summaryrefslogtreecommitdiff
path: root/src/libstrongswan/asn1/pem.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:35:38 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:35:38 +0000
commit7c52c3f35cdbdff58443b994f2f33d13b4d81f57 (patch)
treee54a27979ea72ec41702bec2984c2eadac3b8862 /src/libstrongswan/asn1/pem.c
parent4ef45ba0404dac3773e83af995a5ec584b23d633 (diff)
downloadvyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.tar.gz
vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.zip
Updated to new upstream version.
Diffstat (limited to 'src/libstrongswan/asn1/pem.c')
-rwxr-xr-xsrc/libstrongswan/asn1/pem.c49
1 files changed, 28 insertions, 21 deletions
diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c
index d3176b6bc..059795548 100755
--- a/src/libstrongswan/asn1/pem.c
+++ b/src/libstrongswan/asn1/pem.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pem.c 4029 2008-06-03 12:14:02Z martin $
*/
#include <stdio.h>
@@ -84,8 +82,8 @@ static bool find_boundary(const char* tag, chunk_t *line)
/*
* decrypts a passphrase protected encrypted data block
*/
-static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
- chunk_t *iv, chunk_t *passphrase)
+static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
+ chunk_t *iv, chunk_t passphrase)
{
hasher_t *hasher;
crypter_t *crypter;
@@ -95,10 +93,10 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
chunk_t key = {alloca(key_size), key_size};
u_int8_t padding, *last_padding_pos, *first_padding_pos;
- if (passphrase == NULL || passphrase->len == 0)
+ if (passphrase.len == 0)
{
DBG1(" missing passphrase");
- return FALSE;
+ return INVALID_ARG;
}
/* build key from passphrase and IV */
@@ -106,18 +104,18 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
if (hasher == NULL)
{
DBG1(" MD5 hash algorithm not available");
- return FALSE;
+ return NOT_SUPPORTED;
}
hash.len = hasher->get_hash_size(hasher);
hash.ptr = alloca(hash.len);
- hasher->get_hash(hasher, *passphrase, NULL);
+ hasher->get_hash(hasher, passphrase, NULL);
hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr, hash.ptr, hash.len);
if (key.len > hash.len)
{
hasher->get_hash(hasher, hash, NULL);
- hasher->get_hash(hasher, *passphrase, NULL);
+ hasher->get_hash(hasher, passphrase, NULL);
hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
}
@@ -129,7 +127,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
{
DBG1(" %N encryption algorithm not available",
encryption_algorithm_names, alg);
- return FALSE;
+ return NOT_SUPPORTED;
}
crypter->set_key(crypter, key);
@@ -138,7 +136,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
{
crypter->destroy(crypter);
DBG1(" data size is not multiple of block size");
- return FALSE;
+ return PARSE_ERROR;
}
crypter->decrypt(crypter, *blob, *iv, &decrypted);
crypter->destroy(crypter);
@@ -156,12 +154,12 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
if (*last_padding_pos != padding)
{
DBG1(" invalid passphrase");
- return FALSE;
+ return INVALID_ARG;
}
}
/* remove padding */
blob->len -= padding;
- return TRUE;
+ return SUCCESS;
}
/* Converts a PEM encoded file into its binary form
@@ -169,7 +167,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
* RFC 1421 Privacy Enhancement for Electronic Mail, February 1993
* RFC 934 Message Encapsulation, January 1985
*/
-bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
+status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp)
{
typedef enum {
PEM_PRE = 0,
@@ -239,17 +237,21 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
DBG2(" %.*s", (int)line.len, line.ptr);
ugh = extract_parameter_value(&name, &value, &line);
if (ugh != NULL)
+ {
continue;
-
+ }
if (match("Proc-Type", &name) && *value.ptr == '4')
+ {
encrypted = TRUE;
+ }
else if (match("DEK-Info", &name))
{
chunk_t dek;
if (!extract_token(&dek, ',', &value))
+ {
dek = value;
-
+ }
if (match("DES-EDE3-CBC", &dek))
{
alg = ENCR_3DES;
@@ -274,7 +276,7 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
{
DBG1(" encryption algorithm '%.s' not supported",
dek.len, dek.ptr);
- return FALSE;
+ return NOT_SUPPORTED;
}
eat_whitespace(&value);
iv = chunk_from_hex(value, iv.ptr);
@@ -317,11 +319,11 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
if (state != PEM_POST)
{
DBG1(" file coded in unknown format, discarded");
- return FALSE;
+ return PARSE_ERROR;
}
if (!encrypted)
{
- return TRUE;
+ return SUCCESS;
}
return pem_decrypt(blob, alg, key_size, &iv, passphrase);
@@ -337,7 +339,9 @@ bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
if (fd)
{
+ chunk_t pass = chunk_empty;
int bytes;
+
fseek(fd, 0, SEEK_END );
blob->len = ftell(fd);
rewind(fd);
@@ -356,10 +360,13 @@ bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
}
if (passphrase != NULL)
- DBG4(" passphrase:", passphrase->ptr, passphrase->len);
+ {
+ pass = *passphrase;
+ DBG4(" passphrase: %#B", passphrase);
+ }
/* try PEM format */
- if (pem_to_bin(blob, passphrase, pgp))
+ if (pem_to_bin(blob, pass, pgp) == SUCCESS)
{
if (*pgp)
{