openssl-engine-0.9.6a merge

6 files changed, 26 insertions, 13 deletions

diff --git a/lib/libcrypto/pkcs12/Makefile.ssl b/lib/libcrypto/pkcs12/Makefile.ssl
index 67869f204fb..d745c536216 100644
--- a/lib/libcrypto/pkcs12/Makefile.ssl
+++ b/lib/libcrypto/pkcs12/Makefile.ssl
@@ -45,7 +45,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:
diff --git a/lib/libcrypto/pkcs12/p12_attr.c b/lib/libcrypto/pkcs12/p12_attr.c
index f1a210b5d27..a16a97d03df 100644
--- a/lib/libcrypto/pkcs12/p12_attr.c
+++ b/lib/libcrypto/pkcs12/p12_attr.c
@@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
 {
 	unsigned char *uniname;
 	int ret, unilen;
-	if (!asc2uni(name, &uniname, &unilen)) {
+	if (!asc2uni(name, namelen, &uniname, &unilen)) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
 							ERR_R_MALLOC_FAILURE);
 		return 0;
diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c
index b042dcf05c9..a4fd5b98ec9 100644
--- a/lib/libcrypto/pkcs12/p12_key.c
+++ b/lib/libcrypto/pkcs12/p12_key.c
@@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 	if(!pass) {
 		unipass = NULL;
 		uniplen = 0;
-	} else if (!asc2uni(pass, &unipass, &uniplen)) {
+	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
 		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
@@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	     const EVP_MD *md_type)
 {
 	unsigned char *B, *D, *I, *p, *Ai;
-	int Slen, Plen, Ilen;
+	int Slen, Plen, Ilen, Ijlen;
 	int i, j, u, v;
 	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
 	EVP_MD_CTX ctx;
@@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 			BN_bin2bn (I + j, v, Ij);
 			BN_add (Ij, Ij, Bpl1);
 			BN_bn2bin (Ij, B);
+			Ijlen = BN_num_bytes (Ij);
 			/* If more than 2^(v*8) - 1 cut off MSB */
-			if (BN_num_bytes (Ij) > v) {
+			if (Ijlen > v) {
 				BN_bn2bin (Ij, B);
 				memcpy (I + j, B + 1, v);
+#ifndef PKCS12_BROKEN_KEYGEN
+			/* If less than v bytes pad with zeroes */
+			} else if (Ijlen < v) {
+				memset(I + j, 0, v - Ijlen);
+				BN_bn2bin(Ij, I + j + v - Ijlen); 
+#endif
 			} else BN_bn2bin (Ij, I + j);
 		}
 	}
diff --git a/lib/libcrypto/pkcs12/p12_kiss.c b/lib/libcrypto/pkcs12/p12_kiss.c
index 1fbbd6c99f9..5d67f19b455 100644
--- a/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/lib/libcrypto/pkcs12/p12_kiss.c
@@ -264,6 +264,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 		if (lkey) {
 			*keymatch |= MATCH_CERT;
 			if (cert) *cert = x509;
+			else X509_free(x509);
 		} else {
 			if(ca) sk_X509_push (*ca, x509);
 			else X509_free(x509);
diff --git a/lib/libcrypto/pkcs12/p12_utl.c b/lib/libcrypto/pkcs12/p12_utl.c
index 17f41b45496..2f1d1e534fc 100644
--- a/lib/libcrypto/pkcs12/p12_utl.c
+++ b/lib/libcrypto/pkcs12/p12_utl.c
@@ -62,30 +62,34 @@
 
 /* Cheap and nasty Unicode stuff */
 
-unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
 {
 	int ulen, i;
 	unsigned char *unitmp;
-	ulen = strlen(asc)*2  + 2;
-	if (!(unitmp = OPENSSL_malloc (ulen))) return NULL;
-	for (i = 0; i < ulen; i+=2) {
+	if (asclen == -1) asclen = strlen(asc);
+	ulen = asclen*2  + 2;
+	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
+	for (i = 0; i < ulen - 2; i+=2) {
 		unitmp[i] = 0;
 		unitmp[i + 1] = asc[i>>1];
 	}
+	/* Make result double null terminated */
+	unitmp[ulen - 2] = 0;
+	unitmp[ulen - 1] = 0;
 	if (unilen) *unilen = ulen;
 	if (uni) *uni = unitmp;
 	return unitmp;
 }
 
-char *uni2asc (unsigned char *uni, int unilen)
+char *uni2asc(unsigned char *uni, int unilen)
 {
 	int asclen, i;
 	char *asctmp;
 	asclen = unilen / 2;
 	/* If no terminating zero allow for one */
-	if (uni[unilen - 1]) asclen++;
+	if (!unilen || uni[unilen - 1]) asclen++;
 	uni++;
-	if (!(asctmp = OPENSSL_malloc (asclen))) return NULL;
+	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
 	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
 	asctmp[asclen - 1] = 0;
 	return asctmp;
diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h
index 502fceff954..e529154f263 100644
--- a/lib/libcrypto/pkcs12/pkcs12.h
+++ b/lib/libcrypto/pkcs12/pkcs12.h
@@ -247,7 +247,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 		   EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
 					 int saltlen, EVP_MD *md_type);
-unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);
 int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
 PKCS12_BAGS *PKCS12_BAGS_new(void);