Hello, In the apps `pkcs8', `passwd', `enc' and `pkcs12' there are hard-coded maximum lengths for passwords given:
(all of the following examples will use the respective char * as buffer for `EVP_read_pw_string') pkcs8.c: > 86 char pass[50], /* ... */; enc.c: > 78 #define SIZE (512) > ... > 106 char *strbuf=NULL; > ... > 374 strbuf=OPENSSL_malloc(SIZE); pkcs12.c: > 106 char /* ... */, macpass[50]; passwd.c: > 66 char /* ... */, *passwd = NULL, /* ... */; > 67 char /* ... */, *passwd_malloc = NULL; > 68 size_t passwd_malloc_size = 0; > ... > 74 size_t pw_maxlen = 0; > ... > 209 if (usecrypt) > 210 pw_maxlen = 8; > 211 else if (use1 || useapr1) > 212 pw_maxlen = 256; /* arbitrary limit, should be > enough for most passwords */ > ... > 218 passwd_malloc_size = pw_maxlen + 2; > 219 /* longer than necessary so that we can warn > about truncation */ > 220 passwd = passwd_malloc = > OPENSSL_malloc(passwd_malloc_size); Only `passwd' warns if a password was truncated, the other programs do not even check if it was truncated. There should either be a function that automatically allocates enough memory to put the whole password in it (openssh does it this way, see read_passphrase from openssh/readpass.c), or a compile-time flag that sets the PASS_MAXLEN. Either way every `app' should check whether the whole password was read and not silently truncate the password, and all apps should behave consistently. I would like to hear which approach you would choose, malloc or PASS_MAXLEN. Regards, Jakob Kramer ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
