mirror
/
micropython
kopia lustrzana https://github.com/micropython/micropython
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

extmod/modtls_mbedtls: Fix key_len passed to mbedtls_pk_parse_key. 

mbedtls_pk_parse_key() expects key_len to include the NULL terminator for
PEM data but not for DER encoded data.

Since all PEM data starts with "-----BEGIN" this is used to check if the
data is PEM.

Signed-off-by: Peter Züger <zueger.peter@icloud.com>
pull/14385/head
Peter Züger 2024-04-26 17:48:57 +02:00
rodzic e60e8079a7
commit bb981c8a26
1 zmienionych plików z 8 dodań i 3 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

11
extmod/modtls_mbedtls.c
Wyświetl plik

@ -347,12 +347,17 @@ static MP_DEFINE_CONST_FUN_OBJ_2(ssl_context_set_ciphers_obj, ssl_context_set_ci
static void ssl_context_load_key(mp_obj_ssl_context_t *self, mp_obj_t key_obj, mp_obj_t cert_obj) {
size_t key_len;
const byte *key = (const byte *)mp_obj_str_get_data(key_obj, &key_len);
// len should include terminating null
// len should include terminating null if the data is PEM encoded
if ((key_len >= 10) && (memcmp(key, "-----BEGIN", 10) == 0)) {
key_len += 1;
}
int ret;
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_pk_parse_key(&self->pkey, key, key_len + 1, NULL, 0, mbedtls_ctr_drbg_random, &self->ctr_drbg);
ret = mbedtls_pk_parse_key(&self->pkey, key, key_len, NULL, 0, mbedtls_ctr_drbg_random, &self->ctr_drbg);
#else
ret = mbedtls_pk_parse_key(&self->pkey, key, key_len + 1, NULL, 0);
ret = mbedtls_pk_parse_key(&self->pkey, key, key_len, NULL, 0);
#endif
if (ret != 0) {
mbedtls_raise_error(MBEDTLS_ERR_PK_BAD_INPUT_DATA); // use general error for all key errors