1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

13 Commits

Author SHA1 Message Date
Werner Koch
08f0b9ea2e
sm: Another partly rewrite of minip12.c
* sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize.
Remove pop_count.  Rename offset to length.
(dump_tag_info, _dump_tag_info): Rewrite.
(dump_tlv_ctx, _dump_tlv_ctx): Rewrite.
(tlv_new): Init origbuffer.
(_tlv_peek): Add arg ti.
(tlv_peek): New.
(tlv_peek_null): New.
(_tlv_push): Rewrite.
(_tlv_pop): Rewrite.
(tlv_next): New macro.  Move old code to ...
(_tlv_next): this.  Add arg lno.  Pop remaining end tags.
(tlv_popped): Remove.
(tlv_expect_object): Handle ndef.
(tlv_expect_octet_string): Ditto.
(parse_bag_encrypted_data): Use nesting level to control the inner
loop.
(parse_shrouded_key_bag): Likewise.
(parse_bag_data): Handle surplus octet strings.
(p12_parse): Ditto.

* sm/minip12.c (decrypt_block): Strip the padding.
(tlv_expect_top_sequence): Remove.  Replace callers by
tlv_expect_sequence.

* tests/samplekeys/t6752-ov-user-ff.p12: New sample key.
* tests/samplekeys/Description-p12: Add its description
--

This patch improves the BER parser by simplifying it.  Now tlv_next
pops off and thus closes all containers regardless on whether they are
length bounded or ndef.  tlv_set_pending is now always used to undo
the effect of a tlv_next in a loop condition which was terminated by a
nesting level change.

Instead of using the length as seen in the decrypted container we now
remove the padding and let the BER parser do its work.  This might
have a negative effect on pkcs#12 objects which are not correctly
padded but we don't have any example of such broken objects.

GnuPG-bug-id: 6752
2023-10-24 09:22:13 +02:00
Werner Koch
9976285ff0
sm: Support more HMAC algos in the pkcs#12 parser.
* sm/minip12.c (oid_hmacWithSHA1): New.  Also for the SHA-2 algos.
(digest_algo_from_oid): New.
(set_key_iv_pbes2): Add arg digest_algo.
(crypt_block): Ditto.
(decrypt_block): Ditto.
(parse_bag_encrypted_data): Parse the optional prf part and get the
hmac algorithm.
(parse_shrouded_key_bag): Ditto.
(p12_build): Pass SHA1 for digest_algo.

* sm/t-minip12.c (run_one_test): Print failed values in verbose mode.

* tests/samplekeys/nistp256-openssl-self-signed.p12: New.
* tests/samplekeys/Description-p12: Add this one.
* tests/Makefile.am (EXTRA_DIST): Ditto.
--

This supports the modern algorithms, i.e. using SHA256 for the KDF
which is the default in openssl unless the -legacy option is used.

GnuPG-bug-id: 6536
2023-10-06 11:22:59 +02:00
Werner Koch
bb157044a0
sm: Improve the octet string cramming for pkcs#12
* sm/minip12.c (need_octet_string_cramming): New.
(tlv_expect_object, tlv_expect_octet_string): Run the test before
cramming.

* sm/minip12.c (ENABLE_DER_STRUCT_DUMPING): New but undefined macro
for debug purposes.
(bag_decrypted_data_p, bag_data_p): Use macro to allow dumping.
--

This bug was exhibited by importing a gpgsm exported EC certificate.

We use an extra test instead of retrying to allow retruning an error
from malloc failure.  And well, for easier reading of the code.

GnuPG-bug-id: 6536
(cherry picked from commit c1f78634ec3927ddcfdc4687bc6e408c658a0ece)
2023-10-05 10:32:57 +02:00
Werner Koch
a6dad932f4
sm: Complete rewrite of the PKCS#12 parser
* sm/minip12.c: Reworked most of the parser.
(p12_set_verbosity): Add arg debug and change all callers.

* sm/t-minip12.c: New.
* sm/Makefile.am (module_maint): Add it.

* tests/samplekeys/Description-p12: New.
* tests/samplekeys/t5793-openssl.pfx: New from T5793.
* tests/samplekeys/t5793-test.pfx: Ditto.
* tests/samplekeys/Description-p12: Add them.
* tests/Makefile.am (EXTRA_DIST): Add samplekeys.
--

GnuPG-bug-id: 6536
Backported_from: 101433dfb42b333e48427baf9dd58ac4787c9786
Backported_from: 5f694dc0be994e8cd3bc009139d1349f3b1fcf62
2023-07-05 14:21:16 +02:00
Werner Koch
fe2f182699 Add the STEED Self-Signing Nonthority certificate.
* doc/com-certs.pem: Install it when creating a keybox.
2011-12-20 15:35:42 +01:00
Werner Koch
08f78839cf . 2010-07-23 12:19:35 +00:00
Werner Koch
503f91e0ae tryu harder to ignore duplicate specified keyrings and -boxes.
Documentation updates.
2007-08-24 09:34:39 +00:00
Werner Koch
d68674a77a More samples 2004-02-17 15:07:27 +00:00
Werner Koch
270576cf17 More stuff for testing 2004-02-12 09:30:37 +00:00
Werner Koch
dc4b9ab770 new test certs and messages 2002-09-03 14:54:18 +00:00
Werner Koch
beb0fef1ee Tweaked the build system so that make distcheck finanly said Well
Done.
2002-08-09 18:16:02 +00:00
Werner Koch
0e43a57953 Added distfiles kludge to distribute the content of the samplekeys directory. 2002-08-09 14:44:59 +00:00
Werner Koch
0b01b9cb62 * asschk.c: Added some new features.
* runtest, inittests: New.
* text-1.txt, text-2.txt, text-3.txt: New.
* text-1.osig.pem, text-1.dsig.pem, text-1.osig-bad.pem: New.
* text-2.osig.pem, text-2.osig-bad.pem: New.
* samplekeys : New directory
* sm-verify, sm-sign+verify: The first test scripts.
2002-08-08 16:32:01 +00:00