diff options
author | René Korthaus <[email protected]> | 2017-07-11 14:23:57 +0200 |
---|---|---|
committer | René Korthaus <[email protected]> | 2017-07-11 14:33:42 +0200 |
commit | 5010f82fc3b2003160bba640173632986f1c5f55 (patch) | |
tree | f463f075874785db6f42bd35a0cbef0f9032b371 | |
parent | 38fe6d3ab3e8a4be2becd5fd0b8c7bb4a8f1e192 (diff) |
Fix loading of unencrypted PKCS#8 key via CLI
CLI passed an emtpy password to PKCS8::load_key(),
even if --pass-in was not given, which caused loading
of unencrypted private keys to fail. Fixed by
calling the corresponding flavour of load_key().
-rw-r--r-- | src/cli/pubkey.cpp | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 25f3e2ed5..5112fedb5 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -262,11 +262,17 @@ class PKCS8_Tool final : public Command void go() override { - std::unique_ptr<Botan::Private_Key> key( - Botan::PKCS8::load_key( - get_arg("key"), - rng(), - get_arg("pass-in"))); + std::unique_ptr<Botan::Private_Key> key; + std::string pass_in = get_arg("pass-in"); + + if (pass_in.empty()) + { + key.reset(Botan::PKCS8::load_key(get_arg("key"), rng())); + } + else + { + key.reset(Botan::PKCS8::load_key(get_arg("key"), rng(), pass_in)); + } const std::chrono::milliseconds pbe_millis(get_arg_sz("pbe-millis")); const std::string pbe = get_arg("pbe"); @@ -285,28 +291,28 @@ class PKCS8_Tool final : public Command } else { - const std::string pass = get_arg("pass-out"); + const std::string pass_out = get_arg("pass-out"); if(der_out) { - if(pass.empty()) + if(pass_out.empty()) { write_output(Botan::PKCS8::BER_encode(*key)); } else { - write_output(Botan::PKCS8::BER_encode(*key, rng(), pass, pbe_millis, pbe)); + write_output(Botan::PKCS8::BER_encode(*key, rng(), pass_out, pbe_millis, pbe)); } } else { - if(pass.empty()) + if(pass_out.empty()) { output() << Botan::PKCS8::PEM_encode(*key); } else { - output() << Botan::PKCS8::PEM_encode(*key, rng(), pass, pbe_millis, pbe); + output() << Botan::PKCS8::PEM_encode(*key, rng(), pass_out, pbe_millis, pbe); } } } |