From 1479736a8f7fac6ed343bfcd30bf224a34d1d09c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sun, 4 Sep 2005 15:15:49 +0000 Subject: [PATCH] Make _hx509_pbe_decrypt take a hx509_lock, workaround for empty password. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16027 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/crypto.c | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c index fa4a8d2bf..2278c4ad2 100644 --- a/lib/hx509/crypto.c +++ b/lib/hx509/crypto.c @@ -1224,6 +1224,10 @@ PBE_string2key(const char *password, salt = p12params.salt.data; saltlen = p12params.salt.length; + /* XXX It needs to be here, but why ? */ + if (passwordlen == 0) + password = NULL; + if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, PKCS12_KEY_ID, iter, key->length, key->data, md)) { ret = HX509_CRYPTO_INTERNAL_ERROR; @@ -1289,36 +1293,25 @@ find_string2key(const heim_oid *oid, } -static void -print_oid(const heim_oid *oid) -{ - int i; - for (i = 0; i < oid->length; i++) - printf("%d%s", oid->components[i], i < oid->length - 1 ? "." : ""); - printf("\n"); -} - - int -_hx509_pbe_decrypt(const char *password, +_hx509_pbe_decrypt(hx509_lock lock, const AlgorithmIdentifier *ai, const heim_octet_string *econtent, heim_octet_string *content) { + const struct _hx509_password *pw; heim_octet_string key, iv; const heim_oid *enc_oid; const EVP_CIPHER *c; const EVP_MD *md; PBE_string2key_func s2k; - int ret = 0; + int i, ret = 0; memset(&key, 0, sizeof(key)); memset(&iv, 0, sizeof(iv)); memset(content, 0, sizeof(*content)); - print_oid(&ai->algorithm); - enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k); if (enc_oid == NULL) { ret = HX509_ALG_NOT_SUPP; @@ -1335,10 +1328,13 @@ _hx509_pbe_decrypt(const char *password, if (iv.data == NULL) goto out; - { + pw = _hx509_lock_get_passwords(lock); + + ret = HX509_CRYPTO_INTERNAL_ERROR; + for (i = 0; i < pw->len; i++) { hx509_crypto crypto; - ret = (*s2k)(password, ai->parameters, &crypto, + ret = (*s2k)(pw->val[i], ai->parameters, &crypto, &key, &iv, enc_oid, md); if (ret) { goto out;