1 | /*
|
---|
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | #include <stdio.h>
|
---|
11 | #include <ctype.h>
|
---|
12 | #include <string.h>
|
---|
13 | #include "internal/cryptlib.h"
|
---|
14 | #include <openssl/buffer.h>
|
---|
15 | #include <openssl/objects.h>
|
---|
16 | #include <openssl/evp.h>
|
---|
17 | #include <openssl/rand.h>
|
---|
18 | #include <openssl/x509.h>
|
---|
19 | #include <openssl/pem.h>
|
---|
20 | #include <openssl/pkcs12.h>
|
---|
21 | #include "internal/asn1_int.h"
|
---|
22 | #include <openssl/des.h>
|
---|
23 | #include <openssl/engine.h>
|
---|
24 |
|
---|
25 | #define MIN_LENGTH 4
|
---|
26 |
|
---|
27 | static int load_iv(char **fromp, unsigned char *to, int num);
|
---|
28 | static int check_pem(const char *nm, const char *name);
|
---|
29 | int pem_check_suffix(const char *pem_str, const char *suffix);
|
---|
30 |
|
---|
31 | int PEM_def_callback(char *buf, int num, int w, void *key)
|
---|
32 | {
|
---|
33 | #if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
|
---|
34 | int i;
|
---|
35 | #else
|
---|
36 | int i, j;
|
---|
37 | const char *prompt;
|
---|
38 | #endif
|
---|
39 |
|
---|
40 | if (key) {
|
---|
41 | i = strlen(key);
|
---|
42 | i = (i > num) ? num : i;
|
---|
43 | memcpy(buf, key, i);
|
---|
44 | return i;
|
---|
45 | }
|
---|
46 |
|
---|
47 | #if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
|
---|
48 | PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
---|
49 | return -1;
|
---|
50 | #else
|
---|
51 | prompt = EVP_get_pw_prompt();
|
---|
52 | if (prompt == NULL)
|
---|
53 | prompt = "Enter PEM pass phrase:";
|
---|
54 |
|
---|
55 | for (;;) {
|
---|
56 | /*
|
---|
57 | * We assume that w == 0 means decryption,
|
---|
58 | * while w == 1 means encryption
|
---|
59 | */
|
---|
60 | int min_len = w ? MIN_LENGTH : 0;
|
---|
61 |
|
---|
62 | i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
|
---|
63 | if (i != 0) {
|
---|
64 | PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
|
---|
65 | memset(buf, 0, (unsigned int)num);
|
---|
66 | return -1;
|
---|
67 | }
|
---|
68 | j = strlen(buf);
|
---|
69 | if (min_len && j < min_len) {
|
---|
70 | fprintf(stderr,
|
---|
71 | "phrase is too short, needs to be at least %d chars\n",
|
---|
72 | min_len);
|
---|
73 | } else
|
---|
74 | break;
|
---|
75 | }
|
---|
76 | return j;
|
---|
77 | #endif
|
---|
78 | }
|
---|
79 |
|
---|
80 | void PEM_proc_type(char *buf, int type)
|
---|
81 | {
|
---|
82 | const char *str;
|
---|
83 |
|
---|
84 | if (type == PEM_TYPE_ENCRYPTED)
|
---|
85 | str = "ENCRYPTED";
|
---|
86 | else if (type == PEM_TYPE_MIC_CLEAR)
|
---|
87 | str = "MIC-CLEAR";
|
---|
88 | else if (type == PEM_TYPE_MIC_ONLY)
|
---|
89 | str = "MIC-ONLY";
|
---|
90 | else
|
---|
91 | str = "BAD-TYPE";
|
---|
92 |
|
---|
93 | OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
|
---|
94 | OPENSSL_strlcat(buf, str, PEM_BUFSIZE);
|
---|
95 | OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE);
|
---|
96 | }
|
---|
97 |
|
---|
98 | void PEM_dek_info(char *buf, const char *type, int len, char *str)
|
---|
99 | {
|
---|
100 | static const unsigned char map[17] = "0123456789ABCDEF";
|
---|
101 | long i;
|
---|
102 | int j;
|
---|
103 |
|
---|
104 | OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
|
---|
105 | OPENSSL_strlcat(buf, type, PEM_BUFSIZE);
|
---|
106 | OPENSSL_strlcat(buf, ",", PEM_BUFSIZE);
|
---|
107 | j = strlen(buf);
|
---|
108 | if (j + (len * 2) + 1 > PEM_BUFSIZE)
|
---|
109 | return;
|
---|
110 | for (i = 0; i < len; i++) {
|
---|
111 | buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
|
---|
112 | buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
|
---|
113 | }
|
---|
114 | buf[j + i * 2] = '\n';
|
---|
115 | buf[j + i * 2 + 1] = '\0';
|
---|
116 | }
|
---|
117 |
|
---|
118 | #ifndef OPENSSL_NO_STDIO
|
---|
119 | void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
|
---|
120 | pem_password_cb *cb, void *u)
|
---|
121 | {
|
---|
122 | BIO *b;
|
---|
123 | void *ret;
|
---|
124 |
|
---|
125 | if ((b = BIO_new(BIO_s_file())) == NULL) {
|
---|
126 | PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
|
---|
127 | return (0);
|
---|
128 | }
|
---|
129 | BIO_set_fp(b, fp, BIO_NOCLOSE);
|
---|
130 | ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
|
---|
131 | BIO_free(b);
|
---|
132 | return (ret);
|
---|
133 | }
|
---|
134 | #endif
|
---|
135 |
|
---|
136 | static int check_pem(const char *nm, const char *name)
|
---|
137 | {
|
---|
138 | /* Normal matching nm and name */
|
---|
139 | if (strcmp(nm, name) == 0)
|
---|
140 | return 1;
|
---|
141 |
|
---|
142 | /* Make PEM_STRING_EVP_PKEY match any private key */
|
---|
143 |
|
---|
144 | if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) {
|
---|
145 | int slen;
|
---|
146 | const EVP_PKEY_ASN1_METHOD *ameth;
|
---|
147 | if (strcmp(nm, PEM_STRING_PKCS8) == 0)
|
---|
148 | return 1;
|
---|
149 | if (strcmp(nm, PEM_STRING_PKCS8INF) == 0)
|
---|
150 | return 1;
|
---|
151 | slen = pem_check_suffix(nm, "PRIVATE KEY");
|
---|
152 | if (slen > 0) {
|
---|
153 | /*
|
---|
154 | * NB: ENGINE implementations won't contain a deprecated old
|
---|
155 | * private key decode function so don't look for them.
|
---|
156 | */
|
---|
157 | ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
|
---|
158 | if (ameth && ameth->old_priv_decode)
|
---|
159 | return 1;
|
---|
160 | }
|
---|
161 | return 0;
|
---|
162 | }
|
---|
163 |
|
---|
164 | if (strcmp(name, PEM_STRING_PARAMETERS) == 0) {
|
---|
165 | int slen;
|
---|
166 | const EVP_PKEY_ASN1_METHOD *ameth;
|
---|
167 | slen = pem_check_suffix(nm, "PARAMETERS");
|
---|
168 | if (slen > 0) {
|
---|
169 | ENGINE *e;
|
---|
170 | ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
|
---|
171 | if (ameth) {
|
---|
172 | int r;
|
---|
173 | if (ameth->param_decode)
|
---|
174 | r = 1;
|
---|
175 | else
|
---|
176 | r = 0;
|
---|
177 | #ifndef OPENSSL_NO_ENGINE
|
---|
178 | ENGINE_finish(e);
|
---|
179 | #endif
|
---|
180 | return r;
|
---|
181 | }
|
---|
182 | }
|
---|
183 | return 0;
|
---|
184 | }
|
---|
185 | /* If reading DH parameters handle X9.42 DH format too */
|
---|
186 | if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0
|
---|
187 | && strcmp(name, PEM_STRING_DHPARAMS) == 0)
|
---|
188 | return 1;
|
---|
189 |
|
---|
190 | /* Permit older strings */
|
---|
191 |
|
---|
192 | if (strcmp(nm, PEM_STRING_X509_OLD) == 0
|
---|
193 | && strcmp(name, PEM_STRING_X509) == 0)
|
---|
194 | return 1;
|
---|
195 |
|
---|
196 | if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0
|
---|
197 | && strcmp(name, PEM_STRING_X509_REQ) == 0)
|
---|
198 | return 1;
|
---|
199 |
|
---|
200 | /* Allow normal certs to be read as trusted certs */
|
---|
201 | if (strcmp(nm, PEM_STRING_X509) == 0
|
---|
202 | && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
|
---|
203 | return 1;
|
---|
204 |
|
---|
205 | if (strcmp(nm, PEM_STRING_X509_OLD) == 0
|
---|
206 | && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
|
---|
207 | return 1;
|
---|
208 |
|
---|
209 | /* Some CAs use PKCS#7 with CERTIFICATE headers */
|
---|
210 | if (strcmp(nm, PEM_STRING_X509) == 0
|
---|
211 | && strcmp(name, PEM_STRING_PKCS7) == 0)
|
---|
212 | return 1;
|
---|
213 |
|
---|
214 | if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0
|
---|
215 | && strcmp(name, PEM_STRING_PKCS7) == 0)
|
---|
216 | return 1;
|
---|
217 |
|
---|
218 | #ifndef OPENSSL_NO_CMS
|
---|
219 | if (strcmp(nm, PEM_STRING_X509) == 0
|
---|
220 | && strcmp(name, PEM_STRING_CMS) == 0)
|
---|
221 | return 1;
|
---|
222 | /* Allow CMS to be read from PKCS#7 headers */
|
---|
223 | if (strcmp(nm, PEM_STRING_PKCS7) == 0
|
---|
224 | && strcmp(name, PEM_STRING_CMS) == 0)
|
---|
225 | return 1;
|
---|
226 | #endif
|
---|
227 |
|
---|
228 | return 0;
|
---|
229 | }
|
---|
230 |
|
---|
231 | int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
|
---|
232 | const char *name, BIO *bp, pem_password_cb *cb,
|
---|
233 | void *u)
|
---|
234 | {
|
---|
235 | EVP_CIPHER_INFO cipher;
|
---|
236 | char *nm = NULL, *header = NULL;
|
---|
237 | unsigned char *data = NULL;
|
---|
238 | long len;
|
---|
239 | int ret = 0;
|
---|
240 |
|
---|
241 | for (;;) {
|
---|
242 | if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
|
---|
243 | if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
|
---|
244 | ERR_add_error_data(2, "Expecting: ", name);
|
---|
245 | return 0;
|
---|
246 | }
|
---|
247 | if (check_pem(nm, name))
|
---|
248 | break;
|
---|
249 | OPENSSL_free(nm);
|
---|
250 | OPENSSL_free(header);
|
---|
251 | OPENSSL_free(data);
|
---|
252 | }
|
---|
253 | if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
|
---|
254 | goto err;
|
---|
255 | if (!PEM_do_header(&cipher, data, &len, cb, u))
|
---|
256 | goto err;
|
---|
257 |
|
---|
258 | *pdata = data;
|
---|
259 | *plen = len;
|
---|
260 |
|
---|
261 | if (pnm)
|
---|
262 | *pnm = nm;
|
---|
263 |
|
---|
264 | ret = 1;
|
---|
265 |
|
---|
266 | err:
|
---|
267 | if (!ret || !pnm)
|
---|
268 | OPENSSL_free(nm);
|
---|
269 | OPENSSL_free(header);
|
---|
270 | if (!ret)
|
---|
271 | OPENSSL_free(data);
|
---|
272 | return ret;
|
---|
273 | }
|
---|
274 |
|
---|
275 | #ifndef OPENSSL_NO_STDIO
|
---|
276 | int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
|
---|
277 | void *x, const EVP_CIPHER *enc, unsigned char *kstr,
|
---|
278 | int klen, pem_password_cb *callback, void *u)
|
---|
279 | {
|
---|
280 | BIO *b;
|
---|
281 | int ret;
|
---|
282 |
|
---|
283 | if ((b = BIO_new(BIO_s_file())) == NULL) {
|
---|
284 | PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
|
---|
285 | return (0);
|
---|
286 | }
|
---|
287 | BIO_set_fp(b, fp, BIO_NOCLOSE);
|
---|
288 | ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
|
---|
289 | BIO_free(b);
|
---|
290 | return (ret);
|
---|
291 | }
|
---|
292 | #endif
|
---|
293 |
|
---|
294 | int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
---|
295 | void *x, const EVP_CIPHER *enc, unsigned char *kstr,
|
---|
296 | int klen, pem_password_cb *callback, void *u)
|
---|
297 | {
|
---|
298 | EVP_CIPHER_CTX *ctx = NULL;
|
---|
299 | int dsize = 0, i = 0, j = 0, ret = 0;
|
---|
300 | unsigned char *p, *data = NULL;
|
---|
301 | const char *objstr = NULL;
|
---|
302 | char buf[PEM_BUFSIZE];
|
---|
303 | unsigned char key[EVP_MAX_KEY_LENGTH];
|
---|
304 | unsigned char iv[EVP_MAX_IV_LENGTH];
|
---|
305 |
|
---|
306 | if (enc != NULL) {
|
---|
307 | objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
|
---|
308 | if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
|
---|
309 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
|
---|
310 | goto err;
|
---|
311 | }
|
---|
312 | }
|
---|
313 |
|
---|
314 | if ((dsize = i2d(x, NULL)) < 0) {
|
---|
315 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
|
---|
316 | dsize = 0;
|
---|
317 | goto err;
|
---|
318 | }
|
---|
319 | /* dzise + 8 bytes are needed */
|
---|
320 | /* actually it needs the cipher block size extra... */
|
---|
321 | data = OPENSSL_malloc((unsigned int)dsize + 20);
|
---|
322 | if (data == NULL) {
|
---|
323 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
|
---|
324 | goto err;
|
---|
325 | }
|
---|
326 | p = data;
|
---|
327 | i = i2d(x, &p);
|
---|
