crypto: don't try to decrypt PKCS#8 key if no password is supplied

crypto_verify_private_key_data() must try to decrypt the key only when a password is supplied. Previously the decrypt test always passed because we detected an unsupported cipher and faked success. Now since version 3.5.4 gnutls supports PBES1-DES-CBC-MD5 and the key is actually decrypted when a password is supplied. Also, don't assert that a wrong password works because we're now able to actually verify it (only with recent gnutls). https://bugzilla.gnome.org/show_bug.cgi?id=771623
2024-10-02 22:38:01 +00:00 · 2016-09-19 09:35:23 +02:00 · 2016-09-19 09:35:23 +02:00 · 0e96d23733
parent 93a753e311
commit 0e96d23733
5 changed files with 7 additions and 13 deletions
--- a/libnm-core/crypto.c
+++ b/libnm-core/crypto.c
@ -712,7 +712,7 @@ crypto_verify_private_key_data (const guint8 *data,
 		/* Maybe it's PKCS#8 */
 		tmp = parse_pkcs8_key_file (data, data_len, &is_encrypted, NULL);
 		if (tmp) {
-			if (crypto_verify_pkcs8 (tmp->data, tmp->len, is_encrypted, password, error))
+			if (!password || crypto_verify_pkcs8 (tmp->data, tmp->len, is_encrypted, password, error))
 				format = NM_CRYPTO_FILE_FORMAT_RAW_KEY;
 		} else {
 			char *cipher, *iv;
--- a/libnm-core/crypto_gnutls.c
+++ b/libnm-core/crypto_gnutls.c
@ -394,7 +394,7 @@ crypto_verify_pkcs8 (const guint8 *data,

 	if (err < 0) {
 		if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
-			/* HACK: gnutls doesn't support all the cipher types that openssl
+			/* HACK: gnutls < 3.5.4 doesn't support all the cipher types that openssl
 			 * can use with PKCS#8, so if we encounter one, we have to assume
 			 * the given password works.  gnutls needs to unsuckify, apparently.
 			 * Specifically, by default openssl uses pbeWithMD5AndDES-CBC
--- a/libnm-core/tests/test-crypto.c
+++ b/libnm-core/tests/test-crypto.c
@ -364,12 +364,11 @@ test_pkcs8 (gconstpointer test_data)
 	password = parts[1];

 	test_is_pkcs12 (path, TRUE);
-	test_load_pkcs8 (path, password, -1);
-	/* Until gnutls and NSS grow support for all the ciphers that openssl
-	 * can use with PKCS#8, we can't actually verify the password.  So we
-	 * expect a bad password to work for the time being.
+	/* Note: NSS and gnutls < 3.5.4 don't support all the ciphers that openssl
+	 * can use with PKCS#8 and thus the password can't be actually verified with
+	 * such libraries.
 	 */
-	test_load_pkcs8 (path, "blahblahblah", -1);
+	test_load_pkcs8 (path, password, -1);

 	g_free (path);
 	g_strfreev (parts);
--- a/libnm-util/crypto.c
+++ b/libnm-util/crypto.c
@ -708,7 +708,7 @@ crypto_verify_private_key_data (const GByteArray *contents,
 		/* Maybe it's PKCS#8 */
 		tmp = parse_pkcs8_key_file (contents, &is_encrypted, error);
 		if (tmp) {
-			if (crypto_verify_pkcs8 (tmp, is_encrypted, password, error))
+			if (!password || crypto_verify_pkcs8 (tmp, is_encrypted, password, error))
 				format = NM_CRYPTO_FILE_FORMAT_RAW_KEY;
 		} else {
 			g_clear_error (error);
--- a/libnm-util/tests/test-crypto.c
+++ b/libnm-util/tests/test-crypto.c
@ -334,11 +334,6 @@ test_pkcs8 (gconstpointer test_data)

 	test_is_pkcs12 (path, TRUE, "not-pkcs12");
 	test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
-	/* Until gnutls and NSS grow support for all the ciphers that openssl
-	 * can use with PKCS#8, we can't actually verify the password.  So we
-	 * expect a bad password to work for the time being.
-	 */
-	test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");

 	g_free (path);
 	g_strfreev (parts);