mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-26 21:35:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

PEM: always use MD light

Browse Source 
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-03-16 10:20:29 +01:00
parent 0baad53ac9
commit 1c2008fa37
3 changed files with 7 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/mbedtls/mbedtls_config.h
View File

@ -2775,6 +2775,10 @@
* library/x509_csr.c
*
* Requires: MBEDTLS_BASE64_C
* optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below)
*
* \warning When parsing password-protected files, if MD5 is provided only by
* a PSA driver, you must call psa_crypto_init() before the first file.
*
* This modules adds support for decoding / parsing PEM files.
*/

93
library/pem.c
View File

@ -39,13 +39,6 @@
#include "psa/crypto.h"
#endif
#if !defined(MBEDTLS_MD5_C)
#include "mbedtls/psa_util.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_md_errors, \
psa_generic_status_to_mbedtls)
#endif
#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
@ -94,7 +87,6 @@ static int pem_get_iv(const unsigned char *s, unsigned char *iv,
return 0;
}
#if defined(MBEDTLS_MD5_C)
static int pem_pbkdf1(unsigned char *key, size_t keylen,
unsigned char *iv,
const unsigned char *pwd, size_t pwdlen)
@ -168,91 +160,6 @@ exit:
return ret;
}
#else
static int pem_pbkdf1(unsigned char *key, size_t keylen,
unsigned char *iv,
const unsigned char *pwd, size_t pwdlen)
{
unsigned char md5sum[16];
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
size_t output_length = 0;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if ((status = psa_hash_setup(&operation, PSA_ALG_MD5)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&operation, pwd, pwdlen)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&operation, iv, 8)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_finish(&operation, md5sum,
PSA_HASH_LENGTH(PSA_ALG_MD5),
&output_length)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_abort(&operation)) != PSA_SUCCESS) {
goto exit;
}
/*
* key[ 0..15] = MD5(pwd || IV)
*/
if (keylen <= 16) {
memcpy(key, md5sum, keylen);
goto exit;
}
memcpy(key, md5sum, 16);
/*
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
*/
if ((status = psa_hash_setup(&operation, PSA_ALG_MD5)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&operation, md5sum, 16)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&operation, pwd, pwdlen)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_update(&operation, iv, 8)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_finish(&operation, md5sum,
PSA_HASH_LENGTH(PSA_ALG_MD5),
&output_length)) != PSA_SUCCESS) {
goto exit;
}
if ((status = psa_hash_abort(&operation)) != PSA_SUCCESS) {
goto exit;
}
size_t use_len = 16;
if (keylen < 32) {
use_len = keylen - 16;
}
memcpy(key + 16, md5sum, use_len);
exit:
mbedtls_platform_zeroize(md5sum, 16);
return PSA_TO_MBEDTLS_ERR(status);
}
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_DES_C)
/*

3
tests/suites/test_suite_pem.function
View File

@ -44,6 +44,8 @@ void mbedtls_pem_read_buffer(char *header, char *footer, char *data,
size_t pwd_len = strlen(pwd);
const unsigned char *buf;
MD_PSA_INIT();
mbedtls_pem_init(&ctx);
ret = mbedtls_pem_read_buffer(&ctx, header, footer, (unsigned char *) data,
@ -60,5 +62,6 @@ void mbedtls_pem_read_buffer(char *header, char *footer, char *data,
exit:
mbedtls_pem_free(&ctx);
MD_PSA_DONE();
}
/* END_CASE */