From 84df1aeeaf4c212e60ec72998068262e3789adbc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 16 Oct 2017 17:11:52 +0300 Subject: [PATCH] use internal pk_get_rsapubkey function 1) use `pk_get_rsapubkey` function instead of `pk_parse_key_pkcs1_der` 2) revert changes in `pk_parse_key_pkcs1_der` --- library/pkparse.c | 128 +++++++++++++++++++++------------------------- 1 file changed, 59 insertions(+), 69 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 9c84e36e8..6e527530b 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -637,11 +637,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) /* - * Parse a PKCS#1 encoded private( mode 0 )/public( mode 1 ) RSA key + * Parse a PKCS#1 encoded private RSA key */ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, const unsigned char *key, - size_t keylen , int mode) + size_t keylen ) { int ret; size_t len; @@ -649,8 +649,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, p = (unsigned char *) key; end = p + keylen; - if( mode == 0 ) - { + /* * This function parses the RSAPrivateKey (PKCS#1) * @@ -667,60 +666,52 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - end = p + len; - - if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - if( rsa->ver != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); - } - - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - rsa->len = mbedtls_mpi_size( &rsa->N ); - - if( p != end ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } - - if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( ret ); - } - } - else /* public key*/ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - if( ( ret = pk_get_rsapubkey( &p, end, rsa ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( ret ); - } + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } + + end = p + len; + + if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + if( rsa->ver != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); + } + + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + rsa->len = mbedtls_mpi_size( &rsa->N ); + + if( p != end ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( ret ); + } + return( 0 ); } #endif /* MBEDTLS_RSA_C */ @@ -916,7 +907,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA ) { - if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len, 0 ) ) != 0 ) + if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) { mbedtls_pk_free( pk ); return( ret ); @@ -1095,7 +1086,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), - pem.buf, pem.buflen, 0 ) ) != 0 ) + pem.buf, pem.buflen ) ) != 0 ) { mbedtls_pk_free( pk ); } @@ -1227,7 +1218,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen, 0 ) ) == 0 ) + ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) { return( 0 ); } @@ -1263,7 +1254,6 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, size_t len; mbedtls_pem_context pem; const mbedtls_pk_info_t *pk_info; - mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ @@ -1277,15 +1267,15 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if( ret == 0 ) { - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + p = pem.buf; + if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) - return( ret ); + if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) + return( ret ); - if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ), - pem.buf, pem.buflen, 1 ) ) != 0 ) - mbedtls_pk_free( ctx ); + if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 ) + mbedtls_pk_free( ctx ); mbedtls_pem_free( &pem ); return( ret ); } @@ -1301,8 +1291,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) return( ret ); - ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ), - key, keylen, 1 ); + p = (unsigned char *) key; + ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); if ( ret == 0 ) { mbedtls_pem_free( &pem );