From 6e5ccd58c85f05f8d47a1682125a207dbc694768 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 18 Aug 2020 21:38:56 +0200 Subject: PEM: Add more library context aware PEM readers PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to complete PEM_read_bio_PrivateKey_ex(). They are all refactored to be wrappers around the same internal function. Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12673) --- crypto/pem/pem_all.c | 1 - crypto/pem/pem_pkey.c | 123 ++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 89 insertions(+), 35 deletions(-) (limited to 'crypto/pem') diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 9b803082c6..bf7159a6ad 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -181,4 +181,3 @@ IMPLEMENT_PEM_write(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) IMPLEMENT_PEM_write(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) #endif IMPLEMENT_PEM_provided_write(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) -IMPLEMENT_PEM_read(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index c60eed97c0..4ee5bb7009 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -27,23 +27,39 @@ int pem_check_suffix(const char *pem_str, const char *suffix); -EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u, OPENSSL_CTX *libctx, - const char *propq) +static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq, + int expected_store_info_type, + int try_secure) { EVP_PKEY *ret = NULL; OSSL_STORE_CTX *ctx = NULL; OSSL_STORE_INFO *info = NULL; - UI_METHOD *ui_method = NULL; + const UI_METHOD *ui_method = NULL; + UI_METHOD *allocated_ui_method = NULL; - if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) + if (expected_store_info_type != OSSL_STORE_INFO_PKEY + && expected_store_info_type != OSSL_STORE_INFO_PUBKEY + && expected_store_info_type != OSSL_STORE_INFO_PARAMS) { + ERR_raise(ERR_LIB_PEM, ERR_R_PASSED_INVALID_ARGUMENT); + return NULL; + } + + if (u != NULL && cb == NULL) + cb = PEM_def_callback; + if (cb == NULL) + ui_method = UI_null(); + else + ui_method = allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0); + if (ui_method == NULL) return NULL; if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u, NULL, NULL)) == NULL) goto err; #ifndef OPENSSL_NO_SECURE_HEAP - { + if (try_secure) { int on = 1; if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on)) goto err; @@ -52,9 +68,18 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { - if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) { - ret = OSSL_STORE_INFO_get1_PKEY(info); - break; + if (OSSL_STORE_INFO_get_type(info) == expected_store_info_type) { + switch (expected_store_info_type) { + case OSSL_STORE_INFO_PKEY: + ret = OSSL_STORE_INFO_get1_PKEY(info); + break; + case OSSL_STORE_INFO_PUBKEY: + ret = OSSL_STORE_INFO_get1_PUBKEY(info); + break; + case OSSL_STORE_INFO_PARAMS: + ret = OSSL_STORE_INFO_get1_PARAMS(info); + break; + } } OSSL_STORE_INFO_free(info); info = NULL; @@ -65,11 +90,57 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, err: OSSL_STORE_close(ctx); - UI_destroy_method(ui_method); + UI_destroy_method(allocated_ui_method); OSSL_STORE_INFO_free(info); return ret; } +EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) +{ + return pem_read_bio_key(bp, x, cb, u, libctx, propq, + OSSL_STORE_INFO_PUBKEY, 0); +} + +EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u) +{ + return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL); +} + +#ifndef OPENSSL_NO_STDIO +EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) +{ + BIO *b; + EVP_PKEY *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerr(0, ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq); + BIO_free(b); + return ret; +} + +EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL); +} +#endif + +EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) +{ + return pem_read_bio_key(bp, x, cb, u, libctx, propq, + OSSL_STORE_INFO_PKEY, 1); +} + EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) { @@ -101,32 +172,16 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, pem_str, bp, x, enc, kstr, klen, cb, u); } -EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) +EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, + OPENSSL_CTX *libctx, const char *propq) { - EVP_PKEY *ret = NULL; - OSSL_STORE_CTX *ctx = NULL; - OSSL_STORE_INFO *info = NULL; - - if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, UI_null(), NULL, - NULL, NULL)) == NULL) - goto err; - - while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { - if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) { - ret = OSSL_STORE_INFO_get1_PARAMS(info); - break; - } - OSSL_STORE_INFO_free(info); - info = NULL; - } - - if (ret != NULL && x != NULL) - *x = ret; + return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq, + OSSL_STORE_INFO_PARAMS, 0); +} - err: - OSSL_STORE_close(ctx); - OSSL_STORE_INFO_free(info); - return ret; +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) +{ + return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL); } PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio) -- cgit v1.2.3