Home GnuPG
Diffusion GnuPG 4c14bbf56fb5

sm: Update pkcs#12 module from master

Description

sm: Update pkcs#12 module from master

* sm/minip12.c: Update from master.
* sm/import.c (parse_p12): Pass NULL for curve.

Over the last years we had a couple of changes not backported to 2.2.
However, to support DFN p12 files and probably other p12 files we need
to update the minip12.c module. Instead of picking commits we take
the module verbatim, which is relatively easy because it was
originally designed to be a standalone module.

Summary of commits taken from master:

sm: Improve pkcs#12 debug output.
sm: Rework the PKCS#12 parser to support DFN issued keys.
sm: Fix parsing encrypted data.
sm: Do not print certain issuer not found diags in quiet mode.
sm: Silence some output on --quiet
sm: Replace all assert calls by log_assert.
doc: Typo fixes in code comments
sm: Add support to export ECC private keys.

Detailed log messages for those commits:

commit 52f9e13c0cb3b42c469e2d00352ab36948ca1e55

  sm: Improve pkcs#12 debug output.

  * sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic.
  (parse_cert_bag): Ditto.
  (parse_bag_data): Remove debug output.  Pass startoffset.
  Fix offset diagnostic.

commit a4e04375e84ecb7ea0d02e153cb27988fca4c2d0

  sm: Rework the PKCS#12 parser to support DFN issued keys.

  * sm/minip12.c (struct p12_parse_ctx_s): New.  Use this instead of
  passing several parameters to most functions.
  (parse_pag_data): Factor things out to  ...
  parse_shrouded_key_bag): new.
  (parse_cert_bag): New.
  (parse_bag_data): New.
  (p12_parse): Setup the parse context.

  To support newer pkcs#12 files like those issued by the DFN we
  need to support another ordering of data elements.  This rework
  reflects the P12 data structure a bit better than our old ad-hoc
  hacks.  Tests could only be done with the certificate parts and
  not the encrypted private keys.

commit 6c50834c0905b55ee2da18728194dd4c93c377bf

  sm: Fix parsing encrypted data.

  * sm/minip12.c (cram_octet_string): Finish when N==0.
  (parse_bag_encrypted_data): Support constructed data with multiple
  octet strings.

commit a170f0e73f38e474b6d4463433fe344eca865fa5

  sm: Do not print certain issuer not found diags in quiet mode.

  * sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
  verbose mode.  Do not print issuer not found diags in quiet mode.
  * sm/minip12.c (parse_bag_data): Add missing verbose condition.

commit 615d2e4fb15859320ea0ebec1bb457c692c57f0a

  sm: Silence some output on --quiet

  * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
  * sm/gpgsm.c: Include minip12.h.
  (set_debug): Call p12_set_verbosity.
  * sm/import.c (parse_p12): Dump keygrip only in debug mode.
  * sm/minip12.c (opt_verbose, p12_set_verbosity): New.
  (parse_bag_encrypted_data): Print info messages only in verbose
  mode.

commit 9ee975d588ee99550917e3d459dd6f79057f5c30

  gpgsm: Replace all assert calls by log_assert.

commit 9bc9d0818b0e636a9dbc0dd24edf53eae95dd8e7

  doc: Typo fixes in code comments

commit 5da6925a334c68d736804d8f19a684a678409d99

  sm: Add support to export ECC private keys.

  * sm/minip12.c [TEST]: Remove test code.  Include util.h, tlv.h. and
  openpgpdefs.h.  Remove the class and tag constants and replace
  them by those from tlv.h.
  (builder_add_oid, builder_add_mpi): New.
  (build_key_sequence): Rename to ...
  (build_rsa_key_sequence): this.
  (build_ecc_key_sequence): New.
  (p12_build): Call RSA or ECC builder.
  (p12_raw_build): Ditto.
  * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
  (sexp_to_kparms): Support ECC.

Details

Provenance
wernerAuthored on Tue, Jun 21, 6:18 PM
Parents
rGd21ced1e3596: common: Add an easy to use DER builder.
Branches
Unknown
Tags
Unknown
Tasks
T4921: Support import of PKCS#12 encoded ECC private keys.