/src/openssl/crypto/pem/pem_info.c

Source (jump to first uncovered line)
/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "crypto/evp.h"

#ifndef OPENSSL_NO_STDIO
STACK_OF(X509_INFO)
*PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
                       void *u, OSSL_LIB_CTX *libctx, const char *propq)
{
    BIO *b;
    STACK_OF(X509_INFO) *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
        return 0;
    }
    BIO_set_fp(b, fp, BIO_NOCLOSE);
    ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq);
    BIO_free(b);
    return ret;
}

STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                        pem_password_cb *cb, void *u)
{
    return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL);
}
#endif

STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk,
                                               pem_password_cb *cb, void *u,
                                               OSSL_LIB_CTX *libctx,
                                               const char *propq)
{
    X509_INFO *xi = NULL;
    char *name = NULL, *header = NULL, *str;
    void *pp;
    unsigned char *data = NULL;
    const unsigned char *p;
    long len, error = 0;
    int ok = 0;
    STACK_OF(X509_INFO) *ret = NULL;
    unsigned int i, raw, ptype;
    d2i_of_void *d2i = 0;

    if (sk == NULL) {
        if ((ret = sk_X509_INFO_new_null()) == NULL) {
            ERR_raise(ERR_LIB_PEM, ERR_R_CRYPTO_LIB);
            goto err;
        }
    } else
        ret = sk;

    if ((xi = X509_INFO_new()) == NULL)
        goto err;
    for (;;) {
        raw = 0;
        ptype = 0;
        ERR_set_mark();
        i = PEM_read_bio(bp, &name, &header, &data, &len);
        if (i == 0) {
            error = ERR_GET_REASON(ERR_peek_last_error());
            if (error == PEM_R_NO_START_LINE) {
                ERR_pop_to_mark();
                break;
            }
            ERR_clear_last_mark();
            goto err;
        }
        ERR_clear_last_mark();
 start:
        if (strcmp(name, PEM_STRING_X509) == 0
                || strcmp(name, PEM_STRING_X509_OLD) == 0
                || strcmp(name, PEM_STRING_X509_TRUSTED) == 0) {
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0))
                d2i = (D2I_OF(void)) d2i_X509_AUX;
            else
                d2i = (D2I_OF(void)) d2i_X509;
            xi->x509 = X509_new_ex(libctx, propq);
            if (xi->x509 == NULL)
                goto err;
            pp = &(xi->x509);
        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
            d2i = (D2I_OF(void)) d2i_X509_CRL;
            if (xi->crl != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->crl);
        } else if ((str = strstr(name, PEM_STRING_PKCS8INF)) != NULL) {
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            if (str == name || strcmp(name, PEM_STRING_PKCS8) == 0) {
                ptype = EVP_PKEY_NONE;
            } else {
                /* chop " PRIVATE KEY" */
                *--str = '\0';
                ptype = evp_pkey_name2type(name);
            }
            xi->enc_data = NULL;
            xi->enc_len = 0;

            d2i = (D2I_OF(void)) d2i_AutoPrivateKey;
            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10 /* assume encrypted */
                   || strcmp(name, PEM_STRING_PKCS8) == 0)
                raw = 1;
        } else { /* unknown */
            d2i = NULL;
            pp = NULL;
        }

        if (d2i != NULL) {
            if (!raw) {
                EVP_CIPHER_INFO cipher;

                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
                    goto err;
                if (!PEM_do_header(&cipher, data, &len, cb, u))
                    goto err;
                p = data;
                if (ptype) {
                    if (d2i_PrivateKey_ex(ptype, pp, &p, len,
                                          libctx, propq) == NULL) {
                        ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
                        goto err;
                    }
                } else if (d2i(pp, &p, len) == NULL) {
                    ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
                    goto err;
                }
            } else {            /* encrypted key data */
                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
                    goto err;
                xi->enc_data = (char *)data;
                xi->enc_len = (int)len;
                data = NULL;
            }
        }
        OPENSSL_free(name);
        name = NULL;
        OPENSSL_free(header);
        header = NULL;
        OPENSSL_free(data);
        data = NULL;
    }

    /*
     * if the last one hasn't been pushed yet and there is anything in it
     * then add it to the stack ...
     */
    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
        if (!sk_X509_INFO_push(ret, xi))
            goto err;
        xi = NULL;
    }
    ok = 1;
 err:
    X509_INFO_free(xi);
    if (!ok) {
        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
            xi = sk_X509_INFO_value(ret, i);
            X509_INFO_free(xi);
        }
        if (ret != sk)
            sk_X509_INFO_free(ret);
        ret = NULL;
    }

