yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-26 21:51:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

pem_read_buffer() already update use_len after header and footer are read

Browse source 
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
This commit is contained in:
Paul Bakker 2013-06-06 14:58:28 +02:00
parent ac6168b95e
commit 9255e8300e
5 changed files with 31 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/polarssl/error.h
View file

@ -73,7 +73,7 @@
* *
* High-level module nr (3 bits - 0x1...-0x8...) * High-level module nr (3 bits - 0x1...-0x8...)
* Name ID Nr of Errors * Name ID Nr of Errors
* PEM 1 8 * PEM 1 9
* X509 2 21 * X509 2 21
* DHM 3 6 * DHM 3 6
* RSA 4 9 * RSA 4 9

11
include/polarssl/pem.h
View file

@ -3,7 +3,7 @@
* *
* \brief Privacy Enhanced Mail (PEM) decoding * \brief Privacy Enhanced Mail (PEM) decoding
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -35,7 +35,7 @@
* PEM data. * PEM data.
* \{ * \{
*/ */
#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x1080 /**< No PEM header found. */ #define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */
#define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */ #define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Failed to allocate memory. */ #define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Failed to allocate memory. */
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */ #define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */
@ -43,6 +43,7 @@
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */ #define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */ #define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */ #define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */
/* \} name */ /* \} name */
/** /**
@ -77,7 +78,11 @@ void pem_init( pem_context *ctx );
* \param data source data to look in * \param data source data to look in
* \param pwd password for decryption (can be NULL) * \param pwd password for decryption (can be NULL)
* \param pwdlen length of password * \param pwdlen length of password
* \param use_len destination for total length used * \param use_len destination for total length used (set after header is
* correctly read, so unless you get
* POLARSSL_ERR_PEM_BAD_INPUT_DATA or
* POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
* the length to skip)
* *
* \return 0 on success, ior a specific PEM error code * \return 0 on success, ior a specific PEM error code
*/ */

6
library/error.c
View file

@ -196,8 +196,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
#endif /* POLARSSL_MD_C */ #endif /* POLARSSL_MD_C */
#if defined(POLARSSL_PEM_C) #if defined(POLARSSL_PEM_C)
if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_PRESENT) ) if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
snprintf( buf, buflen, "PEM - No PEM header found" ); snprintf( buf, buflen, "PEM - No PEM header or footer found" );
if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) ) if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
snprintf( buf, buflen, "PEM - PEM string is not as expected" ); snprintf( buf, buflen, "PEM - PEM string is not as expected" );
if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) ) if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
@ -212,6 +212,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" ); snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) ) if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" ); snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) )
snprintf( buf, buflen, "PEM - Bad input parameters to function" );
#endif /* POLARSSL_PEM_C */ #endif /* POLARSSL_PEM_C */
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)

22
library/pem.c
View file

@ -1,7 +1,7 @@
/* /*
* Privacy Enhanced Mail (PEM) decoding * Privacy Enhanced Mail (PEM) decoding
* *
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2013, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -183,7 +183,7 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
int ret, enc; int ret, enc;
size_t len; size_t len;
unsigned char *buf; unsigned char *buf;
unsigned char *s1, *s2; const unsigned char *s1, *s2, *end;
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
unsigned char pem_iv[16]; unsigned char pem_iv[16];
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE; cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
@ -193,22 +193,28 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ #endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
if( ctx == NULL ) if( ctx == NULL )
return( POLARSSL_ERR_PEM_INVALID_DATA ); return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
s1 = (unsigned char *) strstr( (const char *) data, header ); s1 = (unsigned char *) strstr( (const char *) data, header );
if( s1 == NULL ) if( s1 == NULL )
return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT ); return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
s2 = (unsigned char *) strstr( (const char *) data, footer ); s2 = (unsigned char *) strstr( (const char *) data, footer );
if( s2 == NULL || s2 <= s1 ) if( s2 == NULL || s2 <= s1 )
return( POLARSSL_ERR_PEM_INVALID_DATA ); return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
s1 += strlen( header ); s1 += strlen( header );
if( *s1 == '\r' ) s1++; if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++; if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_PEM_INVALID_DATA ); else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
end = s2;
end += strlen( footer );
if( *end == '\r' ) end++;
if( *end == '\n' ) end++;
*use_len = end - data;
enc = 0; enc = 0;
@ -330,10 +336,6 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne
ctx->buf = buf; ctx->buf = buf;
ctx->buflen = len; ctx->buflen = len;
s2 += strlen( footer );
if( *s2 == '\r' ) s2++;
if( *s2 == '\n' ) s2++;
*use_len = s2 - data;
return( 0 ); return( 0 );
} }

12
library/x509parse.c
View file

@ -1463,7 +1463,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
buflen -= use_len; buflen -= use_len;
buf += use_len; buf += use_len;
} }
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{ {
pem_free( &pem ); pem_free( &pem );
@ -1603,7 +1603,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
len = pem.buflen; len = pem.buflen;
pem_free( &pem ); pem_free( &pem );
} }
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{ {
pem_free( &pem ); pem_free( &pem );
return( ret ); return( ret );
@ -2054,7 +2054,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
"-----END RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----",
key, pwd, pwdlen, &len ); key, pwd, pwdlen, &len );
if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) if( ret == POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{ {
ret = pem_read_buffer( &pem, ret = pem_read_buffer( &pem,
"-----BEGIN PRIVATE KEY-----", "-----BEGIN PRIVATE KEY-----",
@ -2069,7 +2069,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
*/ */
keylen = pem.buflen; keylen = pem.buflen;
} }
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{ {
pem_free( &pem ); pem_free( &pem );
return( ret ); return( ret );
@ -2314,7 +2314,7 @@ int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t key
*/ */
keylen = pem.buflen; keylen = pem.buflen;
} }
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{ {
pem_free( &pem ); pem_free( &pem );
return( ret ); return( ret );
@ -2406,7 +2406,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen
*/ */
dhminlen = pem.buflen; dhminlen = pem.buflen;
} }
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{ {
pem_free( &pem ); pem_free( &pem );
return( ret ); return( ret );