GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/pem/pem_info.c Lines: 46 158 29.1 %
Date: 2017-11-13 Branches: 24 135 17.8 %

Line Branch Exec Source
1
/* $OpenBSD: pem_info.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
59
#include <stdio.h>
60
#include <string.h>
61
62
#include <openssl/opensslconf.h>
63
64
#include <openssl/buffer.h>
65
#include <openssl/err.h>
66
#include <openssl/evp.h>
67
#include <openssl/objects.h>
68
#include <openssl/pem.h>
69
#include <openssl/x509.h>
70
71
#ifndef OPENSSL_NO_DSA
72
#include <openssl/dsa.h>
73
#endif
74
#ifndef OPENSSL_NO_RSA
75
#include <openssl/rsa.h>
76
#endif
77
78
STACK_OF(X509_INFO) *
79
PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
80
    void *u)
81
{
82
	BIO *b;
83
	STACK_OF(X509_INFO) *ret;
84
85
	if ((b = BIO_new(BIO_s_file())) == NULL) {
86
		PEMerror(ERR_R_BUF_LIB);
87
		return (0);
88
	}
89
	BIO_set_fp(b, fp, BIO_NOCLOSE);
90
	ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
91
	BIO_free(b);
92
	return (ret);
93
}
94
95
STACK_OF(X509_INFO) *
96
PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
97
    void *u)
98
{
99
	X509_INFO *xi = NULL;
100
562
	char *name = NULL, *header = NULL;
101
	void *pp;
102
281
	unsigned char *data = NULL;
103
281
	const unsigned char *p;
104
281
	long len, error = 0;
105
	int ok = 0;
106
	STACK_OF(X509_INFO) *ret = NULL;
107
	unsigned int i, raw, ptype;
108
	d2i_of_void *d2i = 0;
109
110
281
	if (sk == NULL) {
111
281
		if ((ret = sk_X509_INFO_new_null()) == NULL) {
112
			PEMerror(ERR_R_MALLOC_FAILURE);
113
			return 0;
114
		}
115
	} else
116
		ret = sk;
117
118
281
	if ((xi = X509_INFO_new()) == NULL)
119
		goto err;
120
10438
	for (;;) {
121
		raw = 0;
122
		ptype = 0;
123
10438
		i = PEM_read_bio(bp, &name, &header, &data, &len);
124
20595
		if (i == 0) {
125
281
			error = ERR_GET_REASON(ERR_peek_last_error());
126
281
			if (error == PEM_R_NO_START_LINE) {
127
281
				ERR_clear_error();
128
				break;
129
			}
130
			goto err;
131
		}
132
start:
133

20033
		if ((strcmp(name, PEM_STRING_X509) == 0) ||
134
		    (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
135
			d2i = (D2I_OF(void))d2i_X509;
136
20033
			if (xi->x509 != NULL) {
137
9876
				if (!sk_X509_INFO_push(ret, xi))
138
					goto err;
139
9876
				if ((xi = X509_INFO_new()) == NULL)
140
					goto err;
141
9876
				goto start;
142
			}
143
10157
			pp = &(xi->x509);
144
10157
		} else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
145
			d2i = (D2I_OF(void))d2i_X509_AUX;
146
			if (xi->x509 != NULL) {
147
				if (!sk_X509_INFO_push(ret, xi))
148
					goto err;
149
				if ((xi = X509_INFO_new()) == NULL)
150
					goto err;
151
				goto start;
152
			}
153
			pp = &(xi->x509);
154
		} else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
155
			d2i = (D2I_OF(void))d2i_X509_CRL;
156
			if (xi->crl != NULL) {
157
				if (!sk_X509_INFO_push(ret, xi))
158
					goto err;
159
				if ((xi = X509_INFO_new()) == NULL)
160
					goto err;
161
				goto start;
162
			}
163
			pp = &(xi->crl);
164
		} else
165
#ifndef OPENSSL_NO_RSA
166
		if (strcmp(name, PEM_STRING_RSA) == 0) {
167
			d2i = (D2I_OF(void))d2i_RSAPrivateKey;
168
			if (xi->x_pkey != NULL) {
169
				if (!sk_X509_INFO_push(ret, xi))
170
					goto err;
171
				if ((xi = X509_INFO_new()) == NULL)
172
					goto err;
173
				goto start;
174
			}
175
176
			xi->enc_data = NULL;
177
			xi->enc_len = 0;
178
179
			xi->x_pkey = X509_PKEY_new();
180
			if (xi->x_pkey == NULL)
181
				goto err;
182
			ptype = EVP_PKEY_RSA;
183
			pp = &xi->x_pkey->dec_pkey;
184
			if (strlen(header) > 10) /* assume encrypted */
185
				raw = 1;
186
		} else
187
#endif
188
#ifndef OPENSSL_NO_DSA
189
		if (strcmp(name, PEM_STRING_DSA) == 0) {
190
			d2i = (D2I_OF(void))d2i_DSAPrivateKey;
191
			if (xi->x_pkey != NULL) {
192
				if (!sk_X509_INFO_push(ret, xi))
193
					goto err;
194
				if ((xi = X509_INFO_new()) == NULL)
195
					goto err;
196
				goto start;
197
			}
198
199
			xi->enc_data = NULL;
200
			xi->enc_len = 0;
201
202
			xi->x_pkey = X509_PKEY_new();
203
			if (xi->x_pkey == NULL)
204
				goto err;
205
			ptype = EVP_PKEY_DSA;
206
			pp = &xi->x_pkey->dec_pkey;
207
			if (strlen(header) > 10) /* assume encrypted */
208
				raw = 1;
209
		} else
210
#endif
211
#ifndef OPENSSL_NO_EC
212
		if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
213
			d2i = (D2I_OF(void))d2i_ECPrivateKey;
214
			if (xi->x_pkey != NULL) {
215
				if (!sk_X509_INFO_push(ret, xi))
216
					goto err;
217
				if ((xi = X509_INFO_new()) == NULL)
218
					goto err;
219
				goto start;
220
			}
221
222
			xi->enc_data = NULL;
223
			xi->enc_len = 0;
224
225
			xi->x_pkey = X509_PKEY_new();
226
			if (xi->x_pkey == NULL)
227
				goto err;
228
			ptype = EVP_PKEY_EC;
229
			pp = &xi->x_pkey->dec_pkey;
230
			if (strlen(header) > 10) /* assume encrypted */
231
				raw = 1;
232
		} else
233
#endif
234
		{
235
			d2i = NULL;
236
			pp = NULL;
237
		}
238
239
10157
		if (d2i != NULL) {
240
10157
			if (!raw) {
241
10157
				EVP_CIPHER_INFO cipher;
242
243
10157
				if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
244
					goto err;
245
10157
				if (!PEM_do_header(&cipher, data, &len, cb, u))
246
					goto err;
247
10157
				p = data;
248
10157
				if (ptype) {
249
					if (!d2i_PrivateKey(ptype, pp, &p,
250
					    len)) {
251
						PEMerror(ERR_R_ASN1_LIB);
252
						goto err;
253
					}
254
10157
				} else if (d2i(pp, &p, len) == NULL) {
255
					PEMerror(ERR_R_ASN1_LIB);
256
					goto err;
257
				}
258
20876
			} else { /* encrypted RSA data */
259
				if (!PEM_get_EVP_CIPHER_INFO(header,
260
				    &xi->enc_cipher))
261
					goto err;
262
				xi->enc_data = (char *)data;
263
				xi->enc_len = (int)len;
264
				data = NULL;
265
			}
266
		} else {
267
			/* unknown */
268
		}
269
10157
		free(name);
270
10157
		free(header);
271
10157
		free(data);
272
10157
		name = NULL;
273
10157
		header = NULL;
274
10157
		data = NULL;
275
	}
276
277
	/* if the last one hasn't been pushed yet and there is anything
278
	 * in it then add it to the stack ...
279
	 */
280

281
	if ((xi->x509 != NULL) || (xi->crl != NULL) ||
281
	    (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
282
281
		if (!sk_X509_INFO_push(ret, xi))
283
			goto err;
284
		xi = NULL;
285
281
	}
286
281
	ok = 1;
287
288
err:
289
281
	if (xi != NULL)
290
		X509_INFO_free(xi);
291
281
	if (!ok) {
292
		for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
293
			xi = sk_X509_INFO_value(ret, i);
294
			X509_INFO_free(xi);
295
		}
296
		if (ret != sk)
297
			sk_X509_INFO_free(ret);
298
		ret = NULL;
299
	}
300
301
281
	free(name);
302
281
	free(header);
303
281
	free(data);
304
281
	return (ret);
305
281
}
306
307
308
/* A TJH addition */
309
int
310
PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
311
    unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
312
{
313
	EVP_CIPHER_CTX ctx;
314
	int i, ret = 0;
315
	unsigned char *data = NULL;
316
	const char *objstr = NULL;
317
	char buf[PEM_BUFSIZE];
318
	unsigned char *iv = NULL;
319
320
	if (enc != NULL) {
321
		objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
322
		if (objstr == NULL) {
323
			PEMerror(PEM_R_UNSUPPORTED_CIPHER);
324
			goto err;
325
		}
326
	}
327
328
	/* now for the fun part ... if we have a private key then
329
	 * we have to be able to handle a not-yet-decrypted key
330
	 * being written out correctly ... if it is decrypted or
331
	 * it is non-encrypted then we use the base code
332
	 */
333
	if (xi->x_pkey != NULL) {
334
		if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
335
			if (enc == NULL) {
336
				PEMerror(PEM_R_CIPHER_IS_NULL);
337
				goto err;
338
			}
339
340
			/* copy from weirdo names into more normal things */
341
			iv = xi->enc_cipher.iv;
342
			data = (unsigned char *)xi->enc_data;
343
			i = xi->enc_len;
344
345
			/* we take the encryption data from the
346
			 * internal stuff rather than what the
347
			 * user has passed us ... as we have to
348
			 * match exactly for some strange reason
349
			 */
350
			objstr = OBJ_nid2sn(
351
			    EVP_CIPHER_nid(xi->enc_cipher.cipher));
352
			if (objstr == NULL) {
353
				PEMerror(PEM_R_UNSUPPORTED_CIPHER);
354
				goto err;
355
			}
356
357
			/* create the right magic header stuff */
358
			if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 >
359
			    sizeof buf) {
360
				PEMerror(ASN1_R_BUFFER_TOO_SMALL);
361
				goto err;
362
			}
363
			buf[0] = '\0';
364
			PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
365
			PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
366
367
			/* use the normal code to write things out */
368
			i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
369
			if (i <= 0)
370
				goto err;
371
		} else {
372
			/* Add DSA/DH */
373
#ifndef OPENSSL_NO_RSA
374
			/* normal optionally encrypted stuff */
375
			if (PEM_write_bio_RSAPrivateKey(bp,
376
			    xi->x_pkey->dec_pkey->pkey.rsa,
377
			    enc, kstr, klen, cb, u) <= 0)
378
				goto err;
379
#endif
380
		}
381
	}
382
383
	/* if we have a certificate then write it out now */
384
	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
385
		goto err;
386
387
	/* we are ignoring anything else that is loaded into the X509_INFO
388
	 * structure for the moment ... as I don't need it so I'm not
389
	 * coding it here and Eric can do it when this makes it into the
390
	 * base library --tjh
391
	 */
392
393
	ret = 1;
394
395
err:
396
	explicit_bzero((char *)&ctx, sizeof(ctx));
397
	explicit_bzero(buf, PEM_BUFSIZE);
398
	return (ret);
399
}