diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-07-07 15:56:26 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-07-08 02:09:02 +0100 |
commit | ab6a591caa561017f881ed36028177f9582a74c6 (patch) | |
tree | 181aa1366a01613b8698ed1d4fe58a31f4d67c89 /apps | |
parent | e78884d79cec20ae61606421188d8540541a58f3 (diff) |
Support PKCS v2.0 print in pkcs12 utility.
Extended alg_print() in pkcs12 utility to support PBES2 algorithms.
RT#4588
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/pkcs12.c | 72 |
1 files changed, 63 insertions, 9 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 8602a99ff0..25479058bd 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -738,16 +738,70 @@ end: static int alg_print(X509_ALGOR *alg) { - PBEPARAM *pbe; - const unsigned char *p = alg->parameter->value.sequence->data; + int pbenid, aparamtype; + ASN1_OBJECT *aoid; + void *aparam; + PBEPARAM *pbe = NULL; + + X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg); + + pbenid = OBJ_obj2nid(aoid); + + BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid)); + + /* + * If PBE algorithm is PBES2 decode algorithm parameters + * for additional details. + */ + if (pbenid == NID_pbes2) { + PBE2PARAM *pbe2 = NULL; + int encnid; + if (aparamtype == V_ASN1_SEQUENCE) + pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM)); + if (pbe2 == NULL) { + BIO_puts(bio_err, "<unsupported parameters>"); + goto done; + } + X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc); + pbenid = OBJ_obj2nid(aoid); + X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption); + encnid = OBJ_obj2nid(aoid); + BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid), + OBJ_nid2sn(encnid)); + /* If KDF is PBKDF2 decode parameters */ + if (pbenid == NID_id_pbkdf2) { + PBKDF2PARAM *kdf = NULL; + int prfnid; + if (aparamtype == V_ASN1_SEQUENCE) + kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM)); + if (kdf == NULL) { + BIO_puts(bio_err, "<unsupported parameters>"); + goto done; + } - pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); - if (!pbe) - return 1; - BIO_printf(bio_err, "%s, Iteration %ld\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), - ASN1_INTEGER_get(pbe->iter)); - PBEPARAM_free(pbe); + if (kdf->prf == NULL) { + prfnid = NID_hmacWithSHA1; + } else { + X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf); + prfnid = OBJ_obj2nid(aoid); + } + BIO_printf(bio_err, ", Iteration %ld, PRF %s", + ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid)); + PBKDF2PARAM_free(kdf); + } + PBE2PARAM_free(pbe2); + } else { + if (aparamtype == V_ASN1_SEQUENCE) + pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM)); + if (pbe == NULL) { + BIO_puts(bio_err, "<unsupported parameters>"); + goto done; + } + BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter)); + PBEPARAM_free(pbe); + } + done: + BIO_puts(bio_err, "\n"); return 1; } |