PEM: Add more library context aware PEM readers

PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to complete PEM_read_bio_PrivateKey_ex(). They are all refactored to be wrappers around the same internal function. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12673)
author: Richard Levitte <levitte@openssl.org> 2020-08-18 21:38:56 +0200
committer: Richard Levitte <levitte@openssl.org> 2020-08-20 12:37:35 +0200
commit: 6e5ccd58c85f05f8d47a1682125a207dbc694768 (patch)
tree: 505b0058ebf662bbd75ac103b35227175b9c0759 /crypto/pem
parent: 2274d22d39fd65b83c9c969cba86c8f03b3e0bec (diff)
2 files changed, 89 insertions, 35 deletions
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 9b803082c6..bf7159a6ad 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -181,4 +181,3 @@ IMPLEMENT_PEM_write(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 IMPLEMENT_PEM_write(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
 #endif
 IMPLEMENT_PEM_provided_write(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
-IMPLEMENT_PEM_read(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index c60eed97c0..4ee5bb7009 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -27,23 +27,39 @@
 
 int pem_check_suffix(const char *pem_str, const char *suffix);
 
-EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
-                                     void *u, OPENSSL_CTX *libctx,
-                                     const char *propq)
+static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
+                                  pem_password_cb *cb, void *u,
+                                  OPENSSL_CTX *libctx, const char *propq,
+                                  int expected_store_info_type,
+                                  int try_secure)
 {
     EVP_PKEY *ret = NULL;
     OSSL_STORE_CTX *ctx = NULL;
     OSSL_STORE_INFO *info = NULL;
-    UI_METHOD *ui_method = NULL;
+    const UI_METHOD *ui_method = NULL;
+    UI_METHOD *allocated_ui_method = NULL;
 
-    if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL)
+    if (expected_store_info_type != OSSL_STORE_INFO_PKEY
+        && expected_store_info_type != OSSL_STORE_INFO_PUBKEY
+        && expected_store_info_type != OSSL_STORE_INFO_PARAMS) {
+        ERR_raise(ERR_LIB_PEM, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
+    if (u != NULL && cb == NULL)
+        cb = PEM_def_callback;
+    if (cb == NULL)
+        ui_method = UI_null();
+    else
+        ui_method = allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0);
+    if (ui_method == NULL)
         return NULL;
 
     if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
                                  NULL, NULL)) == NULL)
         goto err;
 #ifndef OPENSSL_NO_SECURE_HEAP
-    {
+   if (try_secure) {
         int on = 1;
         if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on))
             goto err;
@@ -52,9 +68,18 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
 
     while (!OSSL_STORE_eof(ctx)
            && (info = OSSL_STORE_load(ctx)) != NULL) {
-        if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
-            ret = OSSL_STORE_INFO_get1_PKEY(info);
-            break;
+        if (OSSL_STORE_INFO_get_type(info) == expected_store_info_type) {
+            switch (expected_store_info_type) {
+            case OSSL_STORE_INFO_PKEY:
+                ret = OSSL_STORE_INFO_get1_PKEY(info);
+                break;
+            case OSSL_STORE_INFO_PUBKEY:
+                ret = OSSL_STORE_INFO_get1_PUBKEY(info);
+                break;
+            case OSSL_STORE_INFO_PARAMS:
+                ret = OSSL_STORE_INFO_get1_PARAMS(info);
+                break;
+            }
         }
         OSSL_STORE_INFO_free(info);
         info = NULL;
@@ -65,11 +90,57 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
 
  err:
     OSSL_STORE_close(ctx);
-    UI_destroy_method(ui_method);
+    UI_destroy_method(allocated_ui_method);
     OSSL_STORE_INFO_free(info);
     return ret;
 }
 
+EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
+                                 pem_password_cb *cb, void *u,
+                                 OPENSSL_CTX *libctx, const char *propq)
+{
+    return pem_read_bio_key(bp, x, cb, u, libctx, propq,
+                            OSSL_STORE_INFO_PUBKEY, 0);
+}
+
+EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                              void *u)
+{
+    return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL);
+}
+
+#ifndef OPENSSL_NO_STDIO
+EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
+                             pem_password_cb *cb, void *u,
+                             OPENSSL_CTX *libctx, const char *propq)
+{
+    BIO *b;
+    EVP_PKEY *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(0, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq);
+    BIO_free(b);
+    return ret;
+}
+
+EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+    return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL);
+}
+#endif
+
+EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
+                                     pem_password_cb *cb, void *u,
+                                     OPENSSL_CTX *libctx, const char *propq)
+{
+    return pem_read_bio_key(bp, x, cb, u, libctx, propq,
+                            OSSL_STORE_INFO_PKEY, 1);
+}
+
 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                   void *u)
 {
@@ -101,32 +172,16 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
                               pem_str, bp, x, enc, kstr, klen, cb, u);
 }
 
-EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
+                                     OPENSSL_CTX *libctx, const char *propq)
 {
-    EVP_PKEY *ret = NULL;
-    OSSL_STORE_CTX *ctx = NULL;
-    OSSL_STORE_INFO *info = NULL;
-
-    if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, UI_null(), NULL,
-                                 NULL, NULL)) == NULL)
-        goto err;
-
-    while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) {
-        if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) {
-            ret = OSSL_STORE_INFO_get1_PARAMS(info);
-            break;
-        }
-        OSSL_STORE_INFO_free(info);
-        info = NULL;
-    }
-
-    if (ret != NULL && x != NULL)
-        *x = ret;
+    return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
+                            OSSL_STORE_INFO_PARAMS, 0);
+}
 
- err:
-    OSSL_STORE_close(ctx);
-    OSSL_STORE_INFO_free(info);
-    return ret;
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+{
+    return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL);
 }
 
 PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio)
author	Richard Levitte <levitte@openssl.org>	2020-08-18 21:38:56 +0200
committer	Richard Levitte <levitte@openssl.org>	2020-08-20 12:37:35 +0200
commit	6e5ccd58c85f05f8d47a1682125a207dbc694768 (patch)
tree	505b0058ebf662bbd75ac103b35227175b9c0759 /crypto/pem
parent	2274d22d39fd65b83c9c969cba86c8f03b3e0bec (diff)