Support PKCS v2.0 print in pkcs12 utility.
Extended alg_print() in pkcs12 utility to support PBES2 algorithms. RT#4588 Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
59eefa115a
commit
6d3b5eeb51
1 changed files with 64 additions and 10 deletions
|
|
@ -932,16 +932,70 @@ static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||||
|
|
||||||
int alg_print(BIO *x, X509_ALGOR *alg)
|
int alg_print(BIO *x, X509_ALGOR *alg)
|
||||||
{
|
{
|
||||||
PBEPARAM *pbe;
|
int pbenid, aparamtype;
|
||||||
const unsigned char *p;
|
ASN1_OBJECT *aoid;
|
||||||
p = alg->parameter->value.sequence->data;
|
void *aparam;
|
||||||
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
|
PBEPARAM *pbe = NULL;
|
||||||
if (!pbe)
|
|
||||||
return 1;
|
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
|
||||||
BIO_printf(bio_err, "%s, Iteration %ld\n",
|
|
||||||
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
|
pbenid = OBJ_obj2nid(aoid);
|
||||||
ASN1_INTEGER_get(pbe->iter));
|
|
||||||
PBEPARAM_free(pbe);
|
BIO_printf(x, "%s", OBJ_nid2ln(pbenid));
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If PBE algorithm is PBES2 decode algorithm parameters
|
||||||
|
* for additional details.
|
||||||
|
*/
|
||||||
|
if (pbenid == NID_pbes2) {
|
||||||
|
PBE2PARAM *pbe2 = NULL;
|
||||||
|
int encnid;
|
||||||
|
if (aparamtype == V_ASN1_SEQUENCE)
|
||||||
|
pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
|
||||||
|
if (pbe2 == NULL) {
|
||||||
|
BIO_puts(x, "<unsupported parameters>");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
|
||||||
|
pbenid = OBJ_obj2nid(aoid);
|
||||||
|
X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
|
||||||
|
encnid = OBJ_obj2nid(aoid);
|
||||||
|
BIO_printf(x, ", %s, %s", OBJ_nid2ln(pbenid),
|
||||||
|
OBJ_nid2sn(encnid));
|
||||||
|
/* If KDF is PBKDF2 decode parameters */
|
||||||
|
if (pbenid == NID_id_pbkdf2) {
|
||||||
|
PBKDF2PARAM *kdf = NULL;
|
||||||
|
int prfnid;
|
||||||
|
if (aparamtype == V_ASN1_SEQUENCE)
|
||||||
|
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
|
||||||
|
if (kdf == NULL) {
|
||||||
|
BIO_puts(x, "<unsupported parameters>");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (kdf->prf == NULL) {
|
||||||
|
prfnid = NID_hmacWithSHA1;
|
||||||
|
} else {
|
||||||
|
X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
|
||||||
|
prfnid = OBJ_obj2nid(aoid);
|
||||||
|
}
|
||||||
|
BIO_printf(x, ", Iteration %ld, PRF %s",
|
||||||
|
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
|
||||||
|
PBKDF2PARAM_free(kdf);
|
||||||
|
}
|
||||||
|
PBE2PARAM_free(pbe2);
|
||||||
|
} else {
|
||||||
|
if (aparamtype == V_ASN1_SEQUENCE)
|
||||||
|
pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
|
||||||
|
if (pbe == NULL) {
|
||||||
|
BIO_puts(x, "<unsupported parameters>");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
BIO_printf(x, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
|
||||||
|
PBEPARAM_free(pbe);
|
||||||
|
}
|
||||||
|
done:
|
||||||
|
BIO_puts(x, "\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue