Commit Graph

454 Commits

Author SHA1 Message Date
Matt Caswell
ee6243f394 Avoid dangling ptrs in header and data params for PEM_read_bio_ex
In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.

Thanks to Dawei Wang for reporting this issue.

Based on a proposed patch by Kurt Roeckx.

CVE-2022-4450

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-02-07 17:05:10 +01:00
Tomas Mraz
adb408dc79 When using PEM_read_bio_PrivateKey_ex() the public key is optional
Fixes #19498

However the private key part is not optional which was
mishandled by the legacy routine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19505)
2022-11-25 10:32:18 +01:00
Milan Broz
373d901280 pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey
Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
2022-11-10 18:10:48 +01:00
Milan Broz
608aca8ed2 pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional
The copy of PKEY should be released on the error path.
Easily reproduced with "ED448" context.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)
2022-11-10 18:10:47 +01:00
Sam James
71bc497dc3 pem: fix -Wunused-but-set-variable
The loop never uses the value of 'line'.

Fixes this error with Clang 15:
```
crypto/pem/pem_lib.c:821:14: error: variable 'line' set but not used [-Werror,-Wunused-but-set-variable]
    int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
             ^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)
2022-10-21 15:56:32 +02:00
Richard Levitte
e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
2022-10-05 14:02:03 +02:00
valdaarhun
205957405d Fixes segfault occurrence in PEM_write()
Checks if header is NULL or not before calling strlen().

CLA: trivial

Fixes #18825

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18865)
2022-07-29 12:39:02 +10:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Jiasheng Jiang
2823e2e1d3 crypto/pem/pem_lib.c: Add check for BIO_read
As the potential failure of the BIO_read(),
it should be better to add the check and return
error if fails.
Also, in order to decrease the same code, using
'out_free' will be better.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17754)
2022-03-14 09:57:12 +01:00
Darshan Sen
1d28ada1c3 Allow empty passphrase in PEM_write_bio_PKCS8PrivateKey_nid()
Signed-off-by: Darshan Sen <raisinten@gmail.com>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
2022-01-26 17:15:52 +01:00
Dr. David von Oheimb
2ff286c26c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)
2021-11-17 15:48:34 +01:00
x2018
9dddcd90a1 add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(),
EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new().
Otherwise may result in memory errors.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16892)
2021-10-27 08:36:55 +10:00
Pauli
1ffac6ca17 pvk: use PVK KDF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15968)
2021-09-28 18:08:41 +10:00
Tomas Mraz
66a7c9f34b pem_read_bio_key: Add passphrase caching to avoid asking for password twice
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)
2021-07-02 15:33:34 +02:00
Tomas Mraz
fbbd425336 pem_read_bio_key_decoder: Avoid spurious error on unknown PEM data
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)
2021-07-02 15:33:27 +02:00
Matt Caswell
38fc02a708 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
2021-06-17 13:24:59 +01:00
Richard Levitte
6a2b8ff392 Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8
This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo",
which is sensible considering we already have "SubjectPublicKeyInfo".
We also add "EncryptedPrivateKeyInfo", and use it for a special decoder
that detects and decrypts an EncryptedPrivateKeyInfo structured DER
blob into a PrivateKeyInfo structured DER blob and passes that on to
the next decoder implementation.

The result of this change is that PKCS#8 decryption should only happen
once per decoding instead of once for every expected key type.
Furthermore, this new decoder implementation sets the data type to the
OID of the algorithmIdentifier field, thus reducing how many decoder
implementations are tentativaly run further down the call chain.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15498)
2021-06-09 17:00:10 +02:00
Matt Caswell
b2f1b36592 Actually use a legacy route in pem_read_bio_key_legacy()
The function pem_read_bio_key_legacy() is a fallback route if we
failed to load a key via a provider. We should be using the legacy
specific d2i functions to force legacy otherwise we end up using a
provider anyway

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)
2021-06-08 18:53:39 +01:00
Pauli
e73a08b400 pem: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
2021-06-02 16:30:15 +10:00
Tomas Mraz
ed576acdf5 Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-06-01 12:40:00 +02:00
Jon Spillett
5e2d22d53e Pass library context and property query into private key decoders
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
2021-06-01 12:16:27 +02:00
Jon Spillett
169eca602c Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
2021-06-01 12:16:27 +02:00
Tomas Mraz
07f65429c3 Fix possible infinite loop in pem_read_bio_key_decoder()
There could be an infinite loop if no read happened.

Fixes #15426

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15441)
2021-05-26 13:04:38 +02:00
Pauli
b93f6c2db9 err: rename err_load_xxx_strings_int functions
The new names are ossl_err_load_xxx_strings.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15446)
2021-05-26 13:01:47 +10:00
Tomas Mraz
8a709c5e4b pem_read_bio_key_legacy: Do not obscure real error if there is one
Fixes #15170

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15355)
2021-05-21 10:03:07 +10:00
Pauli
87e4e9c473 todo: remove TODO(3.0) from the sources.
