mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-03 23:43:40 +00:00
pem: fix return values in pem_check_pkcs_padding()
Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors. This commit also fix related failures in test pkparse and pem test suites. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
e10674d547
commit
e88a1c5b85
@ -248,14 +248,14 @@ static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t
|
||||
size_t i;
|
||||
|
||||
if (pad_len > input_len) {
|
||||
return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
|
||||
return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
|
||||
}
|
||||
|
||||
*data_len = input_len - pad_len;
|
||||
|
||||
for (i = *data_len; i < input_len; i++) {
|
||||
if (input[i] != pad_len) {
|
||||
return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
|
||||
return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -69,18 +69,18 @@ mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KE
|
||||
# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x02\x03\x04\x05" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad
|
||||
PEM read (AES-128-CBC, invalid padding data)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:""
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:""
|
||||
|
||||
# Padding data (0x11) is larger than AES block size (16).
|
||||
# Generated with:
|
||||
# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x11\x11\x11\x11\x11" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad
|
||||
PEM read (AES-128-CBC, padding data is larger than AES block length)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:""
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:""
|
||||
|
||||
# Padding data (0x9) is larger than DES block size (8).
|
||||
# Generated with:
|
||||
# echo -n -e "\x68\x65\x6c\x6c\x6f\x09\x09\x09" | openssl des-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad
|
||||
PEM read (DES-CBC, padding data is larger than DES block length)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,3132333435363738\n\n6a+B2WineBM=\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:""
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,3132333435363738\n\n6a+B2WineBM=\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:""
|
||||
|
@ -8,7 +8,7 @@ pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0
|
||||
|
||||
Parse RSA Key #3 (Wrong password)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
|
||||
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PEM_BAD_INPUT_DATA
|
||||
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
|
||||
|
||||
Parse RSA Key #4 (DES Encrypted)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
|
Loading…
Reference in New Issue
Block a user