Changeset 62220 in vbox
- Timestamp:
- Jul 13, 2016 2:46:31 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/iprt/crypto/pem.h
r59625 r62220 111 111 * 112 112 * @returns IPRT status code. 113 * @retval VINF_EOF if the file is empty. The ppSectionHead value will be NULL. 113 * @retval VINF_EOF if the file is empty. The @a ppSectionHead value will be 114 * NULL. 115 * @retval VWRN_NOT_FOUND no section was found and RTCRPEMREADFILE_F_ONLY_PEM 116 * is specified. The @a ppSectionHead value will be NULL. 114 117 * 115 118 * @param pvContent The content bytes to parse. … … 133 136 * 134 137 * @returns IPRT status code. 135 * @retval VINF_EOF if the file is empty. The ppSectionHead value will be NULL. 138 * @retval VINF_EOF if the file is empty. The @a ppSectionHead value will be 139 * NULL. 140 * @retval VWRN_NOT_FOUND no section was found and RTCRPEMREADFILE_F_ONLY_PEM 141 * is specified. The @a ppSectionHead value will be NULL. 136 142 * 137 143 * @param pszFilename The path to the file to read. … … 150 156 /** Continue on encoding error. */ 151 157 #define RTCRPEMREADFILE_F_CONTINUE_ON_ENCODING_ERROR RT_BIT(0) 158 /** Only PEM sections, no binary fallback. */ 159 #define RTCRPEMREADFILE_F_ONLY_PEM RT_BIT(1) 160 /** Valid flags. */ 161 #define RTCRPEMREADFILE_F_VALID_MASK UINT32_C(0x00000003) 152 162 /** @} */ 153 163 -
trunk/include/iprt/crypto/x509.h
r60245 r62220 1015 1015 uint32_t fFlags, PCRTASN1ALLOCATORVTABLE pAllocator, 1016 1016 PRTERRINFO pErrInfo, const char *pszErrorTag); 1017 /** @name Flags for RTCrX509Certificate_ReadFromFile and 1018 * RTCrX509Certificate_ReadFromBuffer 1019 * @{ */ 1020 /** Only allow PEM certificates, not binary ones. 1021 * @sa RTCRPEMREADFILE_F_ONLY_PEM */ 1022 #define RTCRX509CERT_READ_F_PEM_ONLY RT_BIT(1) 1023 /** @} */ 1017 1024 1018 1025 /** X509 Certificate markers for RTCrPemFindFirstSectionInContent et al. */ -
trunk/src/VBox/Runtime/common/crypto/pemfile.cpp
r59625 r62220 263 263 * @param pbFile The file bytes to scan. 264 264 * @param cbFile The number of bytes. 265 * @param fFlags RTCRPEMREADFILE_F_XXX 265 266 */ 266 static bool rtCrPemIsBinaryBlob(uint8_t const *pbFile, size_t cbFile) 267 { 267 static bool rtCrPemIsBinaryBlob(uint8_t const *pbFile, size_t cbFile, uint32_t fFlags) 268 { 269 if (fFlags & RTCRPEMREADFILE_F_ONLY_PEM) 270 return false; 271 268 272 /* 269 273 * Well formed PEM files should probably only contain 7-bit ASCII and … … 338 342 AssertPtr(pvContent); 339 343 AssertPtr(paMarkers); 344 AssertReturn(!(fFlags & ~RTCRPEMREADFILE_F_VALID_MASK), VERR_INVALID_FLAGS); 340 345 341 346 /* … … 352 357 size_t offBegin, offEnd, offResume; 353 358 PCRTCRPEMMARKER pMatch; 354 if ( !rtCrPemIsBinaryBlob(pbContent, cbContent )359 if ( !rtCrPemIsBinaryBlob(pbContent, cbContent, fFlags) 355 360 && rtCrPemFindMarkerSection(pbContent, cbContent, 0 /*offStart*/, paMarkers, cMarkers, 356 361 &pMatch, &offBegin, &offEnd, &offResume) ) … … 407 412 RTCrPemFreeSections(*ppSectionHead); 408 413 } 409 else 414 else if (!(fFlags & RTCRPEMREADFILE_F_ONLY_PEM)) 410 415 { 411 416 /* … … 427 432 RTMemFree(pSection); 428 433 } 434 else 435 rc = VWRN_NOT_FOUND; 429 436 } 430 437 else … … 439 446 { 440 447 *ppSectionHead = NULL; 441 AssertReturn(!(fFlags & ~RTCRPEMREADFILE_F_ CONTINUE_ON_ENCODING_ERROR), VERR_INVALID_FLAGS);448 AssertReturn(!(fFlags & ~RTCRPEMREADFILE_F_VALID_MASK), VERR_INVALID_FLAGS); 442 449 443 450 size_t cbContent; -
trunk/src/VBox/Runtime/common/crypto/x509-file.cpp
r59665 r62220 54 54 PCRTASN1ALLOCATORVTABLE pAllocator, PRTERRINFO pErrInfo) 55 55 { 56 AssertReturn(! fFlags, VERR_INVALID_FLAGS);56 AssertReturn(!(fFlags & ~RTCRX509CERT_READ_F_PEM_ONLY), VERR_INVALID_FLAGS); 57 57 PCRTCRPEMSECTION pSectionHead; 58 int rc = RTCrPemReadFile(pszFilename, 0, g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers, 58 int rc = RTCrPemReadFile(pszFilename, 59 fFlags & RTCRX509CERT_READ_F_PEM_ONLY ? RTCRPEMREADFILE_F_ONLY_PEM : 0, 60 g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers, 59 61 &pSectionHead, pErrInfo); 60 62 if (RT_SUCCESS(rc)) 61 63 { 62 RTCRX509CERTIFICATE TmpCert; 63 RTASN1CURSORPRIMARY PrimaryCursor; 64 RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX), 65 pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, RTPathFilename(pszFilename)); 66 rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert"); 67 if (RT_SUCCESS(rc)) 64 if (pSectionHead) 68 65 { 69 rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert"); 66 RTCRX509CERTIFICATE TmpCert; 67 RTASN1CURSORPRIMARY PrimaryCursor; 68 RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX), 69 pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, RTPathFilename(pszFilename)); 70 rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert"); 70 71 if (RT_SUCCESS(rc)) 71 72 { 72 rc = RTCrX509Certificate_C lone(pCertificate, &TmpCert, pAllocator);73 rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert"); 73 74 if (RT_SUCCESS(rc)) 74 75 { 75 if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft) 76 rc = VINF_ASN1_MORE_DATA; 76 rc = RTCrX509Certificate_Clone(pCertificate, &TmpCert, pAllocator); 77 if (RT_SUCCESS(rc)) 78 { 79 if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft) 80 rc = VINF_ASN1_MORE_DATA; 81 } 77 82 } 83 RTCrX509Certificate_Delete(&TmpCert); 78 84 } 79 RTCr X509Certificate_Delete(&TmpCert);85 RTCrPemFreeSections(pSectionHead); 80 86 } 81 RTCrPemFreeSections(pSectionHead); 87 else 88 rc = rc != VINF_SUCCESS ? -rc : VERR_INTERNAL_ERROR_2; 89 82 90 } 83 91 return rc; … … 89 97 PRTERRINFO pErrInfo, const char *pszErrorTag) 90 98 { 91 AssertReturn(! fFlags, VERR_INVALID_FLAGS);99 AssertReturn(!(fFlags & ~RTCRX509CERT_READ_F_PEM_ONLY), VERR_INVALID_FLAGS); 92 100 PCRTCRPEMSECTION pSectionHead; 93 int rc = RTCrPemParseContent(pvBuf, cbBuf, 0, g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers, 101 int rc = RTCrPemParseContent(pvBuf, cbBuf, 102 fFlags & RTCRX509CERT_READ_F_PEM_ONLY ? RTCRPEMREADFILE_F_ONLY_PEM : 0, 103 g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers, 94 104 &pSectionHead, pErrInfo); 95 105 if (RT_SUCCESS(rc)) 96 106 { 97 RTCRX509CERTIFICATE TmpCert; 98 RTASN1CURSORPRIMARY PrimaryCursor; 99 RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX), 100 pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, pszErrorTag); 101 rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert"); 102 if (RT_SUCCESS(rc)) 107 if (pSectionHead) 103 108 { 104 rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert"); 109 RTCRX509CERTIFICATE TmpCert; 110 RTASN1CURSORPRIMARY PrimaryCursor; 111 RTAsn1CursorInitPrimary(&PrimaryCursor, pSectionHead->pbData, (uint32_t)RT_MIN(pSectionHead->cbData, UINT32_MAX), 112 pErrInfo, pAllocator, RTASN1CURSOR_FLAGS_DER, pszErrorTag); 113 rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &TmpCert, "Cert"); 105 114 if (RT_SUCCESS(rc)) 106 115 { 107 rc = RTCrX509Certificate_C lone(pCertificate, &TmpCert, pAllocator);116 rc = RTCrX509Certificate_CheckSanity(&TmpCert, 0, pErrInfo, "Cert"); 108 117 if (RT_SUCCESS(rc)) 109 118 { 110 if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft) 111 rc = VINF_ASN1_MORE_DATA; 119 rc = RTCrX509Certificate_Clone(pCertificate, &TmpCert, pAllocator); 120 if (RT_SUCCESS(rc)) 121 { 122 if (pSectionHead->pNext || PrimaryCursor.Cursor.cbLeft) 123 rc = VINF_ASN1_MORE_DATA; 124 } 112 125 } 126 RTCrX509Certificate_Delete(&TmpCert); 113 127 } 114 RTCr X509Certificate_Delete(&TmpCert);128 RTCrPemFreeSections(pSectionHead); 115 129 } 116 RTCrPemFreeSections(pSectionHead); 130 else 131 rc = rc != VINF_SUCCESS ? -rc : VERR_INTERNAL_ERROR_2; 117 132 } 118 133 return rc; … … 125 140 PRTCRX509CERTIFICATES pCertificates, PRTERRINFO pErrInfo) 126 141 { 127 AssertReturn(! fFlags, VERR_INVALID_FLAGS);142 AssertReturn(!(fFlags & ~RTCRX509CERT_READ_F_PEM_ONLY), VERR_INVALID_FLAGS); 128 143 PCRTCRPEMSECTION pSectionHead; 129 int rc = RTCrPemReadFile(pszFilename, 0, g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers, 144 int rc = RTCrPemReadFile(pszFilename, 145 fFlags & RTCRX509CERT_READ_F_PEM_ONLY ? RTCRPEMREADFILE_F_ONLY_PEM : 0, 146 g_aRTCrX509CertificateMarkers, g_cRTCrX509CertificateMarkers, 130 147 &pSectionHead, pErrInfo); 131 148 if (RT_SUCCESS(rc))
Note:
See TracChangeset
for help on using the changeset viewer.