Change PKCS#12 key derivation routines to cope with

non null terminated passwords.

Change PKCS#12 key derivation routines to cope with
non null terminated passwords.
6308af19 · Dr. Stephen Henson · 8e5b6314 · 6308af19 · 6308af19 · 6308af19
5 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,12 @@
 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
  *) New OCSP utility. Allows OCSP requests to be generated or
     read. The request can be sent to a responder and the output
     parsed, outputed or printed in text form. Not complete yet:

--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
 {
 	unsigned char *uniname;
 	int ret, unilen;
-	if (!asc2uni(name, &uniname, &unilen)) {
+	if (!asc2uni(name, namelen, &uniname, &unilen)) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
 							ERR_R_MALLOC_FAILURE);
 		return 0;

--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 	if(!pass) {
 		unipass = NULL;
 		uniplen = 0;
-	} else if (!asc2uni(pass, &unipass, &uniplen)) {
+	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
 		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
 		return 0;
 	}

--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -62,22 +62,26 @@
 /* Cheap and nasty Unicode stuff */
-unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
 {
 	int ulen, i;
 	unsigned char *unitmp;
-	ulen = strlen(asc)*2  + 2;
+	if (asclen == -1) asclen = strlen(asc);
-	if (!(unitmp = OPENSSL_malloc (ulen))) return NULL;
+	ulen = asclen*2  + 2;
-	for (i = 0; i < ulen; i+=2) {
+	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
+	for (i = 0; i < ulen - 2; i+=2) {
 		unitmp[i] = 0;
 		unitmp[i + 1] = asc[i>>1];
 	}
+	/* Make result double null terminated */
+	unitmp[ulen - 2] = 0;
+	unitmp[ulen - 1] = 0;
 	if (unilen) *unilen = ulen;
 	if (uni) *uni = unitmp;
 	return unitmp;
 }
-char *uni2asc (unsigned char *uni, int unilen)
+char *uni2asc(unsigned char *uni, int unilen)
 {
 	int asclen, i;
 	char *asctmp;
@@ -85,7 +89,7 @@ char *uni2asc (unsigned char *uni, int unilen)
 	/* If no terminating zero allow for one */
 	if (!unilen || uni[unilen - 1]) asclen++;
 	uni++;
-	if (!(asctmp = OPENSSL_malloc (asclen))) return NULL;
+	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
 	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
 	asctmp[asclen - 1] = 0;
 	return asctmp;

--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -230,7 +230,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 		   EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
 					 int saltlen, EVP_MD *md_type);
-unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);
 DECLARE_ASN1_FUNCTIONS(PKCS12)