]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/pem/pem_info.c
projects / thirdparty / openssl.git / blob
? search:


ef023205c033a847d5b4422004071423fd48b78b
[thirdparty/openssl.git] / crypto / pem / pem_info.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <stdio.h>
17 #include "internal/cryptlib.h"
18 #include <openssl/buffer.h>
19 #include <openssl/objects.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/rsa.h>
24 #include <openssl/dsa.h>
25
26 #ifndef OPENSSL_NO_STDIO
27 STACK_OF(X509_INFO)
28 *PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk,
29 pem_password_cb *cb, void *u,
30 OPENSSL_CTX *libctx, const char *propq)
31 {
32 BIO *b;
33 STACK_OF(X509_INFO) *ret;
34
35 if ((b = BIO_new(BIO_s_file())) == NULL) {
36 PEMerr(0, ERR_R_BUF_LIB);
37 return 0;
38 }
39 BIO_set_fp(b, fp, BIO_NOCLOSE);
40 ret = PEM_X509_INFO_read_bio_with_libctx(b, sk, cb, u, libctx, propq);
41 BIO_free(b);
42 return ret;
43 }
44
45 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
46 pem_password_cb *cb, void *u)
47 {
48 return PEM_X509_INFO_read_with_libctx(fp, sk, cb, u, NULL, NULL);
49 }
50 #endif
51
52 STACK_OF(X509_INFO)
53 *PEM_X509_INFO_read_bio_with_libctx(BIO *bp, STACK_OF(X509_INFO) *sk,
54 pem_password_cb *cb, void *u,
55 OPENSSL_CTX *libctx, const char *propq)
56 {
57 X509_INFO *xi = NULL;
58 char *name = NULL, *header = NULL;
59 void *pp;
60 unsigned char *data = NULL;
61 const unsigned char *p;
62 long len, error = 0;
63 int ok = 0;
64 STACK_OF(X509_INFO) *ret = NULL;
65 unsigned int i, raw, ptype;
66 d2i_of_void *d2i = 0;
67
68 if (sk == NULL) {
69 if ((ret = sk_X509_INFO_new_null()) == NULL) {
70 PEMerr(0, ERR_R_MALLOC_FAILURE);
71 goto err;
72 }
73 } else
74 ret = sk;
75
76 if ((xi = X509_INFO_new()) == NULL)
77 goto err;
78 for (;;) {
79 raw = 0;
80 ptype = 0;
81 i = PEM_read_bio(bp, &name, &header, &data, &len);
82 if (i == 0) {
83 error = ERR_GET_REASON(ERR_peek_last_error());
84 if (error == PEM_R_NO_START_LINE) {
85 ERR_clear_error();
86 break;
87 }
88 goto err;
89 }
90 start:
91 if ((strcmp(name, PEM_STRING_X509) == 0) ||
92 (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
93 d2i = (D2I_OF(void)) d2i_X509;
94 if (xi->x509 != NULL) {
95 if (!sk_X509_INFO_push(ret, xi))
96 goto err;
97 if ((xi = X509_INFO_new()) == NULL)
98 goto err;
99 goto start;
100 }
101 xi->x509 = X509_new_with_libctx(libctx, propq);
102 if (xi->x509 == NULL)
103 goto err;
104 pp = &(xi->x509);
105 } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
106 d2i = (D2I_OF(void)) d2i_X509_AUX;
107 if (xi->x509 != NULL) {
108 if (!sk_X509_INFO_push(ret, xi))
109 goto err;
110 if ((xi = X509_INFO_new()) == NULL)
111 goto err;
112 goto start;
113 }
114 xi->x509 = X509_new_with_libctx(libctx, propq);
115 if (xi->x509 == NULL)
116 goto err;
117 pp = &(xi->x509);
118 } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
119 d2i = (D2I_OF(void)) d2i_X509_CRL;
120 if (xi->crl != NULL) {
121 if (!sk_X509_INFO_push(ret, xi))
122 goto err;
123 if ((xi = X509_INFO_new()) == NULL)
124 goto err;
125 goto start;
126 }
127 pp = &(xi->crl);
128 } else
129 #ifndef OPENSSL_NO_RSA
130 if (strcmp(name, PEM_STRING_RSA) == 0) {
131 d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
132 if (xi->x_pkey != NULL) {
133 if (!sk_X509_INFO_push(ret, xi))
134 goto err;
135 if ((xi = X509_INFO_new()) == NULL)
136 goto err;
137 goto start;
138 }
139
140 xi->enc_data = NULL;
141 xi->enc_len = 0;
142
143 xi->x_pkey = X509_PKEY_new();
144 if (xi->x_pkey == NULL)
145 goto err;
146 ptype = EVP_PKEY_RSA;
147 pp = &xi->x_pkey->dec_pkey;
148 if ((int)strlen(header) > 10) /* assume encrypted */
149 raw = 1;
150 } else
151 #endif
152 #ifndef OPENSSL_NO_DSA
153 if (strcmp(name, PEM_STRING_DSA) == 0) {
154 d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
155 if (xi->x_pkey != NULL) {
156 if (!sk_X509_INFO_push(ret, xi))
157 goto err;
158 if ((xi = X509_INFO_new()) == NULL)
159 goto err;
160 goto start;
161 }
162
163 xi->enc_data = NULL;
164 xi->enc_len = 0;
165
166 xi->x_pkey = X509_PKEY_new();
167 if (xi->x_pkey == NULL)
168 goto err;
169 ptype = EVP_PKEY_DSA;
170 pp = &xi->x_pkey->dec_pkey;
171 if ((int)strlen(header) > 10) /* assume encrypted */
172 raw = 1;
173 } else
174 #endif
175 #ifndef OPENSSL_NO_EC
176 if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
177 d2i = (D2I_OF(void)) d2i_ECPrivateKey;
178 if (xi->x_pkey != NULL) {
179 if (!sk_X509_INFO_push(ret, xi))
180 goto err;
181 if ((xi = X509_INFO_new()) == NULL)
182 goto err;
183 goto start;
184 }
185
186 xi->enc_data = NULL;
187 xi->enc_len = 0;
188
189 xi->x_pkey = X509_PKEY_new();
190 if (xi->x_pkey == NULL)
