Dr S N Henson wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> > Hi all
> >
> > I had been in trouble in reading PKCS8 Private Key
> >
> > by calling PEM_read_bio_PrivateKey(bp,NULL,NULL,pass)
> >
> > I finally found that p12_key.c PKCS12_key_gen_asc following function should be
>replace by
> >
> > int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
> > int saltlen, int id, int iter, int n, unsigned char *out,
> > const EVP_MD *md_type)
> > {
> > int ret;
> > unsigned char *unipass;
> > int uniplen;
> > if(!pass) {
> > unipass = NULL;
> > uniplen = 0;
> > } else {
> > pass[passlen]=0x00; /* modified */
> > if (!asc2uni(pass, &unipass, &uniplen)) {
> > PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
> > return 0;
> > }
> > }
> > ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
> > id, iter, n, out, md_type);
> > if(unipass) {
> > memset(unipass, 0, uniplen); /* Clear password from memory */
> > OPENSSL_free(unipass);
> > }
> > return ret;
> > }
> >
>
> I cannot see how that can change anything. If you use a null terminated
> password for 'pass' in PEM_read_bio_PrivateKey() then that statement
> will have no effect. What it does do though is to modify something
> declared const.
>
Ah I see the problem now. Its probably best fixed by making asc2uni()
handle the passlen argument. I've checked in a fix into the development
and stable branches. It should be OK now.
Many thanks for the report.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
