diff options
author | Chris Jones <christopher.jones@arm.com> | 2021-04-14 18:15:24 +0100 |
---|---|---|
committer | Chris Jones <christopher.jones@arm.com> | 2021-04-15 11:19:56 +0100 |
commit | fdb588b3a775751ce9a132bfe0ce1f5ef5026ffc (patch) | |
tree | 9ac4bd03c159eaa2616527785ba2b3ec28de61e7 | |
parent | 9f7a693f2c89419be19054e9065f8d2b71a88aca (diff) | |
download | mbedtls-archive/dev/gilles-peskine-arm/pr_4006-5.zip mbedtls-archive/dev/gilles-peskine-arm/pr_4006-5.tar.gz mbedtls-archive/dev/gilles-peskine-arm/pr_4006-5.tar.bz2 |
Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_derarchive/dev/gilles-peskine-arm/pr_4006-5
An incorrect error code addition was spotted by the new invasive testing
infrastructure whereby pk_get_pk_alg will always return a high level
error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add
another high level error, resulting in a garbage error code.
Apply the same fix from ae3741e8a to fix the bug.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
-rw-r--r-- | ChangeLog.d/fix-pk-parse-key-error-code.txt | 2 | ||||
-rw-r--r-- | library/pkparse.c | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt new file mode 100644 index 0000000..3aa330b --- /dev/null +++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix an incorrect error code when parsing a PKCS#8 private key. diff --git a/library/pkparse.c b/library/pkparse.c index 3f3d558..31339c1 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1040,7 +1040,16 @@ static int pk_parse_key_pkcs8_unencrypted_der( return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) ); if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + { + if( ret >= -0x007F ) + { + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + } + else + { + return ret; + } + } if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); |