feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2939 from JacobBarthelmeh/SanityChecks

Browse Source 
sanity check on PemToDer type
This commit is contained in:
toddouska
2020-05-04 11:26:33 -07:00
committed by GitHub
parent d848495a66 9f735b4d6e
commit da01961254
2 changed files with 80 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/api.c
View File

@@ -20195,6 +20195,28 @@ static void test_wc_PemToDer(void)
if (cert_buf) if (cert_buf)
free(cert_buf); free(cert_buf);
#ifdef HAVE_ECC
{
const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
byte key_buf[256] = {0};
/* Test fail of loading a key with cert type */
AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
key_buf[0] = '\n';
XMEMCPY(key_buf + 1, cert_buf, cert_sz);
AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
&pDer, NULL, &info, &eccKey)), 0);
#ifdef OPENSSL_EXTRA
AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
&pDer, NULL, &info, &eccKey)), 0);
#endif
wc_FreeDer(&pDer);
if (cert_buf)
free(cert_buf);
}
#endif
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
} }

23
wolfcrypt/src/asn.c
View File

@@ -10383,17 +10383,22 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
if (!headerEnd) { if (!headerEnd) {
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
if (type == PRIVATEKEY_TYPE) {
char* beginEnd; char* beginEnd;
int endLen; int endLen;
/* see if there is a -----BEGIN * PRIVATE KEY----- header */ /* see if there is a -----BEGIN * PRIVATE KEY----- header */
headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz);
if (headerEnd) { if (headerEnd) {
beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX);
if (beginEnd >= (char*)buff + sz) {
return BUFFER_E;
}
/* back up to BEGIN_PRIV_KEY_PREFIX */ /* back up to BEGIN_PRIV_KEY_PREFIX */
headerEnd -= XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX);
while (headerEnd > (char*)buff && while (headerEnd > (char*)buff &&
XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0) { XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 &&
*headerEnd != '\n') {
headerEnd--; headerEnd--;
} }
if (headerEnd <= (char*)buff || if (headerEnd <= (char*)buff ||
@@ -10403,6 +10408,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
WOLFSSL_MSG("Couldn't find PEM header"); WOLFSSL_MSG("Couldn't find PEM header");
return ASN_NO_PEM_HEADER; return ASN_NO_PEM_HEADER;
} }
/* headerEnd now points to beginning of header */ /* headerEnd now points to beginning of header */
XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd); XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd);
beginBuf[beginEnd - headerEnd] = '\0'; beginBuf[beginEnd - headerEnd] = '\0';
@@ -10414,7 +10420,15 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
WOLFSSL_MSG("Couldn't find PEM footer"); WOLFSSL_MSG("Couldn't find PEM footer");
return ASN_NO_PEM_HEADER; return ASN_NO_PEM_HEADER;
} }
footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX); footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX);
if (footer > (char*)buff + sz - XSTR_SIZEOF(END_PRIV_KEY_PREFIX)
|| XSTRNCMP(footer, END_PRIV_KEY_PREFIX,
XSTR_SIZEOF(END_PRIV_KEY_PREFIX)) != 0) {
WOLFSSL_MSG("Unexpected footer for PEM");
return BUFFER_E;
}
endLen = (unsigned int)(beginEnd - headerEnd - endLen = (unsigned int)(beginEnd - headerEnd -
(XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) - (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) -
XSTR_SIZEOF(END_PRIV_KEY_PREFIX))); XSTR_SIZEOF(END_PRIV_KEY_PREFIX)));
@@ -10424,7 +10438,10 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
header = beginBuf; header = beginBuf;
footer = endBuf; footer = endBuf;
headerEnd = beginEnd; headerEnd = beginEnd;
} else { }
}
if (!headerEnd) {
WOLFSSL_MSG("Couldn't find PEM header"); WOLFSSL_MSG("Couldn't find PEM header");
return ASN_NO_PEM_HEADER; return ASN_NO_PEM_HEADER;
} }