Fix a bug in PEM decoding

If the label param was set to a non-empty string, the decoding would treat it as part of the label and then end up throwing a decoding error. The key fix here is adding the clear() call in decode. Private bug report by email. Add some basic tests for the PEM decoder.
author: Jack Lloyd <[email protected]> 2017-12-16 10:52:08 -0500
committer: Jack Lloyd <[email protected]> 2017-12-16 10:52:08 -0500
commit: 59c24b0ed65e1fdc6f64ae07d44fb08e9059266c (patch)
tree: c26eb7c1e909385b8dc9aa9e1433074784370dec /src/lib/pubkey/pem
parent: 679f2d183175c3d7d0c65167d93b17b76aa27be4 (diff)
2 files changed, 21 insertions, 31 deletions
diff --git a/src/lib/pubkey/pem/pem.cpp b/src/lib/pubkey/pem/pem.cpp
index 1303e4ac2..d2433860d 100644
--- a/src/lib/pubkey/pem/pem.cpp
+++ b/src/lib/pubkey/pem/pem.cpp
@@ -52,7 +52,7 @@ std::string encode(const uint8_t der[], size_t length, const std::string& label,
 * Decode PEM down to raw BER/DER
 */
 secure_vector<uint8_t> decode_check_label(DataSource& source,
-                                      const std::string& label_want)
+                                          const std::string& label_want)
    {
    std::string label_got;
    secure_vector<uint8_t> ber = decode(source, label_got);
@@ -69,6 +69,8 @@ secure_vector<uint8_t> decode(DataSource& source, std::string& label)
    {
    const size_t RANDOM_CHAR_LIMIT = 8;
 
+   label.clear();
+
    const std::string PEM_HEADER1 = "-----BEGIN ";
    const std::string PEM_HEADER2 = "-----";
    size_t position = 0;
@@ -122,7 +124,7 @@ secure_vector<uint8_t> decode(DataSource& source, std::string& label)
    }
 
 secure_vector<uint8_t> decode_check_label(const std::string& pem,
-                                      const std::string& label_want)
+                                          const std::string& label_want)
    {
    DataSource_Memory src(pem);
    return decode_check_label(src, label_want);
diff --git a/src/lib/pubkey/pem/pem.h b/src/lib/pubkey/pem/pem.h
index b2b27282d..c02294dce 100644
--- a/src/lib/pubkey/pem/pem.h
+++ b/src/lib/pubkey/pem/pem.h
@@ -25,9 +25,9 @@ namespace PEM_Code {
 * @param line_width after this many characters, a new line is inserted
 */
 BOTAN_PUBLIC_API(2,0) std::string encode(const uint8_t data[],
-                             size_t data_len,
-                             const std::string& label,
-                             size_t line_width = 64);
+                                         size_t data_len,
+                                         const std::string& label,
+                                         size_t line_width = 64);
 
 /**
 * Encode some binary data in PEM format
@@ -35,22 +35,10 @@ BOTAN_PUBLIC_API(2,0) std::string encode(const uint8_t data[],
 * @param label PEM label
 * @param line_width after this many characters, a new line is inserted
 */
-inline std::string encode(const std::vector<uint8_t>& data,
-                          const std::string& label,
-                          size_t line_width = 64)
-   {
-   return encode(data.data(), data.size(), label, line_width);
-   }
-
-/**
-* Encode some binary data in PEM format
-* @param data binary data to encode
-* @param label PEM label put after BEGIN and END
-* @param line_width after this many characters, a new line is inserted
-*/
-inline std::string encode(const secure_vector<uint8_t>& data,
-                          const std::string& label,
-                          size_t line_width = 64)
+template<typename Alloc>
+std::string encode(const std::vector<uint8_t, Alloc>& data,
+                   const std::string& label,
+                   size_t line_width = 64)
    {
    return encode(data.data(), data.size(), label, line_width);
    }
@@ -61,7 +49,7 @@ inline std::string encode(const secure_vector<uint8_t>& data,
 * @param label is set to the PEM label found for later inspection
 */
 BOTAN_PUBLIC_API(2,0) secure_vector<uint8_t> decode(DataSource& pem,
-                                     std::string& label);
+                                                    std::string& label);
 
 /**
 * Decode PEM data
@@ -69,32 +57,32 @@ BOTAN_PUBLIC_API(2,0) secure_vector<uint8_t> decode(DataSource& pem,
 * @param label is set to the PEM label found for later inspection
 */
 BOTAN_PUBLIC_API(2,0) secure_vector<uint8_t> decode(const std::string& pem,
-                                     std::string& label);
+                                                    std::string& label);
 
 /**
 * Decode PEM data
 * @param pem a datasource containing PEM encoded data
 * @param label is what we expect the label to be
 */
-BOTAN_PUBLIC_API(2,0) secure_vector<uint8_t> decode_check_label(
-   DataSource& pem,
-   const std::string& label);
+BOTAN_PUBLIC_API(2,0)
+secure_vector<uint8_t> decode_check_label(DataSource& pem,
+                                          const std::string& label);
 
 /**
 * Decode PEM data
 * @param pem a string containing PEM encoded data
 * @param label is what we expect the label to be
 */
-BOTAN_PUBLIC_API(2,0) secure_vector<uint8_t> decode_check_label(
-   const std::string& pem,
-   const std::string& label);
+BOTAN_PUBLIC_API(2,0)
+secure_vector<uint8_t> decode_check_label(const std::string& pem,
+                                          const std::string& label);
 
 /**
 * Heuristic test for PEM data.
 */
 BOTAN_PUBLIC_API(2,0) bool matches(DataSource& source,
-                       const std::string& extra = "",
-                       size_t search_range = 4096);
+                                   const std::string& extra = "",
+                                   size_t search_range = 4096);
 
 }
author	Jack Lloyd <[email protected]>	2017-12-16 10:52:08 -0500
committer	Jack Lloyd <[email protected]>	2017-12-16 10:52:08 -0500
commit	59c24b0ed65e1fdc6f64ae07d44fb08e9059266c (patch)
tree	c26eb7c1e909385b8dc9aa9e1433074784370dec /src/lib/pubkey/pem
parent	679f2d183175c3d7d0c65167d93b17b76aa27be4 (diff)