diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-03 09:35:31 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-04 11:02:58 +0200 |
| commit | 2b2c5c9f55a483f624b22b541ffae6c3bb1a6b52 (patch) | |
| tree | 9642f4581bd953c782ce36298e83ef2b0dcb5bc8 | |
| parent | aec51cf8704685a3717aa6ff51d0ebcad2403508 (diff) | |
| download | gnutls-2b2c5c9f55a483f624b22b541ffae6c3bb1a6b52.tar.gz | |
gnutls_pkcs8_info: return the encryption algorithm OID on failure
When failing to import a structure due to an unsupported encryption
algorithm OID, return the unsupported OID instead of the generic
PBES2 OID.
Resolves: #193
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/x509/pkcs7-crypt.c | 9 | ||||
| -rw-r--r-- | lib/x509/pkcs7_int.h | 1 | ||||
| -rw-r--r-- | lib/x509/privkey_pkcs8.c | 9 |
3 files changed, 13 insertions, 6 deletions
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index 45233acd8a..1f6298d36c 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -791,22 +791,21 @@ read_pbes2_enc_params(ASN1_TYPE pasn, int params_start, params_end; int params_len, len, result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; - char oid[MAX_OID_SIZE]; const struct pkcs_cipher_schema_st *p; memset(params, 0, sizeof(*params)); /* Check the encryption algorithm */ - len = sizeof(oid); - result = asn1_read_value(pasn, "encryptionScheme.algorithm", oid, &len); + len = sizeof(params->pbes2_oid); + result = asn1_read_value(pasn, "encryptionScheme.algorithm", params->pbes2_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid); + _gnutls_hard_log("encryptionScheme.algorithm: %s\n", params->pbes2_oid); - if ((result = pbes2_cipher_oid_to_algo(oid, ¶ms->cipher)) < 0) { + if ((result = pbes2_cipher_oid_to_algo(params->pbes2_oid, ¶ms->cipher)) < 0) { gnutls_assert(); return result; } diff --git a/lib/x509/pkcs7_int.h b/lib/x509/pkcs7_int.h index b0f7e456e1..9d3ea24e31 100644 --- a/lib/x509/pkcs7_int.h +++ b/lib/x509/pkcs7_int.h @@ -66,6 +66,7 @@ struct pbe_enc_params { gnutls_cipher_algorithm_t cipher; uint8_t iv[MAX_CIPHER_BLOCK_SIZE]; int iv_size; + char pbes2_oid[MAX_OID_SIZE]; /* when reading params, the OID is stored for info purposes */ }; int diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index f009258777..0f1863d160 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -774,12 +774,14 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, char **oid) { int result, len; - char enc_oid[MAX_OID_SIZE]; + char enc_oid[MAX_OID_SIZE*2]; int params_start, params_end, params_len; struct pbe_enc_params enc_params; schema_id schema; ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; + memset(&enc_params, 0, sizeof(enc_params)); + result = check_for_decrypted(raw_key); if (result == 0) return GNUTLS_E_INVALID_REQUEST; @@ -845,6 +847,11 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, if (result < 0) { gnutls_assert(); + if (oid && enc_params.pbes2_oid[0] != 0) { + snprintf(enc_oid, sizeof(enc_oid), "%s/%s", *oid, enc_params.pbes2_oid); + gnutls_free(*oid); + *oid = gnutls_strdup(enc_oid); + } goto error; } |