pem_lib.c,v
retrieving revision 1.55.2.3
diff -u -p -r1.55.2.3 pem_lib.c
--- crypto/pem/pem_lib.c 11 Nov 2008 12:42:32 -0000 1.55.2.3
+++ crypto/pem/pem_lib.c 22 Apr 2009 16:41:39 -0000
@@ -99,7 +99,7 @@ int PEM_def_callback(char *buf, int num,
for (;;)
{
- i=EVP_read_pw_string(buf,num,prompt,w);
+ i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
if (i != 0)
{
PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
--
dwmw2
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
