From: Daniel Fiala <daniel@openssl.org>
Date: Wed, 16 Mar 2022 06:42:55 +0000 (+0100)
Subject: Check password length only when verify is enabled.
X-Git-Tag: OpenSSL_1_1_1o~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a9bb445893b4a98ad1588aef2d14c29e6c4c5e3;p=thirdparty%2Fopenssl.git

Check password length only when verify is enabled.

Fixes #16231.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17899)
---

diff --git a/apps/apps.c b/apps/apps.c
index 1a92271595f..db5b48e4cf2 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         if (cb_data != NULL && cb_data->password != NULL
                 && *(const char*)cb_data->password != '\0')
             pw_min_len = 1;
+        else if (!verify)
+            pw_min_len = 0;
         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
         if (!prompt) {
             BIO_printf(bio_err, "Out of memory\n");