mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 21:08:15 +00:00
Fix undocumented feature of pem_read_buffer()
Used to work only for RSAPrivateKey content, now accepts ECPrivateKey too, and may even work with similar enough structures when they appear.
This commit is contained in:
parent
e366342233
commit
f8648d51b1
2 changed files with 19 additions and 2 deletions
|
@ -84,6 +84,9 @@ void pem_init( pem_context *ctx );
|
||||||
* POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
|
* POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
|
||||||
* the length to skip)
|
* the length to skip)
|
||||||
*
|
*
|
||||||
|
* \note Checks password correctness by verifying if the decrypted
|
||||||
|
* text looks like a RSAPrivateKey or ECPrivateKey structure
|
||||||
|
*
|
||||||
* \return 0 on success, ior a specific PEM error code
|
* \return 0 on success, ior a specific PEM error code
|
||||||
*/
|
*/
|
||||||
int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
|
int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
|
||||||
|
|
|
@ -332,8 +332,22 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
|
||||||
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
if( buf[0] != 0x30 || buf[1] != 0x82 ||
|
/*
|
||||||
buf[4] != 0x02 || buf[5] != 0x01 )
|
* The result should look like RSAPrivateKey or ECPrivateKey
|
||||||
|
* We use the following heuristic:
|
||||||
|
* len must be more than 6
|
||||||
|
* byte 1 must be 0x30 (SEQUENCE tag)
|
||||||
|
* then allow for one to 3 length bytes
|
||||||
|
* then we must have 0x02 0x01 (INTEGER tag + length, for version)
|
||||||
|
* version must be less than 4 (leaves some room)
|
||||||
|
*/
|
||||||
|
if( ! ( len > 6 && buf[0] == 0x30 && (
|
||||||
|
( buf[1] <= 0x7f && /* 1 length byte */
|
||||||
|
buf[2] == 0x02 && buf[3] == 0x01 && buf[4] < 4 ) ||
|
||||||
|
( buf[1] == 0x81 && /* 2 length bytes */
|
||||||
|
buf[3] == 0x02 && buf[4] == 0x01 && buf[5] < 4 ) ||
|
||||||
|
( buf[1] == 0x82 && /* 2 length bytes */
|
||||||
|
buf[4] == 0x02 && buf[5] == 0x01 && buf[6] < 4 ) ) ) )
|
||||||
{
|
{
|
||||||
polarssl_free( buf );
|
polarssl_free( buf );
|
||||||
return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
|
return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
|
||||||
|
|
Loading…
Reference in a new issue