Restored ability to decrypt PKCS #8 and #12 keys with a NULL password. Certtool now accepts the option --null-password.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-08-04 13:09:57 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-08-04 13:12:50 +0200
commit: ac9f8f44da045aaca5b4bd257fc99046596adc69 (patch)
tree: 5e9c82456367eef926d69fb3642920f11ab3ce58 /lib/x509/privkey.c
parent: b0962b305de154fa3fce0b3c5a4b10958fd30ce7 (diff)
download: gnutls-ac9f8f44da045aaca5b4bd257fc99046596adc69.tar.gz
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 9d32025db0..98095aa5a0 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -564,6 +564,7 @@ failover:
  * @data: The DER or PEM encoded certificate.
  * @format: One of DER or PEM
  * @password: A password (optional)
+ * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
  *
  * This function will import the given DER or PEM encoded key, to 
  * the native #gnutls_x509_privkey_t format, irrespective of the
@@ -582,11 +583,11 @@ int
 gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
                             const gnutls_datum_t * data,
                             gnutls_x509_crt_fmt_t format,
-                            const char* password)
+                            const char* password, unsigned int flags)
 {
   int ret = 0;
   
-  if (password == NULL)
+  if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
     {
       ret = gnutls_x509_privkey_import(key, data, format);
       if (ret < 0)
@@ -595,12 +596,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
         }
     }
   
-  if (password != NULL || ret < 0)
+  if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0)
     {
-      ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, 0);
+      ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags);
       if (ret < 0)
         {
-          if (format == GNUTLS_X509_FMT_PEM)
+          if (format == GNUTLS_X509_FMT_PEM && password != NULL)
             {
               int err;
               err = gnutls_x509_privkey_import_openssl(key, data, password);
@@ -611,8 +612,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
                   goto cleanup;
                 }
             }
+          else
+            {
+              gnutls_assert();
+              goto cleanup;
+            }
         }
-    
     }
 
   ret = 0;
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-08-04 13:09:57 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-08-04 13:12:50 +0200
commit	ac9f8f44da045aaca5b4bd257fc99046596adc69 (patch)
tree	5e9c82456367eef926d69fb3642920f11ab3ce58 /lib/x509/privkey.c
parent	b0962b305de154fa3fce0b3c5a4b10958fd30ce7 (diff)
download	gnutls-ac9f8f44da045aaca5b4bd257fc99046596adc69.tar.gz