diff options
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | apps/pkcs8.c | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa_ameth.c | 8 | ||||
| -rw-r--r-- | crypto/x509/x509.h | 1 |
4 files changed, 16 insertions, 0 deletions
@@ -44,6 +44,9 @@ Changes between 0.9.8m (?) and 1.0.0 [xx XXX xxxx] + *) Tolerate yet another broken PKCS#8 key format: private key value negative. + [Steve Henson] + *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to output hashes compatible with older versions of OpenSSL. [Willy Weisz <weisz@vcpc.univie.ac.at>] diff --git a/apps/pkcs8.c b/apps/pkcs8.c index c93ce7734d..7edeb179dd 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -403,6 +403,10 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); break; + case PKCS8_NEG_PRIVKEY: + BIO_printf(bio_err, "DSA private key value is negative\n"); + break; + default: BIO_printf(bio_err, "Unknown broken type\n"); break; diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index a588740cd8..5482330c84 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -237,8 +237,16 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) } else { + const unsigned char *q = p; if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) goto decerr; + if (privkey->type == V_ASN1_NEG_INTEGER) + { + p8->broken = PKCS8_NEG_PRIVKEY; + ASN1_INTEGER_free(privkey); + if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) + goto decerr; + } if (ptype != V_ASN1_SEQUENCE) goto decerr; } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index a2383b387a..eb1b7c6b2d 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -585,6 +585,7 @@ struct pkcs8_priv_key_info_st #define PKCS8_NO_OCTET 1 #define PKCS8_EMBEDDED_PARAM 2 #define PKCS8_NS_DB 3 +#define PKCS8_NEG_PRIVKEY 4 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ |