X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=crypto%2Fpem%2Fpem_info.c;h=cc7f24a9c1cf491ae3092b9dc4aa8fe05e927ef0;hb=fa2ae04c40510262d198131c758acd8aa5a9b4ce;hp=27bcc25177539821d12c1616da341e269a0a56e6;hpb=35c2b3a9ac55646c332d13147a304d815ebf4cdb;p=oweals%2Fopenssl.git diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 27bcc25177..cc7f24a9c1 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -63,6 +63,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif #ifndef OPENSSL_NO_FP_API STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) @@ -85,13 +91,15 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_p STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { X509_INFO *xi=NULL; - char *name=NULL,*header=NULL,**pp; - unsigned char *data=NULL,*p; + char *name=NULL,*header=NULL; + void *pp; + unsigned char *data=NULL; + const unsigned char *p; long len,error=0; int ok=0; STACK_OF(X509_INFO) *ret=NULL; - unsigned int i,raw; - char *(*d2i)(); + unsigned int i,raw,ptype; + d2i_of_void *d2i = 0; if (sk == NULL) { @@ -108,6 +116,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe for (;;) { raw=0; + ptype = 0; i=PEM_read_bio(bp,&name,&header,&data,&len); if (i == 0) { @@ -123,42 +132,42 @@ start: if ( (strcmp(name,PEM_STRING_X509) == 0) || (strcmp(name,PEM_STRING_X509_OLD) == 0)) { - d2i=(char *(*)())d2i_X509; + d2i=(D2I_OF(void))d2i_X509; if (xi->x509 != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->x509); + pp=&(xi->x509); } else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) { - d2i=(char *(*)())d2i_X509_AUX; + d2i=(D2I_OF(void))d2i_X509_AUX; if (xi->x509 != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->x509); + pp=&(xi->x509); } else if (strcmp(name,PEM_STRING_X509_CRL) == 0) { - d2i=(char *(*)())d2i_X509_CRL; + d2i=(D2I_OF(void))d2i_X509_CRL; if (xi->crl != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->crl); + pp=&(xi->crl); } else #ifndef OPENSSL_NO_RSA if (strcmp(name,PEM_STRING_RSA) == 0) { - d2i=(char *(*)())d2i_RSAPrivateKey; + d2i=(D2I_OF(void))d2i_RSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -170,10 +179,8 @@ start: xi->enc_len=0; xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) - goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa); + ptype=EVP_PKEY_RSA; + pp=&xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } @@ -182,7 +189,7 @@ start: #ifndef OPENSSL_NO_DSA if (strcmp(name,PEM_STRING_DSA) == 0) { - d2i=(char *(*)())d2i_DSAPrivateKey; + d2i=(D2I_OF(void))d2i_DSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -194,19 +201,17 @@ start: xi->enc_len=0; xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) - goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa); + ptype = EVP_PKEY_DSA; + pp=&xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } else #endif -#ifndef OPENSSL_NO_ECDSA - if (strcmp(name,PEM_STRING_ECDSA) == 0) +#ifndef OPENSSL_NO_EC + if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) { - d2i=(char *(*)())d2i_ECDSAPrivateKey; + d2i=(D2I_OF(void))d2i_ECPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -218,10 +223,8 @@ start: xi->enc_len=0; xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) - goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_ECDSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.ecdsa); + ptype = EVP_PKEY_EC; + pp=&xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } @@ -243,7 +246,15 @@ start: if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; p=data; - if (d2i(pp,&p,len) == NULL) + if (ptype) + { + if (!d2i_PrivateKey(ptype, pp, &p, len)) + { + PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); + goto err; + } + } + else if (d2i(pp,&p,len) == NULL) { PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); goto err; @@ -329,6 +340,12 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, { if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) { + if (enc == NULL) + { + PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL); + goto err; + } + /* copy from weirdo names into more normal things */ iv=xi->enc_cipher.iv; data=(unsigned char *)xi->enc_data; @@ -348,6 +365,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, } /* create the right magic header stuff */ + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); @@ -382,7 +400,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, ret=1; err: - memset((char *)&ctx,0,sizeof(ctx)); - memset(buf,0,PEM_BUFSIZE); + OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); + OPENSSL_cleanse(buf,PEM_BUFSIZE); return(ret); }