Change PKCS#12 key derivation routines to cope with

non null terminated passwords.

5 files changed, 19 insertions, 9 deletions

diff --git a/CHANGES b/CHANGES
index 403568adc0..eb80eb6184 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,12 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
   *) New OCSP utility. Allows OCSP requests to be generated or
      read. The request can be sent to a responder and the output
      parsed, outputed or printed in text form. Not complete yet:
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index 64bf4173fc..2d4d04292a 100644
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
 {
 	unsigned char *uniname;
 	int ret, unilen;
-	if (!asc2uni(name, &uniname, &unilen)) {
+	if (!asc2uni(name, namelen, &uniname, &unilen)) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
 							ERR_R_MALLOC_FAILURE);
 		return 0;
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index b042dcf05c..a9b4b8c972 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 	if(!pass) {
 		unipass = NULL;
 		uniplen = 0;
-	} else if (!asc2uni(pass, &unipass, &uniplen)) {
+	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
 		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index 8ed3e0d0c7..4409e5c1a8 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -62,22 +62,26 @@
 
 /* Cheap and nasty Unicode stuff */
 
-unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
 {
 	int ulen, i;
 	unsigned char *unitmp;
-	ulen = strlen(asc)*2  + 2;
-	if (!(unitmp = OPENSSL_malloc (ulen))) return NULL;
-	for (i = 0; i < ulen; i+=2) {
+	if (asclen == -1) asclen = strlen(asc);
+	ulen = asclen*2  + 2;
+	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
+	for (i = 0; i < ulen - 2; i+=2) {
 		unitmp[i] = 0;
 		unitmp[i + 1] = asc[i>>1];
 	}
+	/* Make result double null terminated */
+	unitmp[ulen - 2] = 0;
+	unitmp[ulen - 1] = 0;
 	if (unilen) *unilen = ulen;
 	if (uni) *uni = unitmp;
 	return unitmp;
 }
 
-char *uni2asc (unsigned char *uni, int unilen)
+char *uni2asc(unsigned char *uni, int unilen)
 {
 	int asclen, i;
 	char *asctmp;
@@ -85,7 +89,7 @@ char *uni2asc (unsigned char *uni, int unilen)
 	/* If no terminating zero allow for one */
 	if (!unilen || uni[unilen - 1]) asclen++;
 	uni++;
-	if (!(asctmp = OPENSSL_malloc (asclen))) return NULL;
+	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
 	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
 	asctmp[asclen - 1] = 0;
 	return asctmp;
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index 6492a910e2..1531ee7926 100644
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -230,7 +230,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 		   EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
 					 int saltlen, EVP_MD *md_type);
-unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);
 
 DECLARE_ASN1_FUNCTIONS(PKCS12)