Commit 8824bdbd authored by Dan Mihai's avatar Dan Mihai Committed by Nathan Heldt-Sheller

security: Fix "GetPkixInfo: empty key"

mbedtls_pem_read_buffer doc specifies that the data must be null
terminated.

This patch allows CT1.7.8.5 to make progress with DTLS handshake.
The handshake still fails later on, due to different reasons that
are being investigated.

Change-Id: I46c89f8cb0eec6156202a9ae3ef3e7b73c85a0f5
Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
https://jira.iotivity.org/browse/IOT-2620
Reviewed-on: https://gerrit.iotivity.org/gerrit/21937Reviewed-by: default avatarWay Vadhanasin <wayvad@microsoft.com>
Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
Tested-by: default avatarjenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
parent 67e554d2
......@@ -3711,11 +3711,25 @@ void GetDerKey(ByteArray_t * key, const char * usage)
/* Convert PEM to DER */
const char* pemHeader = "-----BEGIN EC PRIVATE KEY-----"; /* no newlines allowed here */
const char* pemFooter = "-----END EC PRIVATE KEY-----";
uint8_t *data = temp->privateData.data;
size_t length = temp->privateData.len;
bool freeData = false;
if (temp->privateData.data[temp->privateData.len - 1] != 0)
if (data[length - 1] != 0)
{
OIC_LOG(ERROR, TAG, "Bad PEM private key data (not null terminated)");
return;
/* Add a null terminator, because mbedtls_pem_read_buffer requires it */
OIC_LOG_V(DEBUG, TAG, "%s: adding null terminator to privateData", __func__);
data = OICMalloc(length + 1);
if (NULL == data)
{
OIC_LOG(ERROR, TAG, "Failed to allocate memory");
return;
}
memcpy(data, temp->privateData.data, length);
data[length] = 0;
freeData = true;
}
mbedtls_pem_context ctx;
......@@ -3723,7 +3737,13 @@ void GetDerKey(ByteArray_t * key, const char * usage)
size_t usedLen;
mbedtls_pem_init(&ctx);
ret = mbedtls_pem_read_buffer(&ctx, pemHeader, pemFooter, (const uint8_t*)temp->privateData.data, NULL, 0, &usedLen);
ret = mbedtls_pem_read_buffer(&ctx, pemHeader, pemFooter, data, NULL, 0, &usedLen);
if (freeData)
{
OICFree(data);
}
if (ret != 0)
{
OIC_LOG_V(ERROR, TAG, "%s: failed reading PEM key", __func__);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment