[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-323-gf780425
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-323-gf780425 |
Date: |
Sat, 24 Jul 2010 14:19:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=f780425c751c6e31d26985e629d1abf3886168d3
The branch, master has been updated
via f780425c751c6e31d26985e629d1abf3886168d3 (commit)
from 1d303703e4f4ab16b090d4506c68be5476ecb376 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f780425c751c6e31d26985e629d1abf3886168d3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 24 16:18:20 2010 +0200
gnutls_x509_privkey_import() will fallback to
gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to
decode the key.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
lib/gnutls_x509.c | 8 --------
lib/x509/privkey.c | 26 +++++++++++++++++++-------
src/certtool.c | 15 ++++-----------
4 files changed, 27 insertions(+), 26 deletions(-)
diff --git a/NEWS b/NEWS
index 2731aea..ef3237e 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ to ECRYPT II recommendations. Mappings were moved to a
single location
and DSA keys are handled differently (since DSA2 allows for 1024,2048
and 3072 keys only).
+** libgnutls: gnutls_x509_privkey_import() will fallback to
+gnutls_x509_privkey_import_pkcs8() without a password, if it
+is unable to decode the key.
+
** libgnutls: HMAC-MD5 no longer used by default.
** API and ABI modifications:
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 996c487..039de05 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -423,14 +423,6 @@ _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t
*privkey,
}
ret = gnutls_x509_privkey_import (tmpkey, raw_key, type);
-
-#ifdef ENABLE_PKI
- /* If normal key decoding doesn't work try decoding a plain PKCS #8 key */
- if (ret < 0)
- ret = gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type,
- NULL, GNUTLS_PKCS_PLAIN);
-#endif
-
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 964ccb3..834a8a7 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -375,7 +375,8 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
/* Try the first header */
result =
_gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
- key->pk_algorithm = GNUTLS_PK_RSA;
+
+ if (result == 0) key->pk_algorithm = GNUTLS_PK_RSA;
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
@@ -383,15 +384,16 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
result =
_gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
&out);
- key->pk_algorithm = GNUTLS_PK_DSA;
-
if (result <= 0)
{
if (result == 0)
result = GNUTLS_E_INTERNAL_ERROR;
gnutls_assert ();
- return result;
+
+ goto failover;
}
+
+ key->pk_algorithm = GNUTLS_PK_DSA;
}
_data.data = out;
@@ -433,7 +435,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
{
gnutls_assert ();
result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
+ goto failover;
}
if (need_free)
@@ -444,10 +446,20 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
return 0;
-cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+failover:
+ /* Try PKCS #8 */
+#ifdef ENABLE_PKI
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ _gnutls_debug_log("Falling back to PKCS #8 key decoding\n");
+ result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
+ NULL, GNUTLS_PKCS_PLAIN);
+ }
+#endif
+
if (need_free)
_gnutls_free_datum (&_data);
+
return result;
}
diff --git a/src/certtool.c b/src/certtool.c
index 107e9ad..cdc06fa 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1653,20 +1653,13 @@ privkey_info (void)
/* If we failed to import the certificate previously try PKCS #8 */
if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- /* first try to import the key without asking any password */
+ if (info.pass)
+ pass = info.pass;
+ else
+ pass = get_pass ();
ret = gnutls_x509_privkey_import_pkcs8 (key, &pem,
- info.incert_format,
- NULL, GNUTLS_PKCS_PLAIN);
- if (ret < 0)
- {
- if (info.pass)
- pass = info.pass;
- else
- pass = get_pass ();
- ret = gnutls_x509_privkey_import_pkcs8 (key, &pem,
info.incert_format,
pass, 0);
- }
}
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-323-gf780425,
Nikos Mavrogiannopoulos <=