From 8bcceacf3470afd9cd689a663292ea79e22e9db0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 14 Jan 2001 14:14:45 +0000 Subject: [PATCH] Fix PKCS#12 PBE routines to cope with passwords from PEM callbacks which are not null terminated. --- CHANGES | 6 ++++++ crypto/pkcs12/p12_attr.c | 2 +- crypto/pkcs12/p12_key.c | 2 +- crypto/pkcs12/p12_utl.c | 16 ++++++++++------ crypto/pkcs12/pkcs12.h | 2 +- 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 5e4fa3e706..56a3c09718 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.6 and 0.9.6a [xx XXX 2000] + *) Change PKCS12_key_gen_asc() so it can cope with non null + terminated strings whose length is passed in the passlen + parameter, for example from PEM callbacks. This was done + by adding an extra length parameter to asc2uni(). + [Steve Henson, reported by ] + *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn call failed, free the DSA structure. [Bodo Moeller] diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index f1a210b5d2..a16a97d03d 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name, { unsigned char *uniname; int ret, unilen; - if (!asc2uni(name, &uniname, &unilen)) { + if (!asc2uni(name, namelen, &uniname, &unilen)) { PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index b042dcf05c..a9b4b8c972 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, if(!pass) { unipass = NULL; uniplen = 0; - } else if (!asc2uni(pass, &unipass, &uniplen)) { + } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index 623fac8a6f..2f1d1e534f 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -62,22 +62,26 @@ /* Cheap and nasty Unicode stuff */ -unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen) +unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) { int ulen, i; unsigned char *unitmp; - ulen = strlen(asc)*2 + 2; - if (!(unitmp = OPENSSL_malloc (ulen))) return NULL; - for (i = 0; i < ulen; i+=2) { + if (asclen == -1) asclen = strlen(asc); + ulen = asclen*2 + 2; + if (!(unitmp = OPENSSL_malloc(ulen))) return NULL; + for (i = 0; i < ulen - 2; i+=2) { unitmp[i] = 0; unitmp[i + 1] = asc[i>>1]; } + /* Make result double null terminated */ + unitmp[ulen - 2] = 0; + unitmp[ulen - 1] = 0; if (unilen) *unilen = ulen; if (uni) *uni = unitmp; return unitmp; } -char *uni2asc (unsigned char *uni, int unilen) +char *uni2asc(unsigned char *uni, int unilen) { int asclen, i; char *asctmp; @@ -85,7 +89,7 @@ char *uni2asc (unsigned char *uni, int unilen) /* If no terminating zero allow for one */ if (!unilen || uni[unilen - 1]) asclen++; uni++; - if (!(asctmp = OPENSSL_malloc (asclen))) return NULL; + if (!(asctmp = OPENSSL_malloc(asclen))) return NULL; for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; asctmp[asclen - 1] = 0; return asctmp; diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index 502fceff95..e529154f26 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -247,7 +247,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, EVP_MD *md_type); -unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen); +unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *uni2asc(unsigned char *uni, int unilen); int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp); PKCS12_BAGS *PKCS12_BAGS_new(void); -- 2.25.1