191 goto err;
192 ptype = EVP_PKEY_EC;
193 pp = &xi->x_pkey->dec_pkey;
194 if ((int)strlen(header) > 10) /* assume encrypted */
195 raw = 1;
196 } else
197 #endif
198 {
199 d2i = NULL;
200 pp = NULL;
201 }
202
203 if (d2i != NULL) {
204 if (!raw) {
205 EVP_CIPHER_INFO cipher;
206
207 if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
208 goto err;
209 if (!PEM_do_header(&cipher, data, &len, cb, u))
210 goto err;
211 p = data;
212 if (ptype) {
213 if (!d2i_PrivateKey(ptype, pp, &p, len)) {
214 PEMerr(0, ERR_R_ASN1_LIB);
215 goto err;
216 }
217 } else if (d2i(pp, &p, len) == NULL) {
218 PEMerr(0, ERR_R_ASN1_LIB);
219 goto err;
220 }
221 } else { /* encrypted RSA data */
222 if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
223 goto err;
224 xi->enc_data = (char *)data;
225 xi->enc_len = (int)len;
226 data = NULL;
227 }
228 } else {
229 /* unknown */
230 }
231 OPENSSL_free(name);
232 name = NULL;
233 OPENSSL_free(header);
234 header = NULL;
235 OPENSSL_free(data);
236 data = NULL;
237 }
238
239 /*
240 * if the last one hasn't been pushed yet and there is anything in it
241 * then add it to the stack ...
242 */
243 if ((xi->x509 != NULL) || (xi->crl != NULL) ||
244 (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
245 if (!sk_X509_INFO_push(ret, xi))
246 goto err;
247 xi = NULL;
248 }
249 ok = 1;
250 err:
251 X509_INFO_free(xi);
252 if (!ok) {
253 for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
254 xi = sk_X509_INFO_value(ret, i);
255 X509_INFO_free(xi);
256 }
257 if (ret != sk)
258 sk_X509_INFO_free(ret);
259 ret = NULL;
260 }
261
262 OPENSSL_free(name);
263 OPENSSL_free(header);
264 OPENSSL_free(data);
265 return ret;
266 }
267
268 STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
269 pem_password_cb *cb, void *u)
270 {
271 return PEM_X509_INFO_read_bio_with_libctx(bp, sk, cb, u, NULL, NULL);
272 }
273
274 /* A TJH addition */
275 int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
276 const unsigned char *kstr, int klen,
277 pem_password_cb *cb, void *u)
278 {
279 int i, ret = 0;
280 unsigned char *data = NULL;
281 const char *objstr = NULL;
282 char buf[PEM_BUFSIZE];
283 const unsigned char *iv = NULL;
284
285 if (enc != NULL) {
286 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
287 if (objstr == NULL
288 /*
289 * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
290 * fits into buf
291 */
292 || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
293 > sizeof(buf)) {
294 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
295 goto err;
296 }
297 }
298
299 /*
300 * now for the fun part ... if we have a private key then we have to be
301 * able to handle a not-yet-decrypted key being written out correctly ...
302 * if it is decrypted or it is non-encrypted then we use the base code
303 */
304 if (xi->x_pkey != NULL) {
305 if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
306 if (enc == NULL) {
307 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
308 goto err;
309 }
310
311 /* copy from weirdo names into more normal things */
312 iv = xi->enc_cipher.iv;
313 data = (unsigned char *)xi->enc_data;
314 i = xi->enc_len;
315
316 /*
317 * we take the encryption data from the internal stuff rather
318 * than what the user has passed us ... as we have to match
319 * exactly for some strange reason
320 */
321 objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
322 if (objstr == NULL) {
323 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
324 PEM_R_UNSUPPORTED_CIPHER);
325 goto err;
326 }
327
328 /* Create the right magic header stuff */
329 buf[0] = '\0';
330 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
331 PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
332 (const char *)iv);
333
334 /* use the normal code to write things out */
335 i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
336 if (i <= 0)
337 goto err;
338 } else {
339 /* Add DSA/DH */
340 #ifndef OPENSSL_NO_RSA
341 /* normal optionally encrypted stuff */
342 if (PEM_write_bio_RSAPrivateKey(bp,
343 EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
344 enc, kstr, klen, cb, u) <= 0)
345 goto err;
346 #endif
347 }
348 }
349
350 /* if we have a certificate then write it out now */
351 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
352 goto err;
353
354 /*
355 * we are ignoring anything else that is loaded into the X509_INFO
356 * structure for the moment ... as I don't need it so I'm not coding it
357 * here and Eric can do it when this makes it into the base library --tjh
358 */
359
360 ret = 1;
361
362 err:
363 OPENSSL_cleanse(buf, PEM_BUFSIZE);
364 return ret;
365 }
A mirror of the official openssl repository