Fix wc_KeyPemToDer with PKCS1 and empty key

2020-04-01 21:31:06 -05:00
parent 97d798743a
commit 4d6e33b1dd
2 changed files with 39 additions and 10 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -25671,6 +25671,27 @@ static void test_wolfSSL_RSA(void)
    AssertNull(RSA_generate_key(4097, 3, NULL, NULL)); /* RSA_MAX_SIZE + 1 */
    AssertNull(RSA_generate_key(2048, 0, NULL, NULL));

+
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
+    {
+        byte buff[FOURK_BUF];
+        byte der[FOURK_BUF];
+        const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
+
+        XFILE f;
+        int bytes;
+
+        /* test loading encrypted RSA private pem w/o password */
+        f = XFOPEN(PrivKeyPemFile, "rb");
+        AssertTrue((f != XBADFILE));
+        bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
+        XFCLOSE(f);
+        memset(der, 0, sizeof(der));
+        /* test that error value is returned with no password */
+        AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
+    }
+#endif
+
    printf(resultFmt, passed);
 #endif
 }
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -10561,6 +10561,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
            #endif
            }
            /* decrypt the key */
+            else {
+                int length;
+                word32 inOutIdx = 0;
+                if ((passwordSz == 0) &&
+                    (GetSequence(der->buffer, &inOutIdx, &length,
+                            der->length) < 0)) {
+                    ret = ASN_PARSE_E;
+                }
                else {
                    ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
                        (byte*)password, passwordSz, WC_MD5);
@ -10575,7 +10583,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                    }
                #endif /* !NO_DES3 */
 #endif /* !NO_WOLFSSL_SKIP_TRAILING_PAD */
-
+                }
            }
 #ifdef OPENSSL_EXTRA
            if (ret) {