Almost all were notes about wanting to deprecate CTRLs/utility functions.

Fixes #15325

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15328)
2021-05-20 09:00:22 +01:00
Tomas Mraz
7bc027d73b Fallback to legacy pem decoding if OSSL_DECODER fails
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15045)
2021-05-13 13:30:07 +02:00
Tomas Mraz
b4c4a2c688 Implement pem_read_key directly through OSSL_DECODER
Using OSSL_STORE is too heavy and breaks things.

There were also needed various fixes mainly for missing proper
handling of the SM2 keys in the OSSL_DECODER.

Fixes #14788

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15045)
2021-05-13 13:30:07 +02:00
Shane Lontis
d29d7a7ff2 Fix i2d_PKCS8PrivateKey_nid_bio() regression.
This method ignores the nid and could end up saving out the private key unencrypted

In earlier alpha releases OSSL_num_encoders() returned 0 for this test
case, which then meant that the legacy path was run, and the key was
then correctly encrypted.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15152)
2021-05-10 13:23:50 +10:00
Tomas Mraz
d382e79632 Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

The input type format is enforced only in case the file
type file store is used.

By default we use FORMAT_UNDEF meaning the input type
is not enforced.

Fixes #14569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
2021-05-06 11:43:32 +01:00
Pauli
3f700d4b95 pem: remove references to EVP_sha1()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)
2021-04-21 09:27:51 +10:00
Dr. David von Oheimb
4957d95208 PEM_X509_INFO_read_bio_ex(): Generalize to allow parsing any type of private key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14647)
2021-04-08 15:18:58 +02:00
Dr. David von Oheimb
c1fd710297 d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of RSA/DSA/EC private key
This is needed to correct d2i_PrivateKey() after it was changed by commit 576892d78f.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14647)
2021-04-08 15:18:58 +02:00
Matt Caswell
3c2bdd7df9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
2021-04-08 13:04:41 +01:00
Tomas Mraz
5050fd5b3b Avoid going through NID when unnecessary
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14703)
2021-04-01 14:39:54 +02:00
Pauli
711d7ca594 pem: fix coverity 1474426: uninitialised scalar variable.
Based on the value, it would with work properly or produce an error.  Most likely seems to have been the former.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)
2021-03-24 09:12:43 +10:00
Richard Levitte
f4e46b817d PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders
To make this cleaner, decoder_ms2key.c is split into decoder_msblob2key.c
and decoder_pvk2key.c.

This required a great deal of refactoring of crypto/pem/pvkfmt.c, to
make cleaner internal functions that our decoder implementations can
use.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-19 16:46:39 +01:00
Shane Lontis
b78c016649 Add ossl_pem_check_suffix symbol
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
2021-03-18 17:52:38 +10:00
Matt Caswell
8020d79b40 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)
2021-03-11 13:27:36 +00:00
Matt Caswell
7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type
OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
2021-03-08 15:13:09 +00:00
Matt Caswell
a28d06f3e9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-18 15:05:17 +00:00
Tomas Mraz
fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
Additional renames done in encoder and decoder implementation
to follow the style.

Fixes #13622

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14155)
2021-02-17 15:26:12 +01:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Dr. David von Oheimb
0cbb3602f5 Make PEM_X509_INFO_read_bio_ex() conservative on the error queue
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)
2021-01-13 09:09:36 +01:00
Richard Levitte
3a1ee3c199 Drop OPENSSL_NO_RSA everywhere
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
2020-12-20 12:19:42 +01:00
Richard Levitte
e77c13f8b7 MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key
So far, the MSBLOB and PVK writers could only handle EVP_PKEYs with
legacy internal keys.

Specially to be able to compile the loader_attic engine, we use the C
macro OPENSSL_NO_PROVIDER_CODE to avoid building the provider specific
things when we don't need them.  The alternative is to suck half of
crypto/evp/ into loader_attic, and that's just not feasible.

Fixes #13503

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-17 12:02:08 +01:00
Richard Levitte
a158f8cfb9 PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4'
All these functions are usable with RSA keys, there's no reason why
they should be unaccessible when DSA or RC4 are disabled.

When DSA is disabled, it's not possible to use these functions for
DSA EVP_PKEYs.  That's fine, and supported.

When RC4 is disabled, it's not possible to use these functions to
write encrypted PVK output.  That doesn't even depend on the
definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible
via EVP, something that isn't known when building libcrypto.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)
2020-12-13 10:27:31 +01:00
Richard Levitte
9256e8a248 PEM: Add a more generic way to implement PEM _ex functions for libctx
This also adds the following functions, for completeness:

PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_ex(),
PEM_write_PUBKEY_ex, PEM_write_bio_PUBKEY_ex

Fixes #13542

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13547)
2020-12-05 11:09:20 +01:00
Richard Levitte
b03da688a2 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY()
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13545)
2020-12-02 13:37:20 +01:00