mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 05:24:17 +01:00
Internally split up x509parse_key()
Split up x509parse_key() into a (PEM) handler function and specific DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private key formats.
This commit is contained in:
parent
1922a4e6aa
commit
65a1909dc6
@ -3,6 +3,9 @@ PolarSSL ChangeLog
|
|||||||
= Branch 1.2
|
= Branch 1.2
|
||||||
Change
|
Change
|
||||||
* HAVEGE random generator disabled by default
|
* HAVEGE random generator disabled by default
|
||||||
|
* Internally split up x509parse_key() into a (PEM) handler function
|
||||||
|
and specific DER parser functions for the PKCS#1 and unencrypted
|
||||||
|
PKCS#8 private key formats
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Secure renegotiation extension should only be sent in case client
|
* Secure renegotiation extension should only be sent in case client
|
||||||
|
@ -438,7 +438,7 @@ static int x509_get_pubkey( unsigned char **p,
|
|||||||
x509_buf *pk_alg_oid,
|
x509_buf *pk_alg_oid,
|
||||||
mpi *N, mpi *E )
|
mpi *N, mpi *E )
|
||||||
{
|
{
|
||||||
int ret, can_handle;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *end2;
|
unsigned char *end2;
|
||||||
|
|
||||||
@ -448,28 +448,11 @@ static int x509_get_pubkey( unsigned char **p,
|
|||||||
/*
|
/*
|
||||||
* only RSA public keys handled at this time
|
* only RSA public keys handled at this time
|
||||||
*/
|
*/
|
||||||
can_handle = 0;
|
if( pk_alg_oid->len != 9 ||
|
||||||
|
memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 )
|
||||||
if( pk_alg_oid->len == 9 &&
|
|
||||||
memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) == 0 )
|
|
||||||
can_handle = 1;
|
|
||||||
|
|
||||||
if( pk_alg_oid->len == 9 &&
|
|
||||||
memcmp( pk_alg_oid->p, OID_PKCS1, 8 ) == 0 )
|
|
||||||
{
|
{
|
||||||
if( pk_alg_oid->p[8] >= 2 && pk_alg_oid->p[8] <= 5 )
|
|
||||||
can_handle = 1;
|
|
||||||
|
|
||||||
if ( pk_alg_oid->p[8] >= 11 && pk_alg_oid->p[8] <= 14 )
|
|
||||||
can_handle = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( pk_alg_oid->len == 5 &&
|
|
||||||
memcmp( pk_alg_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
|
|
||||||
can_handle = 1;
|
|
||||||
|
|
||||||
if( can_handle == 0 )
|
|
||||||
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
|
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
|
||||||
|
}
|
||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
|
if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
|
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
|
||||||
@ -2044,69 +2027,21 @@ int x509parse_public_keyfile( rsa_context *rsa, const char *path )
|
|||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse a private RSA key
|
* Parse a PKCS#1 encoded private RSA key
|
||||||
*/
|
*/
|
||||||
int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
static int x509parse_key_pkcs1_der( rsa_context *rsa,
|
||||||
const unsigned char *pwd, size_t pwdlen )
|
const unsigned char *key,
|
||||||
|
size_t keylen )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
unsigned char *p_alt;
|
|
||||||
x509_buf pk_alg_oid;
|
|
||||||
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_context pem;
|
|
||||||
|
|
||||||
pem_init( &pem );
|
|
||||||
ret = pem_read_buffer( &pem,
|
|
||||||
"-----BEGIN RSA PRIVATE KEY-----",
|
|
||||||
"-----END RSA PRIVATE KEY-----",
|
|
||||||
key, pwd, pwdlen, &len );
|
|
||||||
|
|
||||||
if( ret == POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
|
||||||
{
|
|
||||||
ret = pem_read_buffer( &pem,
|
|
||||||
"-----BEGIN PRIVATE KEY-----",
|
|
||||||
"-----END PRIVATE KEY-----",
|
|
||||||
key, pwd, pwdlen, &len );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ret == 0 )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* Was PEM encoded
|
|
||||||
*/
|
|
||||||
keylen = pem.buflen;
|
|
||||||
}
|
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
|
||||||
{
|
|
||||||
pem_free( &pem );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
|
|
||||||
#else
|
|
||||||
((void) pwd);
|
|
||||||
((void) pwdlen);
|
|
||||||
p = (unsigned char *) key;
|
p = (unsigned char *) key;
|
||||||
#endif
|
|
||||||
end = p + keylen;
|
end = p + keylen;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Note: Depending on the type of private key file one can expect either a
|
* This function parses the RSAPrivateKey (PKCS#1)
|
||||||
* PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
|
|
||||||
*
|
|
||||||
* PrivateKeyInfo ::= SEQUENCE {
|
|
||||||
* version Version,
|
|
||||||
* algorithm AlgorithmIdentifier,
|
|
||||||
* PrivateKey BIT STRING
|
|
||||||
* }
|
|
||||||
*
|
|
||||||
* AlgorithmIdentifier ::= SEQUENCE {
|
|
||||||