328 |
|
---|
329 | if (enc != NULL) {
|
---|
330 | if (kstr == NULL) {
|
---|
331 | if (callback == NULL)
|
---|
332 | klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
|
---|
333 | else
|
---|
334 | klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
|
---|
335 | if (klen <= 0) {
|
---|
336 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
|
---|
337 | goto err;
|
---|
338 | }
|
---|
339 | #ifdef CHARSET_EBCDIC
|
---|
340 | /* Convert the pass phrase from EBCDIC */
|
---|
341 | ebcdic2ascii(buf, buf, klen);
|
---|
342 | #endif
|
---|
343 | kstr = (unsigned char *)buf;
|
---|
344 | }
|
---|
345 | RAND_add(data, i, 0); /* put in the RSA key. */
|
---|
346 | OPENSSL_assert(EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv));
|
---|
347 | if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */
|
---|
348 | goto err;
|
---|
349 | /*
|
---|
350 | * The 'iv' is used as the iv and as a salt. It is NOT taken from
|
---|
351 | * the BytesToKey function
|
---|
352 | */
|
---|
353 | if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))
|
---|
354 | goto err;
|
---|
355 |
|
---|
356 | if (kstr == (unsigned char *)buf)
|
---|
357 | OPENSSL_cleanse(buf, PEM_BUFSIZE);
|
---|
358 |
|
---|
359 | OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13
|
---|
360 | <= sizeof buf);
|
---|
361 |
|
---|
362 | buf[0] = '\0';
|
---|
363 | PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
|
---|
364 | PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);
|
---|
365 | /* k=strlen(buf); */
|
---|
366 |
|
---|
367 | ret = 1;
|
---|
368 | if ((ctx = EVP_CIPHER_CTX_new()) == NULL
|
---|
369 | || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
|
---|
370 | || !EVP_EncryptUpdate(ctx, data, &j, data, i)
|
---|
371 | || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
|
---|
372 | ret = 0;
|
---|
373 | if (ret == 0)
|
---|
374 | goto err;
|
---|
375 | i += j;
|
---|
376 | } else {
|
---|
377 | ret = 1;
|
---|
378 | buf[0] = '\0';
|
---|
379 | }
|
---|
380 | i = PEM_write_bio(bp, name, buf, data, i);
|
---|
381 | if (i <= 0)
|
---|
382 | ret = 0;
|
---|
383 | err:
|
---|
384 | OPENSSL_cleanse(key, sizeof(key));
|
---|
385 | OPENSSL_cleanse(iv, sizeof(iv));
|
---|
386 | EVP_CIPHER_CTX_free(ctx);
|
---|
387 | OPENSSL_cleanse(buf, PEM_BUFSIZE);
|
---|
388 | OPENSSL_clear_free(data, (unsigned int)dsize);
|
---|
389 | return (ret);
|
---|
390 | }
|
---|
391 |
|
---|
392 | int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
---|
393 | pem_password_cb *callback, void *u)
|
---|
394 | {
|
---|
395 | int ok;
|
---|
396 | int keylen;
|
---|
397 | long len = *plen;
|
---|
398 | int ilen = (int) len; /* EVP_DecryptUpdate etc. take int lengths */
|
---|
399 | EVP_CIPHER_CTX *ctx;
|
---|
400 | unsigned char key[EVP_MAX_KEY_LENGTH];
|
---|
401 | char buf[PEM_BUFSIZE];
|
---|
402 |
|
---|
403 | #if LONG_MAX > INT_MAX
|
---|
404 | /* Check that we did not truncate the length */
|
---|
405 | if (len > INT_MAX) {
|
---|
406 | PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG);
|
---|
407 | return 0;
|
---|
408 | }
|
---|
409 | #endif
|
---|
410 |
|
---|
411 | if (cipher->cipher == NULL)
|
---|
412 | return 1;
|
---|
413 | if (callback == NULL)
|
---|
414 | keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
|
---|
415 | else
|
---|
416 | keylen = callback(buf, PEM_BUFSIZE, 0, u);
|
---|
417 | if (keylen <= 0) {
|
---|
418 | PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
|
---|
419 | return 0;
|
---|
420 | }
|
---|
421 | #ifdef CHARSET_EBCDIC
|
---|
422 | /* Convert the pass phrase from EBCDIC */
|
---|
423 | ebcdic2ascii(buf, buf, keylen);
|
---|
424 | #endif
|
---|
425 |
|
---|
426 | if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
|
---|
