mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-05-11 01:11:42 +08:00
PEM: always use MD light
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
0baad53ac9
commit
1c2008fa37
@ -2775,6 +2775,10 @@
|
|||||||
* library/x509_csr.c
|
* library/x509_csr.c
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_BASE64_C
|
* Requires: MBEDTLS_BASE64_C
|
||||||
|
* optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below)
|
||||||
|
*
|
||||||
|
* \warning When parsing password-protected files, if MD5 is provided only by
|
||||||
|
* a PSA driver, you must call psa_crypto_init() before the first file.
|
||||||
*
|
*
|
||||||
* This modules adds support for decoding / parsing PEM files.
|
* This modules adds support for decoding / parsing PEM files.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -39,13 +39,6 @@
|
|||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(MBEDTLS_MD5_C)
|
|
||||||
#include "mbedtls/psa_util.h"
|
|
||||||
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
|
||||||
psa_to_md_errors, \
|
|
||||||
psa_generic_status_to_mbedtls)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "mbedtls/legacy_or_psa.h"
|
#include "mbedtls/legacy_or_psa.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
@ -94,7 +87,6 @@ static int pem_get_iv(const unsigned char *s, unsigned char *iv,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_MD5_C)
|
|
||||||
static int pem_pbkdf1(unsigned char *key, size_t keylen,
|
static int pem_pbkdf1(unsigned char *key, size_t keylen,
|
||||||
unsigned char *iv,
|
unsigned char *iv,
|
||||||
const unsigned char *pwd, size_t pwdlen)
|
const unsigned char *pwd, size_t pwdlen)
|
||||||
@ -168,91 +160,6 @@ exit:
|
|||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
static int pem_pbkdf1(unsigned char *key, size_t keylen,
|
|
||||||
unsigned char *iv,
|
|
||||||
const unsigned char *pwd, size_t pwdlen)
|
|
||||||
{
|
|
||||||
unsigned char md5sum[16];
|
|
||||||
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
|
|
||||||
size_t output_length = 0;
|
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
||||||
|
|
||||||
|
|
||||||
if ((status = psa_hash_setup(&operation, PSA_ALG_MD5)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_update(&operation, pwd, pwdlen)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_update(&operation, iv, 8)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_finish(&operation, md5sum,
|
|
||||||
PSA_HASH_LENGTH(PSA_ALG_MD5),
|
|
||||||
&output_length)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_abort(&operation)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* key[ 0..15] = MD5(pwd || IV)
|
|
||||||
*/
|
|
||||||
if (keylen <= 16) {
|
|
||||||
memcpy(key, md5sum, keylen);
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(key, md5sum, 16);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
|
|
||||||
*/
|
|
||||||
if ((status = psa_hash_setup(&operation, PSA_ALG_MD5)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_update(&operation, md5sum, 16)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_update(&operation, pwd, pwdlen)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_update(&operation, iv, 8)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_finish(&operation, md5sum,
|
|
||||||
PSA_HASH_LENGTH(PSA_ALG_MD5),
|
|
||||||
&output_length)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((status = psa_hash_abort(&operation)) != PSA_SUCCESS) {
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t use_len = 16;
|
|
||||||
if (keylen < 32) {
|
|
||||||
use_len = keylen - 16;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(key + 16, md5sum, use_len);
|
|
||||||
|
|
||||||
exit:
|
|
||||||
mbedtls_platform_zeroize(md5sum, 16);
|
|
||||||
|
|
||||||
return PSA_TO_MBEDTLS_ERR(status);
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_MD5_C */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DES_C)
|
#if defined(MBEDTLS_DES_C)
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -44,6 +44,8 @@ void mbedtls_pem_read_buffer(char *header, char *footer, char *data,
|
|||||||
size_t pwd_len = strlen(pwd);
|
size_t pwd_len = strlen(pwd);
|
||||||
const unsigned char *buf;
|
const unsigned char *buf;
|
||||||
|
|
||||||
|
MD_PSA_INIT();
|
||||||
|
|
||||||
mbedtls_pem_init(&ctx);
|
mbedtls_pem_init(&ctx);
|
||||||
|
|
||||||
ret = mbedtls_pem_read_buffer(&ctx, header, footer, (unsigned char *) data,
|
ret = mbedtls_pem_read_buffer(&ctx, header, footer, (unsigned char *) data,
|
||||||
@ -60,5 +62,6 @@ void mbedtls_pem_read_buffer(char *header, char *footer, char *data,
|
|||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_pem_free(&ctx);
|
mbedtls_pem_free(&ctx);
|
||||||
|
MD_PSA_DONE();
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user