    OPENSSL_free(name);
    OPENSSL_free(header);
    OPENSSL_free(data);
    return ret;
}

STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
                                            pem_password_cb *cb, void *u)
{
    return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL);
}

/* A TJH addition */
int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
                            const unsigned char *kstr, int klen,
                            pem_password_cb *cb, void *u)
{
    int i, ret = 0;
    unsigned char *data = NULL;
    const char *objstr = NULL;
    char buf[PEM_BUFSIZE];
    const unsigned char *iv = NULL;

    if (enc != NULL) {
        objstr = EVP_CIPHER_get0_name(enc);
        if (objstr == NULL
               /*
                * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
                * fits into buf
                */
            || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13
               > sizeof(buf)) {
            ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
            goto err;
        }
    }

    /*
     * now for the fun part ... if we have a private key then we have to be
     * able to handle a not-yet-decrypted key being written out correctly ...
     * if it is decrypted or it is non-encrypted then we use the base code
     */
    if (xi->x_pkey != NULL) {
        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
            if (enc == NULL) {
                ERR_raise(ERR_LIB_PEM, PEM_R_CIPHER_IS_NULL);
                goto err;
            }

            /* copy from weirdo names into more normal things */
            iv = xi->enc_cipher.iv;
            data = (unsigned char *)xi->enc_data;
            i = xi->enc_len;

            /*
             * we take the encryption data from the internal stuff rather
             * than what the user has passed us ... as we have to match
             * exactly for some strange reason
             */
            objstr = EVP_CIPHER_get0_name(xi->enc_cipher.cipher);
            if (objstr == NULL) {
                ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
                goto err;
            }

            /* Create the right magic header stuff */
            buf[0] = '\0';
            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
            PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc),
                         (const char *)iv);

            /* use the normal code to write things out */
            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
            if (i <= 0)
                goto err;
        } else {
            /* Add DSA/DH */
            /* normal optionally encrypted stuff */
            if (PEM_write_bio_RSAPrivateKey(bp,
                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
                                            enc, kstr, klen, cb, u) <= 0)
                goto err;
        }
    }

    /* if we have a certificate then write it out now */
    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
        goto err;

    /*
     * we are ignoring anything else that is loaded into the X509_INFO
     * structure for the moment ... as I don't need it so I'm not coding it
     * here and Eric can do it when this makes it into the base library --tjh
     */

    ret = 1;

