From ac9f8f44da045aaca5b4bd257fc99046596adc69 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 4 Aug 2012 13:09:57 +0200 Subject: Restored ability to decrypt PKCS #8 and #12 keys with a NULL password. Certtool now accepts the option --null-password. --- lib/x509/privkey.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'lib/x509/privkey.c') diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 9d32025db0..98095aa5a0 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -564,6 +564,7 @@ failover: * @data: The DER or PEM encoded certificate. * @format: One of DER or PEM * @password: A password (optional) + * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t * * This function will import the given DER or PEM encoded key, to * the native #gnutls_x509_privkey_t format, irrespective of the @@ -582,11 +583,11 @@ int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - const char* password) + const char* password, unsigned int flags) { int ret = 0; - if (password == NULL) + if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { ret = gnutls_x509_privkey_import(key, data, format); if (ret < 0) @@ -595,12 +596,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, } } - if (password != NULL || ret < 0) + if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0) { - ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, 0); + ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags); if (ret < 0) { - if (format == GNUTLS_X509_FMT_PEM) + if (format == GNUTLS_X509_FMT_PEM && password != NULL) { int err; err = gnutls_x509_privkey_import_openssl(key, data, password); @@ -611,8 +612,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, goto cleanup; } } + else + { + gnutls_assert(); + goto cleanup; + } } - } ret = 0; -- cgit v1.2.1