diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 9b803082c6..bf7159a6ad 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -181,4 +181,3 @@ IMPLEMENT_PEM_write(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) IMPLEMENT_PEM_write(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) #endif IMPLEMENT_PEM_provided_write(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) -IMPLEMENT_PEM_read(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index c60eed97c0..4ee5bb7009 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -27,23 +27,39 @@ int pem_check_suffix(const char *pem_str, const char *suffix); -EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u, OPENSSL_CTX *libctx, - const char *propq) +static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq, + int expected_store_info_type, + int try_secure) { EVP_PKEY *ret = NULL; OSSL_STORE_CTX *ctx = NULL; OSSL_STORE_INFO *info = NULL; - UI_METHOD *ui_method = NULL; + const UI_METHOD *ui_method = NULL; + UI_METHOD *allocated_ui_method = NULL; - if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) + if (expected_store_info_type != OSSL_STORE_INFO_PKEY + && expected_store_info_type != OSSL_STORE_INFO_PUBKEY + && expected_store_info_type != OSSL_STORE_INFO_PARAMS) { + ERR_raise(ERR_LIB_PEM, ERR_R_PASSED_INVALID_ARGUMENT); + return NULL; + } + + if (u != NULL && cb == NULL) + cb = PEM_def_callback; + if (cb == NULL) + ui_method = UI_null(); + else + ui_method = allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0); + if (ui_method == NULL) return NULL; if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u, NULL, NULL)) == NULL) goto err; #ifndef OPENSSL_NO_SECURE_HEAP - { + if (try_secure) { int on = 1; if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on)) goto err; @@ -52,9 +68,18 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { - if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) { - ret = OSSL_STORE_INFO_get1_PKEY(info); - break; + if (OSSL_STORE_INFO_get_type(info) == expected_store_info_type) { + switch (expected_store_info_type) { + case OSSL_STORE_INFO_PKEY: + ret = OSSL_STORE_INFO_get1_PKEY(info); + break; + case OSSL_STORE_INFO_PUBKEY: + ret = OSSL_STORE_INFO_get1_PUBKEY(info); + break; + case OSSL_STORE_INFO_PARAMS: + ret = OSSL_STORE_INFO_get1_PARAMS(info); + break; + } } OSSL_STORE_INFO_free(info); info = NULL; @@ -65,11 +90,57 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, err: OSSL_STORE_close(ctx); - UI_destroy_method(ui_method); + UI_destroy_method(allocated_ui_method); OSSL_STORE_INFO_free(info); return ret; } +EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) +{ + return pem_read_bio_key(bp, x, cb, u, libctx, propq, + OSSL_STORE_INFO_PUBKEY, 0); +} + +EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u) +{ + return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL); +} + +#ifndef OPENSSL_NO_STDIO +EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) +{ + BIO *b; + EVP_PKEY *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerr(0, ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq); + BIO_free(b); + return ret; +} + +EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL); +} +#endif + +EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) +{ + return pem_read_bio_key(bp, x, cb, u, libctx, propq, + OSSL_STORE_INFO_PKEY, 1); +} + EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) { @@ -101,32 +172,16 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, pem_str, bp, x, enc, kstr, klen, cb, u); } +EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, + OPENSSL_CTX *libctx, const char *propq) +{ + return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq, + OSSL_STORE_INFO_PARAMS, 0); +} + EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) { - EVP_PKEY *ret = NULL; - OSSL_STORE_CTX *ctx = NULL; - OSSL_STORE_INFO *info = NULL; - - if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, UI_null(), NULL, - NULL, NULL)) == NULL) - goto err; - - while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { - if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) { - ret = OSSL_STORE_INFO_get1_PARAMS(info); - break; - } - OSSL_STORE_INFO_free(info); - info = NULL; - } - - if (ret != NULL && x != NULL) - *x = ret; - - err: - OSSL_STORE_close(ctx); - OSSL_STORE_INFO_free(info); - return ret; + return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL); } PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio) diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 960a7df89e..26f03b5b0d 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -8,7 +8,8 @@ PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, -PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_PUBKEY_ex, PEM_read_bio_PUBKEY, PEM_read_PUBKEY_ex, +PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, @@ -16,8 +17,8 @@ PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, -PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, -PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters_ex, PEM_read_bio_Parameters, +PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, @@ -67,8 +68,14 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines char *kstr, int klen, pem_password_cb *cb, void *u); + EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); + EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); @@ -117,6 +124,8 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); + EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, + OPENSSL_CTX *libctx, const char *propq); EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); @@ -506,8 +515,9 @@ The old Netscape certificate sequences were no longer documented in OpenSSL 1.1.0; applications should use the PKCS7 standard instead as they will be formally deprecated in a future releases. -PEM_read_bio_PrivateKey_ex() and PEM_read_PrivateKey_ex() were introduced in -OpenSSL 3.0. +PEM_read_bio_PrivateKey_ex(), PEM_read_PrivateKey_ex(), +PEM_read_bio_PUBKEY_ex(), PEM_read_PUBKEY_ex() and +PEM_read_bio_Parameters_ex() were introduced in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/pem.h b/include/openssl/pem.h index f4989e3987..6fbc28e0d3 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -356,15 +356,23 @@ DECLARE_PEM_rw(DHparams, DH) DECLARE_PEM_write(DHxparams, DH) # endif DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) -EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u, OPENSSL_CTX *libctx, - const char *propq); +EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); # ifndef OPENSSL_NO_STDIO -EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u, OPENSSL_CTX *libctx, - const char *propq); +EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); # endif DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); +# ifndef OPENSSL_NO_STDIO +EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); +# endif int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, @@ -405,6 +413,8 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc const char *kstr, int klen, pem_password_cb *cd, void *u); # endif +EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, + OPENSSL_CTX *libctx, const char *propq); EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); diff --git a/util/libcrypto.num b/util/libcrypto.num index 762e3cc17a..a9b914839a 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5266,3 +5266,6 @@ d2i_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_new_PUBKEY ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get0_PUBKEY ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_INFO_get1_PUBKEY ? 3_0_0 EXIST::FUNCTION: +PEM_read_bio_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION: +PEM_read_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:STDIO +PEM_read_bio_Parameters_ex ? 3_0_0 EXIST::FUNCTION: