Merge more test improvements and tests

Conflicts: tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00 · 2014-06-24 11:12:00 +02:00 · 1c98ff96b5
commit 1c98ff96b5
parent 91c301abbe f3b47243df
27 changed files with 675 additions and 201 deletions
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@ -865,36 +865,6 @@ static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
 #endif /* POLARSSL_CIPHER_MODE_CBC */
 }

-static int des_crypt_cfb128_wrap( void *ctx, operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    ((void) ctx);
-    ((void) operation);
-    ((void) length);
-    ((void) iv_off);
-    ((void) iv);
-    ((void) input);
-    ((void) output);
-
-    return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-static int des_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    ((void) ctx);
-    ((void) length);
-    ((void) nc_off);
-    ((void) nonce_counter);
-    ((void) stream_block);
-    ((void) input);
-    ((void) output);
-
-    return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
 static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
                                unsigned int key_length )
 {
@ -969,8 +939,8 @@ const cipher_base_t des_info = {
    POLARSSL_CIPHER_ID_DES,
    des_crypt_ecb_wrap,
    des_crypt_cbc_wrap,
-    des_crypt_cfb128_wrap,
-    des_crypt_ctr_wrap,
+    NULL,
+    NULL,
    NULL,
    des_setkey_enc_wrap,
    des_setkey_dec_wrap,
@ -1006,8 +976,8 @@ const cipher_base_t des_ede_info = {
    POLARSSL_CIPHER_ID_DES,
    des3_crypt_ecb_wrap,
    des3_crypt_cbc_wrap,
-    des_crypt_cfb128_wrap,
-    des_crypt_ctr_wrap,
+    NULL,
+    NULL,
    NULL,
    des3_set2key_enc_wrap,
    des3_set2key_dec_wrap,
@ -1043,8 +1013,8 @@ const cipher_base_t des_ede3_info = {
    POLARSSL_CIPHER_ID_DES,
    des3_crypt_ecb_wrap,
    des3_crypt_cbc_wrap,
-    des_crypt_cfb128_wrap,
-    des_crypt_ctr_wrap,
+    NULL,
+    NULL,
    NULL,
    des3_set3key_enc_wrap,
    des3_set3key_dec_wrap,
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@ -52,13 +52,13 @@
 #define polarssl_printf printf
 #endif

-static int pkcs5_parse_pbkdf2_params( asn1_buf *params,
+static int pkcs5_parse_pbkdf2_params( const asn1_buf *params,
                                      asn1_buf *salt, int *iterations,
                                      int *keylen, md_type_t *md_type )
 {
    int ret;
    asn1_buf prf_alg_oid;
-    unsigned char **p = &params->p;
+    unsigned char *p = params->p;
    const unsigned char *end = params->p + params->len;

    if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
@ -73,28 +73,28 @@ static int pkcs5_parse_pbkdf2_params( asn1_buf *params,
     *  }
     *
     */
-    if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
+    if( ( ret = asn1_get_tag( &p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
        return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );

-    salt->p = *p;
-    *p += salt->len;
+    salt->p = p;
+    p += salt->len;

-    if( ( ret = asn1_get_int( p, end, iterations ) ) != 0 )
+    if( ( ret = asn1_get_int( &p, end, iterations ) ) != 0 )
        return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );

-    if( *p == end )
+    if( p == end )
        return( 0 );

-    if( ( ret = asn1_get_int( p, end, keylen ) ) != 0 )
+    if( ( ret = asn1_get_int( &p, end, keylen ) ) != 0 )
    {
        if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
            return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );
    }

-    if( *p == end )
+    if( p == end )
        return( 0 );

-    if( ( ret = asn1_get_alg_null( p, end, &prf_alg_oid ) ) != 0 )
+    if( ( ret = asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
        return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret );

    if( !OID_CMP( OID_HMAC_SHA1, &prf_alg_oid ) )
@ -102,7 +102,7 @@ static int pkcs5_parse_pbkdf2_params( asn1_buf *params,

    *md_type = POLARSSL_MD_SHA1;

-    if( *p != end )
+    if( p != end )
        return( POLARSSL_ERR_PKCS5_INVALID_FORMAT +
                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );

@ -175,6 +175,10 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
    if( cipher_info == NULL )
        return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE );

+    /*
+     * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
+     * since it is optional and we don't know if it was set or not
+     */
    keylen = cipher_info->key_length / 8;

    if( enc_scheme_params.tag != ASN1_OCTET_STRING ||
@ -200,19 +204,8 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
    if( ( ret = cipher_setkey( &cipher_ctx, key, 8 * keylen, mode ) ) != 0 )
        goto exit;

-    if( ( ret = cipher_set_iv( &cipher_ctx, iv, enc_scheme_params.len ) ) != 0 )
-        goto exit;
-
-    if( ( ret = cipher_reset( &cipher_ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = cipher_update( &cipher_ctx, data, datalen,
-                                output, &olen ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
+    if( ( ret = cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
+                              data, datalen, output, &olen ) ) != 0 )
        ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;

 exit:
@ -295,6 +288,16 @@ int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,

 #if defined(POLARSSL_SELF_TEST)

+#if !defined(POLARSSL_SHA1_C)
+int pkcs5_self_test( int verbose )
+{
+    if( verbose != 0 )
+        polarssl_printf( "  PBKDF2 (SHA1): skipped\n\n" );
+
+    return( 0 );
+}
+#else
+
 #include <stdio.h>

 #define MAX_TESTS   6
@ -398,6 +401,7 @@ int pkcs5_self_test( int verbose )

    return( 0 );
 }
+#endif /* POLARSSL_SHA1_C */

 #endif /* POLARSSL_SELF_TEST */

--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -149,7 +149,8 @@ static int ssl_load_session( ssl_session *session,

        x509_crt_init( session->peer_cert );

-        if( ( ret = x509_crt_parse( session->peer_cert, p, cert_len ) ) != 0 )
+        if( ( ret = x509_crt_parse_der( session->peer_cert,
+                                        p, cert_len ) ) != 0 )
        {
            x509_crt_free( session->peer_cert );
            polarssl_free( session->peer_cert );
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -101,8 +101,8 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src )

        x509_crt_init( dst->peer_cert );

-        if( ( ret = x509_crt_parse( dst->peer_cert, src->peer_cert->raw.p,
-                                    src->peer_cert->raw.len ) ) != 0 )
+        if( ( ret = x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p,
+                                        src->peer_cert->raw.len ) ) != 0 )
        {
            polarssl_free( dst->peer_cert );
            dst->peer_cert = NULL;
--- a/library/x509.c
+++ b/library/x509.c
@ -1,5 +1,5 @@
 /*
- *  X.509 certificate and private key decoding
+ *  X.509 common functions for parsing and verification
 *
 *  Copyright (C) 2006-2014, Brainspark B.V.
 *
@ -25,10 +25,9 @@
 /*
 *  The ITU-T X.509 standard defines a certificate format for PKI.
 *
- *  http://www.ietf.org/rfc/rfc3279.txt
- *  http://www.ietf.org/rfc/rfc3280.txt
- *
- *  ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
 *
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
--- a/library/x509_create.c
+++ b/library/x509_create.c
@ -40,6 +40,59 @@
 #define strncasecmp _strnicmp
 #endif

+typedef struct {
+    const char *name;
+    size_t name_len;
+    const char*oid;
+} x509_attr_descriptor_t;
+
+#define ADD_STRLEN( s )     s, sizeof( s ) - 1
+
+static const x509_attr_descriptor_t x509_attrs[] =
+{
+    { ADD_STRLEN( "CN" ),                       OID_AT_CN },
+    { ADD_STRLEN( "commonName" ),               OID_AT_CN },
+    { ADD_STRLEN( "C" ),                        OID_AT_COUNTRY },
+    { ADD_STRLEN( "countryName" ),              OID_AT_COUNTRY },
+    { ADD_STRLEN( "O" ),                        OID_AT_ORGANIZATION },
+    { ADD_STRLEN( "organizationName" ),         OID_AT_ORGANIZATION },
+    { ADD_STRLEN( "L" ),                        OID_AT_LOCALITY },
+    { ADD_STRLEN( "locality" ),                 OID_AT_LOCALITY },
+    { ADD_STRLEN( "R" ),                        OID_PKCS9_EMAIL },
+    { ADD_STRLEN( "OU" ),                       OID_AT_ORG_UNIT },
+    { ADD_STRLEN( "organizationalUnitName" ),   OID_AT_ORG_UNIT },
+    { ADD_STRLEN( "ST" ),                       OID_AT_STATE },
+    { ADD_STRLEN( "stateOrProvinceName" ),      OID_AT_STATE },
+    { ADD_STRLEN( "emailAddress" ),             OID_PKCS9_EMAIL },
+    { ADD_STRLEN( "serialNumber" ),             OID_AT_SERIAL_NUMBER },
+    { ADD_STRLEN( "postalAddress" ),            OID_AT_POSTAL_ADDRESS },
+    { ADD_STRLEN( "postalCode" ),               OID_AT_POSTAL_CODE },
+    { ADD_STRLEN( "dnQualifier" ),              OID_AT_DN_QUALIFIER },
+    { ADD_STRLEN( "title" ),                    OID_AT_TITLE },
+    { ADD_STRLEN( "surName" ),                  OID_AT_SUR_NAME },
+    { ADD_STRLEN( "SN" ),                       OID_AT_SUR_NAME },
+    { ADD_STRLEN( "givenName" ),                OID_AT_GIVEN_NAME },
+    { ADD_STRLEN( "GN" ),                       OID_AT_GIVEN_NAME },
+    { ADD_STRLEN( "initials" ),                 OID_AT_INITIALS },
+    { ADD_STRLEN( "pseudonym" ),                OID_AT_PSEUDONYM },
+    { ADD_STRLEN( "generationQualifier" ),      OID_AT_GENERATION_QUALIFIER },
+    { ADD_STRLEN( "domainComponent" ),          OID_DOMAIN_COMPONENT },
+    { ADD_STRLEN( "DC" ),                       OID_DOMAIN_COMPONENT },
+    { NULL, 0, NULL }
+};
+
+static const char *x509_at_oid_from_name( const char *name, size_t name_len )
+{
+    const x509_attr_descriptor_t *cur;
+
+    for( cur = x509_attrs; cur->name != NULL; cur++ )
+        if( cur->name_len == name_len &&
+            strncasecmp( cur->name, name, name_len ) == 0 )
+            break;
+
+    return( cur->oid );
+}
+
 int x509_string_to_names( asn1_named_data **head, const char *name )
 {
    int ret = 0;
@ -55,68 +108,7 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
    {
        if( in_tag && *c == '=' )
        {
-            if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 )
-                oid = OID_AT_CN;
-            else if( c - s == 10 && strncasecmp( s, "commonName", 10 ) == 0 )
-                oid = OID_AT_CN;
-            else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 )
-                oid = OID_AT_COUNTRY;
-            else if( c - s == 11 && strncasecmp( s, "countryName", 11 ) == 0 )
-                oid = OID_AT_COUNTRY;
-            else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 )
-                oid = OID_AT_ORGANIZATION;
-            else if( c - s == 16 &&
-                     strncasecmp( s, "organizationName", 16 ) == 0 )
-                oid = OID_AT_ORGANIZATION;
-            else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 )
-                oid = OID_AT_LOCALITY;
-            else if( c - s == 8 && strncasecmp( s, "locality", 8 ) == 0 )
-                oid = OID_AT_LOCALITY;
-            else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 )
-                oid = OID_PKCS9_EMAIL;
-            else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 )
-                oid = OID_AT_ORG_UNIT;
-            else if( c - s == 22 &&
-                     strncasecmp( s, "organizationalUnitName", 22 ) == 0 )
-                oid = OID_AT_ORG_UNIT;
-            else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 )
-                oid = OID_AT_STATE;
-            else if( c - s == 19 &&
-                     strncasecmp( s, "stateOrProvinceName", 19 ) == 0 )
-                oid = OID_AT_STATE;
-            else if( c - s == 12 && strncasecmp( s, "emailAddress", 12 ) == 0 )
-                oid = OID_PKCS9_EMAIL;
-            else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 )
-                oid = OID_AT_SERIAL_NUMBER;
-            else if( c - s == 13 && strncasecmp( s, "postalAddress", 13 ) == 0 )
-                oid = OID_AT_POSTAL_ADDRESS;
-            else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 )
-                oid = OID_AT_POSTAL_CODE;
-            else if( c - s == 11 && strncasecmp( s, "dnQualifier", 11 ) == 0 )
-                oid = OID_AT_DN_QUALIFIER;
-            else if( c - s == 5 && strncasecmp( s, "title", 5 ) == 0 )
-                oid = OID_AT_TITLE;
-            else if( c - s == 7 && strncasecmp( s, "surName", 7 ) == 0 )
-                oid = OID_AT_SUR_NAME;
-            else if( c - s == 2 && strncasecmp( s, "SN", 2 ) == 0 )
-                oid = OID_AT_SUR_NAME;
-            else if( c - s == 9 && strncasecmp( s, "givenName", 9 ) == 0 )
-                oid = OID_AT_GIVEN_NAME;
-            else if( c - s == 2 && strncasecmp( s, "GN", 2 ) == 0 )
-                oid = OID_AT_GIVEN_NAME;
-            else if( c - s == 8 && strncasecmp( s, "initials", 8 ) == 0 )
-                oid = OID_AT_INITIALS;
-            else if( c - s == 9 && strncasecmp( s, "pseudonym", 9 ) == 0 )
-                oid = OID_AT_PSEUDONYM;
-            else if( c - s == 19 &&
-                     strncasecmp( s, "generationQualifier", 19 ) == 0 )
-                oid = OID_AT_GENERATION_QUALIFIER;
-            else if( c - s == 15 &&
-                     strncasecmp( s, "domainComponent", 15 ) == 0 )
-                oid = OID_DOMAIN_COMPONENT;
-            else if( c - s == 2 && strncasecmp( s, "DC", 2 ) == 0 )
-                oid = OID_DOMAIN_COMPONENT;
-            else
+            if( ( oid = x509_at_oid_from_name( s, c - s ) ) == NULL )
            {
                ret = POLARSSL_ERR_X509_UNKNOWN_OID;
                goto exit;
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@ -1,5 +1,5 @@
 /*
- *  X.509 certificate and private key decoding
+ *  X.509 Certidicate Revocation List (CRL) parsing
 *
 *  Copyright (C) 2006-2014, Brainspark B.V.
 *
@ -25,10 +25,9 @@
 /*
 *  The ITU-T X.509 standard defines a certificate format for PKI.
 *
- *  http://www.ietf.org/rfc/rfc3279.txt
- *  http://www.ietf.org/rfc/rfc3280.txt
- *
- *  ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
 *
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -1,5 +1,5 @@
 /*
- *  X.509 certificate and private key decoding
+ *  X.509 certificate parsing and verification
 *
 *  Copyright (C) 2006-2014, Brainspark B.V.
 *
@ -25,10 +25,9 @@
 /*
 *  The ITU-T X.509 standard defines a certificate format for PKI.
 *
- *  http://www.ietf.org/rfc/rfc3279.txt
- *  http://www.ietf.org/rfc/rfc3280.txt
- *
- *  ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
 *
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@ -25,10 +25,9 @@
 /*
 *  The ITU-T X.509 standard defines a certificate format for PKI.
 *
- *  http://www.ietf.org/rfc/rfc3279.txt
- *  http://www.ietf.org/rfc/rfc3280.txt
- *
- *  ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
 *
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
@ -91,18 +90,15 @@ static int x509_csr_get_version( unsigned char **p,
 }

 /*
- * Parse a CSR
+ * Parse a CSR in DER format
 */
-int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
+int x509_csr_parse_der( x509_csr *csr,
+                        const unsigned char *buf, size_t buflen )
 {
    int ret;
    size_t len;
    unsigned char *p, *end;
    x509_buf sig_params;
-#if defined(POLARSSL_PEM_PARSE_C)
-    size_t use_len;
-    pem_context pem;
-#endif

    memset( &sig_params, 0, sizeof( x509_buf ) );

@ -114,41 +110,15 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )

    x509_csr_init( csr );

-#if defined(POLARSSL_PEM_PARSE_C)
-    pem_init( &pem );
-    ret = pem_read_buffer( &pem,
-                           "-----BEGIN CERTIFICATE REQUEST-----",
-                           "-----END CERTIFICATE REQUEST-----",
-                           buf, NULL, 0, &use_len );
+    /*
+     * first copy the raw DER data
+     */
+    p = (unsigned char *) polarssl_malloc( len = buflen );

-    if( ret == 0 )
-    {
-        /*
-         * Was PEM encoded, steal PEM buffer
-         */
-        p = pem.buf;
-        pem.buf = NULL;
-        len = pem.buflen;
-        pem_free( &pem );
-    }
-    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        pem_free( &pem );
-        return( ret );
-    }
-    else
-#endif /* POLARSSL_PEM_PARSE_C */
-    {
-        /*
-         * nope, copy the raw DER data
-         */
-        p = (unsigned char *) polarssl_malloc( len = buflen );
+    if( p == NULL )
+        return( POLARSSL_ERR_X509_MALLOC_FAILED );

-        if( p == NULL )
-            return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
-        memcpy( p, buf, buflen );
-    }
+    memcpy( p, buf, buflen );

    csr->raw.p = p;
    csr->raw.len = len;
@ -285,6 +255,51 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
    return( 0 );
 }

+/*
+ * Parse a CSR, allowing for PEM or raw DER encoding
+ */
+int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
+{
+    int ret;
+#if defined(POLARSSL_PEM_PARSE_C)
+    size_t use_len;
+    pem_context pem;
+#endif
+
+    /*
+     * Check for valid input
+     */
+    if( csr == NULL || buf == NULL )
+        return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
+#if defined(POLARSSL_PEM_PARSE_C)
+    pem_init( &pem );
+    ret = pem_read_buffer( &pem,
+                           "-----BEGIN CERTIFICATE REQUEST-----",
+                           "-----END CERTIFICATE REQUEST-----",
+                           buf, NULL, 0, &use_len );
+
+    if( ret == 0 )
+    {
+        /*
+         * Was PEM encoded, parse the result
+         */
+        if( ( ret = x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
+            return( ret );
+
+        pem_free( &pem );
+        return( 0 );
+    }
+    else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+    {
+        pem_free( &pem );
+        return( ret );
+    }
+    else
+#endif /* POLARSSL_PEM_PARSE_C */
+    return( x509_csr_parse_der( csr, buf, buflen ) );
+}
+
 #if defined(POLARSSL_FS_IO)
 /*
 * Load a CSR into the structure