pk parse: the password is optional

For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is optional. Clarify what this means: NULL is ok and means no password. Validate parameters and test accordingly.
2018-12-19 17:12:01 +01:00 · 2018-12-19 17:12:01 +01:00 · d54b97503b
commit d54b97503b
parent ee3cfec3cc
2 changed files with 12 additions and 7 deletions
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -537,8 +537,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
 * \param keylen    Size of \b key in bytes.
 *                  For PEM data, this includes the terminating null byte,
 *                  so \p keylen must be equal to `strlen(key) + 1`.
- * \param pwd       password for decryption (optional)
- * \param pwdlen    size of the password
+ * \param pwd       Optional password for decryption.
+ *                  Pass \c NULL if expecting a non-encrypted key.
+ *                  Pass a string of \p pwdlen bytes if expecting an encrypted
+ *                  key; a non-encrypted key will also be accepted.
+ *                  The empty password is not supported.
+ * \param pwdlen    Size of the password in bytes.
+ *                  Ignored if \p pwd is \c NULL.
 *
 * \note            On entry, ctx must be empty, either freshly initialised
 *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@ -583,7 +588,11 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
 *
 * \param ctx       key to be initialized
 * \param path      filename to read the private key from
- * \param password  password to decrypt the file (can be NULL)
+ * \param password  Optional password to decrypt the file.
+ *                  Pass \c NULL if expecting a non-encrypted key.
+ *                  Pass a null-terminated string if expecting an encrypted
+ *                  key; a non-encrypted key will also be accepted.
+ *                  The empty password is not supported.
 *
 * \note            On entry, ctx must be empty, either freshly initialised
 *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@ -432,10 +432,6 @@ void invalid_parameters( )
                            mbedtls_pk_parse_key( &pk,
                                                  NULL, sizeof( buf ),
                                                  buf, sizeof( buf ) ) );
-    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
-                            mbedtls_pk_parse_key( &pk,
-                                                  buf, sizeof( buf ),
-                                                  NULL, sizeof( buf ) ) );

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
                            mbedtls_pk_parse_public_key( NULL,