Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
02ee8626
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
02ee8626
编写于
3月 18, 2001
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix PKCS#12 key generation bug.
上级
6276e5b4
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
35 addition
and
2 deletion
+35
-2
CHANGES
CHANGES
+6
-0
crypto/pkcs12/p12_key.c
crypto/pkcs12/p12_key.c
+9
-2
doc/apps/pkcs12.pod
doc/apps/pkcs12.pod
+20
-0
未找到文件。
CHANGES
浏览文件 @
02ee8626
...
...
@@ -3,6 +3,12 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Fix bug in PKCS#12 key generation routines. This was triggered
if a 3DES key was generated with a 0 initial byte. Include
PKCS12_BROKEN_KEYGEN compilation option to retain the old
(but broken) behaviour.
[Steve Henson]
*) Enhance bctest to search for a working bc along $PATH and print
it when found.
[Tim Rice <tim@multitalents.net> via Richard Levitte]
...
...
crypto/pkcs12/p12_key.c
浏览文件 @
02ee8626
...
...
@@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
const
EVP_MD
*
md_type
)
{
unsigned
char
*
B
,
*
D
,
*
I
,
*
p
,
*
Ai
;
int
Slen
,
Plen
,
Ilen
;
int
Slen
,
Plen
,
Ilen
,
Ijlen
;
int
i
,
j
,
u
,
v
;
BIGNUM
*
Ij
,
*
Bpl1
;
/* These hold Ij and B + 1 */
EVP_MD_CTX
ctx
;
...
...
@@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
BN_bin2bn
(
I
+
j
,
v
,
Ij
);
BN_add
(
Ij
,
Ij
,
Bpl1
);
BN_bn2bin
(
Ij
,
B
);
Ijlen
=
BN_num_bytes
(
Ij
);
/* If more than 2^(v*8) - 1 cut off MSB */
if
(
BN_num_bytes
(
Ij
)
>
v
)
{
if
(
Ijlen
>
v
)
{
BN_bn2bin
(
Ij
,
B
);
memcpy
(
I
+
j
,
B
+
1
,
v
);
#ifndef PKCS12_BROKEN_KEYGEN
/* If less than v bytes pad with zeroes */
}
else
if
(
Ijlen
<
v
)
{
memset
(
I
+
j
,
0
,
v
-
Ijlen
);
BN_bn2bin
(
Ij
,
I
+
j
+
v
-
Ijlen
);
#endif
}
else
BN_bn2bin
(
Ij
,
I
+
j
);
}
}
...
...
doc/apps/pkcs12.pod
浏览文件 @
02ee8626
...
...
@@ -304,6 +304,26 @@ Include some extra certificates:
Some would argue that the PKCS#12 standard is one big bug :-)
Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation
routines. Under rare circumstances this could produce a PKCS#12 file encrypted
with an invalid key. As a result some PKCS#12 files which triggered this bug
from other implementations (MSIE or Netscape) could not be decrypted
by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could
not be decrypted by other implementations. The chances of producing such
a file are relatively small: less than 1 in 256.
A side effect of fixing this bug is that any old invalidly encrypted PKCS#12
files cannot no longer be parsed by the fixed version. Under such circumstances
the B<pkcs12> utility will report that the MAC is OK but fail with a decryption
error when extracting private keys.
This problem can be resolved by extracting the private keys and certificates
from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12
file from the keys and certificates using a newer version of OpenSSL. For example:
old-openssl -in bad.p12 -out keycerts.pem
openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12
=head1 SEE ALSO
L<pkcs8(1)|pkcs8(1)>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录