Commit 690a9e3c authored by Kishen Maloor's avatar Kishen Maloor

Merge branch 'origin/gaborone' into gaborone+

Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
parents 7212b204 9fca1c24
Pipeline #702 passed with stage
in 15 minutes and 42 seconds
...@@ -1556,10 +1556,12 @@ install_trust_anchor(void) ...@@ -1556,10 +1556,12 @@ install_trust_anchor(void)
char cert[8192]; char cert[8192];
size_t cert_len = 0; size_t cert_len = 0;
PRINT("\nPaste certificate here, then hit <ENTER> and type \"done\": "); PRINT("\nPaste certificate here, then hit <ENTER> and type \"done\": ");
int c;
while (cert_len < 4 || while ((c = getchar()) == '\n' || c == '\r')
(cert_len >= 4 && memcmp(&cert[cert_len - 4], "done", 4) != 0)) { ;
int c = getchar(); for (; (cert_len < 4 ||
(cert_len >= 4 && memcmp(&cert[cert_len - 4], "done", 4) != 0));
c = getchar()) {
if (c == EOF) { if (c == EOF) {
PRINT("ERROR processing input.. aborting\n"); PRINT("ERROR processing input.. aborting\n");
return; return;
...@@ -1568,11 +1570,13 @@ install_trust_anchor(void) ...@@ -1568,11 +1570,13 @@ install_trust_anchor(void)
cert_len++; cert_len++;
} }
cert_len -= 4; while (cert[cert_len - 1] != '-' && cert_len > 1) {
cert[cert_len - 1] = '\0'; cert_len--;
}
cert[cert_len] = '\0';
int rootca_credid = int rootca_credid =
oc_pki_add_mfg_trust_anchor(0, (const unsigned char *)cert, cert_len); oc_pki_add_mfg_trust_anchor(0, (const unsigned char *)cert, strlen(cert));
if (rootca_credid < 0) { if (rootca_credid < 0) {
PRINT("ERROR installing root cert\n"); PRINT("ERROR installing root cert\n");
return; return;
......
...@@ -46,6 +46,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert, ...@@ -46,6 +46,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
mbedtls_x509_crt int_ca; mbedtls_x509_crt int_ca;
mbedtls_x509_crt_init(&int_ca); mbedtls_x509_crt_init(&int_ca);
if (oc_certs_is_PEM((const unsigned char *)cert, cert_size) != 0) { if (oc_certs_is_PEM((const unsigned char *)cert, cert_size) != 0) {
OC_ERR("provided cert is not in PEM format");
return -1; return -1;
} }
if (cert[cert_size - 1] != '\0') { if (cert[cert_size - 1] != '\0') {
...@@ -54,7 +55,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert, ...@@ -54,7 +55,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
ret = mbedtls_x509_crt_parse(&int_ca, (const unsigned char *)cert, c_size); ret = mbedtls_x509_crt_parse(&int_ca, (const unsigned char *)cert, c_size);
if (ret < 0) { if (ret < 0) {
OC_ERR("could not parse intermediate cert %d", ret); OC_ERR("could not parse intermediate cert: %d", ret);
return -1; return -1;
} }
OC_DBG("parsed intermediate CA cert"); OC_DBG("parsed intermediate CA cert");
...@@ -68,7 +69,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert, ...@@ -68,7 +69,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
oc_string_len(c->publicdata.data) + 1); oc_string_len(c->publicdata.data) + 1);
if (ret < 0) { if (ret < 0) {
OC_ERR("could not parse existing identity cert that chains to this " OC_ERR("could not parse existing identity cert that chains to this "
"intermediate cert %d", "intermediate cert: %d",
ret); ret);
mbedtls_x509_crt_free(&int_ca); mbedtls_x509_crt_free(&int_ca);
return -1; return -1;
...@@ -137,6 +138,7 @@ pki_add_identity_cert(size_t device, const unsigned char *cert, ...@@ -137,6 +138,7 @@ pki_add_identity_cert(size_t device, const unsigned char *cert,
mbedtls_pk_init(&pkey); mbedtls_pk_init(&pkey);
if (oc_certs_is_PEM(cert, cert_size) != 0) { if (oc_certs_is_PEM(cert, cert_size) != 0) {
OC_ERR("provided cert is not in PEM format");
return -1; return -1;
} }
if (cert[cert_size - 1] != '\0') { if (cert[cert_size - 1] != '\0') {
...@@ -268,6 +270,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size, ...@@ -268,6 +270,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
/* Parse root cert */ /* Parse root cert */
if (oc_certs_is_PEM((const unsigned char *)cert, cert_size) != 0) { if (oc_certs_is_PEM((const unsigned char *)cert, cert_size) != 0) {
OC_ERR("provided cert is not in PEM format");
return -1; return -1;
} }
if (cert[cert_size - 1] != '\0') { if (cert[cert_size - 1] != '\0') {
...@@ -275,6 +278,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size, ...@@ -275,6 +278,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
} }
int ret = mbedtls_x509_crt_parse(&cert1, (const unsigned char *)cert, c_size); int ret = mbedtls_x509_crt_parse(&cert1, (const unsigned char *)cert, c_size);
if (ret < 0) { if (ret < 0) {
OC_ERR("could not parse the provided trust anchor: %d", ret);
return -1; return -1;
} }
OC_DBG("parsed the provided trust anchor"); OC_DBG("parsed the provided trust anchor");
...@@ -291,7 +295,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size, ...@@ -291,7 +295,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
&cert2, (const unsigned char *)oc_string(c->publicdata.data), &cert2, (const unsigned char *)oc_string(c->publicdata.data),
oc_string_len(c->publicdata.data) + 1); oc_string_len(c->publicdata.data) + 1);
if (ret < 0) { if (ret < 0) {
OC_ERR("could not parse stored certificate %d", ret); OC_ERR("could not parse stored certificate: %d", ret);
mbedtls_x509_crt_free(&cert2); mbedtls_x509_crt_free(&cert2);
continue; continue;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment