[Help-gnutls] Re: gnutls_x509_privkey_export_pkcs8 failure with GNUTLS_PKCS_USE_PBES2_3DES
Florian Weimer
fweimer at bfk.de
Thu Sep 6 14:09:26 CEST 2007
* Simon Josefsson:
>> With the GNUTLS_PKCS_USE_PKCS12_3DES flag, it works. Is a special
>> format for the password required if the GNUTLS_PKCS_USE_PBES2_3DES
>> mode is used?
>
> No, I don't think so. Maybe the PBES2 approach is buggy. Could you
> debug further why it fails?
It seems to me that the enc_params argument to generate_key is not
properly initialized. From the beginning of generate_key:
/* We should use the flags here to use different
* encryption algorithms etc.
*/
if (schema == PKCS12_ARCFOUR_SHA1)
enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
else if (schema == PKCS12_3DES_SHA1)
enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
else if (schema == PKCS12_RC2_40_SHA1)
enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
schema is PBES2 in this case, and enc_params has not been filled by
the caller. valgrind complains as well:
==8411== Conditional jump or move depends on uninitialised value(s)
==8411== at 0x479AB24: gnutls_cipher_get_key_size (gnutls_algorithms.c:739)
==8411== by 0x47D3DDB: generate_key (privkey_pkcs8.c:1630)
==8411== by 0x47D7114: gnutls_x509_privkey_export_pkcs8 (privkey_pkcs8.c:345)
==8411== by 0x4763EE1: XS_Crypt__GNUTLS__X509Privkey_export_pkcs8 (GNUTLS.xs:1108)
==8411== by 0x80BDAD0: Perl_pp_entersub (in /usr/bin/perl)
==8411== by 0x80BC3A8: Perl_runops_standard (in /usr/bin/perl)
==8411== by 0x8063A1A: perl_run (in /usr/bin/perl)
==8411== by 0x805FFD0: main (in /usr/bin/perl)
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the Gnutls-help
mailing list