From 2d25b93bac6d4f425f309aa2658cb3b028ee3a70 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 14 Feb 2025 19:06:43 +0000 Subject: [PATCH] Fix ASN implementation to support both template and original modes - Extract hash type from PBES2 parameters in both ASN implementations - Add proper error handling and messages - Return ASN_PARSE_E if hash type cannot be determined - Fix variable declarations and scoping issues Co-Authored-By: lealem@wolfssl.com --- wolfcrypt/src/asn.c | 90 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 86 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a752c9f8c..f533df66e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -25782,11 +25782,93 @@ int PemToDer(const unsigned char* buff, long longSz, int type, (!defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_AES_DECRYPT))) && \ !defined(NO_WOLFSSL_SKIP_TRAILING_PAD) - int padVal = 0; - #endif - - ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, /* Extract hash type from PBES2 parameters */ + int hashType = WC_HASH_TYPE_NONE; +#ifndef WOLFSSL_ASN_TEMPLATE + { + word32 idx = 0; + word32 length; + word32 oid; + + /* Get PBES2 parameters sequence */ + if (GetSequence(der->buffer, &idx, &length, der->length) < 0) { + WOLFSSL_MSG("Failed to get PBES2 sequence"); + ret = ASN_PARSE_E; + } + + /* Get KDF algorithm identifier */ + if (ret == 0 && GetAlgoId(der->buffer, &idx, &oid, + oidKdfType, der->length) < 0) { + WOLFSSL_MSG("Failed to get KDF algorithm"); + ret = ASN_PARSE_E; + } + + /* Get PBKDF2 parameters sequence */ + if (ret == 0 && GetSequence(der->buffer, &idx, &length, + der->length) < 0) { + WOLFSSL_MSG("Failed to get PBKDF2 parameters"); + ret = ASN_PARSE_E; + } + + /* Skip salt and iterations */ + if (ret == 0 && GetOctetString(der->buffer, &idx, &length, + der->length) < 0) { + WOLFSSL_MSG("Failed to get salt"); + ret = ASN_PARSE_E; + } + idx += length; + if (ret == 0 && GetInteger(der->buffer, &idx, &length, + der->length) < 0) { + WOLFSSL_MSG("Failed to get iterations"); + ret = ASN_PARSE_E; + } + + /* Get PRF algorithm sequence */ + if (ret == 0 && GetSequence(der->buffer, &idx, &length, + der->length) < 0) { + WOLFSSL_MSG("Failed to get PRF sequence"); + ret = ASN_PARSE_E; + } + + /* Get PRF algorithm OID */ + if (ret == 0 && GetAlgoId(der->buffer, &idx, &oid, + oidHmacType, der->length) < 0) { + WOLFSSL_MSG("Failed to get PRF algorithm"); + ret = ASN_PARSE_E; + } + + if (ret == 0) { + hashType = wc_OidGetHash(oid); + if (hashType == WC_HASH_TYPE_NONE) { + WOLFSSL_MSG("Hash algorithm not supported"); + ret = ASN_PARSE_E; + } + } + } +#else + { + word32 idx = 0; + DECL_ASNGETDATA(dataASN, pbes2ParamsASN_Length); + CALLOC_ASNGETDATA(dataASN, pbes2ParamsASN_Length, ret, NULL); + if (ret == 0) { + GetASN_OID(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID], oidHmacType); + ret = GetASN_Items(pbes2ParamsASN, dataASN, pbes2ParamsASN_Length, + 0, der->buffer, &idx, der->length); + if (ret == 0) { + hashType = wc_OidGetHash(dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID].data.oid.sum); + if (hashType == WC_HASH_TYPE_NONE) { + WOLFSSL_MSG("Hash algorithm not supported"); + ret = ASN_PARSE_E; + } + } + } + FREE_ASNGETDATA(dataASN, NULL); + } +#endif + if (ret == 0) { + ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, + (byte*)password, passwordSz, hashType); + } #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; word32 length;