diff options
| author | Werner Koch <wk@gnupg.org> | 2004-02-12 10:27:36 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2004-02-12 10:27:36 +0100 |
| commit | f5c3d2712b7745ca6ad8ad9fe2c0d30f50a6adb5 (patch) | |
| tree | 664b9c9ecfae5feb24d24902641b91f6e2e6d944 /agent/minip12.c | |
| parent | * am/cmacros.am: New. (diff) | |
| download | gnupg2-f5c3d2712b7745ca6ad8ad9fe2c0d30f50a6adb5.tar.xz gnupg2-f5c3d2712b7745ca6ad8ad9fe2c0d30f50a6adb5.zip | |
Include cmacros.am for common flags.
(libexec_PROGRAMS): Put gpg-protect-tool there.
Diffstat (limited to 'agent/minip12.c')
| -rw-r--r-- | agent/minip12.c | 107 |
1 files changed, 69 insertions, 38 deletions
diff --git a/agent/minip12.c b/agent/minip12.c index af39ae0fd..1e86bc251 100644 --- a/agent/minip12.c +++ b/agent/minip12.c @@ -98,6 +98,9 @@ static unsigned char const oid_pkcs_12_pkcs_8ShroudedKeyBag[11] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02 }; static unsigned char const oid_pkcs_12_CertBag[11] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x03 }; +static unsigned char const oid_pkcs_12_CrlBag[11] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x04 }; + static unsigned char const oid_pbeWithSHAAnd3_KeyTripleDES_CBC[10] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03 }; static unsigned char const oid_pbeWithSHAAnd40BitRC2_CBC[10] = { @@ -490,6 +493,8 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length, /* Loop over all certificates inside the bab. */ while (n) { + int isbag = 0; + where = "certbag.nextcert"; if (ti.class || ti.tag != TAG_SEQUENCE) goto bailout; @@ -497,59 +502,78 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length, where = "certbag.objectidentifier"; if (parse_tag (&p, &n, &ti)) goto bailout; - if (ti.class || ti.tag != TAG_OBJECT_ID - || ti.length != DIM(oid_pkcs_12_CertBag) - || memcmp (p, oid_pkcs_12_CertBag, - DIM(oid_pkcs_12_CertBag))) - goto bailout; - p += DIM(oid_pkcs_12_CertBag); - n -= DIM(oid_pkcs_12_CertBag); - - where = "certbag.before.certheader"; - if (parse_tag (&p, &n, &ti)) - goto bailout; - if (ti.class != CONTEXT || ti.tag) - goto bailout; - if (parse_tag (&p, &n, &ti)) - goto bailout; - if (ti.class || ti.tag != TAG_SEQUENCE) - goto bailout; - if (parse_tag (&p, &n, &ti)) + if (ti.class || ti.tag != TAG_OBJECT_ID) goto bailout; - if (ti.class || ti.tag != TAG_OBJECT_ID - || ti.length != DIM(oid_x509Certificate_for_pkcs_12) - || memcmp (p, oid_x509Certificate_for_pkcs_12, - DIM(oid_x509Certificate_for_pkcs_12))) + if ( ti.length == DIM(oid_pkcs_12_CertBag) + && !memcmp (p, oid_pkcs_12_CertBag, DIM(oid_pkcs_12_CertBag))) + { + p += DIM(oid_pkcs_12_CertBag); + n -= DIM(oid_pkcs_12_CertBag); + } + else if ( ti.length == DIM(oid_pkcs_12_CrlBag) + && !memcmp (p, oid_pkcs_12_CrlBag, DIM(oid_pkcs_12_CrlBag))) + { + p += DIM(oid_pkcs_12_CrlBag); + n -= DIM(oid_pkcs_12_CrlBag); + isbag = 1; + } + else goto bailout; - p += DIM(oid_x509Certificate_for_pkcs_12); - n -= DIM(oid_x509Certificate_for_pkcs_12); - where = "certbag.before.octetstring"; + where = "certbag.before.certheader"; if (parse_tag (&p, &n, &ti)) goto bailout; if (ti.class != CONTEXT || ti.tag) goto bailout; - if (parse_tag (&p, &n, &ti)) - goto bailout; - if (ti.class || ti.tag != TAG_OCTET_STRING || ti.ndef) - goto bailout; - - /* Return the certificate. */ - if (certcb) - certcb (certcbarg, p, ti.length); + if (isbag) + { + log_info ("skipping unsupported crlBag\n"); + p += ti.length; + n -= ti.length; + } + else + { + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OBJECT_ID + || ti.length != DIM(oid_x509Certificate_for_pkcs_12) + || memcmp (p, oid_x509Certificate_for_pkcs_12, + DIM(oid_x509Certificate_for_pkcs_12))) + goto bailout; + p += DIM(oid_x509Certificate_for_pkcs_12); + n -= DIM(oid_x509Certificate_for_pkcs_12); + + where = "certbag.before.octetstring"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != CONTEXT || ti.tag) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING || ti.ndef) + goto bailout; + + /* Return the certificate. */ + if (certcb) + certcb (certcbarg, p, ti.length); - p += ti.length; - n -= ti.length; + p += ti.length; + n -= ti.length; + } - /* Ugly hack to cope with the padding: Forget about a rest of - sie les than the cipher's block length. */ + /* Ugly hack to cope with the padding: Forget about the rest if + that it is less than the cipher's block length. */ if (n < 8) n = 0; /* Skip the optional SET with the pkcs12 cert attributes. */ if (n) { - where = "certbag.attributes"; + where = "bag.attributes"; if (parse_tag (&p, &n, &ti)) goto bailout; if (!ti.class && ti.tag == TAG_SEQUENCE) @@ -691,6 +715,13 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset, startoffset = 0; buffer = p = plain; + { + FILE *fp = fopen ("tmp-3des-plain.der", "wb"); + if (!fp || fwrite (p, n, 1, fp) != 1) + exit (2); + fclose (fp); + } + where = "decrypted-text"; if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE) goto bailout; |