use internal pk_get_rsapubkey function
1) use `pk_get_rsapubkey` function instead of `pk_parse_key_pkcs1_der`
2) revert changes in `pk_parse_key_pkcs1_der`
diff --git a/library/pkparse.c b/library/pkparse.c
index 9c84e36..6e52753 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -637,11 +637,11 @@
#if defined(MBEDTLS_RSA_C)
/*
- * Parse a PKCS#1 encoded private( mode 0 )/public( mode 1 ) RSA key
+ * Parse a PKCS#1 encoded private RSA key
*/
static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
const unsigned char *key,
- size_t keylen , int mode)
+ size_t keylen )
{
int ret;
size_t len;
@@ -649,8 +649,7 @@
p = (unsigned char *) key;
end = p + keylen;
- if( mode == 0 )
- {
+
/*
* This function parses the RSAPrivateKey (PKCS#1)
*
@@ -667,60 +666,52 @@
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- {
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
- }
-
- end = p + len;
-
- if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
- {
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
- }
-
- if( rsa->ver != 0 )
- {
- return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
- }
-
- if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
- ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
- {
- mbedtls_rsa_free( rsa );
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
- }
-
- rsa->len = mbedtls_mpi_size( &rsa->N );
-
- if( p != end )
- {
- mbedtls_rsa_free( rsa );
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
- }
-
- if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 )
- {
- mbedtls_rsa_free( rsa );
- return( ret );
- }
- }
- else /* public key*/
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
- if( ( ret = pk_get_rsapubkey( &p, end, rsa ) ) != 0 )
- {
- mbedtls_rsa_free( rsa );
- return( ret );
- }
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
+
+ end = p + len;
+
+ if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
+ {
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ if( rsa->ver != 0 )
+ {
+ return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+ }
+
+ if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
+ {
+ mbedtls_rsa_free( rsa );
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+ }
+
+ rsa->len = mbedtls_mpi_size( &rsa->N );
+
+ if( p != end )
+ {
+ mbedtls_rsa_free( rsa );
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 )
+ {
+ mbedtls_rsa_free( rsa );
+ return( ret );
+ }
+
return( 0 );
}
#endif /* MBEDTLS_RSA_C */
@@ -916,7 +907,7 @@
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA )
{
- if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len, 0 ) ) != 0 )
+ if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
{
mbedtls_pk_free( pk );
return( ret );
@@ -1095,7 +1086,7 @@
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
- pem.buf, pem.buflen, 0 ) ) != 0 )
+ pem.buf, pem.buflen ) ) != 0 )
{
mbedtls_pk_free( pk );
}
@@ -1227,7 +1218,7 @@
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
- ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen, 0 ) ) == 0 )
+ ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
{
return( 0 );
}
@@ -1263,7 +1254,6 @@
size_t len;
mbedtls_pem_context pem;
const mbedtls_pk_info_t *pk_info;
-
mbedtls_pem_init( &pem );
#if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
@@ -1277,15 +1267,15 @@
if( ret == 0 )
{
- if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+ p = pem.buf;
+ if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
+ return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
- return( ret );
+ if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
+ return( ret );
- if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ),
- pem.buf, pem.buflen, 1 ) ) != 0 )
- mbedtls_pk_free( ctx );
+ if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
+ mbedtls_pk_free( ctx );
mbedtls_pem_free( &pem );
return( ret );
}
@@ -1301,8 +1291,8 @@
if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
return( ret );
- ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ),
- key, keylen, 1 );
+ p = (unsigned char *) key;
+ ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
if ( ret == 0 )
{
mbedtls_pem_free( &pem );