From 4b42658082a3d6224d25f10de8fdb605d30015a9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 22 Feb 2000 18:45:11 +0000 Subject: [PATCH] Make pkcs8 work again. Make EVP_CIPHER_type() return NID_undef if the cipher has no ASN1 OID, modify code to handle this. --- apps/pkcs8.c | 20 +++++++++++++------- crypto/asn1/p5_pbev2.c | 4 ++-- crypto/evp/evp_lib.c | 6 +++++- crypto/pkcs7/pk7_lib.c | 5 +++-- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 9c031956c5..3e59b74124 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -83,7 +83,7 @@ int MAIN(int argc, char **argv) X509_SIG *p8; PKCS8_PRIV_KEY_INFO *p8inf; EVP_PKEY *pkey; - char pass[50], *passin = NULL, *passout = NULL; + char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); informat=FORMAT_PEM; @@ -226,18 +226,21 @@ int MAIN(int argc, char **argv) return (1); } } else { - if(!passout) { - passout = pass; + if(passout) p8pass = passout; + else { + p8pass = pass; EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1); } + app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, - passout, strlen(passout), + p8pass, strlen(p8pass), NULL, 0, iter, p8inf))) { BIO_printf(bio_err, "Error encrypting key\n", outfile); ERR_print_errors(bio_err); return (1); } + app_RAND_write_file(NULL, bio_err); if(outformat == FORMAT_PEM) PEM_write_bio_PKCS8(out, p8); else if(outformat == FORMAT_ASN1) @@ -251,6 +254,8 @@ int MAIN(int argc, char **argv) PKCS8_PRIV_KEY_INFO_free (p8inf); EVP_PKEY_free(pkey); BIO_free(out); + if(passin) Free(passin); + if(passout) Free(passout); return (0); } @@ -278,11 +283,12 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); return (1); } - if(!passin) { - passin = pass; + if(passin) p8pass = passin; + else { + p8pass = pass; EVP_read_pw_string(pass, 50, "Enter Password:", 0); } - p8inf = M_PKCS8_decrypt(p8, passin, strlen(passin)); + p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass)); X509_SIG_free(p8); } diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 2f6a4c4518..4ce06a94ab 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -178,12 +178,12 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, ASN1_OBJECT *obj; alg_nid = EVP_CIPHER_type(cipher); - obj = OBJ_nid2obj(alg_nid); - if(!obj || !obj->data) { + if(alg_nid == NID_undef) { ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; } + obj = OBJ_nid2obj(alg_nid); if(!(pbe2 = PBE2PARAM_new())) goto merr; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 3f9bf55828..a431945ef5 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -115,6 +115,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_type(const EVP_CIPHER *ctx) { int nid; + ASN1_OBJECT *otmp; nid = EVP_CIPHER_nid(ctx); switch(nid) { @@ -131,7 +132,10 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) return NID_rc4; default: - + /* Check it has an OID and it is valid */ + otmp = OBJ_nid2obj(nid); + if(!otmp || !otmp->data) nid = NID_undef; + ASN1_OBJECT_free(otmp); return nid; } } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 2012d7c87a..45973fe850 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -456,11 +456,12 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) } /* Check cipher OID exists and has data in it*/ - objtmp = OBJ_nid2obj(EVP_CIPHER_type(cipher)); - if(!objtmp || !objtmp->data) { + i = EVP_CIPHER_type(cipher); + if(i == NID_undef) { PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return(0); } + objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; -- 2.34.1