diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-22 20:17:30 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-22 20:17:30 +0000 |
| commit | 1699389a4691ea94455ac73fda58b8be9c1f7708 (patch) | |
| tree | b5340c0a4d5f6af37a683899a03e49725b9d4b31 | |
| parent | ad8ee3d7d19691362de56a334a9b6f1961b8cde9 (diff) | |
Tolerate PKCS#8 DSA format with negative private key.
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | apps/pkcs8.c | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa_ameth.c | 8 | ||||
| -rw-r--r-- | crypto/x509/x509.h | 1 | ||||
| -rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 4 |
5 files changed, 19 insertions, 1 deletions
@@ -4,6 +4,9 @@ Changes between 0.9.8m (?) and 1.0.0 [xx XXX xxxx] + *) Tolerate yet another broken PKCS#8 key format: private key value negative. + [Steve Henson] + *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to output hashes compatible with older versions of OpenSSL. [Willy Weisz <weisz@vcpc.univie.ac.at>] diff --git a/apps/pkcs8.c b/apps/pkcs8.c index c93ce7734d..7edeb179dd 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -403,6 +403,10 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); break; + case PKCS8_NEG_PRIVKEY: + BIO_printf(bio_err, "DSA private key value is negative\n"); + break; + default: BIO_printf(bio_err, "Unknown broken type\n"); break; diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index a588740cd8..5482330c84 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -237,8 +237,16 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) } else { + const unsigned char *q = p; if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) goto decerr; + if (privkey->type == V_ASN1_NEG_INTEGER) + { + p8->broken = PKCS8_NEG_PRIVKEY; + ASN1_INTEGER_free(privkey); + if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) + goto decerr; + } if (ptype != V_ASN1_SEQUENCE) goto decerr; } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index e0ec25b061..604f4fb27f 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -585,6 +585,7 @@ struct pkcs8_priv_key_info_st #define PKCS8_NO_OCTET 1 #define PKCS8_EMBEDDED_PARAM 2 #define PKCS8_NS_DB 3 +#define PKCS8_NEG_PRIVKEY 4 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 9331e67153..72ebcadfe6 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -247,7 +247,9 @@ If an unpatched client attempts to connect to a patched OpenSSL server then the attempt will succeed but renegotiation is not permitted. As required by the standard a B<no_renegotiation> alert is sent back to the client if the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results -in a fatal B<handshake_failed> alert. +in a fatal B<handshake_failed> alert. If the patched server attempts to +renegotiate (existing applications which renegotiate may well do this) then +a fatal B<handshake_failed> alert is sent. If a patched OpenSSL client attempts to connect to an unpatched server then the connection will fail because it is not possible to determine |