diff options
| author | Jon Spillett <jon.spillett@oracle.com> | 2021-03-15 14:26:09 +1000 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-06-01 12:16:27 +0200 |
| commit | 169eca602c67f37abf0a44e1605998d5e7f04fa6 (patch) | |
| tree | 221d3097ca04a1549d0cb93442c1c2d00f954928 /crypto/pem | |
| parent | 8ee66a092c07e618191ef49c8912f8235b08bb95 (diff) | |
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
Diffstat (limited to 'crypto/pem')
| -rw-r--r-- | crypto/pem/pvkfmt.c | 99 |
1 files changed, 66 insertions, 33 deletions
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 51d3ec476b..d08fab4ba8 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -792,22 +792,27 @@ int ossl_do_PVK_header(const unsigned char **in, unsigned int length, #ifndef OPENSSL_NO_RC4 static int derive_pvk_key(unsigned char *key, const unsigned char *salt, unsigned int saltlen, - const unsigned char *pass, int passlen) + const unsigned char *pass, int passlen, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - EVP_MD *md = EVP_MD_fetch(NULL, SN_sha1, NULL); - int rv = 1; + int rv = 0; + EVP_MD *sha1 = NULL; - if (md == NULL - || mctx == NULL - || !EVP_DigestInit_ex(mctx, md, NULL) + if ((sha1 = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL) + goto err; + + if (mctx == NULL + || !EVP_DigestInit_ex(mctx, sha1, NULL) || !EVP_DigestUpdate(mctx, salt, saltlen) || !EVP_DigestUpdate(mctx, pass, passlen) || !EVP_DigestFinal_ex(mctx, key, NULL)) - rv = 0; + goto err; + rv = 1; +err: EVP_MD_CTX_free(mctx); - EVP_MD_free(md); + EVP_MD_free(sha1); return rv; } #endif @@ -815,14 +820,18 @@ static int derive_pvk_key(unsigned char *key, static void *do_PVK_body_key(const unsigned char **in, unsigned int saltlen, unsigned int keylen, pem_password_cb *cb, void *u, - int *isdss, int *ispub) + int *isdss, int *ispub, + OSSL_LIB_CTX *libctx, const char *propq) { const unsigned char *p = *in; unsigned char *enctmp = NULL; unsigned char keybuf[20]; void *key = NULL; - +#ifndef OPENSSL_NO_RC4 + EVP_CIPHER *rc4 = NULL; +#endif EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new(); + if (saltlen) { #ifndef OPENSSL_NO_RC4 unsigned int magic; @@ -844,7 +853,7 @@ static void *do_PVK_body_key(const unsigned char **in, goto err; } if (!derive_pvk_key(keybuf, p, saltlen, - (unsigned char *)psbuf, inlen)) + (unsigned char *)psbuf, inlen, libctx, propq)) goto err; p += saltlen; /* Copy BLOBHEADER across, decrypt rest */ @@ -856,7 +865,9 @@ static void *do_PVK_body_key(const unsigned char **in, } inlen = keylen - 8; q = enctmp + 8; - if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) + if ((rc4 = EVP_CIPHER_fetch(libctx, "RC4", propq)) == NULL) + goto err; + if (!EVP_DecryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) goto err; if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) goto err; @@ -866,7 +877,7 @@ static void *do_PVK_body_key(const unsigned char **in, if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { q = enctmp + 8; memset(keybuf + 5, 0, 11); - if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) + if (!EVP_DecryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) goto err; if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) goto err; @@ -888,6 +899,9 @@ static void *do_PVK_body_key(const unsigned char **in, key = do_b2i_key(&p, keylen, isdss, ispub); err: EVP_CIPHER_CTX_free(cctx); +#ifndef OPENSSL_NO_RC4 + EVP_CIPHER_free(rc4); +#endif if (enctmp != NULL) { OPENSSL_cleanse(keybuf, sizeof(keybuf)); OPENSSL_free(enctmp); @@ -896,7 +910,8 @@ static void *do_PVK_body_key(const unsigned char **in, } static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u, - int *isdss, int *ispub) + int *isdss, int *ispub, + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char pvk_hdr[24], *buf = NULL; const unsigned char *p; @@ -923,7 +938,7 @@ static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u, ERR_raise(ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT); goto err; } - key = do_PVK_body_key(&p, saltlen, keylen, cb, u, isdss, ispub); + key = do_PVK_body_key(&p, saltlen, keylen, cb, u, isdss, ispub, libctx, propq); err: OPENSSL_clear_free(buf, buflen); @@ -936,7 +951,7 @@ DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) int isdss = 1; int ispub = 0; /* PVK keys are always private */ - return do_PVK_key_bio(in, cb, u, &isdss, &ispub); + return do_PVK_key_bio(in, cb, u, &isdss, &ispub, NULL, NULL); } #endif @@ -945,26 +960,35 @@ RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) int isdss = 0; int ispub = 0; /* PVK keys are always private */ - return do_PVK_key_bio(in, cb, u, &isdss, &ispub); + return do_PVK_key_bio(in, cb, u, &isdss, &ispub, NULL, NULL); } -EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq) { int isdss = -1; int ispub = -1; - void *key = do_PVK_key_bio(in, cb, u, &isdss, &ispub); + void *key = do_PVK_key_bio(in, cb, u, &isdss, &ispub, NULL, NULL); return evp_pkey_new0_key(key, isdss_to_evp_type(isdss)); } +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +{ + return b2i_PVK_bio_ex(in, cb, u, NULL, NULL); +} + static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq) { + int ret = -1; int outlen = 24, pklen; unsigned char *p = NULL, *start = NULL; EVP_CIPHER_CTX *cctx = NULL; #ifndef OPENSSL_NO_RC4 unsigned char *salt = NULL; + EVP_CIPHER *rc4 = NULL; #endif if (enclevel) @@ -1002,7 +1026,7 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, write_ledword(&p, pklen); if (enclevel) { #ifndef OPENSSL_NO_RC4 - if (RAND_bytes(p, PVK_SALTLEN) <= 0) + if (RAND_bytes_ex(libctx, p, PVK_SALTLEN, 0) <= 0) goto error; salt = p; p += PVK_SALTLEN; @@ -1014,7 +1038,6 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, char psbuf[PEM_BUFSIZE]; unsigned char keybuf[20]; int enctmplen, inlen; - if (cb) inlen = cb(psbuf, PEM_BUFSIZE, 1, u); else @@ -1024,12 +1047,14 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, goto error; } if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, - (unsigned char *)psbuf, inlen)) + (unsigned char *)psbuf, inlen, libctx, propq)) + goto error; + if ((rc4 = EVP_CIPHER_fetch(libctx, "RC4", propq)) == NULL) goto error; if (enclevel == 1) memset(keybuf + 5, 0, 11); p = salt + PVK_SALTLEN + 8; - if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) + if (!EVP_EncryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) goto error; OPENSSL_cleanse(keybuf, 20); if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) @@ -1042,27 +1067,28 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, #endif } - EVP_CIPHER_CTX_free(cctx); - if (*out == NULL) *out = start; - - return outlen; - + ret = outlen; error: EVP_CIPHER_CTX_free(cctx); +#ifndef OPENSSL_NO_RC4 + EVP_CIPHER_free(rc4); +#endif if (*out == NULL) OPENSSL_free(start); - return -1; + + return ret; } -int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u) +int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char *tmp = NULL; int outlen, wrlen; - outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); + outlen = i2b_PVK(&tmp, pk, enclevel, cb, u, libctx, propq); if (outlen < 0) return -1; wrlen = BIO_write(out, tmp, outlen); @@ -1073,3 +1099,10 @@ int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, ERR_raise(ERR_LIB_PEM, PEM_R_BIO_WRITE_FAILURE); return -1; } + +int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u) +{ + return i2b_PVK_bio_ex(out, pk, enclevel, cb, u, NULL, NULL); +} + |