diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/asn1/p8_pkey.c | 75 |
1 files changed, 30 insertions, 45 deletions
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c index 71d579456a..8f5e303e41 100644 --- a/src/lib/libcrypto/asn1/p8_pkey.c +++ b/src/lib/libcrypto/asn1/p8_pkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p8_pkey.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ | 1 | /* $OpenBSD: p8_pkey.c,v 1.18 2018/08/24 20:07:41 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -69,11 +69,8 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) | |||
| 69 | /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ | 69 | /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ |
| 70 | if (operation == ASN1_OP_FREE_PRE) { | 70 | if (operation == ASN1_OP_FREE_PRE) { |
| 71 | PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; | 71 | PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; |
| 72 | if (key->pkey != NULL && | 72 | if (key->pkey != NULL) |
| 73 | key->pkey->type == V_ASN1_OCTET_STRING && | 73 | explicit_bzero(key->pkey->data, key->pkey->length); |
| 74 | key->pkey->value.octet_string != NULL) | ||
| 75 | explicit_bzero(key->pkey->value.octet_string->data, | ||
| 76 | key->pkey->value.octet_string->length); | ||
| 77 | } | 74 | } |
| 78 | return 1; | 75 | return 1; |
| 79 | } | 76 | } |
| @@ -95,7 +92,7 @@ static const ASN1_TEMPLATE PKCS8_PRIV_KEY_INFO_seq_tt[] = { | |||
| 95 | { | 92 | { |
| 96 | .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey), | 93 | .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey), |
| 97 | .field_name = "pkey", | 94 | .field_name = "pkey", |
| 98 | .item = &ASN1_ANY_it, | 95 | .item = &ASN1_OCTET_STRING_it, |
| 99 | }, | 96 | }, |
| 100 | { | 97 | { |
| 101 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, | 98 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, |
| @@ -145,33 +142,14 @@ int | |||
| 145 | PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, | 142 | PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, |
| 146 | int ptype, void *pval, unsigned char *penc, int penclen) | 143 | int ptype, void *pval, unsigned char *penc, int penclen) |
| 147 | { | 144 | { |
| 148 | unsigned char **ppenc = NULL; | ||
| 149 | |||
| 150 | if (version >= 0) { | 145 | if (version >= 0) { |
| 151 | if (!ASN1_INTEGER_set(priv->version, version)) | 146 | if (!ASN1_INTEGER_set(priv->version, version)) |
| 152 | return 0; | 147 | return 0; |
| 153 | } | 148 | } |
| 154 | if (penc) { | 149 | if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) |
| 155 | int pmtype; | ||
| 156 | ASN1_OCTET_STRING *oct; | ||
| 157 | oct = ASN1_OCTET_STRING_new(); | ||
| 158 | if (!oct) | ||
| 159 | return 0; | ||
| 160 | oct->data = penc; | ||
| 161 | ppenc = &oct->data; | ||
| 162 | oct->length = penclen; | ||
| 163 | if (priv->broken == PKCS8_NO_OCTET) | ||
| 164 | pmtype = V_ASN1_SEQUENCE; | ||
| 165 | else | ||
| 166 | pmtype = V_ASN1_OCTET_STRING; | ||
| 167 | ASN1_TYPE_set(priv->pkey, pmtype, oct); | ||
| 168 | } | ||
| 169 | if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) { | ||
| 170 | /* If call fails do not swallow 'enc' */ | ||
| 171 | if (ppenc) | ||
| 172 | *ppenc = NULL; | ||
| 173 | return 0; | 150 | return 0; |
| 174 | } | 151 | if (penc != NULL) |
| 152 | ASN1_STRING_set0(priv->pkey, penc, penclen); | ||
| 175 | return 1; | 153 | return 1; |
| 176 | } | 154 | } |
| 177 | 155 | ||
| @@ -179,23 +157,30 @@ int | |||
| 179 | PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, | 157 | PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, |
| 180 | X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) | 158 | X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) |
| 181 | { | 159 | { |
| 182 | if (ppkalg) | 160 | if (ppkalg != NULL) |
| 183 | *ppkalg = p8->pkeyalg->algorithm; | 161 | *ppkalg = p8->pkeyalg->algorithm; |
| 184 | if (p8->pkey->type == V_ASN1_OCTET_STRING) { | 162 | if (pk != NULL) { |
| 185 | p8->broken = PKCS8_OK; | 163 | *pk = ASN1_STRING_data(p8->pkey); |
| 186 | if (pk) { | 164 | *ppklen = ASN1_STRING_length(p8->pkey); |
| 187 | *pk = p8->pkey->value.octet_string->data; | 165 | } |
| 188 | *ppklen = p8->pkey->value.octet_string->length; | 166 | if (pa != NULL) |
| 189 | } | ||
| 190 | } else if (p8->pkey->type == V_ASN1_SEQUENCE) { | ||
| 191 | p8->broken = PKCS8_NO_OCTET; | ||
| 192 | if (pk) { | ||
| 193 | *pk = p8->pkey->value.sequence->data; | ||
| 194 | *ppklen = p8->pkey->value.sequence->length; | ||
| 195 | } | ||
| 196 | } else | ||
| 197 | return 0; | ||
| 198 | if (pa) | ||
| 199 | *pa = p8->pkeyalg; | 167 | *pa = p8->pkeyalg; |
| 200 | return 1; | 168 | return 1; |
| 201 | } | 169 | } |
| 170 | |||
| 171 | const STACK_OF(X509_ATTRIBUTE) * | ||
| 172 | PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8) | ||
| 173 | { | ||
| 174 | return p8->attributes; | ||
| 175 | } | ||
| 176 | |||
| 177 | int | ||
| 178 | PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, | ||
| 179 | const unsigned char *bytes, int len) | ||
| 180 | { | ||
| 181 | if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, | ||
| 182 | len) != NULL) | ||
| 183 | return 1; | ||
| 184 | return 0; | ||
| 185 | } | ||
| 186 | |||