if the password supplied for PKCS12 doesn't verify ask for a new one
or if it's NULL and the mac doesn't verify with that either.. fixes #66
This commit is contained in:
@@ -355,11 +355,19 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
goto import_out;
|
goto import_out;
|
||||||
}
|
}
|
||||||
} else if(key_format == key_format_arg_PKCS12) {
|
} else if(key_format == key_format_arg_PKCS12) {
|
||||||
|
char pwbuf[128];
|
||||||
p12 = d2i_PKCS12_fp(input_file, NULL);
|
p12 = d2i_PKCS12_fp(input_file, NULL);
|
||||||
if(!p12) {
|
if(!p12) {
|
||||||
fprintf(stderr, "Failed to load PKCS12 from file.\n");
|
fprintf(stderr, "Failed to load PKCS12 from file.\n");
|
||||||
goto import_out;
|
goto import_out;
|
||||||
}
|
}
|
||||||
|
if(!PKCS12_verify_mac(p12, password, password ? strlen(password) : 0)) {
|
||||||
|
if(!read_pw("PKCS12 Password", pwbuf, sizeof(pwbuf), false)) {
|
||||||
|
fprintf(stderr, "Failed to get password.\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
password = pwbuf;
|
||||||
|
}
|
||||||
if(PKCS12_parse(p12, password, &private_key, &cert, NULL) == 0) {
|
if(PKCS12_parse(p12, password, &private_key, &cert, NULL) == 0) {
|
||||||
fprintf(stderr, "Failed to parse PKCS12 structure. (wrong password?)\n");
|
fprintf(stderr, "Failed to parse PKCS12 structure. (wrong password?)\n");
|
||||||
goto import_out;
|
goto import_out;
|
||||||
|
|||||||
Reference in New Issue
Block a user