427 | (unsigned char *)buf, keylen, 1, key, NULL))
|
---|
428 | return 0;
|
---|
429 |
|
---|
430 | ctx = EVP_CIPHER_CTX_new();
|
---|
431 | if (ctx == NULL)
|
---|
432 | return 0;
|
---|
433 |
|
---|
434 | ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
|
---|
435 | if (ok)
|
---|
436 | ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen);
|
---|
437 | if (ok) {
|
---|
438 | /* Squirrel away the length of data decrypted so far. */
|
---|
439 | *plen = ilen;
|
---|
440 | ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen);
|
---|
441 | }
|
---|
442 | if (ok)
|
---|
443 | *plen += ilen;
|
---|
444 | else
|
---|
445 | PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
|
---|
446 |
|
---|
447 | EVP_CIPHER_CTX_free(ctx);
|
---|
448 | OPENSSL_cleanse((char *)buf, sizeof(buf));
|
---|
449 | OPENSSL_cleanse((char *)key, sizeof(key));
|
---|
450 | return ok;
|
---|
451 | }
|
---|
452 |
|
---|
453 | /*
|
---|
454 | * This implements a very limited PEM header parser that does not support the
|
---|
455 | * full grammar of rfc1421. In particular, folded headers are not supported,
|
---|
456 | * nor is additional whitespace.
|
---|
457 | *
|
---|
458 | * A robust implementation would make use of a library that turns the headers
|
---|
459 | * into a BIO from which one folded line is read at a time, and is then split
|
---|
460 | * into a header label and content. We would then parse the content of the
|
---|
461 | * headers we care about. This is overkill for just this limited use-case, but
|
---|
462 | * presumably we also parse rfc822-style headers for S/MIME, so a common
|
---|
463 | * abstraction might well be more generally useful.
|
---|
464 | */
|
---|
465 | int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
|
---|
466 | {
|
---|
467 | static const char ProcType[] = "Proc-Type:";
|
---|
468 | static const char ENCRYPTED[] = "ENCRYPTED";
|
---|
469 | static const char DEKInfo[] = "DEK-Info:";
|
---|
470 | const EVP_CIPHER *enc = NULL;
|
---|
471 | int ivlen;
|
---|
472 | char *dekinfostart, c;
|
---|
473 |
|
---|
474 | cipher->cipher = NULL;
|
---|
475 | if ((header == NULL) || (*header == '\0') || (*header == '\n'))
|
---|
476 | return 1;
|
---|
477 |
|
---|
478 | if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
|
---|
479 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
|
---|
480 | return 0;
|
---|
481 | }
|
---|
482 | header += sizeof(ProcType)-1;
|
---|
483 | header += strspn(header, " \t");
|
---|
484 |
|
---|
485 | if (*header++ != '4' || *header++ != ',')
|
---|
486 | return 0;
|
---|
487 | header += strspn(header, " \t");
|
---|
488 |
|
---|
489 | /* We expect "ENCRYPTED" followed by optional white-space + line break */
|
---|
490 | if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 ||
|
---|
491 | strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) {
|
---|
492 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
|
---|
493 | return 0;
|
---|
494 | }
|
---|
495 | header += sizeof(ENCRYPTED)-1;
|
---|
496 | header += strspn(header, " \t\r");
|
---|
497 | if (*header++ != '\n') {
|
---|
498 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
|
---|
499 | return 0;
|
---|
500 | }
|
---|
501 |
|
---|
502 | /*-
|
---|
503 | * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
|
---|
504 | * We expect "DEK-Info: algo[,hex-parameters]"
|
---|
505 | */
|
---|
506 | if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) {
|
---|
507 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
|
---|
508 | return 0;
|
---|
509 | }
|
---|
510 | header += sizeof(DEKInfo)-1;
|
---|
511 | header += strspn(header, " \t");
|
---|
512 |
|
---|
513 | /*
|
---|
514 | * DEK-INFO is a comma-separated combination of algorithm name and optional
|
---|
515 | * parameters.
|
---|
516 | */
|
---|
517 | dekinfostart = header;
|
---|
518 | header += strcspn(header, " \t,");
|
---|
519 | c = *header;
|
---|
520 | *header = '\0';
|
---|
521 | cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart);
|
---|
522 | *header = c;
|
---|
523 | header += strspn(header, " \t");
|
---|
524 |
|
---|
525 | if (enc == NULL) {
|
---|
526 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
|
---|
527 | return 0;
|
---|
528 | }
|
---|
529 | ivlen = EVP_CIPHER_iv_length(enc);
|
---|
530 | if (ivlen > 0 && *header++ != ',') {
|
---|
531 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV);
|
---|
532 | return 0;
|
---|
533 | } else if (ivlen == 0 && *header == ',') {
|
---|
534 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV);
|
---|
535 | return 0;
|
---|
536 | }
|
---|
537 |
|
---|
538 | if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
|
---|
539 | return 0;
|
---|
540 |
|
---|
541 | return 1;
|
---|
542 | }
|
---|
543 |
|
---|
544 | static int load_iv(char **fromp, unsigned char *to, int num)
|
---|
545 | {
|
---|
546 | int v, i;
|
---|
547 | char *from;
|
---|
548 |
|
---|
549 | from = *fromp;
|
---|
550 | for (i = 0; i < num; i++)
|
---|
551 | to[i] = 0;
|
---|
552 | num *= 2;
|
---|
553 | for (i = 0; i < num; i++) {
|
---|
554 | v = OPENSSL_hexchar2int(*from);
|
---|
555 | if (v < 0) {
|
---|
556 | PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
|
---|
557 | return (0);
|
---|
558 | }
|
---|
559 | from++;
|
---|
560 | to[i / 2] |= v << (long)((!(i & 1)) * 4);
|
---|
561 | }
|
---|
562 |
|
---|
563 | *fromp = from;
|
---|
564 | return (1);
|
---|
565 | }
|
---|
566 |
|
---|
567 | #ifndef OPENSSL_NO_STDIO
|
---|
568 | int PEM_write(FILE *fp, const char *name, const char *header,
|
---|
569 | const unsigned char *data, long len)
|
---|
570 | {
|
---|
571 | BIO *b;
|
---|
572 | int ret;
|
---|
573 |
|
---|
574 | if ((b = BIO_new(BIO_s_file())) == NULL) {
|
---|
575 | PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
|
---|
576 | return (0);
|
---|
577 | }
|
---|
578 | BIO_set_fp(b, fp, BIO_NOCLOSE);
|
---|
579 | ret = PEM_write_bio(b, name, header, data, len);
|
---|
580 | BIO_free(b);
|
---|
581 | return (ret);
|
---|
582 | }
|
---|
583 | #endif
|
---|
584 |
|
---|
585 | int PEM_write_bio(BIO *bp, const char *name, const char *header,
|
---|
586 | const unsigned char *data, long len)
|
---|
587 | {
|
---|
588 | int nlen, n, i, j, outl;
|
---|
589 | unsigned char *buf = NULL;
|
---|
590 | EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
|
---|
591 | int reason = ERR_R_BUF_LIB;
|
---|
592 |
|
---|
593 | if (ctx == NULL) {
|
---|
594 | reason = ERR_R_MALLOC_FAILURE;
|
---|
595 | goto err;
|
---|
596 | }
|
---|
597 |
|
---|
598 | EVP_EncodeInit(ctx);
|
---|
599 | nlen = strlen(name);
|
---|
600 |
|
---|
601 | if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
|
---|
602 | (BIO_write(bp, name, nlen) != nlen) ||
|
---|
603 | (BIO_write(bp, "-----\n", 6) != 6))
|
---|
604 | goto err;
|
---|
605 |
|
---|
606 | i = strlen(header);
|
---|
607 | if (i > 0) {
|
---|
608 | if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
|
---|
609 | goto err;
|
---|
610 | }
|
---|
611 |
|
---|
612 | buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
|
---|
613 | if (buf == NULL) {
|
---|
614 | reason = ERR_R_MALLOC_FAILURE;
|
---|
615 | goto err;
|
---|
616 | }
|
---|
617 |
|
---|
618 | i = j = 0;
|
---|
619 | while (len > 0) {
|
---|
620 | n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
|
---|
621 | if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n))
|
---|
622 | goto err;
|
---|
623 | if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
|
---|
624 | goto err;
|
---|
625 | i += outl;
|
---|
626 | len -= n;
|
---|
627 | j += n;
|
---|
