pk parse: the password is optional

For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is
optional. Clarify what this means: NULL is ok and means no password.
Validate parameters and test accordingly.
This commit is contained in:
Gilles Peskine 2018-12-19 17:12:01 +01:00
parent ee3cfec3cc
commit d54b97503b
2 changed files with 12 additions and 7 deletions

View file

@ -537,8 +537,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
* \param keylen Size of \b key in bytes. * \param keylen Size of \b key in bytes.
* For PEM data, this includes the terminating null byte, * For PEM data, this includes the terminating null byte,
* so \p keylen must be equal to `strlen(key) + 1`. * so \p keylen must be equal to `strlen(key) + 1`.
* \param pwd password for decryption (optional) * \param pwd Optional password for decryption.
* \param pwdlen size of the password * Pass \c NULL if expecting a non-encrypted key.
* Pass a string of \p pwdlen bytes if expecting an encrypted
* key; a non-encrypted key will also be accepted.
* The empty password is not supported.
* \param pwdlen Size of the password in bytes.
* Ignored if \p pwd is \c NULL.
* *
* \note On entry, ctx must be empty, either freshly initialised * \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@ -583,7 +588,11 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
* *
* \param ctx key to be initialized * \param ctx key to be initialized
* \param path filename to read the private key from * \param path filename to read the private key from
* \param password password to decrypt the file (can be NULL) * \param password Optional password to decrypt the file.
* Pass \c NULL if expecting a non-encrypted key.
* Pass a null-terminated string if expecting an encrypted
* key; a non-encrypted key will also be accepted.
* The empty password is not supported.
* *
* \note On entry, ctx must be empty, either freshly initialised * \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a

View file

@ -432,10 +432,6 @@ void invalid_parameters( )
mbedtls_pk_parse_key( &pk, mbedtls_pk_parse_key( &pk,
NULL, sizeof( buf ), NULL, sizeof( buf ),
buf, sizeof( buf ) ) ); buf, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_parse_key( &pk,
buf, sizeof( buf ),
NULL, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_parse_public_key( NULL, mbedtls_pk_parse_public_key( NULL,