On 13/03/2011 18:15, Jim Studt via RT wrote: > Perhaps the bomb.p12 got corrupted in transit? That looks a lot like > feeding a non-ASN.1 file to openssl.
This one does the same thing. > jim@rattus:~$ ls -l *.p12 ; md5sum *.p12 -rw-r--r-- 1 jim jim 718 > Mar 13 12:57 bomb.p12 -rw-r--r-- 1 jim jim 1587 Mar 13 12:56 > nomac.p12 41a2c4c8b8a78d906fd1ad7c14c06071 bomb.p12 > 7fe961d70f4520d6bd8359bfc657a449 nomac.p12 MD5(nomac.p12)= 1cababdf8f737c66d3ff1efd0daa426f -rw-r--r-- 1 ben ben 1553 Mar 13 20:30 nomac.p12 Slightly bemused - manually decoding the base64 from the email gives me a third length and checksum... >[ > > I just built 1.0.0d on a Debian squeeze machine and reran the tests > with the same results. > > I get the same problems and can see the same source error at line 650 > in apps/pkcs12.c now. > > The PKCS12 code I'm working with is improved now, attached to this > message is a second pkcs12 file which also does not have a MAC, but > is almost certainly a valid PKCS12 file. The password on nomac.p12 is > "password". > > Without fixing: > > jim@rattus:~/openssl-1.0.0d/apps$ ./openssl pkcs12 -nomacver -in > ~/bomb.p12 -info WARNING: can't open config file: > /usr/local/ssl/openssl.cnf Enter Import Password: Segmentation fault > > With fixing: > > jim@rattus:~/openssl-1.0.0d/apps$ ./openssl pkcs12 -nomacver -in > ~/bomb.p12 -info WARNING: can't open config file: > /usr/local/ssl/openssl.cnf Enter Import Password: PKCS7 Data > Certificate bag Bag Attributes: <No Attributes> > subject=/CN=core.studt.net issuer=/CN=JimTest6 -----BEGIN > CERTIFICATE----- > MIICYDCCAcmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhKaW1U > ZXN0NjAeFw0xMTAzMDYwMDAwMDBaFw0zODAxMTgwMDAwMDBaMBkxFzAVBgNVBAMT > DmNvcmUuc3R1ZHQubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNyG3l > N5hosB07sjxEGTv6Oq+HJ3wrD0JKO/pqejqvpuVmJQGDbHIXZz27lS3pqX552kwK > XXOLyg4ZDPX5VZtBVZ/Xqk47Lr6yqpud4nO5YNlFmC4b6ICNXSAI9RpuncLIz9aC > YwFmhkUjXI+1riqdH9sEKkE7C2q8UbuRXbLS8QIDAQABo4G9MIG6MB0GA1UdDgQW > BBRkDTNDYxEhM8upUSk/C5YeOEU9yzA7BgNVHSMENDAygBRu/B6FuCZvw8eudHki > yMDGV/bZyaEXpBUwEzERMA8GA1UEAxMISmltVGVzdDaCAQEwDwYDVR0PAQH/BAUD > AwegADAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwLAYDVR0RBCUwI6IQ > Fg5jb3JlLnN0dWR0Lm5ldKIPFg1zYmkuc3R1ZHQubmV0MA0GCSqGSIb3DQEBBQUA > A4GBACQz9X7QwHaHUdpbFep7ssafO18O4mlKKRznxN4DgfDWBpm8Wp0Lrn5xFX4L > z5kzdVMOLD2kS+C9oVce4xw2qpO08DDLBZ5noI8gussxaCbsDLcmb9u7drmEzg4c > n7vZSXLKmhISehMqUz49kdDWLkA2QwW7ocClvpBA5nY6Zoq3 -----END > CERTIFICATE----- > > > On Mar 13, 2011, at 12:18 PM, Ben Laurie via RT wrote: > >> If I run >> >> openssl pkcs12 -nomacver -in bomb.p12 -info >> >> on 1.0.0-stable, I get >> >> 1211807336:error:0D07209B:asn1 encoding >> routines:ASN1_get_object:too long:asn1_lib.c:142: >> 1211807336:error:0D068066:asn1 encoding >> routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306: >> 1211807336:error:0D06C03A:asn1 encoding >> routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:831: >> 1211807336:error:0D08303A:asn1 encoding >> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 >> error:tasn_dec.c:751:Field=version, Type=PKCS12 > >> > -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