* algorithm OBJECT IDENTIFIER,
|
|
||||||
* parameters ANY DEFINED BY algorithm OPTIONAL
|
|
||||||
* }
|
|
||||||
*
|
*
|
||||||
* RSAPrivateKey ::= SEQUENCE {
|
* RSAPrivateKey ::= SEQUENCE {
|
||||||
* version Version,
|
* version Version,
|
||||||
@ -2124,10 +2059,6 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
|||||||
if( ( ret = asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2135,126 +2066,14 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
|||||||
|
|
||||||
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( rsa->ver != 0 )
|
if( rsa->ver != 0 )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
p_alt = p;
|
|
||||||
|
|
||||||
if( ( ret = x509_get_alg( &p_alt, end, &pk_alg_oid ) ) != 0 )
|
|
||||||
{
|
|
||||||
// Assume that we have the PKCS#1 format if wrong
|
|
||||||
// tag was encountered
|
|
||||||
//
|
|
||||||
if( ret != POLARSSL_ERR_X509_CERT_INVALID_ALG +
|
|
||||||
POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
int can_handle;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* only RSA keys handled at this time
|
|
||||||
*/
|
|
||||||
can_handle = 0;
|
|
||||||
|
|
||||||
if( pk_alg_oid.len == 9 &&
|
|
||||||
memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) == 0 )
|
|
||||||
can_handle = 1;
|
|
||||||
|
|
||||||
if( pk_alg_oid.len == 9 &&
|
|
||||||
memcmp( pk_alg_oid.p, OID_PKCS1, 8 ) == 0 )
|
|
||||||
{
|
|
||||||
if( pk_alg_oid.p[8] >= 2 && pk_alg_oid.p[8] <= 5 )
|
|
||||||
can_handle = 1;
|
|
||||||
|
|
||||||
if ( pk_alg_oid.p[8] >= 11 && pk_alg_oid.p[8] <= 14 )
|
|
||||||
can_handle = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( pk_alg_oid.len == 5 &&
|
|
||||||
memcmp( pk_alg_oid.p, OID_RSA_SHA_OBS, 5 ) == 0 )
|
|
||||||
can_handle = 1;
|
|
||||||
|
|
||||||
if( can_handle == 0 )
|
|
||||||
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Parse the PKCS#8 format
|
|
||||||
*/
|
|
||||||
|
|
||||||
p = p_alt;
|
|
||||||
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ( end - p ) < 1 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
|
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
|
||||||
}
|
|
||||||
|
|
||||||
end = p + len;
|
|
||||||
|
|
||||||
if( ( ret = asn1_get_tag( &p, end, &len,
|
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
end = p + len;
|
|
||||||
|
|
||||||
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( rsa->ver != 0 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
|
if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
|
||||||
( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
|
( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
|
||||||
( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
|
( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
|
||||||
@ -2264,9 +2083,6 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
|||||||
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
|
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
|
||||||
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
|
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
@ -2275,9 +2091,6 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
|||||||
|
|
||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
@ -2285,16 +2098,173 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
|||||||
|
|
||||||
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
|
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parse an unencrypted PKCS#8 encoded private RSA key
|
||||||
|
*/
|
||||||
|
static int x509parse_key_pkcs8_unencrypted_der(
|
||||||
|
rsa_context *rsa,
|
||||||
|
const unsigned char *key,
|
||||||
|
size_t keylen )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t len;
|
||||||
|
unsigned char *p, *end;
|
||||||
|
x509_buf pk_alg_oid;
|
||||||
|
|
||||||
|
p = (unsigned char *) key;
|
||||||
|
end = p + keylen;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This function parses the PrivatKeyInfo object (PKCS#8)
|
||||||
|
*
|
||||||
|
* PrivateKeyInfo ::= SEQUENCE {
|
||||||
|
* version Version,
|
||||||
|
* algorithm AlgorithmIdentifier,
|
||||||
|
* PrivateKey BIT STRING
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
* AlgorithmIdentifier ::= SEQUENCE {
|
||||||
|
* algorithm OBJECT IDENTIFIER,
|
||||||
|
* parameters ANY DEFINED BY algorithm OPTIONAL
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
* The PrivateKey BIT STRING is a PKCS#1 RSAPrivateKey
|
||||||
|
*/
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
end = p + len;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( rsa->ver != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* only RSA keys handled at this time
|
||||||
|
*/
|
||||||
|
if( pk_alg_oid.len != 9 ||
|
||||||
|
memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Get the OCTET STRING and parse the PKCS#1 format inside
|
||||||
|
*/
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
|
||||||
|
if( ( end - p ) < 1 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
|
||||||
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
|
end = p + len;
|
||||||
|
|
||||||
|
if( ( ret = x509parse_key_pkcs1_der( rsa, p, end - p ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parse a private RSA key
|
||||||
|
*/
|
||||||
|
int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
||||||
|
const unsigned char *pwd, size_t pwdlen )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
#if defined(POLARSSL_PEM_C)
|
||||||
|
size_t len;
|
||||||
|
pem_context pem;
|
||||||
|
|
||||||
|
pem_init( &pem );
|
||||||
|
ret = pem_read_buffer( &pem,
|
||||||
|
"-----BEGIN RSA PRIVATE KEY-----",
|
||||||
|
"-----END RSA PRIVATE KEY-----",
|
||||||
|
key, pwd, pwdlen, &len );
|
||||||
|
if( ret == 0 )
|
||||||
|
{
|
||||||
|
if( ( ret = x509parse_key_pkcs1_der( rsa, pem.buf, pem.buflen ) ) != 0 )
|
||||||
|
{
|
||||||
|
rsa_free( rsa );
|
||||||
|
}
|
||||||
|
|
||||||
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
|
{
|
||||||
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = pem_read_buffer( &pem,
|
||||||
|
"-----BEGIN PRIVATE KEY-----",
|
||||||
|
"-----END PRIVATE KEY-----",
|
||||||
|
key, NULL, 0, &len );
|
||||||
|
if( ret == 0 )
|
||||||
|
{
|
||||||
|
if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa,
|
||||||
|
pem.buf, pem.buflen ) ) != 0 )
|
||||||
|
{
|
||||||
|
rsa_free( rsa );
|
||||||
|
}
|
||||||
|
|
||||||
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
|
{
|
||||||
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
#endif
|
#else
|
||||||
|
((void) pwd);
|
||||||
|
((void) pwdlen);
|
||||||
|
#endif /* POLARSSL_PEM_C */
|
||||||
|
|
||||||
|
// At this point we only know it's not a PEM formatted key. Could be any
|
||||||
|
// of the known DER encoded private key formats
|
||||||
|
//
|
||||||
|
// We try the different DER format parsers to see if one passes without
|
||||||
|
// error
|
||||||
|
//
|
||||||
|
if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) != 0 )
|
||||||
|
{
|
||||||
|
rsa_free( rsa );
|
||||||
|
|
||||||
|
if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) != 0 )
|
||||||
|
{
|
||||||
|
rsa_free( rsa );
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -584,22 +584,22 @@ X509 CRL ASN1 (TBSCertList, no entries)
|
|||||||
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA+SHA224\n":0
|
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA+SHA224\n":0
|
||||||
|
|
||||||
X509 Key ASN1 (Incorrect first tag)
|
X509 Key ASN1 (Incorrect first tag)
|
||||||
x509parse_key:"":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_key:"":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT
|
||||||
|
|
||||||
X509 Key ASN1 (RSAPrivateKey, incorrect version tag)
|
X509 Key ASN1 (RSAPrivateKey, incorrect version tag)
|
||||||
x509parse_key:"300100":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_key:"300100":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT
|
||||||
|
|
||||||
X509 Key ASN1 (RSAPrivateKey, version tag missing)
|
X509 Key ASN1 (RSAPrivateKey, version tag missing)
|
||||||
x509parse_key:"3000":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_key:"3000":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT
|
||||||
|
|
||||||
X509 Key ASN1 (RSAPrivateKey, invalid version)
|
X509 Key ASN1 (RSAPrivateKey, invalid version)
|
||||||
x509parse_key:"3003020101":"":POLARSSL_ERR_X509_KEY_INVALID_VERSION
|
x509parse_key:"3003020101":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT
|
||||||
|
|
||||||
X509 Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
|
X509 Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
|
||||||
x509parse_key:"300402010000":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_key:"300402010000":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT
|
||||||
|
|
||||||
X509 Key ASN1 (RSAPrivateKey, values present, length mismatch)
|
X509 Key ASN1 (RSAPrivateKey, values present, length mismatch)
|
||||||
x509parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT
|
||||||
|
|
||||||
X509 Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
|
X509 Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
|
||||||
x509parse_key:"301b020100020101020101020101020101020101020101020101020101":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
x509parse_key:"301b020100020101020101020101020101020101020101020101020101":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT
|
||||||
|
Loading…
Reference in New Issue
Block a user