Switch pkparse to use new mbedtls_pkcs12_pbe_ext function

Switch pkparse to use new mbedtls_pkcs12_pbe_ext function and deprecate mbedtls_pkcs12_pbe function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 14:42:49 +01:00 · 2023-09-12 14:42:49 +01:00 · d527896b7e
commit d527896b7e
parent c9f4040f7f
4 changed files with 17 additions and 6 deletions
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@ -52,6 +52,7 @@ extern "C" {

 #if defined(MBEDTLS_ASN1_PARSE_C)

+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
 * \brief            PKCS12 Password Based function (encryption / decryption)
 *                   for cipher-based and mbedtls_md-based PBE's
@ -59,6 +60,10 @@ extern "C" {
 * \note             When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
 *                   be enabled at compile time.
 *
+ * \deprecated       This function is deprecated and will be removed in a
+ *                   future version of the library.
+ *                   Please use mbedtls_pkcs12_pbe_ext() instead.
+ *
 * \warning          When decrypting:
 *                   - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
 *                     time, this function validates the CBC padding and returns
@ -93,11 +98,12 @@ extern "C" {
 *
 * \return           0 if successful, or a MBEDTLS_ERR_XXX code
 */
-int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
+int MBEDTLS_DEPRECATED mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
                       mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
                       const unsigned char *pwd,  size_t pwdlen,
                       const unsigned char *data, size_t len,
                       unsigned char *output);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */

 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)

--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@ -138,6 +138,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
                           size_t *output_len);
 #endif

+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
                       mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
                       const unsigned char *pwd,  size_t pwdlen,
@ -154,6 +155,7 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
                                  pwd, pwdlen, data, len, output, SIZE_MAX,
                                  &output_len);
 }
+#endif

 int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
                           mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
--- a/library/pkparse.c
+++ b/library/pkparse.c
@ -1417,13 +1417,12 @@ static int pk_parse_key_pkcs8_unencrypted_der(
 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
    return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;

-#if !defined(MBEDTLS_PKCS12_C)
    end = p + len;
    if (end != (key + keylen)) {
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
    }
-#endif
+
    return 0;
 }

@ -1498,16 +1497,16 @@ static int pk_parse_key_pkcs8_encrypted_der(
     */
 #if defined(MBEDTLS_PKCS12_C)
    if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
-        if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
+        if ((ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
                                      cipher_alg, md_alg,
-                                      pwd, pwdlen, p, len, buf)) != 0) {
+                                      pwd, pwdlen, p, len, buf, len, &outlen)) != 0) {
            if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) {
                return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
            }

            return ret;
        }
-        outlen = len;
+
        decrypted = 1;
    } else
 #endif /* MBEDTLS_PKCS12_C */
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@ -90,6 +90,7 @@ void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex,
    pbe_params.len = params_hex->len;
    pbe_params.p = params_hex->x;

+#if defined(MBEDTLS_TEST_DEPRECATED)
    if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
        my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
                                    md_alg, pw->x, pw->len, data->x, data->len, my_out);
@ -99,6 +100,7 @@ void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex,
        ASSERT_COMPARE(my_out, ref_out->len,
                       ref_out->x, ref_out->len);
    }
+#endif

 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)

@ -143,6 +145,7 @@ void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex,
    pbe_params.len = params_hex->len;
    pbe_params.p = params_hex->x;

+#if defined(MBEDTLS_TEST_DEPRECATED)
    if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
        my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
                                    md_alg, pw->x, pw->len, data->x, data->len, my_out);
@ -153,6 +156,7 @@ void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex,
        ASSERT_COMPARE(my_out, ref_out->len,
                       ref_out->x, ref_out->len);
    }
+#endif

 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)