feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2896 from embhorn/zd9916

Browse Source 
Fix wc_KeyPemToDer with PKCS1 and empty key
This commit is contained in:
toddouska
2020-04-10 15:38:07 -07:00
committed by GitHub
parent 0a40bbe2a9 8644fdca7d
commit 4748254b60
2 changed files with 38 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/api.c
View File

@@ -20051,7 +20051,7 @@ static void test_wc_PemToDer(void)
printf(testingFmt, "wc_PemToDer()"); printf(testingFmt, "wc_PemToDer()");
memset(&info, 0, sizeof(info)); XMEMSET(&info, 0, sizeof(info));
ret = load_file(ca_cert, &cert_buf, &cert_sz); ret = load_file(ca_cert, &cert_buf, &cert_sz);
if (ret == 0) { if (ret == 0) {
@@ -25670,6 +25670,27 @@ static void test_wolfSSL_RSA(void)
AssertNull(RSA_generate_key(4097, 3, NULL, NULL)); /* RSA_MAX_SIZE + 1 */ AssertNull(RSA_generate_key(4097, 3, NULL, NULL)); /* RSA_MAX_SIZE + 1 */
AssertNull(RSA_generate_key(2048, 0, NULL, NULL)); AssertNull(RSA_generate_key(2048, 0, NULL, NULL));
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
{
byte buff[FOURK_BUF];
byte der[FOURK_BUF];
const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
XFILE f;
int bytes;
/* test loading encrypted RSA private pem w/o password */
f = XFOPEN(PrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
XMEMSET(der, 0, sizeof(der));
/* test that error value is returned with no password */
AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
}
#endif
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
} }

8
wolfcrypt/src/asn.c
View File

@@ -10561,6 +10561,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
#endif #endif
} }
/* decrypt the key */ /* decrypt the key */
else {
if (passwordSz == 0) {
/* The key is encrypted but does not have a password */
WOLFSSL_MSG("No password for encrypted key");
ret = NO_PASSWORD;
}
else { else {
ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
(byte*)password, passwordSz, WC_MD5); (byte*)password, passwordSz, WC_MD5);
@@ -10575,7 +10581,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
} }
#endif /* !NO_DES3 */ #endif /* !NO_DES3 */
#endif /* !NO_WOLFSSL_SKIP_TRAILING_PAD */ #endif /* !NO_WOLFSSL_SKIP_TRAILING_PAD */
}
} }
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
if (ret) { if (ret) {