Merge pull request #4911 from SparkiDev/enc_pem_cbc_padding

ASN PemToDer: remove padding when AES_CBC encrypted
2025-07-30 02:37:28 +02:00 · 2022-03-02 14:32:45 -08:00
parent 59970d94f5 8b24be04e8
commit 5d0614c630
1 changed files with 14 additions and 1 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -19709,7 +19709,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
    word32      algId = 0;
    word32      idx;
 #if defined(WOLFSSL_ENCRYPTED_KEYS)
-    #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && \
+    #if ((defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)) || \
+         (!defined(NO_AES) && defined(HAVE_AES_CBC) && \
+          defined(HAVE_AES_DECRYPT))) && \
        !defined(NO_WOLFSSL_SKIP_TRAILING_PAD)
        int     padVal = 0;
    #endif
@ -20051,6 +20053,17 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                        }
                    }
                #endif /* !NO_DES3 */
+                #if !defined(NO_AES) && defined(HAVE_AES_CBC) && \
+                    defined(HAVE_AES_DECRYPT)
+                    if (info->cipherType == WC_CIPHER_AES_CBC) {
+                        if (der->length > AES_BLOCK_SIZE) {
+                            padVal = der->buffer[der->length-1];
+                            if (padVal <= AES_BLOCK_SIZE) {
+                                der->length -= padVal;
+                            }
+                        }
+                    }
+                #endif
 #endif /* !NO_WOLFSSL_SKIP_TRAILING_PAD */
                }
            }