yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Switch pkparse to use new mbedtls_pkcs12_pbe_ext function

Browse source 
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy 2023-09-12 14:42:49 +01:00
parent c9f4040f7f
commit d527896b7e
4 changed files with 17 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
include/mbedtls/pkcs12.h
View file

@ -52,6 +52,7 @@ extern "C" {
#if defined(MBEDTLS_ASN1_PARSE_C) #if defined(MBEDTLS_ASN1_PARSE_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/** /**
* \brief PKCS12 Password Based function (encryption / decryption) * \brief PKCS12 Password Based function (encryption / decryption)
* for cipher-based and mbedtls_md-based PBE's * for cipher-based and mbedtls_md-based PBE's
@ -59,6 +60,10 @@ extern "C" {
* \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
* be enabled at compile time. * be enabled at compile time.
* *
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
* Please use mbedtls_pkcs12_pbe_ext() instead.
*
* \warning When decrypting: * \warning When decrypting:
* - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
* time, this function validates the CBC padding and returns * time, this function validates the CBC padding and returns
@ -93,11 +98,12 @@ extern "C" {
* *
* \return 0 if successful, or a MBEDTLS_ERR_XXX code * \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/ */
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, int MBEDTLS_DEPRECATED mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen, const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t len, const unsigned char *data, size_t len,
unsigned char *output); unsigned char *output);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)

2
library/pkcs12.c
View file

@ -138,6 +138,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
size_t *output_len); size_t *output_len);
#endif #endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen, const unsigned char *pwd, size_t pwdlen,
@ -154,6 +155,7 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
pwd, pwdlen, data, len, output, SIZE_MAX, pwd, pwdlen, data, len, output, SIZE_MAX,
&output_len); &output_len);
} }
#endif
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,

9
library/pkparse.c
View file

@ -1417,13 +1417,12 @@ static int pk_parse_key_pkcs8_unencrypted_der(
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
#if !defined(MBEDTLS_PKCS12_C)
end = p + len; end = p + len;
if (end != (key + keylen)) { if (end != (key + keylen)) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
} }
#endif
return 0; return 0;
} }
@ -1498,16 +1497,16 @@ static int pk_parse_key_pkcs8_encrypted_der(
*/ */
#if defined(MBEDTLS_PKCS12_C) #if defined(MBEDTLS_PKCS12_C)
if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) { if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, if ((ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
cipher_alg, md_alg, cipher_alg, md_alg,
pwd, pwdlen, p, len, buf)) != 0) { pwd, pwdlen, p, len, buf, len, &outlen)) != 0) {
if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) { if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) {
return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
} }
return ret; return ret;
} }
outlen = len;
decrypted = 1; decrypted = 1;
} else } else
#endif /* MBEDTLS_PKCS12_C */ #endif /* MBEDTLS_PKCS12_C */

4
tests/suites/test_suite_pkcs12.function
View file

@ -90,6 +90,7 @@ void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex,
pbe_params.len = params_hex->len; pbe_params.len = params_hex->len;
pbe_params.p = params_hex->x; pbe_params.p = params_hex->x;
#if defined(MBEDTLS_TEST_DEPRECATED)
if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) { if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg, my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
md_alg, pw->x, pw->len, data->x, data->len, my_out); md_alg, pw->x, pw->len, data->x, data->len, my_out);
@ -99,6 +100,7 @@ void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex,
ASSERT_COMPARE(my_out, ref_out->len, ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len); ref_out->x, ref_out->len);
} }
#endif
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
@ -143,6 +145,7 @@ void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex,
pbe_params.len = params_hex->len; pbe_params.len = params_hex->len;
pbe_params.p = params_hex->x; pbe_params.p = params_hex->x;
#if defined(MBEDTLS_TEST_DEPRECATED)
if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) { if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg, my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
md_alg, pw->x, pw->len, data->x, data->len, my_out); md_alg, pw->x, pw->len, data->x, data->len, my_out);
@ -153,6 +156,7 @@ void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex,
ASSERT_COMPARE(my_out, ref_out->len, ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len); ref_out->x, ref_out->len);
} }
#endif
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)