diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
| commit | 6725682d77510bf6d499957897d7be124d603f40 (patch) | |
| tree | 447e5bce5607b4873f7f018df1b2e4c21a394e92 /crypto/pem | |
| parent | ae89578be2930c726d6ef56451233757a89f224f (diff) | |
Add X509 related libctx changes.
- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)
Diffstat (limited to 'crypto/pem')
| -rw-r--r-- | crypto/pem/pem_info.c | 40 | ||||
| -rw-r--r-- | crypto/pem/pem_pkey.c | 9 |
2 files changed, 36 insertions, 13 deletions
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index f6a5dedc48..a3981c9dda 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -26,25 +26,35 @@ DEFINE_STACK_OF(X509_INFO) #ifndef OPENSSL_NO_STDIO -STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) { BIO *b; STACK_OF(X509_INFO) *ret; if ((b = BIO_new(BIO_s_file())) == NULL) { - PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB); + PEMerr(0, ERR_R_BUF_LIB); return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_X509_INFO_read_bio(b, sk, cb, u); + ret = PEM_X509_INFO_read_bio_with_libctx(b, sk, cb, u, libctx, propq); BIO_free(b); return ret; } + +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u) +{ + return PEM_X509_INFO_read_with_libctx(fp, sk, cb, u, NULL, NULL); +} #endif -STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_bio_with_libctx(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) { X509_INFO *xi = NULL; char *name = NULL, *header = NULL; @@ -59,7 +69,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, if (sk == NULL) { if ((ret = sk_X509_INFO_new_null()) == NULL) { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE); + PEMerr(0, ERR_R_MALLOC_FAILURE); goto err; } } else @@ -90,6 +100,9 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, goto err; goto start; } + xi->x509 = X509_new_with_libctx(libctx, propq); + if (xi->x509 == NULL) + goto err; pp = &(xi->x509); } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) { d2i = (D2I_OF(void)) d2i_X509_AUX; @@ -100,6 +113,9 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, goto err; goto start; } + xi->x509 = X509_new_with_libctx(libctx, propq); + if (xi->x509 == NULL) + goto err; pp = &(xi->x509); } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { d2i = (D2I_OF(void)) d2i_X509_CRL; @@ -197,11 +213,11 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, p = data; if (ptype) { if (!d2i_PrivateKey(ptype, pp, &p, len)) { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); + PEMerr(0, ERR_R_ASN1_LIB); goto err; } } else if (d2i(pp, &p, len) == NULL) { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); + PEMerr(0, ERR_R_ASN1_LIB); goto err; } } else { /* encrypted RSA data */ @@ -251,6 +267,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, return ret; } +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u) +{ + return PEM_X509_INFO_read_bio_with_libctx(bp, sk, cb, u, NULL, NULL); +} + /* A TJH addition */ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, const unsigned char *kstr, int klen, diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index ee9b6764a6..c60eed97c0 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -39,7 +39,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) return NULL; - if ((ctx = OSSL_STORE_attach(bp, libctx, "file", propq, ui_method, u, + if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u, NULL, NULL)) == NULL) goto err; #ifndef OPENSSL_NO_SECURE_HEAP @@ -50,7 +50,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } #endif - while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { + while (!OSSL_STORE_eof(ctx) + && (info = OSSL_STORE_load(ctx)) != NULL) { if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) { ret = OSSL_STORE_INFO_get1_PKEY(info); break; @@ -106,7 +107,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) OSSL_STORE_CTX *ctx = NULL; OSSL_STORE_INFO *info = NULL; - if ((ctx = OSSL_STORE_attach(bp, NULL, "file", NULL, UI_null(), NULL, + if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, UI_null(), NULL, NULL, NULL)) == NULL) goto err; @@ -201,7 +202,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) return NULL; - if ((ctx = OSSL_STORE_attach(bp, NULL, "file", NULL, ui_method, u, + if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, ui_method, u, NULL, NULL)) == NULL) goto err; |