crypto._PassphraseHelper: pass non-callable passphrase using callback (#947)

* crypto._PassphraseHelper: pass non-callable passphrase using callback Fixes #945 Before this commit, we would pass a bytes passphrase as a null terminated string. This causes issue when a randomly generated key's first byte is null because OpenSSL rightly determines the key length is 0. This commit modifies the passphrase helper to pass the passphrase via the callback * Update changelog to document bug fix
author: Huw Jones <huw@huwcbjones.co.uk> 2020-10-13 05:14:19 +0100
committer: GitHub <noreply@github.com> 2020-10-12 23:14:19 -0500
commit: cdd6696025b997646497b85cc0db6b27db12f92b (patch)
tree: fb83ab9cc05fcf99536761981247e9e603e2b819 /CHANGELOG.rst
parent: 83ef2306a1481e0cf7f53899c390497256711e29 (diff)
download: pyopenssl-cdd6696025b997646497b85cc0db6b27db12f92b.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 2ba1f7f..5df0a05 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -38,7 +38,10 @@ Changes:
 - Make verification callback optional in ``Context.set_verify``.
   If omitted, OpenSSL's default verification is used.
   `#933 <https://github.com/pyca/pyopenssl/pull/933>`_
-
+- Fixed a bug that could truncate or cause a zero-length key error due to a
+  null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``
+  and ``OpenSSL.crypto.dump_privatekey``.
+  `#947 <https://github.com/pyca/pyopenssl/pull/947>`_
 
 19.1.0 (2019-11-18)
 -------------------
author	Huw Jones <huw@huwcbjones.co.uk>	2020-10-13 05:14:19 +0100
committer	GitHub <noreply@github.com>	2020-10-12 23:14:19 -0500
commit	cdd6696025b997646497b85cc0db6b27db12f92b (patch)
tree	fb83ab9cc05fcf99536761981247e9e603e2b819 /CHANGELOG.rst
parent	83ef2306a1481e0cf7f53899c390497256711e29 (diff)
download	pyopenssl-cdd6696025b997646497b85cc0db6b27db12f92b.tar.gz