 err:
    OPENSSL_cleanse(buf, PEM_BUFSIZE);
    return ret;
}

Coverage Report

Created: 2025-06-13 06:56

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*
11		* DSA low level APIs are deprecated for public use, but still ok for
12		* internal use.
13		*/
14		#include "internal/deprecated.h"
15
16		#include <stdio.h>
17		#include "internal/cryptlib.h"
18		#include <openssl/buffer.h>
19		#include <openssl/objects.h>
20		#include <openssl/evp.h>
21		#include <openssl/x509.h>
22		#include <openssl/pem.h>
23		#include <openssl/rsa.h>
24		#include <openssl/dsa.h>
25		#include "crypto/evp.h"
26
27		#ifndef OPENSSL_NO_STDIO
28		STACK_OF(X509_INFO)
29		PEM_X509_INFO_read_ex(FILE fp, STACK_OF(X509_INFO) sk, pem_password_cb cb,
30		void u, OSSL_LIB_CTX libctx, const char *propq)
31	0	{
32	0	BIO *b;
33	0	STACK_OF(X509_INFO) *ret;
34
35	0	if ((b = BIO_new(BIO_s_file())) == NULL) {
36	0	ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
37	0	return 0;
38	0	}
39	0	BIO_set_fp(b, fp, BIO_NOCLOSE);
40	0	ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq);
41	0	BIO_free(b);
42	0	return ret;
43	0	}
44
45		STACK_OF(X509_INFO) PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) *sk,
46		pem_password_cb cb, void u)
47	0	{
48	0	return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL);
49	0	}
50		#endif
51
52		STACK_OF(X509_INFO) PEM_X509_INFO_read_bio_ex(BIO bp, STACK_OF(X509_INFO) *sk,
53		pem_password_cb cb, void u,
54		OSSL_LIB_CTX *libctx,
55		const char *propq)
56	0	{
57	0	X509_INFO *xi = NULL;
58	0	char name = NULL, header = NULL, *str;
59	0	void *pp;
60	0	unsigned char *data = NULL;
61	0	const unsigned char *p;
62	0	long len, error = 0;
63	0	int ok = 0;
64	0	STACK_OF(X509_INFO) *ret = NULL;
65	0	unsigned int i, raw, ptype;
66	0	d2i_of_void *d2i = 0;
67
68	0	if (sk == NULL) {
69	0	if ((ret = sk_X509_INFO_new_null()) == NULL) {
70	0	ERR_raise(ERR_LIB_PEM, ERR_R_CRYPTO_LIB);
71	0	goto err;
72	0	}
73	0	} else
74	0	ret = sk;
75
76	0	if ((xi = X509_INFO_new()) == NULL)
77	0	goto err;
78	0	for (;;) {
79	0	raw = 0;
80	0	ptype = 0;
81	0	ERR_set_mark();
82	0	i = PEM_read_bio(bp, &name, &header, &data, &len);
83	0	if (i == 0) {
84	0	error = ERR_GET_REASON(ERR_peek_last_error());
85	0	if (error == PEM_R_NO_START_LINE) {
86	0	ERR_pop_to_mark();
87	0	break;
88	0	}
89	0	ERR_clear_last_mark();
90	0	goto err;
91	0	}
92	0	ERR_clear_last_mark();
93	0	start:
94	0	if (strcmp(name, PEM_STRING_X509) == 0
95	0	\|\| strcmp(name, PEM_STRING_X509_OLD) == 0
96	0	\|\| strcmp(name, PEM_STRING_X509_TRUSTED) == 0) {
97	0	if (xi->x509 != NULL) {
98	0	if (!sk_X509_INFO_push(ret, xi))
99	0	goto err;
100	0	if ((xi = X509_INFO_new()) == NULL)
101	0	goto err;
102	0	goto start;
103	0	}
104	0	if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0))
105	0	d2i = (D2I_OF(void)) d2i_X509_AUX;
106	0	else
107	0	d2i = (D2I_OF(void)) d2i_X509;
108	0	xi->x509 = X509_new_ex(libctx, propq);
109	0	if (xi->x509 == NULL)
110	0	goto err;
111	0	pp = &(xi->x509);
112	0	} else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
113	0	d2i = (D2I_OF(void)) d2i_X509_CRL;
114	0	if (xi->crl != NULL) {
115	0	if (!sk_X509_INFO_push(ret, xi))
116	0	goto err;
117	0	if ((xi = X509_INFO_new()) == NULL)
118	0	goto err;
119	0	goto start;
120	0	}
121	0	pp = &(xi->crl);
122	0	} else if ((str = strstr(name, PEM_STRING_PKCS8INF)) != NULL) {
123	0	if (xi->x_pkey != NULL) {
124	0	if (!sk_X509_INFO_push(ret, xi))
125	0	goto err;
126	0	if ((xi = X509_INFO_new()) == NULL)
127	0	goto err;
128	0	goto start;
129	0	}
130	0	if (str == name \|\| strcmp(name, PEM_STRING_PKCS8) == 0) {
131	0	ptype = EVP_PKEY_NONE;
132	0	} else {
133		/* chop " PRIVATE KEY" */
134	0	*--str = '\0';
135	0	ptype = evp_pkey_name2type(name);
136	0	}
137	0	xi->enc_data = NULL;
138	0	xi->enc_len = 0;
139
140	0	d2i = (D2I_OF(void)) d2i_AutoPrivateKey;
141	0	xi->x_pkey = X509_PKEY_new();
142	0	if (xi->x_pkey == NULL)
143	0	goto err;
144	0	pp = &xi->x_pkey->dec_pkey;
145	0	if ((int)strlen(header) > 10 /* assume encrypted */
146	0	\|\| strcmp(name, PEM_STRING_PKCS8) == 0)
147	0	raw = 1;
148	0	} else { /* unknown */
149	0	d2i = NULL;
150	0	pp = NULL;
151	0	}
152
153	0	if (d2i != NULL) {
154	0	if (!raw) {
155	0	EVP_CIPHER_INFO cipher;
156
157	0	if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
158	0	goto err;
159	0	if (!PEM_do_header(&cipher, data, &len, cb, u))
160	0	goto err;
161	0	p = data;
162	0	if (ptype) {
