mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 09:35:39 +00:00
Merge branch 'pr_1135' into development-proposed
This commit is contained in:
commit
e6844ccf2b
|
@ -8,6 +8,7 @@ Features
|
||||||
This allows reading encrypted PEM files produced by software that
|
This allows reading encrypted PEM files produced by software that
|
||||||
uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli,
|
uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli,
|
||||||
OpenVPN Inc. Fixes #1339
|
OpenVPN Inc. Fixes #1339
|
||||||
|
* Add support for public keys encoded in PKCS#1 format. #1122
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
|
* Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
|
||||||
|
|
|
@ -1348,11 +1348,45 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
|
#if defined(MBEDTLS_RSA_C)
|
||||||
|
const mbedtls_pk_info_t *pk_info;
|
||||||
|
#endif
|
||||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
size_t len;
|
size_t len;
|
||||||
mbedtls_pem_context pem;
|
mbedtls_pem_context pem;
|
||||||
|
|
||||||
mbedtls_pem_init( &pem );
|
mbedtls_pem_init( &pem );
|
||||||
|
#if defined(MBEDTLS_RSA_C)
|
||||||
|
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||||
|
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||||
|
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||||
|
else
|
||||||
|
ret = mbedtls_pem_read_buffer( &pem,
|
||||||
|
"-----BEGIN RSA PUBLIC KEY-----",
|
||||||
|
"-----END RSA PUBLIC KEY-----",
|
||||||
|
key, NULL, 0, &len );
|
||||||
|
|
||||||
|
if( ret == 0 )
|
||||||
|
{
|
||||||
|
p = pem.buf;
|
||||||
|
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
||||||
|
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
|
||||||
|
mbedtls_pk_free( ctx );
|
||||||
|
|
||||||
|
mbedtls_pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
|
{
|
||||||
|
mbedtls_pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||||
|
@ -1368,23 +1402,43 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
||||||
/*
|
/*
|
||||||
* Was PEM encoded
|
* Was PEM encoded
|
||||||
*/
|
*/
|
||||||
key = pem.buf;
|
p = pem.buf;
|
||||||
keylen = pem.buflen;
|
|
||||||
|
ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
|
||||||
|
mbedtls_pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
{
|
{
|
||||||
mbedtls_pem_free( &pem );
|
mbedtls_pem_free( &pem );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
mbedtls_pem_free( &pem );
|
||||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_RSA_C)
|
||||||
|
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
||||||
|
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
p = (unsigned char *)key;
|
||||||
|
ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
|
||||||
|
if( ret == 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
mbedtls_pk_free( ctx );
|
||||||
|
if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_RSA_C */
|
||||||
p = (unsigned char *) key;
|
p = (unsigned char *) key;
|
||||||
|
|
||||||
ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
|
ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
|
||||||
|
|
||||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
|
||||||
mbedtls_pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,21 @@ server2-sha256.crt: server2-rsa.csr
|
||||||
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
|
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
|
||||||
all_final += server2-sha256.crt
|
all_final += server2-sha256.crt
|
||||||
|
|
||||||
|
rsa_pkcs1_2048_public.pem: server8.key
|
||||||
|
$(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
|
||||||
|
all_final += rsa_pkcs1_2048_public.pem
|
||||||
|
|
||||||
|
rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
|
||||||
|
$(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@
|
||||||
|
all_final += rsa_pkcs1_2048_public.der
|
||||||
|
|
||||||
|
rsa_pkcs8_2048_public.pem: server8.key
|
||||||
|
$(OPENSSL) rsa -in $< -outform PEM -pubout -out $@
|
||||||
|
all_final += rsa_pkcs8_2048_public.pem
|
||||||
|
|
||||||
|
rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
|
||||||
|
$(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
|
||||||
|
all_final += rsa_pkcs8_2048_public.der
|
||||||
|
|
||||||
################################################################
|
################################################################
|
||||||
#### Generate various RSA keys
|
#### Generate various RSA keys
|
||||||
|
|
BIN
tests/data_files/rsa_pkcs1_2048_public.der
Normal file
BIN
tests/data_files/rsa_pkcs1_2048_public.der
Normal file
Binary file not shown.
8
tests/data_files/rsa_pkcs1_2048_public.pem
Normal file
8
tests/data_files/rsa_pkcs1_2048_public.pem
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA2xx/LgvNv87RdRCgorjOfariBeB62ERjj7W9wLAZuTe4GUoO8V10
|
||||||
|
gGdGhwbeW38GA73BjV4HFdRb9Nzlzz35wREsrmq5ir0dZ2YX6k692xWagofk8HjD
|
||||||
|
o4WHsP2fqZlf4zPszOoLtWFe8Ul+P6Mt6gEMzEKadpvE0DfTsRcBYQEWWX4cF8NT
|
||||||
|
/dFyy0xgFdp94uqtUO+O4ovUandV1nDZa7vx7jkEOKO94tHgZmvinEeZ6Sjmtvwu
|
||||||
|
ymdDhOjVg9admGsBPoHcPHrK+fOc99YoGyd4fMPQ1WOngTSJrSVqvfLq7fpX/OU0
|
||||||
|
xsEPcS3SCBAbrURB4P55oGOTirFd6bDubwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
BIN
tests/data_files/rsa_pkcs8_1024_public.der
Normal file
BIN
tests/data_files/rsa_pkcs8_1024_public.der
Normal file
Binary file not shown.
BIN
tests/data_files/rsa_pkcs8_2048_public.der
Normal file
BIN
tests/data_files/rsa_pkcs8_2048_public.der
Normal file
Binary file not shown.
9
tests/data_files/rsa_pkcs8_2048_public.pem
Normal file
9
tests/data_files/rsa_pkcs8_2048_public.pem
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xx/LgvNv87RdRCgorjO
|
||||||
|
fariBeB62ERjj7W9wLAZuTe4GUoO8V10gGdGhwbeW38GA73BjV4HFdRb9Nzlzz35
|
||||||
|
wREsrmq5ir0dZ2YX6k692xWagofk8HjDo4WHsP2fqZlf4zPszOoLtWFe8Ul+P6Mt
|
||||||
|
6gEMzEKadpvE0DfTsRcBYQEWWX4cF8NT/dFyy0xgFdp94uqtUO+O4ovUandV1nDZ
|
||||||
|
a7vx7jkEOKO94tHgZmvinEeZ6SjmtvwuymdDhOjVg9admGsBPoHcPHrK+fOc99Yo
|
||||||
|
Gyd4fMPQ1WOngTSJrSVqvfLq7fpX/OU0xsEPcS3SCBAbrURB4P55oGOTirFd6bDu
|
||||||
|
bwIDAQAB
|
||||||
|
-----END PUBLIC KEY-----
|
|
@ -939,8 +939,18 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
|
||||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||||
|
|
||||||
Parse Public RSA Key #1 (PKCS#8 wrapped)
|
Parse Public RSA Key #1 (PKCS#8 wrapped)
|
||||||
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C
|
depends_on:MBEDTLS_PEM_PARSE_C
|
||||||
pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0
|
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0
|
||||||
|
|
||||||
|
Parse Public RSA Key #1 (PKCS#8 wrapped, DER)
|
||||||
|
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.der":0
|
||||||
|
|
||||||
|
Parse Public RSA Key #3 (PKCS#1 wrapped)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C
|
||||||
|
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.pem":0
|
||||||
|
|
||||||
|
Parse Public RSA Key #4 (PKCS#1 wrapped, DER)
|
||||||
|
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
|
||||||
|
|
||||||
Parse Public EC Key #1 (RFC 5480, DER)
|
Parse Public EC Key #1 (RFC 5480, DER)
|
||||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||||
|
|
Loading…
Reference in a new issue