mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 18:45:43 +01:00
Better fix for empty password / salt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
parent
a59cc3dbc7
commit
7412eb4bc2
@ -244,8 +244,6 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
|
||||
data_len -= use_len;
|
||||
}
|
||||
}
|
||||
else
|
||||
memset( data, 0, data_len );
|
||||
}
|
||||
|
||||
int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||
@ -258,9 +256,12 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||
|
||||
unsigned char diversifier[128];
|
||||
unsigned char salt_block[128], pwd_block[128], hash_block[128];
|
||||
unsigned char empty_string[2] = { 0, 0 };
|
||||
unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned char *p;
|
||||
unsigned char c;
|
||||
int use_password = 0;
|
||||
int use_salt = 0;
|
||||
|
||||
size_t hlen, use_len, v, i;
|
||||
|
||||
@ -274,6 +275,12 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||
if( pwd == NULL && pwdlen != 0 )
|
||||
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
|
||||
|
||||
if( salt == NULL && saltlen != 0 )
|
||||
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
|
||||
|
||||
use_password = ( pwd && pwdlen != 0 );
|
||||
use_salt = ( salt && saltlen != 0 );
|
||||
|
||||
md_info = mbedtls_md_info_from_type( md_type );
|
||||
if( md_info == NULL )
|
||||
return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
||||
@ -291,8 +298,15 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||
|
||||
memset( diversifier, (unsigned char) id, v );
|
||||
|
||||
pkcs12_fill_buffer( salt_block, v, salt, saltlen );
|
||||
pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
|
||||
if( use_salt != 0 )
|
||||
{
|
||||
pkcs12_fill_buffer( salt_block, v, salt, saltlen );
|
||||
}
|
||||
|
||||
if( use_password != 0 )
|
||||
{
|
||||
pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
|
||||
}
|
||||
|
||||
p = data;
|
||||
while( datalen > 0 )
|
||||
@ -304,11 +318,29 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||
if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
|
||||
goto exit;
|
||||
if( use_salt != 0 )
|
||||
{
|
||||
if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
if( ( ret = mbedtls_md_update( &md_ctx, empty_string,
|
||||
sizeof( empty_string ) )) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
|
||||
goto exit;
|
||||
if( use_password != 0)
|
||||
{
|
||||
if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
if( ( ret = mbedtls_md_update( &md_ctx, empty_string,
|
||||
sizeof( empty_string ) )) != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
|
||||
goto exit;
|
||||
@ -336,22 +368,28 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||
if( ++hash_block[i - 1] != 0 )
|
||||
break;
|
||||
|
||||
// salt_block += B
|
||||
c = 0;
|
||||
for( i = v; i > 0; i-- )
|
||||
if( use_salt != 0 )
|
||||
{
|
||||
j = salt_block[i - 1] + hash_block[i - 1] + c;
|
||||
c = MBEDTLS_BYTE_1( j );
|
||||
salt_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||
// salt_block += B
|
||||
c = 0;
|
||||
for( i = v; i > 0; i-- )
|
||||
{
|
||||
j = salt_block[i - 1] + hash_block[i - 1] + c;
|
||||
c = MBEDTLS_BYTE_1( j );
|
||||
salt_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||
}
|
||||
}
|
||||
|
||||
// pwd_block += B
|
||||
c = 0;
|
||||
for( i = v; i > 0; i-- )
|
||||
if( use_password != 0 )
|
||||
{
|
||||
j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
||||
c = MBEDTLS_BYTE_1( j );
|
||||
pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||
// pwd_block += B
|
||||
c = 0;
|
||||
for( i = v; i > 0; i-- )
|
||||
{
|
||||
j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
||||
c = MBEDTLS_BYTE_1( j );
|
||||
pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user