[openssl-dev] [PATCH] Support broken PKCS#12 key generation.

[David Woodhouse]

On Wed, 2016-08-24 at 18:55 +0100, Dr. Stephen Henson wrote:
> commit 647ac8d3d7143e3721d55e1f57730b6f26e72fc9
>
> OpenSSL versions before 1.1.0 didn't convert non-ASCII
> UTF8 PKCS#12 passwords to Unicode correctly.
> 
> To correctly decrypt older files, if MAC verification fails
> with the supplied password attempt to use the broken format
> which is compatible with earlier versions of OpenSSL.
> 
> Reviewed-by: Richard Levitte <levitte at openssl.org>

Hm, this sounds like something that other crypto libraries also ought
to try to work around. 

Please could you elaborate on the specific problem, and/or show a test
case?

I'm not quite sure how to interpret the patch itself. You pass the
password through OPENSSL_asc2uni() and then OPENSSL_uni2utf8() — which
is essentially converting ISO8859-1 to UTF-8.

So, if my password is "naïve". In UTF-8 that's 6e 61 c3 af 76 65, which
is the correct sequence of bytes to use for the password?

And you now convert that sequence of bytes to 6e 61 c3 83 c2 af 76 65
by assuming it's ISO8859-1 (which would be 'naïve') and converting to
UTF-8?

So... what was the bug that was actually being worked around? That
older versions were converting from the local charset to UTF-8 twice in
a row? So you've implemented a "convert ISO8859-1 to UTF-8" fallback
which will cope with that in *some* locales but not all...? I don't
really understand.

Thanks for any light you can shed on it!

/me goes off to add non-ASCII passwords to the growing torture test
suite at
http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/tests/Makefile.am

-- 
dwmw2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160828/6a4eb931/attachment-0001.bin>