Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,12 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] *) Fix bug in PKCS#12 key generation routines. This was triggered if a 3DES key was generated with a 0 initial byte. Include PKCS12_BROKEN_KEYGEN compilation option to retain the old (but broken) behaviour. [Steve Henson] *) Enhance bctest to search for a working bc along $PATH and print it when found. [Tim Rice <tim@multitalents.net> via Richard Levitte] Loading crypto/pkcs12/p12_key.c +9 −2 Original line number Diff line number Diff line Loading @@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, const EVP_MD *md_type) { unsigned char *B, *D, *I, *p, *Ai; int Slen, Plen, Ilen; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; Loading Loading @@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, BN_bin2bn (I + j, v, Ij); BN_add (Ij, Ij, Bpl1); BN_bn2bin (Ij, B); Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ if (BN_num_bytes (Ij) > v) { if (Ijlen > v) { BN_bn2bin (Ij, B); memcpy (I + j, B + 1, v); #ifndef PKCS12_BROKEN_KEYGEN /* If less than v bytes pad with zeroes */ } else if (Ijlen < v) { memset(I + j, 0, v - Ijlen); BN_bn2bin(Ij, I + j + v - Ijlen); #endif } else BN_bn2bin (Ij, I + j); } } Loading doc/apps/pkcs12.pod +20 −0 Original line number Diff line number Diff line Loading @@ -304,6 +304,26 @@ Include some extra certificates: Some would argue that the PKCS#12 standard is one big bug :-) Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation routines. Under rare circumstances this could produce a PKCS#12 file encrypted with an invalid key. As a result some PKCS#12 files which triggered this bug from other implementations (MSIE or Netscape) could not be decrypted by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could not be decrypted by other implementations. The chances of producing such a file are relatively small: less than 1 in 256. A side effect of fixing this bug is that any old invalidly encrypted PKCS#12 files cannot no longer be parsed by the fixed version. Under such circumstances the B<pkcs12> utility will report that the MAC is OK but fail with a decryption error when extracting private keys. This problem can be resolved by extracting the private keys and certificates from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12 file from the keys and certificates using a newer version of OpenSSL. For example: old-openssl -in bad.p12 -out keycerts.pem openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12 =head1 SEE ALSO L<pkcs8(1)|pkcs8(1)> Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,12 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] *) Fix bug in PKCS#12 key generation routines. This was triggered if a 3DES key was generated with a 0 initial byte. Include PKCS12_BROKEN_KEYGEN compilation option to retain the old (but broken) behaviour. [Steve Henson] *) Enhance bctest to search for a working bc along $PATH and print it when found. [Tim Rice <tim@multitalents.net> via Richard Levitte] Loading
crypto/pkcs12/p12_key.c +9 −2 Original line number Diff line number Diff line Loading @@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, const EVP_MD *md_type) { unsigned char *B, *D, *I, *p, *Ai; int Slen, Plen, Ilen; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; Loading Loading @@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, BN_bin2bn (I + j, v, Ij); BN_add (Ij, Ij, Bpl1); BN_bn2bin (Ij, B); Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ if (BN_num_bytes (Ij) > v) { if (Ijlen > v) { BN_bn2bin (Ij, B); memcpy (I + j, B + 1, v); #ifndef PKCS12_BROKEN_KEYGEN /* If less than v bytes pad with zeroes */ } else if (Ijlen < v) { memset(I + j, 0, v - Ijlen); BN_bn2bin(Ij, I + j + v - Ijlen); #endif } else BN_bn2bin (Ij, I + j); } } Loading
doc/apps/pkcs12.pod +20 −0 Original line number Diff line number Diff line Loading @@ -304,6 +304,26 @@ Include some extra certificates: Some would argue that the PKCS#12 standard is one big bug :-) Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation routines. Under rare circumstances this could produce a PKCS#12 file encrypted with an invalid key. As a result some PKCS#12 files which triggered this bug from other implementations (MSIE or Netscape) could not be decrypted by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could not be decrypted by other implementations. The chances of producing such a file are relatively small: less than 1 in 256. A side effect of fixing this bug is that any old invalidly encrypted PKCS#12 files cannot no longer be parsed by the fixed version. Under such circumstances the B<pkcs12> utility will report that the MAC is OK but fail with a decryption error when extracting private keys. This problem can be resolved by extracting the private keys and certificates from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12 file from the keys and certificates using a newer version of OpenSSL. For example: old-openssl -in bad.p12 -out keycerts.pem openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12 =head1 SEE ALSO L<pkcs8(1)|pkcs8(1)> Loading
