[EMAIL PROTECTED] wrote:
>
> Hi all
>
> I had been in trouble in reading PKCS8 Private Key
>
> by calling PEM_read_bio_PrivateKey(bp,NULL,NULL,pass)
>
> I finally found that p12_key.c PKCS12_key_gen_asc following function should be
>replace by
>
> int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
> int saltlen, int id, int iter, int n, unsigned char *out,
> const EVP_MD *md_type)
> {
> int ret;
> unsigned char *unipass;
> int uniplen;
> if(!pass) {
> unipass = NULL;
> uniplen = 0;
> } else {
> pass[passlen]=0x00; /* modified */
> if (!asc2uni(pass, &unipass, &uniplen)) {
> PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
> return 0;
> }
> }
> ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
> id, iter, n, out, md_type);
> if(unipass) {
> memset(unipass, 0, uniplen); /* Clear password from memory */
> OPENSSL_free(unipass);
> }
> return ret;
> }
>
I cannot see how that can change anything. If you use a null terminated
password for 'pass' in PEM_read_bio_PrivateKey() then that statement
will have no effect. What it does do though is to modify something
declared const.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
