mbedtls: privkey from file: fix off-by-one

2025-03-09 00:00:04 +01:00 · 2021-05-20 17:02:28 +08:00 · 2021-05-20 17:02:28 +08:00 · 3fa6b23a08
commit 3fa6b23a08
parent d12e79b8d8
2 changed files with 42 additions and 6 deletions
--- a/lib/tls/mbedtls/mbedtls-client.c
+++ b/lib/tls/mbedtls/mbedtls-client.c
@ -400,9 +400,6 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,

 		buf[amount++] = '\0';

-		SSL_CTX_use_PrivateKey_ASN1(0, vh->tls.ssl_client_ctx,
-				buf, (long)amount);
-
 		n = SSL_CTX_use_certificate_ASN1(vh->tls.ssl_client_ctx,
 				(int)amount, buf);
 		lws_free(buf);
@ -417,8 +414,6 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
 #endif
 	} else if (cert_mem && cert_mem_len) {
 		/* lwsl_hexdump_notice(cert_mem, cert_mem_len - 1); */
-		SSL_CTX_use_PrivateKey_ASN1(0, vh->tls.ssl_client_ctx,
-				cert_mem, (long)cert_mem_len - 1);
 		n = SSL_CTX_use_certificate_ASN1(vh->tls.ssl_client_ctx,
 						 (int)cert_mem_len, cert_mem);
 		if (n < 1) {
@ -431,6 +426,47 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
 			    __func__, cert_mem_len);
 	}

+	if (private_key_filepath) {
+#if !defined(LWS_PLAT_OPTEE)
+
+		uint8_t *buf;
+		lws_filepos_t amount;
+
+		lwsl_notice("%s: doing private key filepath %s\n", __func__,
+				private_key_filepath);
+		if (alloc_file(vh->context, private_key_filepath, &buf, &amount))
+			return 1;
+
+		buf[amount++] = '\0';
+
+		n = SSL_CTX_use_PrivateKey_ASN1(0, vh->tls.ssl_client_ctx,
+				buf, (long)amount);
+
+		lws_free(buf);
+		if (n < 1) {
+			lwsl_err("problem %d getting private key '%s'\n", n,
+				 private_key_filepath);
+			lws_tls_err_describe_clear();
+			return 1;
+		}
+
+		lwsl_notice("Loaded private key %s\n", private_key_filepath);
+#endif
+	} else if (key_mem && key_mem_len) {
+		/* lwsl_hexdump_notice(cert_mem, cert_mem_len - 1); */
+		n = SSL_CTX_use_PrivateKey_ASN1(0, vh->tls.ssl_client_ctx,
+				key_mem, (long)key_mem_len - 1);
+
+		if (n < 1) {
+			lwsl_err("%s: (mbedtls) problem interpreting private key\n",
+				 __func__);
+			lws_tls_err_describe_clear();
+			return 1;
+		}
+		lwsl_info("%s: using mem private key %d\n",
+			    __func__, key_mem_len);
+
+	}
 	return 0;
 }

--- a/lib/tls/tls.c
+++ b/lib/tls/tls.c
@ -208,7 +208,7 @@ int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf,
 		goto bail;
 	}

-	*buf = lws_malloc(s, "alloc_file");
+	*buf = lws_malloc(s + 1, "alloc_file");
 	if (!*buf) {
 		n = 2;
 		goto bail;