VirtualBox

Changeset 62220 in vbox


Ignore:
Timestamp:
Jul 13, 2016 2:46:31 PM (9 years ago)
Author:
vboxsync
Message:

IPRT: PEM+X.509: Added PEM_ONLY flags to the reader functions to allow disabling the auto fallback to binary data.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/iprt/crypto/pem.h

    r59625 r62220  
    111111 *
    112112 * @returns IPRT status code.
    113  * @retval  VINF_EOF if the file is empty. The ppSectionHead value will be NULL.
     113 * @retval  VINF_EOF if the file is empty.  The @a ppSectionHead value will be
     114 *          NULL.
     115 * @retval  VWRN_NOT_FOUND no section was found and RTCRPEMREADFILE_F_ONLY_PEM
     116 *          is specified.  The @a ppSectionHead value will be NULL.
    114117 *
    115118 * @param   pvContent       The content bytes to parse.
     
    133136 *
    134137 * @returns IPRT status code.
    135  * @retval  VINF_EOF if the file is empty. The ppSectionHead value will be NULL.
     138 * @retval  VINF_EOF if the file is empty.  The @a ppSectionHead value will be
     139 *          NULL.
     140 * @retval  VWRN_NOT_FOUND no section was found and RTCRPEMREADFILE_F_ONLY_PEM
     141 *          is specified.  The @a ppSectionHead value will be NULL.
    136142 *
    137143 * @param   pszFilename     The path to the file to read.
     
    150156/** Continue on encoding error. */
    151157#define RTCRPEMREADFILE_F_CONTINUE_ON_ENCODING_ERROR    RT_BIT(0)
     158/** Only PEM sections, no binary fallback. */
     159#define RTCRPEMREADFILE_F_ONLY_PEM                      RT_BIT(1)
     160/** Valid flags. */
     161#define RTCRPEMREADFILE_F_VALID_MASK                    UINT32_C(0x00000003)
    152162/** @} */
    153163
  • trunk/include/iprt/crypto/x509.h

    r60245 r62220  
    10151015                                               uint32_t fFlags, PCRTASN1ALLOCATORVTABLE pAllocator,
    10161016                                               PRTERRINFO pErrInfo, const char *pszErrorTag);
     1017/** @name Flags for RTCrX509Certificate_ReadFromFile and
     1018 *        RTCrX509Certificate_ReadFromBuffer
     1019 * @{ */
     1020/** Only allow PEM certificates, not binary ones.
     1021 * @sa RTCRPEMREADFILE_F_ONLY_PEM  */
     1022#define RTCRX509CERT_READ_F_PEM_ONLY        RT_BIT(1)
     1023/** @} */
    10171024
    10181025/** X509 Certificate markers for RTCrPemFindFirstSectionInContent et al. */
  • trunk/src/VBox/Runtime/common/crypto/pemfile.cpp

    r59625 r62220  
    263263 * @param   pbFile              The file bytes to scan.
    264264 * @param   cbFile              The number of bytes.
     265 * @param   fFlags              RTCRPEMREADFILE_F_XXX
    265266 */
    266 static bool rtCrPemIsBinaryBlob(uint8_t const *pbFile, size_t cbFile)
    267 {
     267static bool rtCrPemIsBinaryBlob(uint8_t const *pbFile, size_t cbFile, uint32_t fFlags)
     268{
     269    if (fFlags & RTCRPEMREADFILE_F_ONLY_PEM)
     270        return false;
     271
    268272    /*
    269273     * Well formed PEM files should probably only contain 7-bit ASCII and
     
    338342    AssertPtr(pvContent);
    339343    AssertPtr(paMarkers);
     344    AssertReturn(!(fFlags & ~RTCRPEMREADFILE_F_VALID_MASK), VERR_INVALID_FLAGS);
    340345
    341346    /*
     
    352357        size_t          offBegin, offEnd, offResume;
    353358        PCRTCRPEMMARKER pMatch;
    354         if (   !rtCrPemIsBinaryBlob(pbContent, cbContent)
     359        if (   !rtCrPemIsBinaryBlob(pbContent, cbContent, fFlags)
    355360            && rtCrPemFindMarkerSection(pbContent, cbContent, 0 /*offStart*/, paMarkers, cMarkers,
    356361                                        &pMatch, &offBegin, &offEnd, &offResume) )
     
    407412            RTCrPemFreeSections(*ppSectionHead);
    408413        }
    409         else
     414        else if (!(fFlags & RTCRPEMREADFILE_F_ONLY_PEM))
    410415        {
    411416            /*
     
    427432            RTMemFree(pSection);
    428433        }
     434        else
     435            rc = VWRN_NOT_FOUND;
    429436    }
    430437    else
     
    439446{
    440447    *ppSectionHead = NULL;
    441     AssertReturn(!(fFlags & ~RTCRPEMREADFILE_F_CONTINUE_ON_ENCODING_ERROR), VERR_INVALID_FLAGS);
     448    AssertReturn(!(fFlags & ~RTCRPEMREADFILE_F_VALID_MASK), VERR_INVALID_FLAGS);
    442449
    443450    size_t      cbContent;
  • trunk/src/VBox/Runtime/common/crypto/x509-file.cpp

    r59665 r62220  
    5454                                             PCRTASN1ALLOCATORVTABLE pAllocator, PRTERRINFO pErrInfo)
    5555{
    56     AssertReturn(!fFlags, VERR_INVALID_FLAGS);
     56    AssertReturn(!(fFlags & ~RTCRX509CERT_READ_F_PEM_ONLY), VERR_INVALID_FLAGS);
    5757    PCRTCRPEMSECTION pSectionHead;
    58     int rc = RTCrPemReadFile(pszFilename, 0, g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers,
     58    int rc = RTCrPemReadFile(pszFilename,
     59                             fFlags & RTCRX509CERT_READ_F_PEM_ONLY ? RTCRPEMREADFILE_F_ONLY_PEM : 0,
     60                             g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers,
    5961                             &pSectionHead, pErrInfo);
    6062    if (RT_SUCCESS(rc))
    6163    {
    62         RTCRX509CERTIFICATE TmpCert;
    63         RTASN1CURSORPRIMARY PrimaryCursor;
    64         RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX),
    65                                 pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, RTPathFilename(pszFilename));
    66         rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert");
    67         if (RT_SUCCESS(rc))
     64        if (pSectionHead)
    6865        {
    69             rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert");
     66            RTCRX509CERTIFICATE TmpCert;
     67            RTASN1CURSORPRIMARY PrimaryCursor;
     68            RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX),
     69                                    pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, RTPathFilename(pszFilename));
     70            rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert");
    7071            if (RT_SUCCESS(rc))
    7172            {
    72                 rc = RTCrX509Certificate_Clone(pCertificate, &TmpCert, pAllocator);
     73                rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert");
    7374                if (RT_SUCCESS(rc))
    7475                {
    75                     if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft)
    76                         rc = VINF_ASN1_MORE_DATA;
     76                    rc = RTCrX509Certificate_Clone(pCertificate, &TmpCert, pAllocator);
     77                    if (RT_SUCCESS(rc))
     78                    {
     79                        if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft)
     80                            rc = VINF_ASN1_MORE_DATA;
     81                    }
    7782                }
     83                RTCrX509Certificate_Delete(&TmpCert);
    7884            }
    79             RTCrX509Certificate_Delete(&TmpCert);
     85            RTCrPemFreeSections(pSectionHead);
    8086        }
    81         RTCrPemFreeSections(pSectionHead);
     87        else
     88            rc = rc != VINF_SUCCESS ? -rc : VERR_INTERNAL_ERROR_2;
     89
    8290    }
    8391    return rc;
     
    8997                                               PRTERRINFO pErrInfo, const char *pszErrorTag)
    9098{
    91     AssertReturn(!fFlags, VERR_INVALID_FLAGS);
     99    AssertReturn(!(fFlags & ~RTCRX509CERT_READ_F_PEM_ONLY), VERR_INVALID_FLAGS);
    92100    PCRTCRPEMSECTION pSectionHead;
    93     int rc = RTCrPemParseContent(pvBuf, cbBuf, 0, g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers,
     101    int rc = RTCrPemParseContent(pvBuf, cbBuf,
     102                                 fFlags & RTCRX509CERT_READ_F_PEM_ONLY ? RTCRPEMREADFILE_F_ONLY_PEM : 0,
     103                                 g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers,
    94104                                 &pSectionHead, pErrInfo);
    95105    if (RT_SUCCESS(rc))
    96106    {
    97         RTCRX509CERTIFICATE TmpCert;
    98         RTASN1CURSORPRIMARY PrimaryCursor;
    99         RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX),
    100                                 pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, pszErrorTag);
    101         rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert");
    102         if (RT_SUCCESS(rc))
     107        if (pSectionHead)
    103108        {
    104             rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert");
     109            RTCRX509CERTIFICATE TmpCert;
     110            RTASN1CURSORPRIMARY PrimaryCursor;
     111            RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX),
     112                                    pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, pszErrorTag);
     113            rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert");
    105114            if (RT_SUCCESS(rc))
    106115            {
    107                 rc = RTCrX509Certificate_Clone(pCertificate, &TmpCert, pAllocator);
     116                rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert");
    108117                if (RT_SUCCESS(rc))
    109118                {
    110                     if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft)
    111                         rc = VINF_ASN1_MORE_DATA;
     119                    rc = RTCrX509Certificate_Clone(pCertificate, &TmpCert, pAllocator);
     120                    if (RT_SUCCESS(rc))
     121                    {
     122                        if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft)
     123                            rc = VINF_ASN1_MORE_DATA;
     124                    }
    112125                }
     126                RTCrX509Certificate_Delete(&TmpCert);
    113127            }
    114             RTCrX509Certificate_Delete(&TmpCert);
     128            RTCrPemFreeSections(pSectionHead);
    115129        }
    116         RTCrPemFreeSections(pSectionHead);
     130        else
     131            rc = rc != VINF_SUCCESS ? -rc : VERR_INTERNAL_ERROR_2;
    117132    }
    118133    return rc;
     
    125140                                              PRTCRX509CERTIFICATES pCertificates, PRTERRINFO pErrInfo)
    126141{
    127     AssertReturn(!fFlags, VERR_INVALID_FLAGS);
     142    AssertReturn(!(fFlags & ~RTCRX509CERT_READ_F_PEM_ONLY), VERR_INVALID_FLAGS);
    128143    PCRTCRPEMSECTION pSectionHead;
    129     int rc = RTCrPemReadFile(pszFilename, 0, g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers,
     144    int rc = RTCrPemReadFile(pszFilename,
     145                             fFlags & RTCRX509CERT_READ_F_PEM_ONLY ? RTCRPEMREADFILE_F_ONLY_PEM : 0,
     146                             g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers,
    130147                             &pSectionHead, pErrInfo);
    131148    if (RT_SUCCESS(rc))
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette