PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly returned in case of an encryption failure in the padding. The POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM formatted private keys as for DER formatted ones it is impossible to distinguish if a DER blob is PKCS#8 encrypted or not.
This commit is contained in:
Paul Bakker
parent
19bd297dc8
commit
1fd4321ba2
11 changed files with 380 additions and 10 deletions
|
|
@ -233,6 +233,17 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
|||
snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
|
||||
#endif /* POLARSSL_PKCS12_C */
|
||||
|
||||
#if defined(POLARSSL_PKCS5_C)
|
||||
if( use_ret == -(POLARSSL_ERR_PKCS5_BAD_INPUT_DATA) )
|
||||
snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
|
||||
if( use_ret == -(POLARSSL_ERR_PKCS5_INVALID_FORMAT) )
|
||||
snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" );
|
||||
if( use_ret == -(POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE) )
|
||||
snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" );
|
||||
if( use_ret == -(POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH) )
|
||||
snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" );
|
||||
#endif /* POLARSSL_PKCS5_C */
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) )
|
||||
snprintf( buf, buflen, "RSA - Bad input parameters to function" );
|
||||
|
|
@ -373,6 +384,10 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
|||
snprintf( buf, buflen, "X509 - Allocation of memory failed" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "X509 - Read/write of file failed" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_PASSWORD_REQUIRED) )
|
||||
snprintf( buf, buflen, "X509 - Private key password can't be empty" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_PASSWORD_MISMATCH) )
|
||||
snprintf( buf, buflen, "X509 - Given private key password does not allow for correct decryption" );
|
||||
#endif /* POLARSSL_X509_PARSE_C */
|
||||
|
||||
if( strlen( buf ) == 0 )
|
||||
|
|
@ -548,11 +563,6 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
|||
snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
|
||||
#endif /* POLARSSL_PBKDF2_C */
|
||||
|
||||
#if defined(POLARSSL_PKCS5_C)
|
||||
if( use_ret == -(POLARSSL_ERR_PKCS5_BAD_INPUT_DATA) )
|
||||
snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
|
||||
#endif /* POLARSSL_PKCS5_C */
|
||||
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "SHA1 - Read/write error in file" );
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue