Make pkcs8 work again.

Make EVP_CIPHER_type() return NID_undef if the cipher has no ASN1 OID, modify code to handle this.
2025-02-11 14:22:43 +08:00 · 2000-02-22 18:45:11 +00:00 · 2000-02-22 18:45:11 +00:00 · 4b42658082
commit 4b42658082
parent 3f2b5a88ad
4 changed files with 23 additions and 12 deletions
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@ -83,7 +83,7 @@ int MAIN(int argc, char **argv)
 	X509_SIG *p8;
 	PKCS8_PRIV_KEY_INFO *p8inf;
 	EVP_PKEY *pkey;
-	char pass[50], *passin = NULL, *passout = NULL;
+	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	informat=FORMAT_PEM;
@ -226,18 +226,21 @@ int MAIN(int argc, char **argv)
 				return (1);
 			}
 		} else {
-			if(!passout) {
+			if(passout) p8pass = passout;
-				passout = pass;
+			else {
 				p8pass = pass;
 				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
 			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
-					passout, strlen(passout),
+					p8pass, strlen(p8pass),
 					NULL, 0, iter, p8inf))) {
 				BIO_printf(bio_err, "Error encrypting key\n",
 								 outfile);
 				ERR_print_errors(bio_err);
 				return (1);
 			}
 			app_RAND_write_file(NULL, bio_err);
 			if(outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8(out, p8);
 			else if(outformat == FORMAT_ASN1)
@ -251,6 +254,8 @@ int MAIN(int argc, char **argv)
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
 		BIO_free(out);
 		if(passin) Free(passin);
 		if(passout) Free(passout);
 		return (0);
 	}
@ -278,11 +283,12 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);
 			return (1);
 		}
-		if(!passin) {
+		if(passin) p8pass = passin;
-			passin = pass;
+		else {
 			p8pass = pass;
 			EVP_read_pw_string(pass, 50, "Enter Password:", 0);
 		}
-		p8inf = M_PKCS8_decrypt(p8, passin, strlen(passin));
+		p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
 	}
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@ -178,12 +178,12 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	ASN1_OBJECT *obj;
 	alg_nid = EVP_CIPHER_type(cipher);
-	obj = OBJ_nid2obj(alg_nid);
+	if(alg_nid == NID_undef) {
 	if(!obj || !obj->data) {
 		ASN1err(ASN1_F_PKCS5_PBE2_SET,
 				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
 		goto err;
 	}
 	obj = OBJ_nid2obj(alg_nid);
 	if(!(pbe2 = PBE2PARAM_new())) goto merr;
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@ -115,6 +115,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 {
 	int nid;
 	ASN1_OBJECT *otmp;
 	nid = EVP_CIPHER_nid(ctx);
 	switch(nid) {
@ -131,7 +132,10 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 		return NID_rc4;
 		default:
-
+		/* Check it has an OID and it is valid */
 		otmp = OBJ_nid2obj(nid);
 		if(!otmp || !otmp->data) nid = NID_undef;
 		ASN1_OBJECT_free(otmp);
 		return nid;
 	}
 }
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@ -456,11 +456,12 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 		}
 	/* Check cipher OID exists and has data in it*/
-	objtmp = OBJ_nid2obj(EVP_CIPHER_type(cipher));
+	i = EVP_CIPHER_type(cipher);
-	if(!objtmp || !objtmp->data) {
+	if(i == NID_undef) {
 		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
 		return(0);
 	}
 	objtmp = OBJ_nid2obj(i);
 	ec->cipher = cipher;
 	return 1;