generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix PKCS#12 key generation bug.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2001-03-18 02:11:42 +00:00
parent 6276e5b41b
commit 02ee8626fb
3 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -3,6 +3,12 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000] Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Fix bug in PKCS#12 key generation routines. This was triggered
if a 3DES key was generated with a 0 initial byte. Include
PKCS12_BROKEN_KEYGEN compilation option to retain the old
(but broken) behaviour.
[Steve Henson]
*) Enhance bctest to search for a working bc along $PATH and print *) Enhance bctest to search for a working bc along $PATH and print
it when found. it when found.
[Tim Rice <tim@multitalents.net> via Richard Levitte] [Tim Rice <tim@multitalents.net> via Richard Levitte]

11
crypto/pkcs12/p12_key.c
View File

@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
const EVP_MD *md_type) const EVP_MD *md_type)
{ {
unsigned char *B, *D, *I, *p, *Ai; unsigned char *B, *D, *I, *p, *Ai;
int Slen, Plen, Ilen; int Slen, Plen, Ilen, Ijlen;
int i, j, u, v; int i, j, u, v;
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
BN_bin2bn (I + j, v, Ij); BN_bin2bn (I + j, v, Ij);
BN_add (Ij, Ij, Bpl1); BN_add (Ij, Ij, Bpl1);
BN_bn2bin (Ij, B); BN_bn2bin (Ij, B);
Ijlen = BN_num_bytes (Ij);
/* If more than 2^(v*8) - 1 cut off MSB */ /* If more than 2^(v*8) - 1 cut off MSB */
if (BN_num_bytes (Ij) > v) { if (Ijlen > v) {
BN_bn2bin (Ij, B); BN_bn2bin (Ij, B);
memcpy (I + j, B + 1, v); memcpy (I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
/* If less than v bytes pad with zeroes */
} else if (Ijlen < v) {
memset(I + j, 0, v - Ijlen);
BN_bn2bin(Ij, I + j + v - Ijlen);
#endif
} else BN_bn2bin (Ij, I + j); } else BN_bn2bin (Ij, I + j);
} }
} }

20
doc/apps/pkcs12.pod
View File

@ -304,6 +304,26 @@ Include some extra certificates:
Some would argue that the PKCS#12 standard is one big bug :-) Some would argue that the PKCS#12 standard is one big bug :-)
Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation
routines. Under rare circumstances this could produce a PKCS#12 file encrypted
with an invalid key. As a result some PKCS#12 files which triggered this bug
from other implementations (MSIE or Netscape) could not be decrypted
by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could
not be decrypted by other implementations. The chances of producing such
a file are relatively small: less than 1 in 256.
A side effect of fixing this bug is that any old invalidly encrypted PKCS#12
files cannot no longer be parsed by the fixed version. Under such circumstances
the B<pkcs12> utility will report that the MAC is OK but fail with a decryption
error when extracting private keys.
This problem can be resolved by extracting the private keys and certificates
from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12
file from the keys and certificates using a newer version of OpenSSL. For example:
old-openssl -in bad.p12 -out keycerts.pem
openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12
=head1 SEE ALSO =head1 SEE ALSO
L<pkcs8(1)|pkcs8(1)> L<pkcs8(1)|pkcs8(1)>