summaryrefslogtreecommitdiff
path: root/src/crypto/pem/pem_info.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/pem/pem_info.c')
-rw-r--r--src/crypto/pem/pem_info.c306
1 files changed, 144 insertions, 162 deletions
diff --git a/src/crypto/pem/pem_info.c b/src/crypto/pem/pem_info.c
index d707e426..3627a450 100644
--- a/src/crypto/pem/pem_info.c
+++ b/src/crypto/pem/pem_info.c
@@ -75,221 +75,203 @@
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u)
{
- BIO *b;
- STACK_OF(X509_INFO) *ret;
-
- if ((b = BIO_new(BIO_s_file())) == NULL) {
+ BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);
+ if (b == NULL) {
OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);
- return (0);
+ return 0;
}
- BIO_set_fp(b, fp, BIO_NOCLOSE);
- ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
+ STACK_OF(X509_INFO) *ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
BIO_free(b);
- return (ret);
+ return ret;
}
#endif
+enum parse_result_t {
+ parse_ok,
+ parse_error,
+ parse_new_entry,
+};
+
+static enum parse_result_t parse_x509(X509_INFO *info, const uint8_t *data,
+ size_t len, int key_type)
+{
+ if (info->x509 != NULL) {
+ return parse_new_entry;
+ }
+ info->x509 = d2i_X509(NULL, &data, len);
+ return info->x509 != NULL ? parse_ok : parse_error;
+}
+
+static enum parse_result_t parse_x509_aux(X509_INFO *info, const uint8_t *data,
+ size_t len, int key_type)
+{
+ if (info->x509 != NULL) {
+ return parse_new_entry;
+ }
+ info->x509 = d2i_X509_AUX(NULL, &data, len);
+ return info->x509 != NULL ? parse_ok : parse_error;
+}
+
+static enum parse_result_t parse_crl(X509_INFO *info, const uint8_t *data,
+ size_t len, int key_type)
+{
+ if (info->crl != NULL) {
+ return parse_new_entry;
+ }
+ info->crl = d2i_X509_CRL(NULL, &data, len);
+ return info->crl != NULL ? parse_ok : parse_error;
+}
+
+static enum parse_result_t parse_key(X509_INFO *info, const uint8_t *data,
+ size_t len, int key_type)
+{
+ if (info->x_pkey != NULL) {
+ return parse_new_entry;
+ }
+ info->x_pkey = X509_PKEY_new();
+ if (info->x_pkey == NULL) {
+ return parse_error;
+ }
+ info->x_pkey->dec_pkey = d2i_PrivateKey(key_type, NULL, &data, len);
+ return info->x_pkey->dec_pkey != NULL ? parse_ok : parse_error;
+}
+
STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u)
{
- X509_INFO *xi = NULL;
+ X509_INFO *info = NULL;
char *name = NULL, *header = NULL;
- void *pp;
unsigned char *data = NULL;
- const unsigned char *p;
- long len, error = 0;
+ long len;
int ok = 0;
STACK_OF(X509_INFO) *ret = NULL;
- unsigned int i, raw, ptype;
- d2i_of_void *d2i = 0;
if (sk == NULL) {
- if ((ret = sk_X509_INFO_new_null()) == NULL) {
+ ret = sk_X509_INFO_new_null();
+ if (ret == NULL) {
OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);
- goto err;
+ return NULL;
}
- } else
+ } else {
ret = sk;
+ }
+ size_t orig_num = sk_X509_INFO_num(ret);
- if ((xi = X509_INFO_new()) == NULL)
+ info = X509_INFO_new();
+ if (info == NULL) {
goto err;
+ }
+
for (;;) {
- raw = 0;
- ptype = 0;
- i = PEM_read_bio(bp, &name, &header, &data, &len);
- if (i == 0) {
- error = ERR_GET_REASON(ERR_peek_last_error());
- if (error == PEM_R_NO_START_LINE) {
+ if (!PEM_read_bio(bp, &name, &header, &data, &len)) {
+ uint32_t error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) == ERR_LIB_PEM &&
+ ERR_GET_REASON(error) == PEM_R_NO_START_LINE) {
ERR_clear_error();
break;
}
goto err;
}
- start:
- if ((strcmp(name, PEM_STRING_X509) == 0) ||
- (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
- d2i = (D2I_OF(void)) d2i_X509;
- if (xi->x509 != NULL) {
- if (!sk_X509_INFO_push(ret, xi))
- goto err;
- if ((xi = X509_INFO_new()) == NULL)
- goto err;
- goto start;
- }
- pp = &(xi->x509);
- } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
- d2i = (D2I_OF(void)) d2i_X509_AUX;
- if (xi->x509 != NULL) {
- if (!sk_X509_INFO_push(ret, xi))
- goto err;
- if ((xi = X509_INFO_new()) == NULL)
- goto err;
- goto start;
- }
- pp = &(xi->x509);
+
+ enum parse_result_t (*parse_function)(X509_INFO *, const uint8_t *,
+ size_t, int) = NULL;
+ int key_type = EVP_PKEY_NONE;
+ if (strcmp(name, PEM_STRING_X509) == 0 ||
+ strcmp(name, PEM_STRING_X509_OLD) == 0) {
+ parse_function = parse_x509;
+ } else if (strcmp(name, PEM_STRING_X509_TRUSTED) == 0) {
+ parse_function = parse_x509_aux;
} else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
- d2i = (D2I_OF(void)) d2i_X509_CRL;
- if (xi->crl != NULL) {
- if (!sk_X509_INFO_push(ret, xi))
- goto err;
- if ((xi = X509_INFO_new()) == NULL)
- goto err;
- goto start;
- }
- pp = &(xi->crl);
+ parse_function = parse_crl;
} else if (strcmp(name, PEM_STRING_RSA) == 0) {
- d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
- if (xi->x_pkey != NULL) {
- if (!sk_X509_INFO_push(ret, xi))
- goto err;
- if ((xi = X509_INFO_new()) == NULL)
- goto err;
- goto start;
- }
-
- xi->enc_data = NULL;
- xi->enc_len = 0;
+ parse_function = parse_key;
+ key_type = EVP_PKEY_RSA;
+ } else if (strcmp(name, PEM_STRING_DSA) == 0) {
+ parse_function = parse_key;
+ key_type = EVP_PKEY_DSA;
+ } else if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
+ parse_function = parse_key;
+ key_type = EVP_PKEY_EC;
+ }
- xi->x_pkey = X509_PKEY_new();
- ptype = EVP_PKEY_RSA;
- pp = &xi->x_pkey->dec_pkey;
- if ((int)strlen(header) > 10) /* assume encrypted */
- raw = 1;
- } else
-#ifndef OPENSSL_NO_DSA
- if (strcmp(name, PEM_STRING_DSA) == 0) {
- d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
- if (xi->x_pkey != NULL) {
- if (!sk_X509_INFO_push(ret, xi))
+ /* If a private key has a header, assume it is encrypted. */
+ if (key_type != EVP_PKEY_NONE && strlen(header) > 10) {
+ if (info->x_pkey != NULL) {
+ if (!sk_X509_INFO_push(ret, info)) {
goto err;
- if ((xi = X509_INFO_new()) == NULL)
+ }
+ info = X509_INFO_new();
+ if (info == NULL) {
goto err;
- goto start;
+ }
}
-
- xi->enc_data = NULL;
- xi->enc_len = 0;
-
- xi->x_pkey = X509_PKEY_new();
- ptype = EVP_PKEY_DSA;
- pp = &xi->x_pkey->dec_pkey;
- if ((int)strlen(header) > 10) /* assume encrypted */
- raw = 1;
- } else
-#endif
- if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
- d2i = (D2I_OF(void)) d2i_ECPrivateKey;
- if (xi->x_pkey != NULL) {
- if (!sk_X509_INFO_push(ret, xi))
- goto err;
- if ((xi = X509_INFO_new()) == NULL)
- goto err;
- goto start;
