Make pkcs8 work again.

Make EVP_CIPHER_type() return NID_undef if the cipher has no ASN1 OID, modify code to handle this.

Make pkcs8 work again.
Make EVP_CIPHER_type() return NID_undef if the cipher has no ASN1 OID, modify code to handle this.
4b426580 · Dr. Stephen Henson · 3f2b5a88 · 4b426580 · 4b426580 · 4b426580
Showing with 23 addition and 12 deletion

apps/pkcs8.c apps/pkcs8.c +13 -7

crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +2 -2

crypto/evp/evp_lib.c crypto/evp/evp_lib.c +5 -1

crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +3 -2

未找到文件。
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -83,7 +83,7 @@ int MAIN(int argc, char **argv)
 	X509_SIG *p8;
 	PKCS8_PRIV_KEY_INFO *p8inf;
 	EVP_PKEY *pkey;
-	char pass[50], *passin = NULL, *passout = NULL;
+	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	informat=FORMAT_PEM;
@@ -226,18 +226,21 @@ int MAIN(int argc, char **argv)
 				return (1);
 			}
 		} else {
-			if(!passout) {
-				passout = pass;
+			if(passout) p8pass = passout;
+			else {
+				p8pass = pass;
 				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
 			}
+			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
-					passout, strlen(passout),
+					p8pass, strlen(p8pass),
 					NULL, 0, iter, p8inf))) {
 				BIO_printf(bio_err, "Error encrypting key\n",
 								 outfile);
 				ERR_print_errors(bio_err);
 				return (1);
 			}
+			app_RAND_write_file(NULL, bio_err);
 			if(outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8(out, p8);
 			else if(outformat == FORMAT_ASN1)
@@ -251,6 +254,8 @@ int MAIN(int argc, char **argv)
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
 		BIO_free(out);
+		if(passin) Free(passin);
+		if(passout) Free(passout);
 		return (0);
 	}

@@ -278,11 +283,12 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);
 			return (1);
 		}
-		if(!passin) {
-			passin = pass;
+		if(passin) p8pass = passin;
+		else {
+			p8pass = pass;
 			EVP_read_pw_string(pass, 50, "Enter Password:", 0);
 		}
-		p8inf = M_PKCS8_decrypt(p8, passin, strlen(passin));
+		p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
 	}


--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -178,12 +178,12 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	ASN1_OBJECT *obj;

 	alg_nid = EVP_CIPHER_type(cipher);
-	obj = OBJ_nid2obj(alg_nid);
-	if(!obj || !obj->data) {
+	if(alg_nid == NID_undef) {
 		ASN1err(ASN1_F_PKCS5_PBE2_SET,
 				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
 		goto err;
 	}
+	obj = OBJ_nid2obj(alg_nid);

 	if(!(pbe2 = PBE2PARAM_new())) goto merr;


--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -115,6 +115,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 {
 	int nid;
+	ASN1_OBJECT *otmp;
 	nid = EVP_CIPHER_nid(ctx);

 	switch(nid) {
@@ -131,7 +132,10 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 		return NID_rc4;

 		default:
-
+		/* Check it has an OID and it is valid */
+		otmp = OBJ_nid2obj(nid);
+		if(!otmp || !otmp->data) nid = NID_undef;
+		ASN1_OBJECT_free(otmp);
 		return nid;
 	}
 }

--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -456,11 +456,12 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 		}

 	/* Check cipher OID exists and has data in it*/
-	objtmp = OBJ_nid2obj(EVP_CIPHER_type(cipher));
-	if(!objtmp || !objtmp->data) {
+	i = EVP_CIPHER_type(cipher);
+	if(i == NID_undef) {
 		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
 		return(0);
 	}
+	objtmp = OBJ_nid2obj(i);

 	ec->cipher = cipher;
 	return 1;