Merge branch 'maint-0.3.1' into maint-0.3.2

author: Nick Mathewson <nickm@torproject.org> 2018-05-24 09:40:06 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-05-24 09:40:06 -0400
commit: 3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68 (patch)
tree: 91b743747d7531e4f036f8c96732cf8e45e18d43 /src/common
parent: 8340f641c30f8e529b513732be2c931e128227e2 (diff)
parent: f48fb8a720c7cca79249248f92e3bc99cee3414d (diff)
download: tor-3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68.tar.gz
tor-3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index c9db7cb4ba..16536f3716 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -653,7 +653,12 @@ pem_no_password_cb(char *buf, int size, int rwflag, void *u)
   (void)size;
   (void)rwflag;
   (void)u;
-  return 0;
+  /* The openssl documentation says that a callback "must" return 0 if an
+   * error occurred.  But during the 1.1.1 series (commit c82c3462267afdbbaa5
+   * they changed the interpretation so that 0 indicates an empty password and
+   * -1 indicates an error. We want to reject any encrypted PEM buffers, so we
+   * return -1.  This will work on older OpenSSL versions and LibreSSL too. */
+  return -1;
 }
 
 /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b>
author	Nick Mathewson <nickm@torproject.org>	2018-05-24 09:40:06 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-05-24 09:40:06 -0400
commit	3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68 (patch)
tree	91b743747d7531e4f036f8c96732cf8e45e18d43 /src/common
parent	8340f641c30f8e529b513732be2c931e128227e2 (diff)
parent	f48fb8a720c7cca79249248f92e3bc99cee3414d (diff)
download	tor-3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68.tar.gz tor-3f3739c6e064fd5e1c2ac89bfd49fed7a622ac68.zip