commit 7749a22974d30c47b8a82c56db84b6c54c044ac0
author Paul Bakker <p.j.bakker@polarssl.org> Fri Jun 28 17:28:20 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Sat Jun 29 18:32:16 2013 +0200
tree 6f4982d01eec1c3e8c017c8fd317f19a85598b1a
parent dd1150e846210665d0cf39682bb82dd158e13d00

Moved PKCS#12 cipher layer based PBE detection to use OID database

library/oid.c

diff --git a/library/oid.c b/library/oid.c
index d8b4360..7c17901 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -414,6 +414,34 @@
     return( POLARSSL_ERR_OID_NOT_FOUND );
 }
 
+/*
+ * For PKCS#12 PBEs
+ */
+typedef struct {
+    oid_descriptor_t    descriptor;
+    md_type_t           md_alg;
+    cipher_type_t       cipher_alg;
+} oid_pkcs12_pbe_alg_t;
+
+static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
+{
+    {
+        { OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
+        POLARSSL_MD_SHA1,      POLARSSL_CIPHER_DES_EDE3_CBC,
+    },
+    {
+        { OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
+        POLARSSL_MD_SHA1,      POLARSSL_CIPHER_DES_EDE_CBC,
+    },
+    {
+        { NULL, NULL, NULL },
+        0, 0,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg);
+FN_OID_GET_ATTR2(oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, md_type_t, md_alg, cipher_type_t, cipher_alg);
+
 #if defined _MSC_VER && !defined snprintf
 #include <stdarg.h>
 

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 13be0e6..0335db4 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -2193,6 +2193,10 @@
     unsigned char *p, *end, *end2;
     x509_buf pbe_alg_oid, pbe_params;
     unsigned char buf[2048];
+#if defined(POLARSSL_PKCS12_C)
+    cipher_type_t cipher_alg;
+    md_type_t md_alg;
+#endif
 
     memset(buf, 0, 2048);
 
@@ -2256,22 +2260,10 @@
      * Decrypt EncryptedData with appropriate PDE
      */
 #if defined(POLARSSL_PKCS12_C)
-    if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) )
+    if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
     {
         if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
-                                POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1,
-                                pwd, pwdlen, p, len, buf ) ) != 0 )
-        {
-            if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
-                return( POLARSSL_ERR_X509_PASSWORD_MISMATCH );
-
-            return( ret );
-        }
-    }
-    else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) )
-    {
-        if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
-                                POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_MD_SHA1,
+                                cipher_alg, md_alg,
                                 pwd, pwdlen, p, len, buf ) ) != 0 )
         {
             if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )