From 9f735b4d6ea577467111281467133d8fbe323eba Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 1 May 2020 16:41:18 -0600 Subject: [PATCH] sanity check on PemToDer type --- tests/api.c | 22 ++++++++++ wolfcrypt/src/asn.c | 99 ++++++++++++++++++++++++++------------------- 2 files changed, 80 insertions(+), 41 deletions(-) diff --git a/tests/api.c b/tests/api.c index 899d4ef13..666c1c55f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20195,6 +20195,28 @@ static void test_wc_PemToDer(void) if (cert_buf) free(cert_buf); + +#ifdef HAVE_ECC + { + const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem"; + byte key_buf[256] = {0}; + + /* Test fail of loading a key with cert type */ + AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0); + key_buf[0] = '\n'; + XMEMCPY(key_buf + 1, cert_buf, cert_sz); + AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE, + &pDer, NULL, &info, &eccKey)), 0); + + #ifdef OPENSSL_EXTRA + AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE, + &pDer, NULL, &info, &eccKey)), 0); + #endif + wc_FreeDer(&pDer); + if (cert_buf) + free(cert_buf); + } +#endif printf(resultFmt, passed); #endif } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2c7facc55..32d4a510c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -10383,48 +10383,65 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (!headerEnd) { #ifdef OPENSSL_EXTRA - char* beginEnd; - int endLen; - /* see if there is a -----BEGIN * PRIVATE KEY----- header */ - headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); - if (headerEnd) { - beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); - /* back up to BEGIN_PRIV_KEY_PREFIX */ - headerEnd -= XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX); - while (headerEnd > (char*)buff && - XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, - XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0) { - headerEnd--; - } - if (headerEnd <= (char*)buff || - XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, - XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 || - beginEnd - headerEnd > PEM_LINE_LEN) { - WOLFSSL_MSG("Couldn't find PEM header"); - return ASN_NO_PEM_HEADER; - } - /* headerEnd now points to beginning of header */ - XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd); - beginBuf[beginEnd - headerEnd] = '\0'; - /* look for matching footer */ - footer = XSTRNSTR(beginEnd, - beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX), - (unsigned int)((char*)buff + sz - beginEnd)); - if (!footer) { - WOLFSSL_MSG("Couldn't find PEM footer"); - return ASN_NO_PEM_HEADER; - } - footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX); - endLen = (unsigned int)(beginEnd - headerEnd - - (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) - - XSTR_SIZEOF(END_PRIV_KEY_PREFIX))); - XMEMCPY(endBuf, footer, endLen); - endBuf[endLen] = '\0'; + if (type == PRIVATEKEY_TYPE) { + char* beginEnd; + int endLen; + /* see if there is a -----BEGIN * PRIVATE KEY----- header */ + headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); + if (headerEnd) { + beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); + if (beginEnd >= (char*)buff + sz) { + return BUFFER_E; + } - header = beginBuf; - footer = endBuf; - headerEnd = beginEnd; - } else { + /* back up to BEGIN_PRIV_KEY_PREFIX */ + while (headerEnd > (char*)buff && + XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 && + *headerEnd != '\n') { + headerEnd--; + } + if (headerEnd <= (char*)buff || + XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 || + beginEnd - headerEnd > PEM_LINE_LEN) { + WOLFSSL_MSG("Couldn't find PEM header"); + return ASN_NO_PEM_HEADER; + } + + /* headerEnd now points to beginning of header */ + XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd); + beginBuf[beginEnd - headerEnd] = '\0'; + /* look for matching footer */ + footer = XSTRNSTR(beginEnd, + beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX), + (unsigned int)((char*)buff + sz - beginEnd)); + if (!footer) { + WOLFSSL_MSG("Couldn't find PEM footer"); + return ASN_NO_PEM_HEADER; + } + + footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX); + if (footer > (char*)buff + sz - XSTR_SIZEOF(END_PRIV_KEY_PREFIX) + || XSTRNCMP(footer, END_PRIV_KEY_PREFIX, + XSTR_SIZEOF(END_PRIV_KEY_PREFIX)) != 0) { + WOLFSSL_MSG("Unexpected footer for PEM"); + return BUFFER_E; + } + + endLen = (unsigned int)(beginEnd - headerEnd - + (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) - + XSTR_SIZEOF(END_PRIV_KEY_PREFIX))); + XMEMCPY(endBuf, footer, endLen); + endBuf[endLen] = '\0'; + + header = beginBuf; + footer = endBuf; + headerEnd = beginEnd; + } + } + + if (!headerEnd) { WOLFSSL_MSG("Couldn't find PEM header"); return ASN_NO_PEM_HEADER; }