Return back to modifying input parameters in pkcs12_parse_pbe_params

Return back to modifying input parameters in pkcs12_parse_pbe_params to avoid change in behaviour. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2025-02-20 12:40:47 +00:00 · 2023-09-12 14:05:10 +01:00 · 2023-09-12 14:05:10 +01:00 · 57d09b72ef
commit 57d09b72ef
parent e1cb35b719
2 changed files with 16 additions and 6 deletions
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@ -47,7 +47,7 @@ static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params,
                                   mbedtls_asn1_buf *salt, int *iterations)
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = params->p;
+    unsigned char **p = &params->p;
    const unsigned char *end = params->p + params->len;

    /*
@ -62,18 +62,18 @@ static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params,
                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
    }

-    if ((ret = mbedtls_asn1_get_tag(&p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+    if ((ret = mbedtls_asn1_get_tag(p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret);
    }

-    salt->p = p;
-    p += salt->len;
+    salt->p = *p;
+    *p += salt->len;

-    if ((ret = mbedtls_asn1_get_int(&p, end, iterations)) != 0) {
+    if ((ret = mbedtls_asn1_get_int(p, end, iterations)) != 0) {
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret);
    }

-    if (p != end) {
+    if (*p != end) {
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
    }
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@ -101,6 +101,11 @@ void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex,
    }

 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+    pbe_params.tag = params_tag;
+    pbe_params.len = params_hex->len;
+    pbe_params.p = params_hex->x;
+
    my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
                                    md_alg, pw->x, pw->len, data->x, data->len, my_out,
                                    outsize, &my_out_len);
@ -150,6 +155,11 @@ void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex,
    }

 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+    pbe_params.tag = params_tag;
+    pbe_params.len = params_hex->len;
+    pbe_params.p = params_hex->x;
+
    my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
                                    md_alg, pw->x, pw->len, data->x, data->len, my_out,
                                    outsize, &my_out_len);