From fdb588b3a775751ce9a132bfe0ce1f5ef5026ffc Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 14 Apr 2021 18:15:24 +0100 Subject: [PATCH] Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der An incorrect error code addition was spotted by the new invasive testing infrastructure whereby pk_get_pk_alg will always return a high level error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add another high level error, resulting in a garbage error code. Apply the same fix from ae3741e8a to fix the bug. Signed-off-by: Chris Jones --- ChangeLog.d/fix-pk-parse-key-error-code.txt | 2 ++ library/pkparse.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-pk-parse-key-error-code.txt diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt new file mode 100644 index 000000000..3aa330b1a --- /dev/null +++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix an incorrect error code when parsing a PKCS#8 private key. diff --git a/library/pkparse.c b/library/pkparse.c index 3f3d5585a..31339c1cc 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1040,7 +1040,16 @@ static int pk_parse_key_pkcs8_unencrypted_der( return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) ); if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + { + if( ret >= -0x007F ) + { + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + } + else + { + return ret; + } + } if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );