Mbed TLS is now part of TrustedFirmware.org.

Buffer too small to parse encrypted private key


Jul 5, 2017 15:00
Florian

I am calling mbedtls_pk_parse_key to parse an encrypted private key (RSA 4096 bits) which I have created with OpenSSL. buf inside pk_parse_key_pkcs8_encrypted_der is too small (2048 bytes) to hold the parsed key. It needs 2376 bytes, so I suggest to increase the buffer to at least 3072 bytes.

This is the private key:

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIfTD5VwlMbvUCAggA
MBQGCCqGSIb3DQMHBAgQY0UWbeiWNASCCUiH6VzLqj/WZZSlmtsLQPcgemZS+4sC
VnXDegLVhTBIDo3oF0UX2Zsrif0nwj7fc31KYgW4L9wAPAuHUvF6xSZTVnKbbvhD
DPfkfYUhpydfmd1XFFb6xTKqVlV69PX2TmtNq5TQJOT+GRO9IYWp0nUNSY7mlViF
qVRX2sKk4ssrPEWS91VcUn8s9lCkT4eM/S3AlLI86dJryBrID0ZkubviLe7Ctbz6
A7/yG2y84PN1ArpFvRDmawWeWHKrvdw0l+F9e/X70lmNLHwbw1YgicOle8giRbpd
9js7VXeEEPeCZdHA4OJFPn/hb+Eu/XCFTz0+TSvRueNThb7UVIK9dCfqd9pD+vcY
v6j2derkZAPIgXDBrczn4OdKSK6YIcXZPbmTRFK789AR9GZmW4AE1W9J0B9G+nNh
Vr++V8hgJ6IKb5Xjno9WaODt5GOrDiN+A9rxCk5cP5ogRqDHPmZFAZJwCSG8SJZ7
nJ/nUanX4EQoRtSUENlQqFXFdLuw3bQW5xmHJWyJGT45dHQC8VEIiRCApBomjeIe
fHFrFXsPJ95fbaKBQPzF5l9s7xSJoUEjtv6lH7tvFsGE+e6zCavxVhUy0QN5cnLa
BYbUnDjvk3IoeOvnnO2Ndx4x90p9TCpMG2Q47fhpwOjo5pmaE8CZD4gY4vQPwefV
47w/sEE8t/4fBV6y1I0fXHWtZDVUGmP507/F5LzWBhpmnTWzxvFl5E5zSxdBmqBN
YWzkEqmwZZD/c2qUE3WHgeAdtyru9tA2rW0BLOAddFnHuz4RvFZBmPl4yjbaE1HI
3gGFeELIHMD0Uh1Cp6Hitso/d4Used+Pojnalj6m9RaLmREAVINWz3aBGaOwEgzY
4XhRfB7uXV8gK5shKK6SeD2hDYVREUArUGB2gBCxiagAOmvwxLos2Vf2YyvfOSy7
dn/X0U05Wg6cDRcZAsbWM7t0OCqmbq1e4f1KxosSoQomkskB+j8ZucwRzqS5fx0v
XwdoLZbpi9OYzCcXwwLGQTwVEkB859EzzIeDFGNr68Sbk4rILX2HlnMkL3R2e7dj
Q919KsNXUCc6UW0ytmrGHKU0w0roQFhl8KXFdFsUkrny5y+kHqhHNna4qVvRpRaR
awljd0vUymcw9v6JAFDZl9VtTVzzmZjaxi1AM5GRjyj1q4BfoRNx2HI2w1lOTCO/
P2qcjJZYgyROQB2aZjmbMutejZrCxUAY9tYbKGfXlw4grojcx49DPDd3ksx00eoM
J5WV9yphprOIofgYazqQXujoQf7eLm3aF+574M5LYVvFKsZx3EZQyo0TvhOPpenD
G2W1xAYrQRkT68vmI26rdR3Tn+VtPb6WU06Nutv9rEP3qNz5hmbejrWUxS5If36S
wCg9WCoBhrzxNhaoyoWgj8FQi1dn2+sw8e+DFco9C4Rm+pbQsLzM2r8tmWl3n9rK
VHkwhYGD4GAzP4Zfp0M/siDGnNS0PcJL06vqu4QRy95jKYRgfzI6HWaEq1Z+7Msx
VTJRxFRl6UxEmrBG0yUItnZ7QBwGtEyg+PJkBqlV23/wvzcNCTjjI7M6uS6wB1Zt
U0fTtvajGqaV31+e47bB72GmyYvJrbjlqaWToMlrdnCqrsErRSyR/jKH0QacaK3p
j03+DnamaDSWMv8kVTPiFBOvhpCNWOKkr0ki6+3DsonSGHj2SFlvjHRZE3/BVoQ7
tpZGAHz+OTqEhpoOrG+7YtxuhQS3KMRm89xZZUQPKUmccW9+zdWVFwODnPssWL75
Jr8z8/UdTTIBH44nWLZqwh+L/o7ufAkogU5GUwLnZtFwIhtIf5ScNtqgllyrtuZR
82mobF4EGPIoujNWRGnUF8EoAywmXBfh+IDQZObVN9/RXeb22olsvRHSG2NGKGS6
k3SsqlvB9Ct9a/57Kwn0XBHWaRelsA3t13rbWURpjcKCnekgbZfg097zGgxXB5uU
2I1wCkSJlo5zTUwmiX6FL7I6e2/OMomhP3hS414GHboC0wqLR39VLBc/AJ7ScXY+
q5WcQM/QPgJiirYw6gig2VFeb6FR4JUMuGCBnb2j55DEOJP9T/uaIGP3Wk9xBcN/
HSkbZQA0RbyG1mwYqKTymxtcb6M1rmThZKdfb8kW6lE7ASEJ/3WatZ4rqbMkALcy
a7Q1K5Qo6M7O6gsfOZOyxEMgSz45hopBkWzuoeYvVjPrDnqQUM1Zlbd8Ns/q+cYf
/LPs/AKu88VV1VLrpgJARkdeUwZ9+C3v3SBsT5YRj/885+ssgaM9CE4HMXFMpTZr
jsY4TVcA7dMMkP6n0XZnyMyyWnhF+OGnJga3HCuSHhjCLmlpo6kdeXhEUiQBp3dM
BfwSDQ6WUCaWivc62LyudR4rubZKI15QhATgcMG5kYMNHzOwnM6X/KWYFdmKjmf7
yos7qS+NRtrLBbP4VsKqU1WqQ8qe369CrCjo6DNXLS2dUkTXftTKq5V9oi4F8IrV
38T9YfvcDMAOS9oS/b9fH+VOi+/+UPs3eNrc/bpvxU4fYrxPXuMA55SniKpEXWZJ
grl8wDw7ivWBhM6ahZXE3BkOoPTcjv3i1LMrdx26JWYBV6TlWx0PDu9/SyCubCYV
+rAmVdXhIKVGnpLapwWW+0udiG1gAv11JUscFBi9wBseUDeRxiqp+MJvAcs2ZzVe
mLCbWb7HBsPj++hPiTYav6bUB0+RW0msWXMPod3Nm2fDAOFlUl3BJVd+LZXvUhbE
IX++XBlZREQBxm8YvLjfoStyREIEhPxPyA7t1L7G7T0BuOX4zgxkslFLLf2nlwX0
K0poJUUJ6X8/TFSSJW7y8PWhiFT9/ffpTYryg2+VVmwZA8u3dgGLRDyVULfXaBRd
seDoz9u92PAyzoutdj0VCMCDBoZKj+hw7HJdWE3QlE9q15Hq+1Gak8Ir+7ad1kYu
LaIgHVgRpYGiNwVjMXBOv4gi/imKQIA87aFL2UwdawqGeZhpbPiSNeDHoCNQP0BC
QiWc5Hbo1zBIZ5hmUbvg+CK8UcEdcFhz3GEFmiS7jwmavq2sKeqh6tP4Zwmy+nqG
BmX8cJGDPE7fmvdQ+/dUbdJueRgLehUGN/BntaJKNP1Kr0Dka9nsstwSJQAFZcD7
0KKpf1WoPITmpSfcZzPC1qB0ju4Nl50TpwCkyzzKqgketqAhUrItntqaq7A9PRln
iFg=
-----END ENCRYPTED PRIVATE KEY-----
 
Jul 18, 2017 16:03
Ron Eldor

Hi Florian,
Thank you for raising this issue!
I have created a github issue to track this issue.
Regards,
mbed TLS Team member
Ron