From 758310f304345b7645b4528f4f7316a218ba9b64 Mon Sep 17 00:00:00 2001 From: nyashbox Date: Mon, 2 Dec 2024 04:32:56 +0200 Subject: [PATCH 1/2] fix(Crypto): remove password prompting when using empty password in a EVPPKey constructor --- Crypto/include/Poco/Crypto/EVPPKey.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Crypto/include/Poco/Crypto/EVPPKey.h b/Crypto/include/Poco/Crypto/EVPPKey.h index 256f1983e8..5df187240d 100644 --- a/Crypto/include/Poco/Crypto/EVPPKey.h +++ b/Crypto/include/Poco/Crypto/EVPPKey.h @@ -237,7 +237,7 @@ class Crypto_API EVPPKey if (pFile) { pem_password_cb* pCB = pass.empty() ? (pem_password_cb*)0 : &passCB; - void* pPassword = pass.empty() ? (void*)0 : (void*)pass.c_str(); + void* pPassword = (void*)pass.c_str(); if (readFunc(pFile, &pKey, pCB, pPassword)) { fclose(pFile); pFile = 0; @@ -302,7 +302,7 @@ class Crypto_API EVPPKey if (pKey) { pem_password_cb* pCB = pass.empty() ? (pem_password_cb*)0 : &passCB; - void* pPassword = pass.empty() ? (void*)0 : (void*)pass.c_str(); + void* pPassword = (void*)pass.c_str(); if (readFunc(pBIO, &pKey, pCB, pPassword)) { BIO_free(pBIO); pBIO = 0; From 45d387d4a3a215a0f87b3ddb8e6c1183de3f7ecb Mon Sep 17 00:00:00 2001 From: nyashbox Date: Mon, 2 Dec 2024 04:35:34 +0200 Subject: [PATCH 2/2] test(Crypto): add empty password test for EVPPKey constructor --- Crypto/testsuite/src/EVPTest.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Crypto/testsuite/src/EVPTest.cpp b/Crypto/testsuite/src/EVPTest.cpp index 7f8b9a9606..18a20cdf56 100644 --- a/Crypto/testsuite/src/EVPTest.cpp +++ b/Crypto/testsuite/src/EVPTest.cpp @@ -518,6 +518,15 @@ void EVPTest::testECEVPSaveLoadFile() key3.save(&strPub3); std::string pubFromPrivate = strPub3.str(); assertTrue (pubFromPrivate == pubKey); + + // Create new key with empty password + EVPPKey key4(curveName); + + key4.save(filePub.path(), filePriv.path(), ""); + + // Load key from file with empty password. + // No input string should be prompted + EVPPKey key4LoadEmptyPass { "", filePriv.path(), "" }; } else std::cerr << "No elliptic curves found!" << std::endl;