Fix PEM certificate loading that sometimes fails
authorMaximilian Blenk <Maximilian.Blenk@bmw.de>
Tue, 7 Apr 2020 17:33:39 +0000 (19:33 +0200)
committerBenjamin Kaduk <kaduk@mit.edu>
Fri, 8 May 2020 20:55:09 +0000 (13:55 -0700)
commit69296e264e58334620f541d09a4e381ee45542d4
tree5e4c3e7041d4ef9d187ced3b74632c83e2b5699f
parent6b057f75074a9061147d7e64fc77db85e310db47
Fix PEM certificate loading that sometimes fails

As described in https://github.com/openssl/openssl/issues/9187, the
loading of PEM certificates sometimes fails if a line of base64
content has the length of a multiple of 254.
The problem is in get_header_and_data(). When such a line with a
length of 254 (or a multiple) has been read, the next read will
only read a newline. Due to this get_header_and_data() expects to be
in the header not in the data area. This commit fixes that by checking
if lines have been read completely or only partially. In case of a
previous partial read, a newline will be ignored.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11741)

(cherry picked from commit 0324ffc5d5d393111288eca2c9d67f2141ed65f5)
crypto/pem/pem_lib.c
test/recipes/04-test_pem.t
test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem [new file with mode: 0644]
test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem [new file with mode: 0644]
test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem [new file with mode: 0644]