On Wed, 2016-08-24 at 18:55 +0100, Dr. Stephen Henson wrote: > commit 647ac8d3d7143e3721d55e1f57730b6f26e72fc9 > > OpenSSL versions before 1.1.0 didn't convert non-ASCII > UTF8 PKCS#12 passwords to Unicode correctly. > > To correctly decrypt older files, if MAC verification fails > with the supplied password attempt to use the broken format > which is compatible with earlier versions of OpenSSL. > > Reviewed-by: Richard Levitte <levi...@openssl.org>
Hm, this sounds like something that other crypto libraries also ought to try to work around. Please could you elaborate on the specific problem, and/or show a test case? I'm not quite sure how to interpret the patch itself. You pass the password through OPENSSL_asc2uni() and then OPENSSL_uni2utf8() — which is essentially converting ISO8859-1 to UTF-8. So, if my password is "naïve". In UTF-8 that's 6e 61 c3 af 76 65, which is the correct sequence of bytes to use for the password? And you now convert that sequence of bytes to 6e 61 c3 83 c2 af 76 65 by assuming it's ISO8859-1 (which would be 'naïve') and converting to UTF-8? So... what was the bug that was actually being worked around? That older versions were converting from the local charset to UTF-8 twice in a row? So you've implemented a "convert ISO8859-1 to UTF-8" fallback which will cope with that in *some* locales but not all...? I don't really understand. Thanks for any light you can shed on it! /me goes off to add non-ASCII passwords to the growing torture test suite at http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/tests/Makefile.am -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev