Skip to content

Commit

Permalink
Improve checks on certificate
Browse files Browse the repository at this point in the history
Signed-off-by: Simone Orru <simone.orru@secomind.com>
  • Loading branch information
sorru94 committed May 17, 2023
1 parent 6a745dd commit bfba9da
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [1.1.3] - Unreleased
### Fixed
- Fix crash when using an invalid client certificate.

## [1.1.2] - 2023-04-13
### Fixed
- Fix hardware ID generation for IDF 5.0.
Expand Down
41 changes: 40 additions & 1 deletion astarte_credentials.c
Original file line number Diff line number Diff line change
Expand Up @@ -835,7 +835,46 @@ astarte_err_t astarte_credentials_erase_stored_credentials_secret()
bool astarte_credentials_has_certificate()
{
CREDS_STORAGE_FUNCS(funcs);
return funcs->astarte_credentials_exists(creds_ctx.opaque, ASTARTE_CREDENTIALS_CERTIFICATE);
if (!funcs->astarte_credentials_exists(creds_ctx.opaque, ASTARTE_CREDENTIALS_CERTIFICATE)) {
return false;
}

astarte_err_t astarte_ret = ASTARTE_ERR;
char *client_crt_cn = NULL;

char *client_crt_pem = calloc(CERT_LENGTH, sizeof(char));
if (!client_crt_pem) {
ESP_LOGE(TAG, "Out of memory %s: %d", __FILE__, __LINE__);
astarte_ret = ASTARTE_ERR_OUT_OF_MEMORY;
goto exit;
}

astarte_ret = astarte_credentials_get_certificate(client_crt_pem, CERT_LENGTH);
if (astarte_ret != ASTARTE_OK) {
ESP_LOGE(TAG, "astarte_credentials_get_certificate returned %d", astarte_ret);
goto exit;
}

client_crt_cn = calloc(CN_LENGTH, sizeof(char));
if (!client_crt_cn) {
ESP_LOGE(TAG, "Out of memory %s: %d", __FILE__, __LINE__);
goto exit;
}

astarte_ret
= astarte_credentials_get_certificate_common_name(client_crt_pem, client_crt_cn, CN_LENGTH);
if (astarte_ret != ASTARTE_OK) {
ESP_LOGE(TAG, "astarte_credentials_get_certificate_common_name returned %d", astarte_ret);
goto exit;
}

astarte_ret = ASTARTE_OK;

exit:
free(client_crt_pem);
free(client_crt_cn);

return astarte_ret == ASTARTE_OK;
}

bool astarte_credentials_has_csr()
Expand Down
3 changes: 3 additions & 0 deletions include/astarte_credentials.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@
#include <stdbool.h>
#include <string.h>

#define CERT_LENGTH 4096
#define CN_LENGTH 512

#define ASTARTE_CREDENTIALS_DEFAULT_NVS_PARTITION NULL

enum credential_type_t
Expand Down

0 comments on commit bfba9da

Please sign in to comment.