summaryrefslogtreecommitdiffstats
path: root/crypto/pem
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-08-18 21:38:56 +0200
committerRichard Levitte <levitte@openssl.org>2020-08-20 12:37:35 +0200
commit6e5ccd58c85f05f8d47a1682125a207dbc694768 (patch)
tree505b0058ebf662bbd75ac103b35227175b9c0759 /crypto/pem
parentSTORE: Distinguish public keys from private keys (diff)
downloadopenssl-6e5ccd58c85f05f8d47a1682125a207dbc694768.tar.xz
openssl-6e5ccd58c85f05f8d47a1682125a207dbc694768.zip
PEM: Add more library context aware PEM readers
PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to complete PEM_read_bio_PrivateKey_ex(). They are all refactored to be wrappers around the same internal function. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12673)
Diffstat (limited to 'crypto/pem')
-rw-r--r--crypto/pem/pem_all.c1
-rw-r--r--crypto/pem/pem_pkey.c123
2 files changed, 89 insertions, 35 deletions
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 9b803082c6..bf7159a6ad 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -181,4 +181,3 @@ IMPLEMENT_PEM_write(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
IMPLEMENT_PEM_write(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
#endif
IMPLEMENT_PEM_provided_write(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
-IMPLEMENT_PEM_read(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index c60eed97c0..4ee5bb7009 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -27,23 +27,39 @@
int pem_check_suffix(const char *pem_str, const char *suffix);
-EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
- void *u, OPENSSL_CTX *libctx,
- const char *propq)
+static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u,
+ OPENSSL_CTX *libctx, const char *propq,
+ int expected_store_info_type,
+ int try_secure)
{
EVP_PKEY *ret = NULL;
OSSL_STORE_CTX *ctx = NULL;
OSSL_STORE_INFO *info = NULL;
- UI_METHOD *ui_method = NULL;
+ const UI_METHOD *ui_method = NULL;
+ UI_METHOD *allocated_ui_method = NULL;
- if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL)
+ if (expected_store_info_type != OSSL_STORE_INFO_PKEY
+ && expected_store_info_type != OSSL_STORE_INFO_PUBKEY
+ && expected_store_info_type != OSSL_STORE_INFO_PARAMS) {
+ ERR_raise(ERR_LIB_PEM, ERR_R_PASSED_INVALID_ARGUMENT);
+ return NULL;
+ }
+
+ if (u != NULL && cb == NULL)
+ cb = PEM_def_callback;
+ if (cb == NULL)
+ ui_method = UI_null();
+ else
+ ui_method = allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0);
+ if (ui_method == NULL)
return NULL;
if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
NULL, NULL)) == NULL)
goto err;
#ifndef OPENSSL_NO_SECURE_HEAP
- {
+ if (try_secure) {
int on = 1;
if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on))
goto err;
@@ -52,9 +68,18 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
while (!OSSL_STORE_eof(ctx)
&& (info = OSSL_STORE_load(ctx)) != NULL) {
- if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
- ret = OSSL_STORE_INFO_get1_PKEY(info);
- break;
+ if (OSSL_STORE_INFO_get_type(info) == expected_store_info_type) {
+ switch (expected_store_info_type) {
+ case OSSL_STORE_INFO_PKEY:
+ ret = OSSL_STORE_INFO_get1_PKEY(info);
+ break;
+ case OSSL_STORE_INFO_PUBKEY:
+ ret = OSSL_STORE_INFO_get1_PUBKEY(info);
+ break;
+ case OSSL_STORE_INFO_PARAMS:
+ ret = OSSL_STORE_INFO_get1_PARAMS(info);
+ break;
+ }
}
OSSL_STORE_INFO_free(info);
info = NULL;
@@ -65,11 +90,57 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
err:
OSSL_STORE_close(ctx);
- UI_destroy_method(ui_method);
+ UI_destroy_method(allocated_ui_method);
OSSL_STORE_INFO_free(info);
return ret;
}
+EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u,
+ OPENSSL_CTX *libctx, const char *propq)
+{
+ return pem_read_bio_key(bp, x, cb, u, libctx, propq,
+ OSSL_STORE_INFO_PUBKEY, 0);
+}
+
+EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+ void *u)
+{
+ return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL);
+}
+
+#ifndef OPENSSL_NO_STDIO
+EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u,
+ OPENSSL_CTX *libctx, const char *propq)
+{
+ BIO *b;
+ EVP_PKEY *ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ PEMerr(0, ERR_R_BUF_LIB);
+ return 0;
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq);
+ BIO_free(b);
+ return ret;
+}
+
+EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+ return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL);
+}
+#endif
+
+EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
+ pem_password_cb *cb, void *u,
+ OPENSSL_CTX *libctx, const char *propq)
+{
+ return pem_read_bio_key(bp, x, cb, u, libctx, propq,
+ OSSL_STORE_INFO_PKEY, 1);
+}
+
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u)
{
@@ -101,32 +172,16 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
pem_str, bp, x, enc, kstr, klen, cb, u);
}
-EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
+ OPENSSL_CTX *libctx, const char *propq)
{
- EVP_PKEY *ret = NULL;
- OSSL_STORE_CTX *ctx = NULL;
- OSSL_STORE_INFO *info = NULL;
-
- if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, UI_null(), NULL,
- NULL, NULL)) == NULL)
- goto err;
-
- while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) {
- if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) {
- ret = OSSL_STORE_INFO_get1_PARAMS(info);
- break;
- }
- OSSL_STORE_INFO_free(info);
- info = NULL;
- }
-
- if (ret != NULL && x != NULL)
- *x = ret;
+ return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
+ OSSL_STORE_INFO_PARAMS, 0);
+}
- err:
- OSSL_STORE_close(ctx);
- OSSL_STORE_INFO_free(info);
- return ret;
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+{
+ return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL);
}
PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio)