diff options
Diffstat (limited to 'src/crypto/pem/pem_info.c')
-rw-r--r-- | src/crypto/pem/pem_info.c | 306 |
1 files changed, 144 insertions, 162 deletions
diff --git a/src/crypto/pem/pem_info.c b/src/crypto/pem/pem_info.c index d707e426..3627a450 100644 --- a/src/crypto/pem/pem_info.c +++ b/src/crypto/pem/pem_info.c @@ -75,221 +75,203 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { - BIO *b; - STACK_OF(X509_INFO) *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { + BIO *b = BIO_new_fp(fp, BIO_NOCLOSE); + if (b == NULL) { OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); - return (0); + return 0; } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_X509_INFO_read_bio(b, sk, cb, u); + STACK_OF(X509_INFO) *ret = PEM_X509_INFO_read_bio(b, sk, cb, u); BIO_free(b); - return (ret); + return ret; } #endif +enum parse_result_t { + parse_ok, + parse_error, + parse_new_entry, +}; + +static enum parse_result_t parse_x509(X509_INFO *info, const uint8_t *data, + size_t len, int key_type) +{ + if (info->x509 != NULL) { + return parse_new_entry; + } + info->x509 = d2i_X509(NULL, &data, len); + return info->x509 != NULL ? parse_ok : parse_error; +} + +static enum parse_result_t parse_x509_aux(X509_INFO *info, const uint8_t *data, + size_t len, int key_type) +{ + if (info->x509 != NULL) { + return parse_new_entry; + } + info->x509 = d2i_X509_AUX(NULL, &data, len); + return info->x509 != NULL ? parse_ok : parse_error; +} + +static enum parse_result_t parse_crl(X509_INFO *info, const uint8_t *data, + size_t len, int key_type) +{ + if (info->crl != NULL) { + return parse_new_entry; + } + info->crl = d2i_X509_CRL(NULL, &data, len); + return info->crl != NULL ? parse_ok : parse_error; +} + +static enum parse_result_t parse_key(X509_INFO *info, const uint8_t *data, + size_t len, int key_type) +{ + if (info->x_pkey != NULL) { + return parse_new_entry; + } + info->x_pkey = X509_PKEY_new(); + if (info->x_pkey == NULL) { + return parse_error; + } + info->x_pkey->dec_pkey = d2i_PrivateKey(key_type, NULL, &data, len); + return info->x_pkey->dec_pkey != NULL ? parse_ok : parse_error; +} + STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { - X509_INFO *xi = NULL; + X509_INFO *info = NULL; char *name = NULL, *header = NULL; - void *pp; unsigned char *data = NULL; - const unsigned char *p; - long len, error = 0; + long len; int ok = 0; STACK_OF(X509_INFO) *ret = NULL; - unsigned int i, raw, ptype; - d2i_of_void *d2i = 0; if (sk == NULL) { - if ((ret = sk_X509_INFO_new_null()) == NULL) { + ret = sk_X509_INFO_new_null(); + if (ret == NULL) { OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } - } else + } else { ret = sk; + } + size_t orig_num = sk_X509_INFO_num(ret); - if ((xi = X509_INFO_new()) == NULL) + info = X509_INFO_new(); + if (info == NULL) { goto err; + } + for (;;) { - raw = 0; - ptype = 0; - i = PEM_read_bio(bp, &name, &header, &data, &len); - if (i == 0) { - error = ERR_GET_REASON(ERR_peek_last_error()); - if (error == PEM_R_NO_START_LINE) { + if (!PEM_read_bio(bp, &name, &header, &data, &len)) { + uint32_t error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_PEM && + ERR_GET_REASON(error) == PEM_R_NO_START_LINE) { ERR_clear_error(); break; } goto err; } - start: - if ((strcmp(name, PEM_STRING_X509) == 0) || - (strcmp(name, PEM_STRING_X509_OLD) == 0)) { - d2i = (D2I_OF(void)) d2i_X509; - if (xi->x509 != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; - } - pp = &(xi->x509); - } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) { - d2i = (D2I_OF(void)) d2i_X509_AUX; - if (xi->x509 != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; - } - pp = &(xi->x509); + + enum parse_result_t (*parse_function)(X509_INFO *, const uint8_t *, + size_t, int) = NULL; + int key_type = EVP_PKEY_NONE; + if (strcmp(name, PEM_STRING_X509) == 0 || + strcmp(name, PEM_STRING_X509_OLD) == 0) { + parse_function = parse_x509; + } else if (strcmp(name, PEM_STRING_X509_TRUSTED) == 0) { + parse_function = parse_x509_aux; } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { - d2i = (D2I_OF(void)) d2i_X509_CRL; - if (xi->crl != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; - } - pp = &(xi->crl); + parse_function = parse_crl; } else if (strcmp(name, PEM_STRING_RSA) == 0) { - d2i = (D2I_OF(void)) d2i_RSAPrivateKey; - if (xi->x_pkey != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; - } - - xi->enc_data = NULL; - xi->enc_len = 0; + parse_function = parse_key; + key_type = EVP_PKEY_RSA; + } else if (strcmp(name, PEM_STRING_DSA) == 0) { + parse_function = parse_key; + key_type = EVP_PKEY_DSA; + } else if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) { + parse_function = parse_key; + key_type = EVP_PKEY_EC; + } - xi->x_pkey = X509_PKEY_new(); - ptype = EVP_PKEY_RSA; - pp = &xi->x_pkey->dec_pkey; - if ((int)strlen(header) > 10) /* assume encrypted */ - raw = 1; - } else -#ifndef OPENSSL_NO_DSA - if (strcmp(name, PEM_STRING_DSA) == 0) { - d2i = (D2I_OF(void)) d2i_DSAPrivateKey; - if (xi->x_pkey != NULL) { - if (!sk_X509_INFO_push(ret, xi)) + /* If a private key has a header, assume it is encrypted. */ + if (key_type != EVP_PKEY_NONE && strlen(header) > 10) { + if (info->x_pkey != NULL) { + if (!sk_X509_INFO_push(ret, info)) { goto err; - if ((xi = X509_INFO_new()) == NULL) + } + info = X509_INFO_new(); + if (info == NULL) { goto err; - goto start; + } } - - xi->enc_data = NULL; - xi->enc_len = 0; - - xi->x_pkey = X509_PKEY_new(); - ptype = EVP_PKEY_DSA; - pp = &xi->x_pkey->dec_pkey; - if ((int)strlen(header) > 10) /* assume encrypted */ - raw = 1; - } else -#endif - if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) { - d2i = (D2I_OF(void)) d2i_ECPrivateKey; - if (xi->x_pkey != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; + /* Historically, raw entries pushed an empty key. */ + info->x_pkey = X509_PKEY_new(); + if (info->x_pkey == NULL || + !PEM_get_EVP_CIPHER_INFO(header, &info->enc_cipher)) { + goto err; } - - xi->enc_data = NULL; - xi->enc_len = 0; - - xi->x_pkey = X509_PKEY_new(); - ptype = EVP_PKEY_EC; - pp = &xi->x_pkey->dec_pkey; - if ((int)strlen(header) > 10) /* assume encrypted */ - raw = 1; - } else { - d2i = NULL; - pp = NULL; - } - - if (d2i != NULL) { - if (!raw) { - EVP_CIPHER_INFO cipher; - - if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) - goto err; - if (!PEM_do_header(&cipher, data, &len, cb, u)) - goto err; - p = data; - if (ptype) { - if (!d2i_PrivateKey(ptype, pp, &p, len)) { - OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); - goto err; - } - } else if (d2i(pp, &p, len) == NULL) { - OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); + info->enc_data = (char *)data; + info->enc_len = (int)len; + data = NULL; + } else if (parse_function != NULL) { + EVP_CIPHER_INFO cipher; + if (!PEM_get_EVP_CIPHER_INFO(header, &cipher) || + !PEM_do_header(&cipher, data, &len, cb, u)) { + goto err; + } + enum parse_result_t result = + parse_function(info, data, len, key_type); + if (result == parse_new_entry) { + if (!sk_X509_INFO_push(ret, info)) { goto err; } - } else { /* encrypted RSA data */ - if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher)) + info = X509_INFO_new(); + if (info == NULL) { goto err; - xi->enc_data = (char *)data; - xi->enc_len = (int)len; - data = NULL; + } + result = parse_function(info, data, len, key_type); + } + if (result != parse_ok) { + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); + goto err; } - } else { - /* unknown */ } - if (name != NULL) - OPENSSL_free(name); - if (header != NULL) - OPENSSL_free(header); - if (data != NULL) - OPENSSL_free(data); + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); name = NULL; header = NULL; data = NULL; } - /* - * if the last one hasn't been pushed yet and there is anything in it - * then add it to the stack ... - */ - if ((xi->x509 != NULL) || (xi->crl != NULL) || - (xi->x_pkey != NULL) || (xi->enc_data != NULL)) { - if (!sk_X509_INFO_push(ret, xi)) + /* Push the last entry on the stack if not empty. */ + if (info->x509 != NULL || info->crl != NULL || + info->x_pkey != NULL || info->enc_data != NULL) { + if (!sk_X509_INFO_push(ret, info)) { goto err; - xi = NULL; + } + info = NULL; } + ok = 1; + err: - if (xi != NULL) - X509_INFO_free(xi); + X509_INFO_free(info); if (!ok) { - for (i = 0; i < sk_X509_INFO_num(ret); i++) { - xi = sk_X509_INFO_value(ret, i); - X509_INFO_free(xi); + while (sk_X509_INFO_num(ret) > orig_num) { + X509_INFO_free(sk_X509_INFO_pop(ret)); } - if (ret != sk) + if (ret != sk) { sk_X509_INFO_free(ret); + } ret = NULL; } - if (name != NULL) - OPENSSL_free(name); - if (header != NULL) - OPENSSL_free(header); - if (data != NULL) - OPENSSL_free(data); - return (ret); + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + return ret; } /* A TJH addition */ |