163	0	if (d2i_PrivateKey_ex(ptype, pp, &p, len,
164	0	libctx, propq) == NULL) {
165	0	ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
166	0	goto err;
167	0	}
168	0	} else if (d2i(pp, &p, len) == NULL) {
169	0	ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
170	0	goto err;
171	0	}
172	0	} else { /* encrypted key data */
173	0	if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
174	0	goto err;
175	0	xi->enc_data = (char *)data;
176	0	xi->enc_len = (int)len;
177	0	data = NULL;
178	0	}
179	0	}
180	0	OPENSSL_free(name);
181	0	name = NULL;
182	0	OPENSSL_free(header);
183	0	header = NULL;
184	0	OPENSSL_free(data);
185	0	data = NULL;
186	0	}
187
188		/*
189		* if the last one hasn't been pushed yet and there is anything in it
190		* then add it to the stack ...
191		*/
192	0	if ((xi->x509 != NULL) \|\| (xi->crl != NULL) \|\|
193	0	(xi->x_pkey != NULL) \|\| (xi->enc_data != NULL)) {
194	0	if (!sk_X509_INFO_push(ret, xi))
195	0	goto err;
196	0	xi = NULL;
197	0	}
198	0	ok = 1;
199	0	err:
200	0	X509_INFO_free(xi);
201	0	if (!ok) {
202	0	for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
203	0	xi = sk_X509_INFO_value(ret, i);
204	0	X509_INFO_free(xi);
205	0	}
206	0	if (ret != sk)
207	0	sk_X509_INFO_free(ret);
208	0	ret = NULL;
209	0	}
210
211	0	OPENSSL_free(name);
212	0	OPENSSL_free(header);
213	0	OPENSSL_free(data);
214	0	return ret;
215	0	}
216
217		STACK_OF(X509_INFO) PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) *sk,
218		pem_password_cb cb, void u)
219	0	{
220	0	return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL);
221	0	}
222
223		/* A TJH addition */
224		int PEM_X509_INFO_write_bio(BIO bp, const X509_INFO xi, EVP_CIPHER *enc,
225		const unsigned char *kstr, int klen,
226		pem_password_cb cb, void u)
227	0	{
228	0	int i, ret = 0;
229	0	unsigned char *data = NULL;
230	0	const char *objstr = NULL;
231	0	char buf[PEM_BUFSIZE];
232	0	const unsigned char *iv = NULL;
233
234	0	if (enc != NULL) {
235	0	objstr = EVP_CIPHER_get0_name(enc);
236	0	if (objstr == NULL
237		/*
238		* Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
239		* fits into buf
240		*/
241	0	\|\| strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13
242	0	> sizeof(buf)) {
243	0	ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
244	0	goto err;
245	0	}
246	0	}
247
248		/*
249		* now for the fun part ... if we have a private key then we have to be
250		* able to handle a not-yet-decrypted key being written out correctly ...
251		* if it is decrypted or it is non-encrypted then we use the base code
252		*/
253	0	if (xi->x_pkey != NULL) {
254	0	if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
255	0	if (enc == NULL) {
256	0	ERR_raise(ERR_LIB_PEM, PEM_R_CIPHER_IS_NULL);
257	0	goto err;
258	0	}
259
260		/* copy from weirdo names into more normal things */
261	0	iv = xi->enc_cipher.iv;
262	0	data = (unsigned char *)xi->enc_data;
263	0	i = xi->enc_len;
264
265		/*
266		* we take the encryption data from the internal stuff rather
267		* than what the user has passed us ... as we have to match
268		* exactly for some strange reason
269		*/
270	0	objstr = EVP_CIPHER_get0_name(xi->enc_cipher.cipher);
271	0	if (objstr == NULL) {
272	0	ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
273	0	goto err;
274	0	}
275
276		/* Create the right magic header stuff */
277	0	buf[0] = '\0';
278	0	PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
279	0	PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc),
280	0	(const char *)iv);
281
282		/* use the normal code to write things out */
283	0	i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
284	0	if (i <= 0)
285	0	goto err;
286	0	} else {
287		/* Add DSA/DH */
288		/* normal optionally encrypted stuff */
289	0	if (PEM_write_bio_RSAPrivateKey(bp,
290	0	EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
291	0	enc, kstr, klen, cb, u) <= 0)
292	0	goto err;
293	0	}
294	0	}
295
296		/* if we have a certificate then write it out now */
297	0	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
298	0	goto err;
299
300		/*
301		* we are ignoring anything else that is loaded into the X509_INFO
302		* structure for the moment ... as I don't need it so I'm not coding it
303		* here and Eric can do it when this makes it into the base library --tjh
304		*/
305
306	0	ret = 1;
307
308	0	err:
309	0	OPENSSL_cleanse(buf, PEM_BUFSIZE);
310	0	return ret;
311	0	}