diff options
| author | Adam Langley <alangley@gmail.com> | 2016-02-02 01:30:02 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-02-02 22:21:59 +0300 |
| commit | d057454f900f3f5f9538986579b5600e00000736 (patch) | |
| tree | 6f52824120359a433d51c8382ef0ef45493b6bc5 /crypto/pkcs8 | |
| parent | e66148a18fbf0883b615adeecb59661a80cdf4ab (diff) | |
Changes to support node.js's use of PKCS#12.
node.js uses a memory BIO in the wrong mode which, for now, we work
around. It also passes in NULL (rather than empty) strings and a
non-NULL out-arg for |d2i_PKCS12_bio|.
Change-Id: Ib565b4a202775bb32fdcb76db8a4e8c54268c052
Reviewed-on: https://boringssl-review.googlesource.com/7012
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/pkcs8')
| -rw-r--r-- | crypto/pkcs8/pkcs8.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.c index 31a34a7c..ac13faf7 100644 --- a/crypto/pkcs8/pkcs8.c +++ b/crypto/pkcs8/pkcs8.c @@ -975,7 +975,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, ctx.out_key = out_key; ctx.out_certs = out_certs; - if (!ascii_to_ucs2(password, strlen(password), &ctx.password, + if (!ascii_to_ucs2(password, password ? strlen(password) : 0, &ctx.password, &ctx.password_len)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); goto err; @@ -1066,9 +1066,6 @@ struct pkcs12_st { PKCS12* d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) { PKCS12 *p12; - /* out_p12 must be NULL because we don't export the PKCS12 structure. */ - assert(out_p12 == NULL); - p12 = OPENSSL_malloc(sizeof(PKCS12)); if (!p12) { return NULL; @@ -1084,6 +1081,12 @@ PKCS12* d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) p12->ber_len = ber_len; *ber_bytes += ber_len; + if (out_p12) { + PKCS12_free(*out_p12); + + *out_p12 = p12; + } + return p12; } @@ -1105,7 +1108,12 @@ PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { for (;;) { int n = BIO_read(bio, &buf->data[used], buf->length - used); if (n < 0) { - goto out; + if (used == 0) { + goto out; + } + /* Workaround a bug in node.js. It uses a memory BIO for this in the wrong + * mode. */ + n = 0; } if (n == 0) { @@ -1212,6 +1220,9 @@ int PKCS12_verify_mac(const PKCS12 *p12, const char *password, } void PKCS12_free(PKCS12 *p12) { + if (p12 == NULL) { + return; + } OPENSSL_free(p12->ber_bytes); OPENSSL_free(p12); } |