diff options
Diffstat (limited to 'src/lib/libcrypto/pem/pem_info.c')
| -rw-r--r-- | src/lib/libcrypto/pem/pem_info.c | 166 |
1 files changed, 9 insertions, 157 deletions
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 4f2be892d1..26061f6f08 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pem_info.c,v 1.32 2025/07/12 20:22:40 tb Exp $ */ | 1 | /* $OpenBSD: pem_info.c,v 1.33 2025/07/16 15:59:26 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -80,60 +80,25 @@ | |||
| 80 | X509_PKEY * | 80 | X509_PKEY * |
| 81 | X509_PKEY_new(void) | 81 | X509_PKEY_new(void) |
| 82 | { | 82 | { |
| 83 | X509_PKEY *ret = NULL; | 83 | X509_PKEY *x_pkey; |
| 84 | 84 | ||
| 85 | if ((ret = malloc(sizeof(X509_PKEY))) == NULL) { | 85 | if ((x_pkey = calloc(1, sizeof(*x_pkey))) == NULL) { |
| 86 | ASN1error(ERR_R_MALLOC_FAILURE); | 86 | ASN1error(ERR_R_MALLOC_FAILURE); |
| 87 | goto err; | 87 | return NULL; |
| 88 | } | ||
| 89 | ret->version = 0; | ||
| 90 | if ((ret->enc_algor = X509_ALGOR_new()) == NULL) { | ||
| 91 | ASN1error(ERR_R_MALLOC_FAILURE); | ||
| 92 | goto err; | ||
| 93 | } | ||
| 94 | if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) { | ||
| 95 | ASN1error(ERR_R_MALLOC_FAILURE); | ||
| 96 | goto err; | ||
| 97 | } | 88 | } |
| 98 | ret->dec_pkey = NULL; | ||
| 99 | ret->key_length = 0; | ||
| 100 | ret->key_data = NULL; | ||
| 101 | ret->key_free = 0; | ||
| 102 | ret->cipher.cipher = NULL; | ||
| 103 | memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); | ||
| 104 | ret->references = 1; | ||
| 105 | return (ret); | ||
| 106 | 89 | ||
| 107 | err: | 90 | return x_pkey; |
| 108 | if (ret) { | ||
| 109 | X509_ALGOR_free(ret->enc_algor); | ||
| 110 | free(ret); | ||
| 111 | } | ||
| 112 | return NULL; | ||
| 113 | } | 91 | } |
| 114 | LCRYPTO_ALIAS(X509_PKEY_new); | ||
| 115 | 92 | ||
| 116 | void | 93 | void |
| 117 | X509_PKEY_free(X509_PKEY *x) | 94 | X509_PKEY_free(X509_PKEY *x_pkey) |
| 118 | { | 95 | { |
| 119 | int i; | 96 | if (x_pkey == NULL) |
| 120 | |||
| 121 | if (x == NULL) | ||
| 122 | return; | 97 | return; |
| 123 | 98 | ||
| 124 | i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY); | 99 | EVP_PKEY_free(x_pkey->dec_pkey); |
| 125 | if (i > 0) | 100 | free(x_pkey); |
| 126 | return; | ||
| 127 | |||
| 128 | if (x->enc_algor != NULL) | ||
| 129 | X509_ALGOR_free(x->enc_algor); | ||
| 130 | ASN1_OCTET_STRING_free(x->enc_pkey); | ||
| 131 | EVP_PKEY_free(x->dec_pkey); | ||
| 132 | if ((x->key_data != NULL) && (x->key_free)) | ||
| 133 | free(x->key_data); | ||
| 134 | free(x); | ||
| 135 | } | 101 | } |
| 136 | LCRYPTO_ALIAS(X509_PKEY_free); | ||
| 137 | 102 | ||
| 138 | X509_INFO * | 103 | X509_INFO * |
| 139 | X509_INFO_new(void) | 104 | X509_INFO_new(void) |
| @@ -169,24 +134,6 @@ X509_INFO_free(X509_INFO *x) | |||
| 169 | LCRYPTO_ALIAS(X509_INFO_free); | 134 | LCRYPTO_ALIAS(X509_INFO_free); |
| 170 | 135 | ||
| 171 | STACK_OF(X509_INFO) * | 136 | STACK_OF(X509_INFO) * |
| 172 | PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, | ||
| 173 | void *u) | ||
| 174 | { | ||
| 175 | BIO *b; | ||
| 176 | STACK_OF(X509_INFO) *ret; | ||
| 177 | |||
| 178 | if ((b = BIO_new(BIO_s_file())) == NULL) { | ||
| 179 | PEMerror(ERR_R_BUF_LIB); | ||
| 180 | return (0); | ||
| 181 | } | ||
| 182 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 183 | ret = PEM_X509_INFO_read_bio(b, sk, cb, u); | ||
| 184 | BIO_free(b); | ||
| 185 | return (ret); | ||
| 186 | } | ||
| 187 | LCRYPTO_ALIAS(PEM_X509_INFO_read); | ||
| 188 | |||
| 189 | STACK_OF(X509_INFO) * | ||
| 190 | PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, | 137 | PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, |
| 191 | void *u) | 138 | void *u) |
| 192 | { | 139 | { |
| @@ -381,98 +328,3 @@ err: | |||
| 381 | return ret; | 328 | return ret; |
| 382 | } | 329 | } |
| 383 | LCRYPTO_ALIAS(PEM_X509_INFO_read_bio); | 330 | LCRYPTO_ALIAS(PEM_X509_INFO_read_bio); |
| 384 | |||
| 385 | |||
| 386 | /* A TJH addition */ | ||
| 387 | int | ||
| 388 | PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, | ||
| 389 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) | ||
| 390 | { | ||
| 391 | EVP_CIPHER_CTX ctx; | ||
| 392 | int i, ret = 0; | ||
| 393 | unsigned char *data = NULL; | ||
| 394 | const char *objstr = NULL; | ||
| 395 | char buf[PEM_BUFSIZE]; | ||
| 396 | unsigned char *iv = NULL; | ||
| 397 | |||
| 398 | if (enc != NULL) { | ||
| 399 | objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); | ||
| 400 | if (objstr == NULL) { | ||
| 401 | PEMerror(PEM_R_UNSUPPORTED_CIPHER); | ||
| 402 | goto err; | ||
| 403 | } | ||
| 404 | } | ||
| 405 | |||
| 406 | /* now for the fun part ... if we have a private key then | ||
| 407 | * we have to be able to handle a not-yet-decrypted key | ||
| 408 | * being written out correctly ... if it is decrypted or | ||
| 409 | * it is non-encrypted then we use the base code | ||
| 410 | */ | ||
| 411 | if (xi->x_pkey != NULL) { | ||
| 412 | if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) { | ||
| 413 | if (enc == NULL) { | ||
| 414 | PEMerror(PEM_R_CIPHER_IS_NULL); | ||
| 415 | goto err; | ||
| 416 | } | ||
| 417 | |||
| 418 | /* copy from weirdo names into more normal things */ | ||
| 419 | iv = xi->enc_cipher.iv; | ||
| 420 | data = (unsigned char *)xi->enc_data; | ||
| 421 | i = xi->enc_len; | ||
| 422 | |||
| 423 | /* we take the encryption data from the | ||
| 424 | * internal stuff rather than what the | ||
| 425 | * user has passed us ... as we have to | ||
| 426 | * match exactly for some strange reason | ||
| 427 | */ | ||
| 428 | objstr = OBJ_nid2sn( | ||
| 429 | EVP_CIPHER_nid(xi->enc_cipher.cipher)); | ||
| 430 | if (objstr == NULL) { | ||
| 431 | PEMerror(PEM_R_UNSUPPORTED_CIPHER); | ||
| 432 | goto err; | ||
| 433 | } | ||
| 434 | |||
| 435 | /* create the right magic header stuff */ | ||
| 436 | if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > | ||
| 437 | sizeof buf) { | ||
| 438 | PEMerror(ASN1_R_BUFFER_TOO_SMALL); | ||
| 439 | goto err; | ||
| 440 | } | ||
| 441 | buf[0] = '\0'; | ||
| 442 | PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); | ||
| 443 | PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); | ||
| 444 | |||
| 445 | /* use the normal code to write things out */ | ||
| 446 | i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); | ||
| 447 | if (i <= 0) | ||
| 448 | goto err; | ||
| 449 | } else { | ||
| 450 | /* Add DSA/DH */ | ||
| 451 | #ifndef OPENSSL_NO_RSA | ||
| 452 | /* normal optionally encrypted stuff */ | ||
| 453 | if (PEM_write_bio_RSAPrivateKey(bp, | ||
| 454 | xi->x_pkey->dec_pkey->pkey.rsa, | ||
| 455 | enc, kstr, klen, cb, u) <= 0) | ||
| 456 | goto err; | ||
| 457 | #endif | ||
| 458 | } | ||
| 459 | } | ||
| 460 | |||
| 461 | /* if we have a certificate then write it out now */ | ||
| 462 | if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) | ||
| 463 | goto err; | ||
| 464 | |||
| 465 | /* we are ignoring anything else that is loaded into the X509_INFO | ||
| 466 | * structure for the moment ... as I don't need it so I'm not | ||
| 467 | * coding it here and Eric can do it when this makes it into the | ||
| 468 | * base library --tjh | ||
| 469 | */ | ||
| 470 | |||
| 471 | ret = 1; | ||
| 472 | |||
| 473 | err: | ||
| 474 | explicit_bzero((char *)&ctx, sizeof(ctx)); | ||
| 475 | explicit_bzero(buf, PEM_BUFSIZE); | ||
| 476 | return (ret); | ||
| 477 | } | ||
| 478 | LCRYPTO_ALIAS(PEM_X509_INFO_write_bio); | ||