diff options
author | Nick Mathewson <nickm@torproject.org> | 2018-05-24 09:40:06 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-05-24 09:40:06 -0400 |
commit | 3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68 (patch) | |
tree | 91b743747d7531e4f036f8c96732cf8e45e18d43 /src/common | |
parent | 8340f641c30f8e529b513732be2c931e128227e2 (diff) | |
parent | f48fb8a720c7cca79249248f92e3bc99cee3414d (diff) | |
download | tor-3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68.tar.gz tor-3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68.zip |
Merge branch 'maint-0.3.1' into maint-0.3.2
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/crypto.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index c9db7cb4ba..16536f3716 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -653,7 +653,12 @@ pem_no_password_cb(char *buf, int size, int rwflag, void *u) (void)size; (void)rwflag; (void)u; - return 0; + /* The openssl documentation says that a callback "must" return 0 if an + * error occurred. But during the 1.1.1 series (commit c82c3462267afdbbaa5 + * they changed the interpretation so that 0 indicates an empty password and + * -1 indicates an error. We want to reject any encrypted PEM buffers, so we + * return -1. This will work on older OpenSSL versions and LibreSSL too. */ + return -1; } /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b> |