From de09280b2a8314eb98ec9a2b84eebe3eec2f49bd Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 4 Aug 2022 16:37:51 +0900 Subject: [PATCH] _gnutls_decrypt_pbes1_des_md5_data: use public crypto API This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd. In the decryption code path with PBES1, algorithm checks for FIPS was not applied, because it used internal functions that bypass those checks. Signed-off-by: Daiki Ueno --- lib/x509/privkey_pkcs8_pbes1.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/lib/x509/privkey_pkcs8_pbes1.c b/lib/x509/privkey_pkcs8_pbes1.c index c296807974..983530e46a 100644 --- a/lib/x509/privkey_pkcs8_pbes1.c +++ b/lib/x509/privkey_pkcs8_pbes1.c @@ -140,7 +140,7 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password, { int result; gnutls_datum_t dkey, d_iv; - cipher_hd_st ch; + gnutls_cipher_hd_t ch; uint8_t key[16]; const unsigned block_size = 8; @@ -158,16 +158,14 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password, dkey.size = 8; d_iv.data = &key[8]; d_iv.size = 8; - result = - _gnutls_cipher_init(&ch, cipher_to_entry(GNUTLS_CIPHER_DES_CBC), - &dkey, &d_iv, 0); + result = gnutls_cipher_init(&ch, GNUTLS_CIPHER_DES_CBC, &dkey, &d_iv); if (result < 0) { _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); return gnutls_assert_val(result); } _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); - result = _gnutls_cipher_decrypt(&ch, encrypted_data->data, encrypted_data->size); + result = gnutls_cipher_decrypt(ch, encrypted_data->data, encrypted_data->size); if (result < 0) { gnutls_assert(); goto error; @@ -184,7 +182,7 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password, result = 0; error: - _gnutls_cipher_deinit(&ch); + gnutls_cipher_deinit(ch); return result; } -- 2.37.1