pem_read_buffer() already update use_len after header and footer are read
After header and footer are read, pem_read_buffer() is able to determine the length of input data used. This allows calling functions to skip this PEM bit if an error occurs during its parsing. (cherry picked from commit 9255e8300e550b548b54603c77585921f442e391)
This commit is contained in:
parent
b2a1140469
commit
00b2860e8d
5 changed files with 31 additions and 22 deletions
|
@ -75,7 +75,7 @@
|
||||||
*
|
*
|
||||||
* High-level module nr (3 bits - 0x1...-0x8...)
|
* High-level module nr (3 bits - 0x1...-0x8...)
|
||||||
* Name ID Nr of Errors
|
* Name ID Nr of Errors
|
||||||
* PEM 1 8
|
* PEM 1 9
|
||||||
* X509 2 21
|
* X509 2 21
|
||||||
* DHM 3 6
|
* DHM 3 6
|
||||||
* RSA 4 9
|
* RSA 4 9
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
*
|
*
|
||||||
* \brief Privacy Enhanced Mail (PEM) decoding
|
* \brief Privacy Enhanced Mail (PEM) decoding
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
* PEM data.
|
* PEM data.
|
||||||
* \{
|
* \{
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x1080 /**< No PEM header found. */
|
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */
|
||||||
#define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */
|
#define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */
|
||||||
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Failed to allocate memory. */
|
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Failed to allocate memory. */
|
||||||
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */
|
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */
|
||||||
|
@ -43,6 +43,7 @@
|
||||||
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */
|
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */
|
||||||
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */
|
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */
|
||||||
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */
|
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */
|
||||||
|
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */
|
||||||
/* \} name */
|
/* \} name */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -77,7 +78,11 @@ void pem_init( pem_context *ctx );
|
||||||
* \param data source data to look in
|
* \param data source data to look in
|
||||||
* \param pwd password for decryption (can be NULL)
|
* \param pwd password for decryption (can be NULL)
|
||||||
* \param pwdlen length of password
|
* \param pwdlen length of password
|
||||||
* \param use_len destination for total length used
|
* \param use_len destination for total length used (set after header is
|
||||||
|
* correctly read, so unless you get
|
||||||
|
* POLARSSL_ERR_PEM_BAD_INPUT_DATA or
|
||||||
|
* POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
|
||||||
|
* the length to skip)
|
||||||
*
|
*
|
||||||
* \return 0 on success, ior a specific PEM error code
|
* \return 0 on success, ior a specific PEM error code
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -213,8 +213,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||||
#endif /* POLARSSL_MD_C */
|
#endif /* POLARSSL_MD_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
#if defined(POLARSSL_PEM_C)
|
||||||
if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_PRESENT) )
|
if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
|
||||||
snprintf( buf, buflen, "PEM - No PEM header found" );
|
snprintf( buf, buflen, "PEM - No PEM header or footer found" );
|
||||||
if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
|
if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
|
||||||
snprintf( buf, buflen, "PEM - PEM string is not as expected" );
|
snprintf( buf, buflen, "PEM - PEM string is not as expected" );
|
||||||
if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
|
if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
|
||||||
|
@ -229,6 +229,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||||
snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
|
snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
|
||||||
if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
|
if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
|
||||||
snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
|
snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
|
||||||
|
if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) )
|
||||||
|
snprintf( buf, buflen, "PEM - Bad input parameters to function" );
|
||||||
#endif /* POLARSSL_PEM_C */
|
#endif /* POLARSSL_PEM_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
* Privacy Enhanced Mail (PEM) decoding
|
* Privacy Enhanced Mail (PEM) decoding
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
|
@ -183,7 +183,7 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
|
||||||
int ret, enc;
|
int ret, enc;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
unsigned char *s1, *s2;
|
const unsigned char *s1, *s2, *end;
|
||||||
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||||
unsigned char pem_iv[16];
|
unsigned char pem_iv[16];
|
||||||
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
|
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
|
||||||
|
@ -193,22 +193,28 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
|
||||||
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
||||||
|
|
||||||
if( ctx == NULL )
|
if( ctx == NULL )
|
||||||
return( POLARSSL_ERR_PEM_INVALID_DATA );
|
return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
|
||||||
|
|
||||||
s1 = (unsigned char *) strstr( (const char *) data, header );
|
s1 = (unsigned char *) strstr( (const char *) data, header );
|
||||||
|
|
||||||
if( s1 == NULL )
|
if( s1 == NULL )
|
||||||
return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
|
return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
|
||||||
|
|
||||||
s2 = (unsigned char *) strstr( (const char *) data, footer );
|
s2 = (unsigned char *) strstr( (const char *) data, footer );
|
||||||
|
|
||||||
if( s2 == NULL || s2 <= s1 )
|
if( s2 == NULL || s2 <= s1 )
|
||||||
return( POLARSSL_ERR_PEM_INVALID_DATA );
|
return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
|
||||||
|
|
||||||
s1 += strlen( header );
|
s1 += strlen( header );
|
||||||
if( *s1 == '\r' ) s1++;
|
if( *s1 == '\r' ) s1++;
|
||||||
if( *s1 == '\n' ) s1++;
|
if( *s1 == '\n' ) s1++;
|
||||||
else return( POLARSSL_ERR_PEM_INVALID_DATA );
|
else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
|
||||||
|
|
||||||
|
end = s2;
|
||||||
|
end += strlen( footer );
|
||||||
|
if( *end == '\r' ) end++;
|
||||||
|
if( *end == '\n' ) end++;
|
||||||
|
*use_len = end - data;
|
||||||
|
|
||||||
enc = 0;
|
enc = 0;
|
||||||
|
|
||||||
|
@ -330,10 +336,6 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
|
||||||
|
|
||||||
ctx->buf = buf;
|
ctx->buf = buf;
|
||||||
ctx->buflen = len;
|
ctx->buflen = len;
|
||||||
s2 += strlen( footer );
|
|
||||||
if( *s2 == '\r' ) s2++;
|
|
||||||
if( *s2 == '\n' ) s2++;
|
|
||||||
*use_len = s2 - data;
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -1430,7 +1430,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
|
||||||
buflen -= use_len;
|
buflen -= use_len;
|
||||||
buf += use_len;
|
buf += use_len;
|
||||||
}
|
}
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
{
|
{
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
|
|
||||||
|
@ -1570,7 +1570,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||||
len = pem.buflen;
|
len = pem.buflen;
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
}
|
}
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
{
|
{
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -2025,7 +2025,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
||||||
"-----END RSA PRIVATE KEY-----",
|
"-----END RSA PRIVATE KEY-----",
|
||||||
key, pwd, pwdlen, &len );
|
key, pwd, pwdlen, &len );
|
||||||
|
|
||||||
if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
if( ret == POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
{
|
{
|
||||||
ret = pem_read_buffer( &pem,
|
ret = pem_read_buffer( &pem,
|
||||||
"-----BEGIN PRIVATE KEY-----",
|
"-----BEGIN PRIVATE KEY-----",
|
||||||
|
@ -2040,7 +2040,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
||||||
*/
|
*/
|
||||||
keylen = pem.buflen;
|
keylen = pem.buflen;
|
||||||
}
|
}
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
{
|
{
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -2265,7 +2265,7 @@ int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t key
|
||||||
*/
|
*/
|
||||||
keylen = pem.buflen;
|
keylen = pem.buflen;
|
||||||
}
|
}
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
{
|
{
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -2357,7 +2357,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen
|
||||||
*/
|
*/
|
||||||
dhminlen = pem.buflen;
|
dhminlen = pem.buflen;
|
||||||
}
|
}
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
{
|
{
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
Loading…
Reference in a new issue