commit 00b2860e8d34cdbe3fda50661d426b9ce8cb8cf9
author Paul Bakker <p.j.bakker@polarssl.org> Mon Jun 24 13:02:41 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Jun 24 19:09:25 2013 +0200
tree 92e9d9870eda0e385090bc3452600e79a8a5a579
parent b2a11404691ac84aa6fa49ff0dfb6eba6b815461

pem_read_buffer() already update use_len after header and footer are read

After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e550b548b54603c77585921f442e391)

library/error.c

diff --git a/library/error.c b/library/error.c
index 32d9cf1..fe2be91 100644
--- a/library/error.c
+++ b/library/error.c
@@ -213,8 +213,8 @@
 #endif /* POLARSSL_MD_C */
 
 #if defined(POLARSSL_PEM_C)
-        if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_PRESENT) )
-            snprintf( buf, buflen, "PEM - No PEM header found" );
+        if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
+            snprintf( buf, buflen, "PEM - No PEM header or footer found" );
         if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
             snprintf( buf, buflen, "PEM - PEM string is not as expected" );
         if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
@@ -229,6 +229,8 @@
             snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
         if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
             snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
+        if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) )
+            snprintf( buf, buflen, "PEM - Bad input parameters to function" );
 #endif /* POLARSSL_PEM_C */
 
 #if defined(POLARSSL_RSA_C)

library/pem.c

diff --git a/library/pem.c b/library/pem.c
index 7070681..813c4ec 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -1,7 +1,7 @@
 /*
  *  Privacy Enhanced Mail (PEM) decoding
  *
- *  Copyright (C) 2006-2010, Brainspark B.V.
+ *  Copyright (C) 2006-2013, Brainspark B.V.
  *
  *  This file is part of PolarSSL (http://www.polarssl.org)
  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -183,7 +183,7 @@
     int ret, enc;
     size_t len;
     unsigned char *buf;
-    unsigned char *s1, *s2;
+    const unsigned char *s1, *s2, *end;
 #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
     unsigned char pem_iv[16];
     cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
@@ -193,22 +193,28 @@
 #endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
 
     if( ctx == NULL )
-        return( POLARSSL_ERR_PEM_INVALID_DATA );
+        return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
 
     s1 = (unsigned char *) strstr( (const char *) data, header );
 
     if( s1 == NULL )
-        return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
+        return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
 
     s2 = (unsigned char *) strstr( (const char *) data, footer );
 
     if( s2 == NULL || s2 <= s1 )
-        return( POLARSSL_ERR_PEM_INVALID_DATA );
+        return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
 
     s1 += strlen( header );
     if( *s1 == '\r' ) s1++;
     if( *s1 == '\n' ) s1++;
-    else return( POLARSSL_ERR_PEM_INVALID_DATA );
+    else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+
+    end = s2;
+    end += strlen( footer );
+    if( *end == '\r' ) end++;
+    if( *end == '\n' ) end++;
+    *use_len = end - data;
 
     enc = 0;
 
@@ -330,10 +336,6 @@
 
     ctx->buf = buf;
     ctx->buflen = len;
-    s2 += strlen( footer );
-    if( *s2 == '\r' ) s2++;
-    if( *s2 == '\n' ) s2++;
-    *use_len = s2 - data;
 
     return( 0 );
 }

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 686d9d1..47bcdeb 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -1430,7 +1430,7 @@
                 buflen -= use_len;
                 buf += use_len;
             }
-            else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+            else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
             {
                 pem_free( &pem );
 
@@ -1570,7 +1570,7 @@
         len = pem.buflen;
         pem_free( &pem );
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );
@@ -2025,7 +2025,7 @@
                            "-----END RSA PRIVATE KEY-----",
                            key, pwd, pwdlen, &len );
 
-    if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    if( ret == POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         ret = pem_read_buffer( &pem,
                            "-----BEGIN PRIVATE KEY-----",
@@ -2040,7 +2040,7 @@
          */
         keylen = pem.buflen;
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );
@@ -2265,7 +2265,7 @@
          */
         keylen = pem.buflen;
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );
@@ -2357,7 +2357,7 @@
          */
         dhminlen = pem.buflen;
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );