diff --git a/library/x509parse.c b/library/x509parse.c index e704c48db..caf59c433 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -2280,26 +2280,23 @@ static int x509parse_key_pkcs8_unencrypted_der( } /* - * Parse an encrypted PKCS#8 encoded private RSA key + * Decrypt the content of a PKCS#8 EncryptedPrivateKeyInfo */ -static int x509parse_key_pkcs8_encrypted_der( - rsa_context *rsa, - const unsigned char *key, - size_t keylen, - const unsigned char *pwd, - size_t pwdlen ) +static int x509parse_pkcs8_decrypt( unsigned char *buf, size_t buflen, + size_t *used_len, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen ) { int ret; size_t len; unsigned char *p, *end; x509_buf pbe_alg_oid, pbe_params; - unsigned char buf[2048]; #if defined(POLARSSL_PKCS12_C) cipher_type_t cipher_alg; md_type_t md_alg; #endif - memset(buf, 0, 2048); + memset(buf, 0, buflen); p = (unsigned char *) key; end = p + keylen; @@ -2335,8 +2332,7 @@ static int x509parse_key_pkcs8_encrypted_der( if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - // buf has been sized to 2048 bytes - if( len > 2048 ) + if( len > buflen ) return( POLARSSL_ERR_X509_INVALID_INPUT ); /* @@ -2389,7 +2385,29 @@ static int x509parse_key_pkcs8_encrypted_der( #endif /* POLARSSL_PKCS5_C */ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); - return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len ); + *used_len = len; + return( 0 ); +} + +/* + * Parse an encrypted PKCS#8 encoded private RSA key + */ +static int x509parse_key_pkcs8_encrypted_der( + rsa_context *rsa, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen ) +{ + int ret; + unsigned char buf[2048]; + size_t len = 0; + + if( ( ret = x509parse_pkcs8_decrypt( buf, sizeof( buf ), &len, + key, keylen, pwd, pwdlen ) ) != 0 ) + { + return( ret ); + } + + return( x509parse_key_pkcs8_unencrypted_der( rsa, buf, len ) ); } /*