]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/pem/pem_info.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove parentheses of return.
[thirdparty/openssl.git] / crypto / pem / pem_info.c
CommitLineData
62867571
RS		 1/*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6 3 *
62867571
RS		 4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
d02b48c6
RE		 8 */
9
10#include <stdio.h>
b39fc560 11#include "internal/cryptlib.h"
ec577822
BM		 12#include <openssl/buffer.h>
13#include <openssl/objects.h>
14#include <openssl/evp.h>
15#include <openssl/x509.h>
16#include <openssl/pem.h>
3c27208f
RS		 17#include <openssl/rsa.h>
18#include <openssl/dsa.h>
d02b48c6 19
4b618848 20#ifndef OPENSSL_NO_STDIO
0f113f3e
MC		 21STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
22 pem_password_cb *cb, void *u)
23{
24 BIO *b;
25 STACK_OF(X509_INFO) *ret;
d02b48c6 26
0f113f3e
MC		 27 if ((b = BIO_new(BIO_s_file())) == NULL) {
28 PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
26a7d938 29 return 0;
0f113f3e
MC		 30 }
31 BIO_set_fp(b, fp, BIO_NOCLOSE);
32 ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
33 BIO_free(b);
26a7d938 34 return ret;
0f113f3e 35}
d02b48c6
RE		 36#endif
37
0f113f3e
MC		 38STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
39 pem_password_cb *cb, void *u)
40{
41 X509_INFO *xi = NULL;
42 char *name = NULL, *header = NULL;
43 void *pp;
44 unsigned char *data = NULL;
45 const unsigned char *p;
46 long len, error = 0;
47 int ok = 0;
48 STACK_OF(X509_INFO) *ret = NULL;
49 unsigned int i, raw, ptype;
50 d2i_of_void *d2i = 0;
d02b48c6 51
0f113f3e
MC		 52 if (sk == NULL) {
53 if ((ret = sk_X509_INFO_new_null()) == NULL) {
54 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
55 goto err;
56 }
57 } else
58 ret = sk;
d02b48c6 59
0f113f3e
MC		 60 if ((xi = X509_INFO_new()) == NULL)
61 goto err;
62 for (;;) {
63 raw = 0;
64 ptype = 0;
65 i = PEM_read_bio(bp, &name, &header, &data, &len);
66 if (i == 0) {
67 error = ERR_GET_REASON(ERR_peek_last_error());
68 if (error == PEM_R_NO_START_LINE) {
69 ERR_clear_error();
70 break;
71 }
72 goto err;
73 }
74 start:
75 if ((strcmp(name, PEM_STRING_X509) == 0) ||
76 (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
77 d2i = (D2I_OF(void)) d2i_X509;
78 if (xi->x509 != NULL) {
79 if (!sk_X509_INFO_push(ret, xi))
80 goto err;
81 if ((xi = X509_INFO_new()) == NULL)
82 goto err;
83 goto start;
84 }
85 pp = &(xi->x509);
86 } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
87 d2i = (D2I_OF(void)) d2i_X509_AUX;
88 if (xi->x509 != NULL) {
89 if (!sk_X509_INFO_push(ret, xi))
90 goto err;
91 if ((xi = X509_INFO_new()) == NULL)
92 goto err;
93 goto start;
94 }
95 pp = &(xi->x509);
96 } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
97 d2i = (D2I_OF(void)) d2i_X509_CRL;
98 if (xi->crl != NULL) {
99 if (!sk_X509_INFO_push(ret, xi))
100 goto err;
101 if ((xi = X509_INFO_new()) == NULL)
102 goto err;
103 goto start;
104 }
105 pp = &(xi->crl);
106 } else
cf1b7d96 107#ifndef OPENSSL_NO_RSA
0f113f3e
MC		 108 if (strcmp(name, PEM_STRING_RSA) == 0) {
109 d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
110 if (xi->x_pkey != NULL) {
111 if (!sk_X509_INFO_push(ret, xi))
112 goto err;
113 if ((xi = X509_INFO_new()) == NULL)
114 goto err;
115 goto start;
116 }
d02b48c6 117
0f113f3e
MC		 118 xi->enc_data = NULL;
119 xi->enc_len = 0;
d02b48c6 120
0f113f3e 121 xi->x_pkey = X509_PKEY_new();
90945fa3
MC		 122 if (xi->x_pkey == NULL)
123 goto err;
0f113f3e
MC		 124 ptype = EVP_PKEY_RSA;
125 pp = &xi->x_pkey->dec_pkey;
126 if ((int)strlen(header) > 10) /* assume encrypted */
127 raw = 1;
128 } else
d02b48c6 129#endif
cf1b7d96 130#ifndef OPENSSL_NO_DSA
0f113f3e
MC		 131 if (strcmp(name, PEM_STRING_DSA) == 0) {
132 d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
133 if (xi->x_pkey != NULL) {
134 if (!sk_X509_INFO_push(ret, xi))
135 goto err;
136 if ((xi = X509_INFO_new()) == NULL)
137 goto err;
138 goto start;
139 }
d02b48c6 140
0f113f3e
MC		 141 xi->enc_data = NULL;
142 xi->enc_len = 0;
d02b48c6 143
0f113f3e 144 xi->x_pkey = X509_PKEY_new();
90945fa3
MC		 145 if (xi->x_pkey == NULL)
146 goto err;
0f113f3e
MC		 147 ptype = EVP_PKEY_DSA;
148 pp = &xi->x_pkey->dec_pkey;
149 if ((int)strlen(header) > 10) /* assume encrypted */
150 raw = 1;
151 } else
4d94ae00 152#endif
14a7cfb3 153#ifndef OPENSSL_NO_EC
0f113f3e
MC		 154 if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
155 d2i = (D2I_OF(void)) d2i_ECPrivateKey;
156 if (xi->x_pkey != NULL) {
157 if (!sk_X509_INFO_push(ret, xi))
158 goto err;
159 if ((xi = X509_INFO_new()) == NULL)
160 goto err;
161 goto start;
162 }
163
164 xi->enc_data = NULL;
165 xi->enc_len = 0;
166
167 xi->x_pkey = X509_PKEY_new();
90945fa3
MC		 168 if (xi->x_pkey == NULL)
169 goto err;
0f113f3e
MC		 170 ptype = EVP_PKEY_EC;
171 pp = &xi->x_pkey->dec_pkey;
172 if ((int)strlen(header) > 10) /* assume encrypted */
173 raw = 1;
174 } else
d02b48c6 175#endif
0f113f3e
MC		 176 {
177 d2i = NULL;
178 pp = NULL;
179 }
d02b48c6 180
0f113f3e
MC		 181 if (d2i != NULL) {
182 if (!raw) {
183 EVP_CIPHER_INFO cipher;
d02b48c6 184
0f113f3e
MC		 185 if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
186 goto err;
187 if (!PEM_do_header(&cipher, data, &len, cb, u))
188 goto err;
189 p = data;
190 if (ptype) {
191 if (!d2i_PrivateKey(ptype, pp, &p, len)) {
192 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
193 goto err;
194 }
195 } else if (d2i(pp, &p, len) == NULL) {
196 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
197 goto err;
198 }
199 } else { /* encrypted RSA data */
200 if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
201 goto err;
202 xi->enc_data = (char *)data;
203 xi->enc_len = (int)len;
204 data = NULL;
205 }
206 } else {
207 /* unknown */
208 }
b548a1f1 209 OPENSSL_free(name);
0f113f3e 210 name = NULL;
b548a1f1 211 OPENSSL_free(header);
0f113f3e 212 header = NULL;
b548a1f1 213 OPENSSL_free(data);
0f113f3e
MC		 214 data = NULL;
215 }
d02b48c6 216
0f113f3e
MC		 217 /*
218 * if the last one hasn't been pushed yet and there is anything in it
219 * then add it to the stack ...
220 */
221 if ((xi->x509 != NULL) || (xi->crl != NULL) ||
222 (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
223 if (!sk_X509_INFO_push(ret, xi))
224 goto err;
225 xi = NULL;
226 }
227 ok = 1;
228 err:
222561fe 229 X509_INFO_free(xi);
0f113f3e
MC		 230 if (!ok) {
231 for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
232 xi = sk_X509_INFO_value(ret, i);
233 X509_INFO_free(xi);
234 }
235 if (ret != sk)
236 sk_X509_INFO_free(ret);
237 ret = NULL;
238 }
d02b48c6 239
b548a1f1
RS		 240 OPENSSL_free(name);
241 OPENSSL_free(header);
242 OPENSSL_free(data);
26a7d938 243 return ret;
0f113f3e 244}
d02b48c6
RE		 245
246/* A TJH addition */
6b691a5c 247int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
0f113f3e
MC		 248 unsigned char *kstr, int klen,
249 pem_password_cb *cb, void *u)
250{
0f113f3e
MC		 251 int i, ret = 0;
252 unsigned char *data = NULL;
253 const char *objstr = NULL;
254 char buf[PEM_BUFSIZE];
255 unsigned char *iv = NULL;
256
257 if (enc != NULL) {
258 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
e40ada04
MC		 259 if (objstr == NULL
260 /*
261 * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
262 * fits into buf
263 */
264 || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
265 > sizeof(buf)) {
0f113f3e
MC		 266 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
267 goto err;
268 }
269 }
d02b48c6 270
0f113f3e
MC		 271 /*
272 * now for the fun part ... if we have a private key then we have to be
273 * able to handle a not-yet-decrypted key being written out correctly ...
274 * if it is decrypted or it is non-encrypted then we use the base code
275 */
276 if (xi->x_pkey != NULL) {
277 if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
278 if (enc == NULL) {
279 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
280 goto err;
281 }
8bbf6ac0 282
0f113f3e
MC		 283 /* copy from weirdo names into more normal things */
284 iv = xi->enc_cipher.iv;
285 data = (unsigned char *)xi->enc_data;
286 i = xi->enc_len;
d02b48c6 287
0f113f3e
MC		 288 /*
289 * we take the encryption data from the internal stuff rather
290 * than what the user has passed us ... as we have to match
291 * exactly for some strange reason
292 */
293 objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
294 if (objstr == NULL) {
295 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
296 PEM_R_UNSUPPORTED_CIPHER);
297 goto err;
298 }
d02b48c6 299
e40ada04 300 /* Create the right magic header stuff */
0f113f3e
MC		 301 buf[0] = '\0';
302 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
6c2ff56e
RL		 303 PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
304 (char *)iv);
d02b48c6 305
0f113f3e
MC		 306 /* use the normal code to write things out */
307 i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
308 if (i <= 0)
309 goto err;
310 } else {
311 /* Add DSA/DH */
cf1b7d96 312#ifndef OPENSSL_NO_RSA
0f113f3e
MC		 313 /* normal optionally encrypted stuff */
314 if (PEM_write_bio_RSAPrivateKey(bp,
3aeb9348 315 EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
0f113f3e
MC		 316 enc, kstr, klen, cb, u) <= 0)
317 goto err;
d02b48c6 318#endif
0f113f3e
MC		 319 }
320 }
d02b48c6 321
0f113f3e
MC		 322 /* if we have a certificate then write it out now */
323 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
324 goto err;
d02b48c6 325
0f113f3e
MC		 326 /*
327 * we are ignoring anything else that is loaded into the X509_INFO
328 * structure for the moment ... as I don't need it so I'm not coding it
329 * here and Eric can do it when this makes it into the base library --tjh
330 */
d02b48c6 331
0f113f3e 332 ret = 1;
d02b48c6 333
0f113f3e 334 err:
0f113f3e 335 OPENSSL_cleanse(buf, PEM_BUFSIZE);
26a7d938 336 return ret;
0f113f3e 337}
A mirror of the official openssl repository