Merge pull request #672 from libtom/some-fixes

Some fixes
libtom · Oct 14, 2024 · cbb01b3 · cbb01b3
2 parents 29af892 + 5a1545a
commit cbb01b3
Show file tree

Hide file tree

Showing 12 changed files with 105 additions and 3 deletions.
diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c
@@ -69,7 +69,7 @@ static int s_get_pka(ltc_asn1_list *pub, enum ltc_pka_id *pka)
 
 typedef int (*import_fn)(const unsigned char *, unsigned long, void*);
 
-static import_fn s_import_x509_fns[LTC_PKA_NUM] = {
+static const import_fn s_import_x509_fns[LTC_PKA_NUM] = {
 #ifdef LTC_MRSA
                                                 [LTC_PKA_RSA] = (import_fn)rsa_import_x509,
 #endif
@@ -176,7 +176,7 @@ static int s_extract_pka(unsigned char *pem, unsigned long w, enum ltc_pka_id *p
    return err;
 }
 
-static import_fn s_import_openssl_fns[LTC_PKA_NUM] = {
+static const import_fn s_import_openssl_fns[LTC_PKA_NUM] = {
 #ifdef LTC_MRSA
                                                 [LTC_PKA_RSA] = (import_fn)rsa_import,
 #endif

diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c
@@ -43,6 +43,25 @@ static void s_unget_line(char *buf, unsigned long buflen, struct get_char *g)
    COPY_STR(g->unget_buf, buf, buflen);
 }
 
+static void s_tts(char *buf, unsigned long *buflen)
+{
+   while(1) {
+      unsigned long blen = *buflen;
+      if (blen < 2)
+         return;
+      blen--;
+      switch (buf[blen]) {
+         case ' ':
+         case '\t':
+            buf[blen] = '\0';
+            *buflen = blen;
+            break;
+         default:
+            return;
+      }
+   }
+}
+
 static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g)
 {
    unsigned long blen = 0;
@@ -64,11 +83,13 @@ static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g)
          if (c_ == '\r') {
             buf[--blen] = '\0';
          }
+         s_tts(buf, &blen);
          *buflen = blen;
          return buf;
       }
       if (c == -1 || c == '\0') {
          buf[blen] = '\0';
+         s_tts(buf, &blen);
          *buflen = blen;
          return buf;
       }
@@ -163,6 +184,7 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch
    unsigned long slen, linelen;
    int err, hdr_ok = 0;
    int would_overflow = 0;
+   unsigned char empty_lines = 0;
 
    linelen = sizeof(buf);
    if (s_get_line(buf, &linelen, g) == NULL) {
@@ -184,6 +206,11 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch
          hdr_ok = 1;
          break;
       }
+      if (!slen) {
+         if (empty_lines)
+            break;
+         empty_lines++;
+      }
       if (!would_overflow && s_fits_buf(wpem, slen, end)) {
          XMEMCPY(wpem, buf, slen);
       } else {

diff --git a/tests/common.c b/tests/common.c
@@ -103,13 +103,14 @@ static DIR *s_opendir(const char *path, char *mypath, unsigned long l)
 static int s_read_and_process(FILE *f, unsigned long sz, void *ctx, dir_iter_cb process)
 {
    int err = CRYPT_OK;
-   void* buf = XMALLOC(sz);
+   void* buf = XMALLOC(sz + 1);
    if (buf == NULL)
       return CRYPT_MEM;
    if (fread(buf, 1, sz, f) != sz) {
       err = CRYPT_ERROR;
       goto out;
    }
+   ((unsigned char *)buf)[sz] = 0x0;
    err = process(buf, sz, ctx);
 out:
    XFREE(buf);

diff --git a/tests/pem/pkcs/extra/rsa_cryptx_issue110_2407279713 b/tests/pem/pkcs/extra/rsa_cryptx_issue110_2407279713
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt
+GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb
+ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr
+8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdykX5rx0h5SslG3jVWYhZ/SOb2aIzO
+r0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO8093X5VVk9vaPRg0zxJQ0Do0YLyzkR
+isSAIFb0tdKuDnjRGK6y/N2j6At2HjkxntbtGQIDAQABAoIBADYq6LxJd977LWy3
+0HT9nboFPIf+SM2qSEc/S5Po+6ipJBA4ZlZCMf7dHa6znet1TDpqA9iQ4YcqIHMH
+6xZNQ7hhgSAzG9TrXBHqP+djDlrrGWotvjuy0IfS9ixFnnLWjrtAH9afRWLuG+a/
+NHNC1M6DiiTE0TzL/lpt/zzut3CNmWzH+t19X6UsxUg95AzooEeewEYkv25eumWD
+mfQZfCtSlIw1sp/QwxeJa/6LJw7KcPZ1wXUm1BN0b9eiKt9Cmni1MS7elgpZlgGt
+xtfGTZtNLQ7bgDiM8MHzUfPBhbceNSIx2BeCuOCs/7eaqgpyYHBbAbuBQex2H61l
+Lcc3Tz0CgYEA4Kx/avpCPxnvsJ+nHVQm5d/WERuDxk4vH1DNuCYBvXTdVCGADf6a
+F5No1JcTH3nPTyPWazOyGdT9LcsEJicLyD8vCM6hBFstG4XjqcAuqG/9DRsElpHQ
+yi1zc5DNP7Vxmiz9wII0Mjy0abYKtxnXh9YK4a9g6wrcTpvShhIcIb8CgYEAzGzG
+lorVCfX9jXULIznnR/uuP5aSnTEsn0xJeqTlbW0RFWLdj8aIL1peirh1X89HroB9
+GeTNqEJXD+3CVL2cx+BRggMDUmEz4hR59meZCDGUyT5fex4LIsceb/ESUl2jo6Sw
+HXwWbN67rQ55N4oiOcOppsGxzOHkl5HdExKidycCgYEAr5Qev2tz+fw65LzfzHvH
+Kj4S/KuT/5V6He731cFd+sEpdmX3vPgLVAFPG1Q1DZQT/rTzDDQKK0XX1cGiLG63
+NnaqOye/jbfzOF8Z277kt51NFMDYhRLPKDD82IOA4xjY/rPKWndmcxwdob8yAIWh
+efY76sMz6ntCT+xWSZA9i+ECgYBWMZM2TIlxLsBfEbfFfZewOUWKWEGvd9l5vV/K
+D5cRIYivfMUw5yPq2267jPUolayCvniBH4E7beVpuPVUZ7KgcEvNxtlytbt7muil
+5Z6X3tf+VodJ0Swe2NhTmNEB26uwxzLe68BE3VFCsbSYn2y48HAq+MawPZr18bHG
+ZfgMxwKBgHHRg6HYqF5Pegzk1746uH2G+OoCovk5ylGGYzcH2ghWTK4agCHfBcDt
+EYqYAev/l82wi+OZ5O8U+qjFUpT1CVeUJdDs0o5u19v0UJjunU1cwh9jsxBZAWLy
+PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl
+-----END RSA PRIVATE KEY----- 
diff --git a/tests/pem/pkcs/invalid/single_line b/tests/pem/pkcs/invalid/single_line
@@ -0,0 +1 @@
+-----BEGIN EC PRIVATE KEY-----MHcCAQEEIFF9oAGC6vxNLIU8D+nuvM8ms1QQlPtpGzQTfzEBVB06oAoGCCqGSM49AwEHoUQDQgAE3VU0nT1p5W0zKHDknAgQpsOODuM2/AoZ/6wNqC9AoUCEpQempFg0aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2mlw==-----END EC PRIVATE KEY-----
diff --git a/tests/pem/pkcs/invalid/single_line.pub b/tests/pem/pkcs/invalid/single_line.pub
@@ -0,0 +1 @@
+-----BEGIN PUBLIC KEY-----MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3VU0nT1p5W0zKHDknAgQpsOODuM2/AoZ/6wNqC9AoUCEpQempFg0aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2mlw==-----END PUBLIC KEY-----
diff --git a/tests/pem/pkcs/invalid/tall_multi_line b/tests/pem/pkcs/invalid/tall_multi_line
@@ -0,0 +1,9 @@
+-----BEGIN EC PRIVATE KEY-----
+
+MHcCAQEEIFF9oAGC6vxNLIU8D+nuvM8ms1QQlPtpGzQTfzEBVB06oAoGCCqGSM49
+
+AwEHoUQDQgAE3VU0nT1p5W0zKHDknAgQpsOODuM2/AoZ/6wNqC9AoUCEpQempFg0
+
+aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2mlw==
+
+-----END EC PRIVATE KEY-----
diff --git a/tests/pem/pkcs/invalid/tall_multi_line.pub b/tests/pem/pkcs/invalid/tall_multi_line.pub
@@ -0,0 +1,7 @@
+-----BEGIN PUBLIC KEY-----
+
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3VU0nT1p5W0zKHDknAgQpsOODuM2
+
+/AoZ/6wNqC9AoUCEpQempFg0aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2mlw==
+
+-----END PUBLIC KEY-----'
diff --git a/tests/pem/pkcs/invalid/weird_multi_line.pub b/tests/pem/pkcs/invalid/weird_multi_line.pub
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MHcCAQEEIFF9oAGC6vxNLIU8D+nuvM8ms1QQlPtp
+GzQTfzEBVB06oAoGCCqGSM49AwEHoUQDQgAE3VU0
+nT1p5W0zKHDknAgQpsOODuM2/AoZ/6wNqC9AoUCE
+pQempFg0aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2m
+lw==-----END PUBLIC KEY-----
diff --git a/tests/pem/pkcs/invalid_but_supported/narrow_multi_line b/tests/pem/pkcs/invalid_but_supported/narrow_multi_line
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFF9oAGC6vxNLIU8D+nuvM8m
+s1QQlPtpGzQTfzEBVB06oAoGCCqGSM49
+AwEHoUQDQgAE3VU0nT1p5W0zKHDknAgQ
+psOODuM2/AoZ/6wNqC9AoUCEpQempFg0
+aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2m
+lw==
+-----END EC PRIVATE KEY-----
diff --git a/tests/pem/pkcs/invalid_but_supported/narrow_multi_line.pub b/tests/pem/pkcs/invalid_but_supported/narrow_multi_line.pub
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAE3VU0nT1p5W0zKHDknAgQpsOODuM2
+/AoZ/6wNqC9AoUCEpQempFg0aBqxleOP
+0uW0HG1YwCnOF8N0D8Q2RR2mlw==
+-----END PUBLIC KEY-----
diff --git a/tests/pem_test.c b/tests/pem_test.c
@@ -93,6 +93,13 @@ static int s_key_cmp(ltc_pka_key *key)
    return CRYPT_INVALID_ARG;
 }
 
+static int s_pem_decode_invalid_pkcs(const void *in, unsigned long inlen, void *key)
+{
+   password_ctx pw_ctx = { .callback = password_get };
+   SHOULD_FAIL(pem_decode_pkcs(in, inlen, key, &pw_ctx));
+   return CRYPT_OK;
+}
+
 static int s_pem_only_decode_pkcs(const void *in, unsigned long inlen, void *key)
 {
    password_ctx pw_ctx = { .callback = password_get };
@@ -158,6 +165,8 @@ int pem_test(void)
    DO(test_process_dir("tests/pem/pkcs/ecc-pkcs8", &key, s_pem_decode_pkcs, NULL, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test+ecc"));
    DO(test_process_dir("tests/pem/pkcs/ecc-pkcs8", &key, NULL, s_pem_decode_pkcs_f, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test_filehandle+ecc"));
    DO(test_process_dir("tests/pem/pkcs/extra", &key, s_pem_only_decode_pkcs, NULL, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test+extra"));
+   DO(test_process_dir("tests/pem/pkcs/invalid", &key, s_pem_decode_invalid_pkcs, NULL, NULL, "pem_test_invalid"));
+   DO(test_process_dir("tests/pem/pkcs/invalid_but_supported", &key, s_pem_only_decode_pkcs, NULL, (dir_cleanup_cb)pka_key_free, "pem_pkcs_invalid_but_supported"));
 #ifdef LTC_SSH
    DO(test_process_dir("tests/pem/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_test"));
    DO(test_process_dir("tests/pem/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_ssh_test_filehandle"));
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		-----BEGIN EC PRIVATE KEY-----MHcCAQEEIFF9oAGC6vxNLIU8D+nuvM8ms1QQlPtpGzQTfzEBVB06oAoGCCqGSM49AwEHoUQDQgAE3VU0nT1p5W0zKHDknAgQpsOODuM2/AoZ/6wNqC9AoUCEpQempFg0aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2mlw==-----END EC PRIVATE KEY-----
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		-----BEGIN PUBLIC KEY-----MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3VU0nT1p5W0zKHDknAgQpsOODuM2/AoZ/6wNqC9AoUCEpQempFg0aBqxleOP0uW0HG1YwCnOF8N0D8Q2RR2mlw==-----END PUBLIC KEY-----