mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
25624c9087
openssl/providers/implementations/storemgmt/file_store_any2obj.c
Richard Levitte e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places 
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
2022-10-05 14:02:03 +02:00

262 lines
7.7 KiB
C
Raw Blame History

/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This is a decoder that's completely internal to the 'file:' store
* implementation. Only code in file_store.c know about this one. Because
* of this close relationship, we can cut certain corners, such as making
* assumptions about the "provider context", which is currently simply the
* provider context that the file_store.c code operates within.
*
* All this does is to read known binary encodings (currently: DER, MSBLOB,
* PVK) from the input if it can, and passes it on to the data callback as
* an object abstraction, leaving it to the callback to figure out what it
* actually is.
*
* This MUST be made the last decoder in a chain, leaving it to other more
* specialized decoders to recognise and process their stuff first.
*/
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/core_object.h>
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
#include <openssl/asn1err.h>
#include <openssl/params.h>
#include "internal/asn1.h"
#include "crypto/pem.h" /* For internal PVK and "blob" headers */
#include "prov/bio.h"
#include "file_store_local.h"
/*
* newctx and freectx are not strictly necessary. However, the method creator,
* ossl_decoder_from_algorithm(), demands that they exist, so we make sure to
* oblige.
*/
static OSSL_FUNC_decoder_newctx_fn any2obj_newctx;
static OSSL_FUNC_decoder_freectx_fn any2obj_freectx;
static void *any2obj_newctx(void *provctx)
{
return provctx;
}
static void any2obj_freectx(void *vctx)
{
}
static int any2obj_decode_final(void *provctx, int objtype, BUF_MEM *mem,
OSSL_CALLBACK *data_cb, void *data_cbarg)
{
/*
* 1 indicates that we successfully decoded something, or not at all.
* Ending up "empty handed" is not an error.
*/
int ok = 1;
if (mem != NULL) {
OSSL_PARAM params[3];
params[0] =
OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
params[1] =
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
mem->data, mem->length);
params[2] = OSSL_PARAM_construct_end();
ok = data_cb(params, data_cbarg);
BUF_MEM_free(mem);
}
return ok;
}
static OSSL_FUNC_decoder_decode_fn der2obj_decode;
static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
BUF_MEM *mem = NULL;
int ok;
if (in == NULL)
return 0;
ERR_set_mark();
ok = (asn1_d2i_read_bio(in, &mem) >= 0);
ERR_pop_to_mark();
if (!ok && mem != NULL) {
BUF_MEM_free(mem);
mem = NULL;
}
BIO_free(in);
/* any2obj_decode_final() frees |mem| for us */
return any2obj_decode_final(provctx, OSSL_OBJECT_UNKNOWN, mem,
data_cb, data_cbarg);
}
static OSSL_FUNC_decoder_decode_fn msblob2obj_decode;
static int msblob2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
BUF_MEM *mem = NULL;
size_t mem_len = 0, mem_want;
const unsigned char *p;
unsigned int bitlen, magic;
int isdss = -1;
int ispub = -1;
int ok = 0;
if (in == NULL)
goto err;
mem_want = 16; /* The size of the MSBLOB header */
if ((mem = BUF_MEM_new()) == NULL
|| !BUF_MEM_grow(mem, mem_want)) {
ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
goto err;
}
ERR_set_mark();
ok = BIO_read(in, &mem->data[0], mem_want) == (int)mem_want;
mem_len += mem_want;
ERR_pop_to_mark();
if (!ok)
goto next;
ERR_set_mark();
p = (unsigned char *)&mem->data[0];
ok = ossl_do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) > 0;
ERR_pop_to_mark();
if (!ok)
goto next;
ok = 0;
mem_want = ossl_blob_length(bitlen, isdss, ispub);
if (!BUF_MEM_grow(mem, mem_len + mem_want)) {
ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
goto err;
}
ERR_set_mark();
ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want;
mem_len += mem_want;
ERR_pop_to_mark();
next:
/* Free resources we no longer need. */
BIO_free(in);
if (!ok && mem != NULL) {
BUF_MEM_free(mem);
mem = NULL;
}
/* any2obj_decode_final() frees |mem| for us */
return any2obj_decode_final(provctx, OSSL_OBJECT_PKEY, mem,
data_cb, data_cbarg);
err:
BIO_free(in);
BUF_MEM_free(mem);
return 0;
}
static OSSL_FUNC_decoder_decode_fn pvk2obj_decode;
static int pvk2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
BUF_MEM *mem = NULL;
size_t mem_len = 0, mem_want;
const unsigned char *p;
unsigned int saltlen, keylen;
int ok = 0;
if (in == NULL)
goto err;
mem_want = 24; /* The size of the PVK header */
if ((mem = BUF_MEM_new()) == NULL
|| !BUF_MEM_grow(mem, mem_want)) {
ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
goto err;
}
ERR_set_mark();
ok = BIO_read(in, &mem->data[0], mem_want) == (int)mem_want;
mem_len += mem_want;
ERR_pop_to_mark();
if (!ok)
goto next;
ERR_set_mark();
p = (unsigned char *)&mem->data[0];
ok = ossl_do_PVK_header(&p, 24, 0, &saltlen, &keylen) > 0;
ERR_pop_to_mark();
if (!ok)
goto next;
ok = 0;
mem_want = saltlen + keylen;
if (!BUF_MEM_grow(mem, mem_len + mem_want)) {
ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
goto err;
}
ERR_set_mark();
ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want;
mem_len += mem_want;
ERR_pop_to_mark();
next:
/* Free resources we no longer need. */
BIO_free(in);
if (!ok && mem != NULL) {
BUF_MEM_free(mem);
mem = NULL;
}
/* any2obj_decode_final() frees |mem| for us */
return any2obj_decode_final(provctx, OSSL_OBJECT_PKEY, mem,
data_cb, data_cbarg);
err:
BIO_free(in);
BUF_MEM_free(mem);
return 0;
}
#define MAKE_DECODER(fromtype, objtype) \
static const OSSL_DISPATCH fromtype##_to_obj_decoder_functions[] = { \
{ OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))any2obj_newctx }, \
{ OSSL_FUNC_DECODER_FREECTX, (void (*)(void))any2obj_freectx }, \
{ OSSL_FUNC_DECODER_DECODE, (void (*)(void))fromtype##2obj_decode }, \
{ 0, NULL } \
}
MAKE_DECODER(der, OSSL_OBJECT_UNKNOWN);
MAKE_DECODER(msblob, OSSL_OBJECT_PKEY);
MAKE_DECODER(pvk, OSSL_OBJECT_PKEY);
const OSSL_ALGORITHM ossl_any_to_obj_algorithm[] = {
{ "obj", "input=DER", der_to_obj_decoder_functions },
{ "obj", "input=MSBLOB", msblob_to_obj_decoder_functions },
{ "obj", "input=PVK", pvk_to_obj_decoder_functions },
{ NULL, }
};
Reference in New Issue View Git Blame Copy Permalink