Skip to content

Windows \r\n causes PEM object to fail parsing #5591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sergeyegerev opened this issue Jan 5, 2019 · 3 comments
Closed

Windows \r\n causes PEM object to fail parsing #5591

sergeyegerev opened this issue Jan 5, 2019 · 3 comments
Assignees
@earlephilhower
Milestone
2.5.0

Comments

@sergeyegerev
Copy link

Arduino/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp

Line 359 in 7c2e071

if (!strcmp_P(pos[u].name, PSTR("CERTIFICATE")) || !strcmp_P(pos[u].name, PSTR("X509 CERTIFICATE"))) {

@sergeyegerev
Copy link
Author

sergeyegerev commented Jan 5, 2019
edited
Loading

Hello.
I tried to use BearSSL::WiFiClientSecure for MQTT and used BearSSLX509List to parse X.509 certificate from AWS IoT. It comes in PEM format starting with -----BEGIN CERTIFICATE----- string.
At the above mentioned code line I've got pos[u].name value "CERTIFICATE-----" while the expected result is different. It looks like the name is parsed wrong.
Board version is 2.4.2.
Regards
Sergey

@sergeyegerev
Copy link
Author

It seems like the issue is with line endings in the certificate: incorrect parsing occurs when lines end with CR/LF pairs (Windows line endings). Single LF (Unix) line ends are parsed OK.

@earlephilhower earlephilhower self-assigned this Jan 7, 2019
@earlephilhower earlephilhower changed the title Wrong pem_object name: pos[u].name here is "CERTIFICATE-----". Seems like name parsing is wrong. Windows \r\n causes PEM object to fail parsing Jan 7, 2019
@earlephilhower
Copy link
Collaborator

@sergeyegerev Thanks for the report. I'm able to reproduce using the validation example by changing to Windows EOL markers in a cert. This looks like it's a bug inside the semi-Forth text parser used to decode PEMs inside the BearSSL library itself. I've updated the bug title accordingly.

@earlephilhower earlephilhower added this to the 2.5.0 milestone Jan 7, 2019
earlephilhower added a commit to earlephilhower/Arduino that referenced this issue Jan 7, 2019
@earlephilhower
Silently eat \rs in PEM decoder in BearSSL
2618c0d 
There is a bug in the BearSSL PEM decoder when Windows EOLs (\r\n) are
passed in.  Avoid the issue by silenly discarding \rs as they are read
from the PEM source in the C code, to keep my sanity by avoiding reworking
the pseudo-Forth parser code.

Fixes esp8266#5591
@earlephilhower earlephilhower mentioned this issue Jan 7, 2019
Merged
earlephilhower added a commit that referenced this issue Jan 7, 2019
@earlephilhower
Silently eat \rs in PEM decoder in BearSSL (#5598)
c08ef51 
There is a bug in the BearSSL PEM decoder when Windows EOLs (\r\n) are
passed in.  Avoid the issue by silenly discarding \rs as they are read
from the PEM source in the C code, to keep my sanity by avoiding reworking
the pseudo-Forth parser code.

Fixes #5591
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@earlephilhower earlephilhower

Labels
None yet
Projects
None yet
Milestone
2.5.0
Development

No branches or pull requests
2 participants
@earlephilhower @sergeyegerev