diff options
author | Huw Jones <huw@huwcbjones.co.uk> | 2020-10-13 05:14:19 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-12 23:14:19 -0500 |
commit | cdd6696025b997646497b85cc0db6b27db12f92b (patch) | |
tree | fb83ab9cc05fcf99536761981247e9e603e2b819 /CHANGELOG.rst | |
parent | 83ef2306a1481e0cf7f53899c390497256711e29 (diff) | |
download | pyopenssl-git-cdd6696025b997646497b85cc0db6b27db12f92b.tar.gz |
crypto._PassphraseHelper: pass non-callable passphrase using callback (#947)
* crypto._PassphraseHelper: pass non-callable passphrase using callback
Fixes #945
Before this commit, we would pass a bytes passphrase as a null terminated string.
This causes issue when a randomly generated key's first byte is null because
OpenSSL rightly determines the key length is 0.
This commit modifies the passphrase helper to pass the passphrase via the
callback
* Update changelog to document bug fix
Diffstat (limited to 'CHANGELOG.rst')
-rw-r--r-- | CHANGELOG.rst | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2ba1f7f..5df0a05 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -38,7 +38,10 @@ Changes: - Make verification callback optional in ``Context.set_verify``. If omitted, OpenSSL's default verification is used. `#933 <https://github.com/pyca/pyopenssl/pull/933>`_ - +- Fixed a bug that could truncate or cause a zero-length key error due to a + null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey`` + and ``OpenSSL.crypto.dump_privatekey``. + `#947 <https://github.com/pyca/pyopenssl/pull/947>`_ 19.1.0 (2019-11-18) ------------------- |