diff --git a/libs/openssl/crypto/pkcs12/p12_key.c b/libs/openssl/crypto/pkcs12/p12_key.c index 99b8260c9..38928befc 100644 --- a/libs/openssl/crypto/pkcs12/p12_key.c +++ b/libs/openssl/crypto/pkcs12/p12_key.c @@ -77,6 +77,32 @@ void h__dump(unsigned char *p, int len); # define min(a,b) ((a) < (b) ? (a) : (b)) #endif +#if defined(WINSCP) && defined(PBE_UNICODE) +#undef PKCS12_key_gen_uni + +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); + +int PKCS12_key_gen_wrap(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type) +{ + if (pass == NULL) + { + // noop + } + // PKCS12_key_gen_uni cannot handle -1 length (contrary to PKCS12_key_gen_asc). + // OPENSSL_asc2uni adds the trailing \0 to the length, + // even if input ascii password length does not include it. + else if (passlen < 0) + { + passlen = (wcslen((wchar_t*)pass) * sizeof(wchar_t)) + sizeof(wchar_t); + } + return PKCS12_key_gen_uni(pass, passlen, salt, saltlen, id, iter, n, out, md_type); +} +#endif + int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type) diff --git a/libs/openssl/crypto/pkcs12/p12_kiss.c b/libs/openssl/crypto/pkcs12/p12_kiss.c index d563eb200..8edd56ce5 100644 --- a/libs/openssl/crypto/pkcs12/p12_kiss.c +++ b/libs/openssl/crypto/pkcs12/p12_kiss.c @@ -114,8 +114,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, )) { if (PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; + #if defined(WINSCP) && defined(PBE_UNICODE) + else if (PKCS12_verify_mac(p12, "\0", -1)) + pass = "\0"; // two NULLs + #else else if (PKCS12_verify_mac(p12, "", 0)) pass = ""; + #endif else { PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE); goto err; diff --git a/libs/openssl/crypto/pkcs12/p12_mutl.c b/libs/openssl/crypto/pkcs12/p12_mutl.c index 109a68bfc..0e51e12a6 100644 --- a/libs/openssl/crypto/pkcs12/p12_mutl.c +++ b/libs/openssl/crypto/pkcs12/p12_mutl.c @@ -93,15 +93,6 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, md_size = EVP_MD_size(md_type); if (md_size < 0) return 0; - #if defined(WINSCP) && defined(PBE_UNICODE) - if (passlen < 0) - { - // PKCS12_key_gen_uni cannot handle -1 length (contrary to PKCS12_key_gen_asc). - // OPENSSL_asc2uni adds the trailing \0 to the length, - // even if input ascii password length does not include it. - passlen = (wcslen((wchar_t*)pass) * sizeof(wchar_t)) + sizeof(wchar_t); - } - #endif if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, md_size, key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); diff --git a/libs/openssl/crypto/pkcs12/pkcs12.h b/libs/openssl/crypto/pkcs12/pkcs12.h index 21f1f62b3..50ab25165 100644 --- a/libs/openssl/crypto/pkcs12/pkcs12.h +++ b/libs/openssl/crypto/pkcs12/pkcs12.h @@ -89,6 +89,9 @@ extern "C" { # ifdef PBE_UNICODE # define PKCS12_key_gen PKCS12_key_gen_uni # define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni +# ifdef WINSCP +# define PKCS12_key_gen_uni PKCS12_key_gen_wrap +# endif # else # define PKCS12_key_gen PKCS12_key_gen_asc # define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc