gnutls_pkcs8_info: return the encryption algorithm OID on failure

When failing to import a structure due to an unsupported encryption
algorithm OID, return the unsupported OID instead of the generic
PBES2 OID.

Resolves: #193

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 8 insertions, 1 deletions

diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index f009258777..0f1863d160 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -774,12 +774,14 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key,
 		   char **oid)
 {
 	int result, len;
-	char enc_oid[MAX_OID_SIZE];
+	char enc_oid[MAX_OID_SIZE*2];
 	int params_start, params_end, params_len;
 	struct pbe_enc_params enc_params;
 	schema_id schema;
 	ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
 
+	memset(&enc_params, 0, sizeof(enc_params));
+
 	result = check_for_decrypted(raw_key);
 	if (result == 0)
 		return GNUTLS_E_INVALID_REQUEST;
@@ -845,6 +847,11 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key,
 
 	if (result < 0) {
 		gnutls_assert();
+		if (oid && enc_params.pbes2_oid[0] != 0) {
+			snprintf(enc_oid, sizeof(enc_oid), "%s/%s", *oid, enc_params.pbes2_oid);
+			gnutls_free(*oid);
+			*oid = gnutls_strdup(enc_oid);
+		}
 		goto error;
 	}