From: Nikos Mavrogiannopoulos Date: Fri, 29 Jun 2012 14:27:30 +0000 (+0200) Subject: Included more algorithms in openssl privkey decryption. X-Git-Tag: gnutls_3_0_21~17 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3889a91abe842c05c5e79c0650391b979bb99bc0;p=thirdparty%2Fgnutls.git Included more algorithms in openssl privkey decryption. --- diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c index bbff8b2756..4e62507e32 100644 --- a/lib/x509/privkey_openssl.c +++ b/lib/x509/privkey_openssl.c @@ -68,7 +68,7 @@ openssl_hash_password (const char *pass, gnutls_datum_t * key, gnutls_datum_t * if (err) goto hash_err; } - err = gnutls_hash (hash, salt->data, salt->size); + err = gnutls_hash (hash, salt->data, 8); if (err) goto hash_err; @@ -87,6 +87,19 @@ openssl_hash_password (const char *pass, gnutls_datum_t * key, gnutls_datum_t * return 0; } +static const struct pem_cipher { + const char *name; + gnutls_cipher_algorithm_t cipher; +} pem_ciphers[] = { + { "DES-CBC", GNUTLS_CIPHER_DES_CBC }, + { "DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC }, + { "AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC }, + { "AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC }, + { "AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC }, + { "CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC }, + { "CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC }, +}; + /** * gnutls_x509_privkey_import_openssl: * @key: The structure to store the parsed key @@ -111,13 +124,13 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key, const gnutls_datum_t *data, gnutls_x509_crt_fmt_t format, const char* password) { gnutls_cipher_hd_t handle; - gnutls_cipher_algorithm_t cipher; + gnutls_cipher_algorithm_t cipher = GNUTLS_CIPHER_UNKNOWN; gnutls_datum_t b64_data; gnutls_datum_t salt, enc_key; unsigned char *key_data; const char *pem_header = (void*)data->data; int ret, err; - unsigned int i, iv_size; + unsigned int i, iv_size, l; pem_header = memmem(pem_header, data->size, "DEK-Info: ", 10); if (pem_header == NULL) @@ -128,22 +141,19 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key, pem_header += 10; - if (!strncmp (pem_header, "DES-EDE3-CBC,", 13)) + for (i = 0; i < sizeof(pem_ciphers)/sizeof(pem_ciphers[0]); i++) { - pem_header += 13; - cipher = GNUTLS_CIPHER_3DES_CBC; - } - else if (!strncmp (pem_header, "AES-128-CBC,", 12)) - { - pem_header += 12; - cipher = GNUTLS_CIPHER_AES_128_CBC; - } - else if (!strncmp (pem_header, "AES-256-CBC,", 12)) - { - pem_header += 12; - cipher = GNUTLS_CIPHER_AES_256_CBC; + l = strlen(pem_ciphers[i].name); + if (!strncmp(pem_header, pem_ciphers[i].name, l) && + pem_header[l] == ',') + { + pem_header += l + 1; + cipher = pem_ciphers[i].cipher; + break; + } } - else + + if (cipher == GNUTLS_CIPHER_UNKNOWN) { _gnutls_debug_log ("Unsupported PEM encryption type: %.10s\n", pem_header); gnutls_assert();