[gnutls-dev] [gnutls-cvs PATCH] Fix handling of PKCS#12 and contents without apassphrase
Anton Altaparmakov
aia21 at cam.ac.uk
Tue Sep 27 16:44:42 CEST 2005
Hi Nikos,
On Tue, 2005-09-27 at 16:05 +0200, Nikos Mavrogiannopoulos wrote:
> On Tuesday 27 September 2005 11:34, Anton Altaparmakov wrote:
> > Hi,
> > Gnutls has bugs when handling PKCS#12 files and their contents when
> > they do not have a passphrase.
> > OpenSSL's "openssl pkcs12" utility worked fine to load and dump those
> > PKCS#12 files which made me look into the gnutls source code and I managed
> > to find out what was going on after a log of debugging. For example
> > gnutls didn't allow a 0 MPI which is perfectly valid. Also it had no
> > concept of empty passwords (it assumed password = NULL means not encrypted
> > which is wrong) and finally it did not understand the difference between
> > password = NULL and password = "".
> > The below patch fixes all the above problems. It is against the current
> > gnutls cvs (generated using "cvs diff"). Please apply.
>
> Hello Anton,
> Thank you for the patch. I've changed some things since some parts of gnutls
> rely on this property of mpi_scan(). If the attached patch works for you I'll
> apply it to the cvs.
Thanks for the quick response!
You missed a chunk of my patch in yours so your patch as it is does not
work. But if you add the missing chunk it works fine. (-:
Here is the missing chunk:
Index: lib/x509/privkey_pkcs8.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/x509/privkey_pkcs8.c,v
retrieving revision 1.49
diff -u -p -r1.49 privkey_pkcs8.c
--- lib/x509/privkey_pkcs8.c 30 Aug 2005 10:46:08 -0000 1.49
+++ lib/x509/privkey_pkcs8.c 27 Sep 2005 09:03:56 -0000
@@ -810,7 +810,7 @@ int decode_private_key_info(const gnutls
* @data: The DER or PEM encoded key.
* @format: One of DER or PEM
* @password: the password to decrypt the key (if it is encrypted).
- * @flags: use 0.
+ * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
*
* This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key
* to the native gnutls_x509_privkey_t format. The output will be stored in @key.
@@ -880,7 +880,7 @@ int gnutls_x509_privkey_import_pkcs8(gnu
need_free = 1;
}
- if (flags & GNUTLS_PKCS_PLAIN || password == NULL) {
+ if (flags & GNUTLS_PKCS_PLAIN) {
result = decode_private_key_info(&_data, key, &key->key);
} else { /* encrypted. */
result = decode_pkcs8_key(&_data, password, key, &key->key);
Best regards,
Anton
--
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer / IRC: #ntfs on irc.freenode.net
WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/
More information about the Gnutls-devel
mailing list