wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

allow meta PEM data at end of file too

Browse Source
This commit is contained in:
toddouska
2012-09-17 17:25:38 -07:00
parent e9c7cbf803
commit 53ccbddd01
4 changed files with 57 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
certs/ca-cert.pem
View File

@@ -1,3 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
-----END CERTIFICATE-----
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
@@ -58,30 +85,3 @@ Certificate:
f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4: f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70: b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
5a:1f:7f:ca 5a:1f:7f:ca
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
-----END CERTIFICATE-----

1
cyassl/error.h
View File

@@ -104,6 +104,7 @@ enum CyaSSL_ErrorCodes {
COOKIE_ERROR = -269, /* dtls cookie error */ COOKIE_ERROR = -269, /* dtls cookie error */
SEQUENCE_ERROR = -270, /* dtls sequence error */ SEQUENCE_ERROR = -270, /* dtls sequence error */
SUITES_ERROR = -271, /* suites pointer error */ SUITES_ERROR = -271, /* suites pointer error */
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
/* add strings to SetErrorString !!!!! */ /* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */ /* begin negotiation parameter errors */

4
src/internal.c
View File

@@ -4259,6 +4259,10 @@ void SetErrorString(int error, char* str)
XSTRNCPY(str, "Suites Pointer Error", max); XSTRNCPY(str, "Suites Pointer Error", max);
break; break;
case SSL_NO_PEM_HEADER:
XSTRNCPY(str, "No PEM Header Error", max);
break;
default : default :
XSTRNCPY(str, "unknown error number", max); XSTRNCPY(str, "unknown error number", max);
} }

43
src/ssl.c
View File

@@ -831,8 +831,10 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
headerEnd = XSTRNSTR((char*)buff, header, sz); headerEnd = XSTRNSTR((char*)buff, header, sz);
} }
if (!headerEnd) if (!headerEnd) {
return SSL_BAD_FILE; CYASSL_MSG("Couldn't find PEM header");
return SSL_NO_PEM_HEADER;
}
headerEnd += XSTRLEN(header); headerEnd += XSTRLEN(header);
/* get next line */ /* get next line */
@@ -985,6 +987,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
word32 bufferSz = sizeof(staticBuffer); word32 bufferSz = sizeof(staticBuffer);
long consumed = info.consumed; long consumed = info.consumed;
word32 idx = 0; word32 idx = 0;
int gotOne = 0;
if ( (sz - consumed) > (int)bufferSz) { if ( (sz - consumed) > (int)bufferSz) {
CYASSL_MSG("Growing Tmp Chain Buffer"); CYASSL_MSG("Growing Tmp Chain Buffer");
@@ -1000,7 +1003,6 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
CYASSL_MSG("Processing Cert Chain"); CYASSL_MSG("Processing Cert Chain");
while (consumed < sz) { while (consumed < sz) {
long left;
buffer part; buffer part;
info.consumed = 0; info.consumed = 0;
part.buffer = 0; part.buffer = 0;
@@ -1008,6 +1010,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
ret = PemToDer(buff + consumed, sz - consumed, type, &part, ret = PemToDer(buff + consumed, sz - consumed, type, &part,
ctx->heap, &info, &eccKey); ctx->heap, &info, &eccKey);
if (ret == 0) { if (ret == 0) {
gotOne = 1;
if ( (idx + part.length) > bufferSz) { if ( (idx + part.length) > bufferSz) {
CYASSL_MSG(" Cert Chain bigger than buffer"); CYASSL_MSG(" Cert Chain bigger than buffer");
ret = BUFFER_E; ret = BUFFER_E;
@@ -1024,18 +1027,19 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
} }
XFREE(part.buffer, ctx->heap, dynamicType); XFREE(part.buffer, ctx->heap, dynamicType);
if (ret == SSL_NO_PEM_HEADER && gotOne) {
CYASSL_MSG("We got one good PEM so stuff at end ok");
ret = 0;
break;
}
if (ret < 0) { if (ret < 0) {
CYASSL_MSG(" Error in Cert in Chain"); CYASSL_MSG(" Error in Cert in Chain");
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, ctx->heap, dynamicType);
return ret; return ret;
} }
CYASSL_MSG(" Consumed another Cert in Chain"); CYASSL_MSG(" Consumed another Cert in Chain");
left = sz - consumed;
if (left > 0 && left < CERT_MIN_SIZE) {
CYASSL_MSG(" Non Cert at end of file");
break;
}
} }
CYASSL_MSG("Finished Processing Cert Chain"); CYASSL_MSG("Finished Processing Cert Chain");
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap, ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
@@ -1230,28 +1234,31 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff, static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type, CYASSL* ssl) long sz, int format, int type, CYASSL* ssl)
{ {
long used = 0; long used = 0;
int ret = 0; int ret = 0;
int gotOne = 0;
CYASSL_MSG("Processing CA PEM file"); CYASSL_MSG("Processing CA PEM file");
while (used < sz) { while (used < sz) {
long consumed = 0; long consumed = 0;
long left;
ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
&consumed, 0); &consumed, 0);
if (ret == SSL_NO_PEM_HEADER && gotOne) {
CYASSL_MSG("We got one good PEM file so stuff at end ok");
ret = SSL_SUCCESS;
break;
}
if (ret < 0) if (ret < 0)
break; break;
CYASSL_MSG(" Processed a CA"); CYASSL_MSG(" Processed a CA");
gotOne = 1;
used += consumed; used += consumed;
left = sz - used;
if (left > 0 && left < CERT_MIN_SIZE) { /* non cert stuff at eof */
CYASSL_MSG(" Non CA cert at eof");
break;
}
} }
return ret; return ret;
} }