diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-08-07 12:45:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-08 08:32:42 +0200 |
commit | 0470bf60104410e183e90bb1d21ccc151a545c44 (patch) | |
tree | c7dbf49cdf50cea44dc454d9715113c3caea9548 /lib/x509 | |
parent | 186dc9c2012003587a38d7f4d03edd8da5fe989f (diff) | |
download | gnutls-0470bf60104410e183e90bb1d21ccc151a545c44.tar.gz |
x509: call the fixup functions after loading private keys
That way we can better report errors which relate to illegal
parameters being detected.
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/privkey.c | 44 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 9 |
2 files changed, 41 insertions, 12 deletions
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 9cd57aa524..a3dc9ac7b6 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1,6 +1,7 @@ /* - * Copyright (C) 2003-2012 Free Software Foundation, Inc. - * Copyright (C) 2012-2015 Nikos Mavrogiannopoulos + * Copyright (C) 2003-2016 Free Software Foundation, Inc. + * Copyright (C) 2012-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2015-2016 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -222,13 +223,6 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, } pkey->params.params_nr++; - result = - _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_IMPORT, &pkey->params); - if (result < 0) { - gnutls_assert(); - goto error; - } - pkey->params.params_nr = RSA_PRIVATE_PARAMS; tmp_size = sizeof(tmp); @@ -643,10 +637,16 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, if (key->key == NULL) { gnutls_assert(); result = GNUTLS_E_ASN1_DER_ERROR; - } else { - result = 0; + goto cleanup; } + result = + _gnutls_pk_fixup(key->pk_algorithm, GNUTLS_IMPORT, &key->params); + if (result < 0) { + gnutls_assert(); + } + + cleanup: if (need_free) _gnutls_free_datum(&_data); @@ -727,6 +727,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, const char *password, unsigned int flags) { int ret = 0; + int saved_ret = GNUTLS_E_PARSING_ERROR; char pin[GNUTLS_PKCS11_MAX_PIN_LEN]; unsigned head_enc = 1; @@ -770,6 +771,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, if (ret < 0) { gnutls_assert(); + saved_ret = ret; /* fall through to PKCS #8 decoding */ } } @@ -794,6 +796,9 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, password, flags); } + if (saved_ret == GNUTLS_E_PARSING_ERROR) + saved_ret = ret; + if (ret < 0) { if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup; @@ -822,6 +827,9 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, ret = 0; cleanup: + if (ret == GNUTLS_E_PARSING_ERROR) + ret = saved_ret; + return ret; } @@ -1061,6 +1069,13 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, } ret = + _gnutls_pk_fixup(GNUTLS_PK_DSA, GNUTLS_IMPORT, &key->params); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_asn1_encode_privkey(GNUTLS_PK_DSA, &key->key, &key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); if (ret < 0) { @@ -1138,6 +1153,13 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; + ret = + _gnutls_pk_fixup(GNUTLS_PK_EC, GNUTLS_IMPORT, &key->params); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + key->pk_algorithm = GNUTLS_PK_EC; key->params.algo = key->pk_algorithm; diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index ca438656b4..f84d913e87 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -34,6 +34,7 @@ #include <algorithms.h> #include <num.h> #include <random.h> +#include <pk.h> #include <nettle/pbkdf2.h> static int _decode_pkcs8_ecc_key(ASN1_TYPE pkcs8_asn, @@ -1507,12 +1508,18 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, goto cleanup; } + result = + _gnutls_pk_fixup(key->pk_algorithm, GNUTLS_IMPORT, &key->params); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + if (need_free) _gnutls_free_datum(&_data); /* The key has now been decoded. */ - return 0; cleanup: |