+ /* Historically, raw entries pushed an empty key. */
+ info->x_pkey = X509_PKEY_new();
+ if (info->x_pkey == NULL ||
+ !PEM_get_EVP_CIPHER_INFO(header, &info->enc_cipher)) {
+ goto err;
}
-
- xi->enc_data = NULL;
- xi->enc_len = 0;
-
- xi->x_pkey = X509_PKEY_new();
- ptype = EVP_PKEY_EC;
- pp = &xi->x_pkey->dec_pkey;
- if ((int)strlen(header) > 10) /* assume encrypted */
- raw = 1;
- } else {
- d2i = NULL;
- pp = NULL;
- }
-
- if (d2i != NULL) {
- if (!raw) {
- EVP_CIPHER_INFO cipher;
-
- if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
- goto err;
- if (!PEM_do_header(&cipher, data, &len, cb, u))
- goto err;
- p = data;
- if (ptype) {
- if (!d2i_PrivateKey(ptype, pp, &p, len)) {
- OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
- goto err;
- }
- } else if (d2i(pp, &p, len) == NULL) {
- OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
+ info->enc_data = (char *)data;
+ info->enc_len = (int)len;
+ data = NULL;
+ } else if (parse_function != NULL) {
+ EVP_CIPHER_INFO cipher;
+ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher) ||
+ !PEM_do_header(&cipher, data, &len, cb, u)) {
+ goto err;
+ }
+ enum parse_result_t result =
+ parse_function(info, data, len, key_type);
+ if (result == parse_new_entry) {
+ if (!sk_X509_INFO_push(ret, info)) {
goto err;
}
- } else { /* encrypted RSA data */
- if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
+ info = X509_INFO_new();
+ if (info == NULL) {
goto err;
- xi->enc_data = (char *)data;
- xi->enc_len = (int)len;
- data = NULL;
+ }
+ result = parse_function(info, data, len, key_type);
+ }
+ if (result != parse_ok) {
+ OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
+ goto err;
}
- } else {
- /* unknown */
}
- if (name != NULL)
- OPENSSL_free(name);
- if (header != NULL)
- OPENSSL_free(header);
- if (data != NULL)
- OPENSSL_free(data);
+ OPENSSL_free(name);
+ OPENSSL_free(header);
+ OPENSSL_free(data);
name = NULL;
header = NULL;
data = NULL;
}
- /*
- * if the last one hasn't been pushed yet and there is anything in it
- * then add it to the stack ...
- */
- if ((xi->x509 != NULL) || (xi->crl != NULL) ||
- (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
- if (!sk_X509_INFO_push(ret, xi))
+ /* Push the last entry on the stack if not empty. */
+ if (info->x509 != NULL || info->crl != NULL ||
+ info->x_pkey != NULL || info->enc_data != NULL) {
+ if (!sk_X509_INFO_push(ret, info)) {
goto err;
- xi = NULL;
+ }
+ info = NULL;
}
+
ok = 1;
+
err:
- if (xi != NULL)
- X509_INFO_free(xi);
+ X509_INFO_free(info);
if (!ok) {
- for (i = 0; i < sk_X509_INFO_num(ret); i++) {
- xi = sk_X509_INFO_value(ret, i);
- X509_INFO_free(xi);
+ while (sk_X509_INFO_num(ret) > orig_num) {
+ X509_INFO_free(sk_X509_INFO_pop(ret));
}
- if (ret != sk)
+ if (ret != sk) {
sk_X509_INFO_free(ret);
+ }
ret = NULL;
}
- if (name != NULL)
- OPENSSL_free(name);
- if (header != NULL)
- OPENSSL_free(header);
- if (data != NULL)
- OPENSSL_free(data);
- return (ret);
+ OPENSSL_free(name);
+ OPENSSL_free(header);
+ OPENSSL_free(data);
+ return ret;
}
/* A TJH addition */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 10:55:00 +0000