mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

PEM: Add more library context aware PEM readers

Browse Source 
PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to
complete PEM_read_bio_PrivateKey_ex().  They are all refactored to be
wrappers around the same internal function.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12673)
This commit is contained in:
Richard Levitte 2020-08-18 21:38:56 +02:00
parent 2274d22d39
commit 6e5ccd58c8
5 changed files with 123 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/pem/pem_all.c
View File

@ -181,4 +181,3 @@ IMPLEMENT_PEM_write(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
IMPLEMENT_PEM_write(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
#endif
IMPLEMENT_PEM_provided_write(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
IMPLEMENT_PEM_read(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)

123
crypto/pem/pem_pkey.c
View File

@ -27,23 +27,39 @@
int pem_check_suffix(const char *pem_str, const char *suffix);
EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u, OPENSSL_CTX *libctx,
const char *propq)
static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq,
int expected_store_info_type,
int try_secure)
{
EVP_PKEY *ret = NULL;
OSSL_STORE_CTX *ctx = NULL;
OSSL_STORE_INFO *info = NULL;
UI_METHOD *ui_method = NULL;
const UI_METHOD *ui_method = NULL;
UI_METHOD *allocated_ui_method = NULL;
if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL)
if (expected_store_info_type != OSSL_STORE_INFO_PKEY
&& expected_store_info_type != OSSL_STORE_INFO_PUBKEY
&& expected_store_info_type != OSSL_STORE_INFO_PARAMS) {
ERR_raise(ERR_LIB_PEM, ERR_R_PASSED_INVALID_ARGUMENT);
return NULL;
}
if (u != NULL && cb == NULL)
cb = PEM_def_callback;
if (cb == NULL)
ui_method = UI_null();
else
ui_method = allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0);
if (ui_method == NULL)
return NULL;
if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
NULL, NULL)) == NULL)
goto err;
#ifndef OPENSSL_NO_SECURE_HEAP
{
if (try_secure) {
int on = 1;
if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on))
goto err;
@ -52,9 +68,18 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
while (!OSSL_STORE_eof(ctx)
&& (info = OSSL_STORE_load(ctx)) != NULL) {
if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
ret = OSSL_STORE_INFO_get1_PKEY(info);
break;
if (OSSL_STORE_INFO_get_type(info) == expected_store_info_type) {
switch (expected_store_info_type) {
case OSSL_STORE_INFO_PKEY:
ret = OSSL_STORE_INFO_get1_PKEY(info);
break;
case OSSL_STORE_INFO_PUBKEY:
ret = OSSL_STORE_INFO_get1_PUBKEY(info);
break;
case OSSL_STORE_INFO_PARAMS:
ret = OSSL_STORE_INFO_get1_PARAMS(info);
break;
}
}
OSSL_STORE_INFO_free(info);
info = NULL;
@ -65,11 +90,57 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
err:
OSSL_STORE_close(ctx);
UI_destroy_method(ui_method);
UI_destroy_method(allocated_ui_method);
OSSL_STORE_INFO_free(info);
return ret;
}
EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq)
{
return pem_read_bio_key(bp, x, cb, u, libctx, propq,
OSSL_STORE_INFO_PUBKEY, 0);
}
EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u)
{
return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL);
}
#ifndef OPENSSL_NO_STDIO
EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq)
{
BIO *b;
EVP_PKEY *ret;
if ((b = BIO_new(BIO_s_file())) == NULL) {
PEMerr(0, ERR_R_BUF_LIB);
return 0;
}
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq);
BIO_free(b);
return ret;
}
EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL);
}
#endif
EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq)
{
return pem_read_bio_key(bp, x, cb, u, libctx, propq,
OSSL_STORE_INFO_PKEY, 1);
}
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u)
{
@ -101,32 +172,16 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
pem_str, bp, x, enc, kstr, klen, cb, u);
}
EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
OPENSSL_CTX *libctx, const char *propq)
{
return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
OSSL_STORE_INFO_PARAMS, 0);
}
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
{
EVP_PKEY *ret = NULL;
OSSL_STORE_CTX *ctx = NULL;
OSSL_STORE_INFO *info = NULL;
if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, UI_null(), NULL,
NULL, NULL)) == NULL)
goto err;
while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) {
if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) {
ret = OSSL_STORE_INFO_get1_PARAMS(info);
break;
}
OSSL_STORE_INFO_free(info);
info = NULL;
}
if (ret != NULL && x != NULL)
*x = ret;
err:
OSSL_STORE_close(ctx);
OSSL_STORE_INFO_free(info);
return ret;
return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL);
}
PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio)

20
doc/man3/PEM_read_bio_PrivateKey.pod
View File

@ -8,7 +8,8 @@ PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
PEM_read_bio_PUBKEY_ex, PEM_read_bio_PUBKEY, PEM_read_PUBKEY_ex,
PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
@ -16,8 +17,8 @@ PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters,
PEM_read_bio_DSAparams, PEM_read_DSAparams,
PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters_ex, PEM_read_bio_Parameters,
PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams,
PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
@ -67,8 +68,14 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
char *kstr, int klen,
pem_password_cb *cb, void *u);
EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq);
EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq);
EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
@ -117,6 +124,8 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
OPENSSL_CTX *libctx, const char *propq);
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
@ -506,8 +515,9 @@ The old Netscape certificate sequences were no longer documented
in OpenSSL 1.1.0; applications should use the PKCS7 standard instead
as they will be formally deprecated in a future releases.
PEM_read_bio_PrivateKey_ex() and PEM_read_PrivateKey_ex() were introduced in
OpenSSL 3.0.
PEM_read_bio_PrivateKey_ex(), PEM_read_PrivateKey_ex(),
PEM_read_bio_PUBKEY_ex(), PEM_read_PUBKEY_ex() and
PEM_read_bio_Parameters_ex() were introduced in OpenSSL 3.0.
=head1 COPYRIGHT

22
include/openssl/pem.h
View File

@ -356,15 +356,23 @@ DECLARE_PEM_rw(DHparams, DH)
DECLARE_PEM_write(DHxparams, DH)
# endif
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u, OPENSSL_CTX *libctx,
const char *propq);
EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq);
# ifndef OPENSSL_NO_STDIO
EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
void *u, OPENSSL_CTX *libctx,
const char *propq);
EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq);
# endif
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq);
# ifndef OPENSSL_NO_STDIO
EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u,
OPENSSL_CTX *libctx, const char *propq);
# endif
int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
const EVP_CIPHER *enc,
@ -405,6 +413,8 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc
const char *kstr, int klen,
pem_password_cb *cd, void *u);
# endif
EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
OPENSSL_CTX *libctx, const char *propq);
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);

3
util/libcrypto.num
View File

@ -5266,3 +5266,6 @@ d2i_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_new_PUBKEY ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get0_PUBKEY ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get1_PUBKEY ? 3_0_0 EXIST::FUNCTION:
PEM_read_bio_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:
PEM_read_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:STDIO
PEM_read_bio_Parameters_ex ? 3_0_0 EXIST::FUNCTION: