diff options
| author | Benjamin Kaduk <bkaduk@akamai.com> | 2016-02-29 15:47:12 -0600 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2017-05-08 21:20:31 +0200 |
| commit | 7671342e550ed2de676b23c79d0e7f45a381c76e (patch) | |
| tree | d474ef749646ba89f5001634955e229a0a60b580 /crypto | |
| parent | 204afd81b12c71d625e89599c0eef33588afc1f0 (diff) | |
Add PEM_bytes_read_bio_secmem()
Split the PEM_bytes_read_bio() implementation out into a
pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE
as needed. Adjust the cleanup to properly use OPENSSL_secure_free()
when needed, and reimplement PEM_bytes_read() as a wrapper around
the _flags helper.
Add documentation for PEM_bytes_read_bio() and the new secmem variant.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/pem/pem_lib.c | 45 |
1 files changed, 29 insertions, 16 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 24320131a4..75b022e224 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -242,9 +242,10 @@ static void *pem_malloc(int num, unsigned int flags) : OPENSSL_malloc(num); } -int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u) +static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen, + char **pnm, const char *name, BIO *bp, + pem_password_cb *cb, void *u, + unsigned int flags) { EVP_CIPHER_INFO cipher; char *nm = NULL, *header = NULL; @@ -252,18 +253,16 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, long len; int ret = 0; - for (;;) { - if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { + do { + pem_free(nm, flags); + pem_free(header, flags); + pem_free(data, flags); + if (!PEM_read_bio_ex(bp, &nm, &header, &data, &len, flags)) { if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) ERR_add_error_data(2, "Expecting: ", name); return 0; } - if (check_pem(nm, name)) - break; - OPENSSL_free(nm); - OPENSSL_free(header); - OPENSSL_free(data); - } + } while (!check_pem(nm, name)); if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) goto err; if (!PEM_do_header(&cipher, data, &len, cb, u)) @@ -272,20 +271,34 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, *pdata = data; *plen = len; - if (pnm) + if (pnm != NULL) *pnm = nm; ret = 1; err: - if (!ret || !pnm) - OPENSSL_free(nm); - OPENSSL_free(header); + if (!ret || pnm == NULL) + pem_free(nm, flags); + pem_free(header, flags); if (!ret) - OPENSSL_free(data); + pem_free(data, flags); return ret; } +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u) { + return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, + PEM_FLAG_EAY_COMPATIBLE); +} + +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u) { + return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, + PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE); +} + #ifndef OPENSSL_NO_STDIO int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x, const EVP_CIPHER *enc, unsigned char *kstr, |