[openssl-dev] [openssl.org #3927] regression in 1.0.2c spotted by Net-SSLeay
Marcus Meissner via RT
rt at openssl.org
Mon Jun 29 14:27:18 UTC 2015
Hi,
I am debugging a testsuite error in the perl Net-SSLeay module, which got introduced between 1.0.2a
and 1.0.2c.
The test code looks like this:
... private key in $pk ...
ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
Previously it returned a encrypted key, now it does not.
The error stack has:
0:error:0D0A706C:asn1 encoding routines:PKCS5_pbe2_set_iv:cipher has no object identifier:p5_pbev2.c:104:
0:error:2307D00D:PKCS12 routines:PKCS8_encrypt:ASN1 lib:p12_p8e.c:86:
Which I _think_ is caused by this change between 1.0.2a and 1.0.2c:
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 5cd755d..aca382a 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -400,6 +400,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
j = (a->length - b->length);
if (j)
return (j);
+ if (a->length == 0)
+ return 0;
return (memcmp(a->data, b->data, a->length));
}
@@ -415,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
if (a->nid != 0)
return (a->nid);
+ if (a->length == 0)
+ return NID_undef;
+
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
which comes from the objects entry:
obj_dat.h:{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0},
obj_dat.h:{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0},
I was not able to find out why des-ede3-cbc does have length 8, but ofb does not?
How to fix this? Should it have length 8 too?
Ciao, Marcus
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list