diff options
author | Mattes D <github@xoft.cz> | 2017-09-19 18:28:51 +0200 |
---|---|---|
committer | Lukas Pioch <lukas@zgow.de> | 2017-09-19 19:44:30 +0200 |
commit | e0d1f791a33c3bf3f164b8c5abbd87a87d376471 (patch) | |
tree | b1dddc4dbbc072626287b81f74f2507b4944f78f | |
parent | Changed BroadcastSoundEffect, SendSoundEffect, and CastThunderbolt parameters to vectors (#3959) (diff) | |
download | cuberite-e0d1f791a33c3bf3f164b8c5abbd87a87d376471.tar cuberite-e0d1f791a33c3bf3f164b8c5abbd87a87d376471.tar.gz cuberite-e0d1f791a33c3bf3f164b8c5abbd87a87d376471.tar.bz2 cuberite-e0d1f791a33c3bf3f164b8c5abbd87a87d376471.tar.lz cuberite-e0d1f791a33c3bf3f164b8c5abbd87a87d376471.tar.xz cuberite-e0d1f791a33c3bf3f164b8c5abbd87a87d376471.tar.zst cuberite-e0d1f791a33c3bf3f164b8c5abbd87a87d376471.zip |
-rw-r--r-- | src/mbedTLS++/CryptoKey.cpp | 7 | ||||
-rw-r--r-- | src/mbedTLS++/X509Cert.cpp | 5 | ||||
-rw-r--r-- | src/mbedTLS++/X509Cert.h | 1 |
3 files changed, 10 insertions, 3 deletions
diff --git a/src/mbedTLS++/CryptoKey.cpp b/src/mbedTLS++/CryptoKey.cpp index d9069e4e6..6615991d6 100644 --- a/src/mbedTLS++/CryptoKey.cpp +++ b/src/mbedTLS++/CryptoKey.cpp @@ -120,16 +120,19 @@ int cCryptoKey::ParsePublic(const void * a_Data, size_t a_NumBytes) int cCryptoKey::ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password) { ASSERT(!IsValid()); // Cannot parse a second key + // mbedTLS requires that PEM-encoded data is passed including the terminating NUL byte, + // and DER-encoded data is decoded properly even with an extra trailing NUL byte, so we simply add one to everything: + AString keyData(reinterpret_cast<const char *>(a_Data), a_NumBytes); if (a_Password.empty()) { - return mbedtls_pk_parse_key(&m_Pk, reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes, nullptr, 0); + return mbedtls_pk_parse_key(&m_Pk, reinterpret_cast<const unsigned char *>(keyData.data()), a_NumBytes + 1, nullptr, 0); } else { return mbedtls_pk_parse_key( &m_Pk, - reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes, + reinterpret_cast<const unsigned char *>(keyData.data()), a_NumBytes + 1, reinterpret_cast<const unsigned char *>(a_Password.c_str()), a_Password.size() ); } diff --git a/src/mbedTLS++/X509Cert.cpp b/src/mbedTLS++/X509Cert.cpp index 4dd998f00..7bcfec415 100644 --- a/src/mbedTLS++/X509Cert.cpp +++ b/src/mbedTLS++/X509Cert.cpp @@ -30,7 +30,10 @@ cX509Cert::~cX509Cert() int cX509Cert::Parse(const void * a_CertContents, size_t a_Size) { - return mbedtls_x509_crt_parse(&m_Cert, reinterpret_cast<const unsigned char *>(a_CertContents), a_Size); + // mbedTLS requires that PEM-encoded data is passed including the terminating NUL byte, + // and DER-encoded data is decoded properly even with an extra trailing NUL byte, so we simply add one to everything: + AString certContents(reinterpret_cast<const char *>(a_CertContents), a_Size); + return mbedtls_x509_crt_parse(&m_Cert, reinterpret_cast<const unsigned char *>(certContents.data()), a_Size + 1); } diff --git a/src/mbedTLS++/X509Cert.h b/src/mbedTLS++/X509Cert.h index 126b7387a..f46d84bf5 100644 --- a/src/mbedTLS++/X509Cert.h +++ b/src/mbedTLS++/X509Cert.h @@ -24,6 +24,7 @@ public: ~cX509Cert(void); /** Parses the certificate chain data into the context. + The certificate can be DER- or PEM-encoded. Returns 0 on succes, or mbedTLS error code on failure. */ int Parse(const void * a_CertContents, size_t a_Size); |