Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-22 05:46:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

pem_read_buffer() already update use_len after header and footer are read

Browse source 
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e550b548b54603c77585921f442e391)
This commit is contained in:
Paul Bakker 2013-06-24 13:02:41 +02:00
parent b2a1140469
commit 00b2860e8d
5 changed files with 31 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

6
library/error.c
View file

@ -213,8 +213,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
#endif /* POLARSSL_MD_C */
#if defined(POLARSSL_PEM_C)
if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_PRESENT) )
snprintf( buf, buflen, "PEM - No PEM header found" );
if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
snprintf( buf, buflen, "PEM - No PEM header or footer found" );
if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
snprintf( buf, buflen, "PEM - PEM string is not as expected" );
if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
@ -229,6 +229,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) )
snprintf( buf, buflen, "PEM - Bad input parameters to function" );
#endif /* POLARSSL_PEM_C */
#if defined(POLARSSL_RSA_C)

22
library/pem.c
View file

@ -1,7 +1,7 @@
/*
* Privacy Enhanced Mail (PEM) decoding
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -183,7 +183,7 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
int ret, enc;
size_t len;
unsigned char *buf;
unsigned char *s1, *s2;
const unsigned char *s1, *s2, *end;
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
unsigned char pem_iv[16];
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
@ -193,22 +193,28 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
if( ctx == NULL )
return( POLARSSL_ERR_PEM_INVALID_DATA );
return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
s1 = (unsigned char *) strstr( (const char *) data, header );
if( s1 == NULL )
return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
s2 = (unsigned char *) strstr( (const char *) data, footer );
if( s2 == NULL || s2 <= s1 )
return( POLARSSL_ERR_PEM_INVALID_DATA );
return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
s1 += strlen( header );
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_PEM_INVALID_DATA );
else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
end = s2;
end += strlen( footer );
if( *end == '\r' ) end++;
if( *end == '\n' ) end++;
*use_len = end - data;
enc = 0;
@ -330,10 +336,6 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
ctx->buf = buf;
ctx->buflen = len;
s2 += strlen( footer );
if( *s2 == '\r' ) s2++;
if( *s2 == '\n' ) s2++;
*use_len = s2 - data;
return( 0 );
}

12
library/x509parse.c
View file

@ -1430,7 +1430,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
buflen -= use_len;
buf += use_len;
}
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
pem_free( &pem );
@ -1570,7 +1570,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
len = pem.buflen;
pem_free( &pem );
}
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
pem_free( &pem );
return( ret );
@ -2025,7 +2025,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
"-----END RSA PRIVATE KEY-----",
key, pwd, pwdlen, &len );
if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
if( ret == POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
ret = pem_read_buffer( &pem,
"-----BEGIN PRIVATE KEY-----",
@ -2040,7 +2040,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
*/
keylen = pem.buflen;
}
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
pem_free( &pem );
return( ret );
@ -2265,7 +2265,7 @@ int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t key
*/
keylen = pem.buflen;
}
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
pem_free( &pem );
return( ret );
@ -2357,7 +2357,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen
*/
dhminlen = pem.buflen;
}
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
pem_free( &pem );
return( ret );