628 | }
|
---|
629 | EVP_EncodeFinal(ctx, buf, &outl);
|
---|
630 | if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
|
---|
631 | goto err;
|
---|
632 | if ((BIO_write(bp, "-----END ", 9) != 9) ||
|
---|
633 | (BIO_write(bp, name, nlen) != nlen) ||
|
---|
634 | (BIO_write(bp, "-----\n", 6) != 6))
|
---|
635 | goto err;
|
---|
636 | OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
|
---|
637 | EVP_ENCODE_CTX_free(ctx);
|
---|
638 | return (i + outl);
|
---|
639 | err:
|
---|
640 | OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
|
---|
641 | EVP_ENCODE_CTX_free(ctx);
|
---|
642 | PEMerr(PEM_F_PEM_WRITE_BIO, reason);
|
---|
643 | return (0);
|
---|
644 | }
|
---|
645 |
|
---|
646 | #ifndef OPENSSL_NO_STDIO
|
---|
647 | int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
|
---|
648 | long *len)
|
---|
649 | {
|
---|
650 | BIO *b;
|
---|
651 | int ret;
|
---|
652 |
|
---|
653 | if ((b = BIO_new(BIO_s_file())) == NULL) {
|
---|
654 | PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
|
---|
655 | return (0);
|
---|
656 | }
|
---|
657 | BIO_set_fp(b, fp, BIO_NOCLOSE);
|
---|
658 | ret = PEM_read_bio(b, name, header, data, len);
|
---|
659 | BIO_free(b);
|
---|
660 | return (ret);
|
---|
661 | }
|
---|
662 | #endif
|
---|
663 |
|
---|
664 | int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
|
---|
665 | long *len)
|
---|
666 | {
|
---|
667 | EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
|
---|
668 | int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
|
---|
669 | char buf[256];
|
---|
670 | BUF_MEM *nameB;
|
---|
671 | BUF_MEM *headerB;
|
---|
672 | BUF_MEM *dataB, *tmpB;
|
---|
673 |
|
---|
674 | if (ctx == NULL) {
|
---|
675 | PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
|
---|
676 | return (0);
|
---|
677 | }
|
---|
678 |
|
---|
679 | nameB = BUF_MEM_new();
|
---|
680 | headerB = BUF_MEM_new();
|
---|
681 | dataB = BUF_MEM_new();
|
---|
682 | if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
|
---|
683 | goto err;
|
---|
684 | }
|
---|
685 |
|
---|
686 | buf[254] = '\0';
|
---|
687 | for (;;) {
|
---|
688 | i = BIO_gets(bp, buf, 254);
|
---|
689 |
|
---|
690 | if (i <= 0) {
|
---|
691 | PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
|
---|
692 | goto err;
|
---|
693 | }
|
---|
694 |
|
---|
695 | while ((i >= 0) && (buf[i] <= ' '))
|
---|
696 | i--;
|
---|
697 | buf[++i] = '\n';
|
---|
698 | buf[++i] = '\0';
|
---|
699 |
|
---|
700 | if (strncmp(buf, "-----BEGIN ", 11) == 0) {
|
---|
701 | i = strlen(&(buf[11]));
|
---|
702 |
|
---|
703 | if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
|
---|
704 | continue;
|
---|
705 | if (!BUF_MEM_grow(nameB, i + 9)) {
|
---|
706 | PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
|
---|
707 | goto err;
|
---|
708 | }
|
---|
709 | memcpy(nameB->data, &(buf[11]), i - 6);
|
---|
710 | nameB->data[i - 6] = '\0';
|
---|
711 | break;
|
---|
712 | }
|
---|
713 | }
|
---|
714 | hl = 0;
|
---|
715 | if (!BUF_MEM_grow(headerB, 256)) {
|
---|
716 | PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
|
---|
717 | goto err;
|
---|
718 | }
|
---|
719 | headerB->data[0] = '\0';
|
---|
720 | for (;;) {
|
---|
721 | i = BIO_gets(bp, buf, 254);
|
---|
722 | if (i <= 0)
|
---|
723 | break;
|
---|
724 |
|
---|
725 | while ((i >= 0) && (buf[i] <= ' '))
|
---|
726 | i--;
|
---|
727 | buf[++i] = '\n';
|
---|
728 | buf[++i] = '\0';
|
---|
729 |
|
---|
730 | if (buf[0] == '\n')
|
---|
731 | break;
|
---|
732 | if (!BUF_MEM_grow(headerB, hl + i + 9)) {
|
---|
733 | PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
|
---|
734 | goto err;
|
---|
735 | }
|
---|
736 | if (strncmp(buf, "-----END ", 9) == 0) {
|
---|
737 | nohead = 1;
|
---|
738 | break;
|
---|
739 | }
|
---|
740 | memcpy(&(headerB->data[hl]), buf, i);
|
---|
741 | headerB->data[hl + i] = '\0';
|
---|
742 | hl += i;
|
---|
743 | }
|
---|
744 |
|
---|
745 | bl = 0;
|
---|
746 | if (!BUF_MEM_grow(dataB, 1024)) {
|
---|
747 | PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
|
---|
748 | goto err;
|
---|
749 | }
|
---|
750 | dataB->data[0] = '\0';
|
---|
751 | if (!nohead) {
|
---|
752 | for (;;) {
|
---|
753 | i = BIO_gets(bp, buf, 254);
|
---|
754 | if (i <= 0)
|
---|
755 | break;
|
---|
756 |
|
---|
757 | while ((i >= 0) && (buf[i] <= ' '))
|
---|
758 | i--;
|
---|
759 | buf[++i] = '\n';
|
---|
760 | buf[++i] = '\0';
|
---|
761 |
|
---|
762 | if (i != 65)
|
---|
763 | end = 1;
|
---|
764 | if (strncmp(buf, "-----END ", 9) == 0)
|
---|
765 | break;
|
---|
766 | if (i > 65)
|
---|
767 | break;
|
---|
768 | if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
|
---|
769 | PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
|
---|
770 | goto err;
|
---|
771 | }
|
---|
772 | memcpy(&(dataB->data[bl]), buf, i);
|
---|
773 | dataB->data[bl + i] = '\0';
|
---|
774 | bl += i;
|
---|
775 | if (end) {
|
---|
776 | buf[0] = '\0';
|
---|
777 | i = BIO_gets(bp, buf, 254);
|
---|
778 | if (i <= 0)
|
---|
779 | break;
|
---|
780 |
|
---|
781 | while ((i >= 0) && (buf[i] <= ' '))
|
---|
782 | i--;
|
---|
783 | buf[++i] = '\n';
|
---|
784 | buf[++i] = '\0';
|
---|
785 |
|
---|
786 | break;
|
---|
787 | }
|
---|
788 | }
|
---|
789 | } else {
|
---|
790 | tmpB = headerB;
|
---|
791 | headerB = dataB;
|
---|
792 | dataB = tmpB;
|
---|
793 | bl = hl;
|
---|
794 | }
|
---|
795 | i = strlen(nameB->data);
|
---|
796 | if ((strncmp(buf, "-----END ", 9) != 0) ||
|
---|
797 | (strncmp(nameB->data, &(buf[9]), i) != 0) ||
|
---|
798 | (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
|
---|
799 | PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
|
---|
800 | goto err;
|
---|
801 | }
|
---|
802 |
|
---|
803 | EVP_DecodeInit(ctx);
|
---|
804 | i = EVP_DecodeUpdate(ctx,
|
---|
805 | (unsigned char *)dataB->data, &bl,
|
---|
806 | (unsigned char *)dataB->data, bl);
|
---|
807 | if (i < 0) {
|
---|
808 | PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
|
---|
809 | goto err;
|
---|
810 | }
|
---|
811 | i = EVP_DecodeFinal(ctx, (unsigned char *)&(dataB->data[bl]), &k);
|
---|
812 | if (i < 0) {
|
---|
813 | PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
|
---|
814 | goto err;
|
---|
815 | }
|
---|
816 | bl += k;
|
---|
817 |
|
---|
818 | if (bl == 0)
|
---|
819 | goto err;
|
---|
820 | *name = nameB->data;
|
---|
821 | *header = headerB->data;
|
---|
822 | *data = (unsigned char *)dataB->data;
|
---|
823 | *len = bl;
|
---|
824 | OPENSSL_free(nameB);
|
---|
825 | OPENSSL_free(headerB);
|
---|
826 | OPENSSL_free(dataB);
|
---|
827 | EVP_ENCODE_CTX_free(ctx);
|
---|
828 | return (1);
|
---|
829 | err:
|
---|
830 | BUF_MEM_free(nameB);
|
---|
831 | BUF_MEM_free(headerB);
|
---|
832 | BUF_MEM_free(dataB);
|
---|
833 | EVP_ENCODE_CTX_free(ctx);
|
---|
834 | return (0);
|
---|
835 | }
|
---|
836 |
|
---|
837 | /*
|
---|
838 | * Check pem string and return prefix length. If for example the pem_str ==
|
---|
839 | * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
|
---|
840 | * string "RSA".
|
---|
841 | */
|
---|
842 |
|
---|
843 | int pem_check_suffix(const char *pem_str, const char *suffix)
|
---|
844 | {
|
---|
845 | int pem_len = strlen(pem_str);
|
---|
846 | int suffix_len = strlen(suffix);
|
---|
847 | const char *p;
|
---|
848 | if (suffix_len + 1 >= pem_len)
|
---|
849 | return 0;
|
---|
850 | p = pem_str + pem_len - suffix_len;
|
---|
851 | if (strcmp(p, suffix))
|
---|
852 | return 0;
|
---|
853 | p--;
|
---|
854 | if (*p != ' ')
|
---|
855 | return 0;
|
---|
856 | return p - pem_str;
|
---|
857 | }
|
---|