commit 9255e8300e550b548b54603c77585921f442e391
author Paul Bakker <p.j.bakker@polarssl.org> Thu Jun 06 14:58:28 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Thu Jun 06 15:00:55 2013 +0200
tree 344a1ed043f215972ca243f7fc4b61ef534a7854
parent ac6168b95e7abf22dcab50c8487db231e986d2ec

pem_read_buffer() already update use_len after header and footer are read

After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.

library/error.c

diff --git a/library/error.c b/library/error.c
index 3f71748..42f3cac 100644
--- a/library/error.c
+++ b/library/error.c
@@ -196,8 +196,8 @@
 #endif /* POLARSSL_MD_C */
 
 #if defined(POLARSSL_PEM_C)
-        if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_PRESENT) )
-            snprintf( buf, buflen, "PEM - No PEM header found" );
+        if( use_ret == -(POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
+            snprintf( buf, buflen, "PEM - No PEM header or footer found" );
         if( use_ret == -(POLARSSL_ERR_PEM_INVALID_DATA) )
             snprintf( buf, buflen, "PEM - PEM string is not as expected" );
         if( use_ret == -(POLARSSL_ERR_PEM_MALLOC_FAILED) )
@@ -212,6 +212,8 @@
             snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
         if( use_ret == -(POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE) )
             snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
+        if( use_ret == -(POLARSSL_ERR_PEM_BAD_INPUT_DATA) )
+            snprintf( buf, buflen, "PEM - Bad input parameters to function" );
 #endif /* POLARSSL_PEM_C */
 
 #if defined(POLARSSL_RSA_C)

library/pem.c

diff --git a/library/pem.c b/library/pem.c
index 7070681..813c4ec 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -1,7 +1,7 @@
 /*
  *  Privacy Enhanced Mail (PEM) decoding
  *
- *  Copyright (C) 2006-2010, Brainspark B.V.
+ *  Copyright (C) 2006-2013, Brainspark B.V.
  *
  *  This file is part of PolarSSL (http://www.polarssl.org)
  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -183,7 +183,7 @@
     int ret, enc;
     size_t len;
     unsigned char *buf;
-    unsigned char *s1, *s2;
+    const unsigned char *s1, *s2, *end;
 #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
     unsigned char pem_iv[16];
     cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
@@ -193,22 +193,28 @@
 #endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
 
     if( ctx == NULL )
-        return( POLARSSL_ERR_PEM_INVALID_DATA );
+        return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
 
     s1 = (unsigned char *) strstr( (const char *) data, header );
 
     if( s1 == NULL )
-        return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
+        return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
 
     s2 = (unsigned char *) strstr( (const char *) data, footer );
 
     if( s2 == NULL || s2 <= s1 )
-        return( POLARSSL_ERR_PEM_INVALID_DATA );
+        return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
 
     s1 += strlen( header );
     if( *s1 == '\r' ) s1++;
     if( *s1 == '\n' ) s1++;
-    else return( POLARSSL_ERR_PEM_INVALID_DATA );
+    else return( POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+
+    end = s2;
+    end += strlen( footer );
+    if( *end == '\r' ) end++;
+    if( *end == '\n' ) end++;
+    *use_len = end - data;
 
     enc = 0;
 
@@ -330,10 +336,6 @@
 
     ctx->buf = buf;
     ctx->buflen = len;
-    s2 += strlen( footer );
-    if( *s2 == '\r' ) s2++;
-    if( *s2 == '\n' ) s2++;
-    *use_len = s2 - data;
 
     return( 0 );
 }

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 131fccf..2541eec 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -1463,7 +1463,7 @@
                 buflen -= use_len;
                 buf += use_len;
             }
-            else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+            else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
             {
                 pem_free( &pem );
 
@@ -1603,7 +1603,7 @@
         len = pem.buflen;
         pem_free( &pem );
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );
@@ -2054,7 +2054,7 @@
                            "-----END RSA PRIVATE KEY-----",
                            key, pwd, pwdlen, &len );
 
-    if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    if( ret == POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         ret = pem_read_buffer( &pem,
                            "-----BEGIN PRIVATE KEY-----",
@@ -2069,7 +2069,7 @@
          */
         keylen = pem.buflen;
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );
@@ -2314,7 +2314,7 @@
          */
         keylen = pem.buflen;
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );
@@ -2406,7 +2406,7 @@
          */
         dhminlen = pem.buflen;
     }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {
         pem_free( &pem );
         return( ret );