diff options
Diffstat (limited to 'crypto/pem/pem_lib.c')
| -rw-r--r-- | crypto/pem/pem_lib.c | 122 |
1 files changed, 60 insertions, 62 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 6cd998f21669..c22d6158c378 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -25,7 +25,7 @@ #include <openssl/des.h> #include <openssl/engine.h> -#define MIN_LENGTH 4 +#define MIN_LENGTH 4 static int load_iv(char **fromp, unsigned char *to, int num); static int check_pem(const char *nm, const char *name); @@ -107,7 +107,7 @@ void PEM_dek_info(char *buf, const char *type, int len, const char *str) #ifndef OPENSSL_NO_STDIO void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { BIO *b; void *ret; @@ -233,9 +233,9 @@ static void *pem_malloc(int num, unsigned int flags) } static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen, - char **pnm, const char *name, BIO *bp, - pem_password_cb *cb, void *u, - unsigned int flags) + char **pnm, const char *name, BIO *bp, + pem_password_cb *cb, void *u, + unsigned int flags) { EVP_CIPHER_INFO cipher; char *nm = NULL, *header = NULL; @@ -266,7 +266,7 @@ static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen, ret = 1; - err: +err: if (!ret || pnm == NULL) pem_free(nm, flags, 0); pem_free(header, flags, 0); @@ -276,24 +276,26 @@ static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen, } int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u) { + const char *name, BIO *bp, pem_password_cb *cb, + void *u) +{ return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, - PEM_FLAG_EAY_COMPATIBLE); + PEM_FLAG_EAY_COMPATIBLE); } int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u) { + const char *name, BIO *bp, pem_password_cb *cb, + void *u) +{ return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, - PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE); + PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE); } #ifndef OPENSSL_NO_STDIO int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, - const void *x, const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u) { BIO *b; int ret; @@ -310,9 +312,9 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, #endif int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - const void *x, const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u) { EVP_CIPHER_CTX *ctx = NULL; int dsize = 0, i = 0, j = 0, ret = 0; @@ -325,13 +327,13 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (enc != NULL) { objstr = EVP_CIPHER_get0_name(enc); if (objstr == NULL || EVP_CIPHER_get_iv_length(enc) == 0 - || EVP_CIPHER_get_iv_length(enc) > (int)sizeof(iv) - /* - * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" - * fits into buf - */ - || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 - > sizeof(buf)) { + || EVP_CIPHER_get_iv_length(enc) > (int)sizeof(iv) + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ + || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 + > sizeof(buf)) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -357,7 +359,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (callback == NULL) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); else - klen = (*callback) (buf, PEM_BUFSIZE, 1, u); + klen = (*callback)(buf, PEM_BUFSIZE, 1, u); if (klen <= 0) { ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY); goto err; @@ -402,7 +404,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, i = PEM_write_bio(bp, name, buf, data, i); if (i <= 0) ret = 0; - err: +err: OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(iv, sizeof(iv)); EVP_CIPHER_CTX_free(ctx); @@ -412,12 +414,12 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, - pem_password_cb *callback, void *u) + pem_password_cb *callback, void *u) { int ok; int keylen; long len = *plen; - int ilen = (int) len; /* EVP_DecryptUpdate etc. take int lengths */ + int ilen = (int)len; /* EVP_DecryptUpdate etc. take int lengths */ EVP_CIPHER_CTX *ctx; unsigned char key[EVP_MAX_KEY_LENGTH]; char buf[PEM_BUFSIZE]; @@ -446,7 +448,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, #endif if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), - (unsigned char *)buf, keylen, 1, key, NULL)) + (unsigned char *)buf, keylen, 1, key, NULL)) return 0; ctx = EVP_CIPHER_CTX_new(); @@ -498,11 +500,11 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; - if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) { + if (strncmp(header, ProcType, sizeof(ProcType) - 1) != 0) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_PROC_TYPE); return 0; } - header += sizeof(ProcType)-1; + header += sizeof(ProcType) - 1; header += strspn(header, " \t"); if (*header++ != '4' || *header++ != ',') @@ -510,12 +512,11 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header += strspn(header, " \t"); /* We expect "ENCRYPTED" followed by optional white-space + line break */ - if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 || - strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) { + if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED) - 1) != 0 || strspn(header + sizeof(ENCRYPTED) - 1, " \t\r\n") == 0) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_ENCRYPTED); return 0; } - header += sizeof(ENCRYPTED)-1; + header += sizeof(ENCRYPTED) - 1; header += strspn(header, " \t\r"); if (*header++ != '\n') { ERR_raise(ERR_LIB_PEM, PEM_R_SHORT_HEADER); @@ -526,11 +527,11 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) * https://tools.ietf.org/html/rfc1421#section-4.6.1.3 * We expect "DEK-Info: algo[,hex-parameters]" */ - if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) { + if (strncmp(header, DEKInfo, sizeof(DEKInfo) - 1) != 0) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_DEK_INFO); return 0; } - header += sizeof(DEKInfo)-1; + header += sizeof(DEKInfo) - 1; header += strspn(header, " \t"); /* @@ -589,7 +590,7 @@ static int load_iv(char **fromp, unsigned char *to, int num) #ifndef OPENSSL_NO_STDIO int PEM_write(FILE *fp, const char *name, const char *header, - const unsigned char *data, long len) + const unsigned char *data, long len) { BIO *b; int ret; @@ -606,7 +607,7 @@ int PEM_write(FILE *fp, const char *name, const char *header, #endif int PEM_write_bio(BIO *bp, const char *name, const char *header, - const unsigned char *data, long len) + const unsigned char *data, long len) { int nlen, n, i, j, outl; unsigned char *buf = NULL; @@ -622,9 +623,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, EVP_EncodeInit(ctx); nlen = strlen(name); - if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || - (BIO_write(bp, name, nlen) != nlen) || - (BIO_write(bp, "-----\n", 6) != 6)) + if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || (BIO_write(bp, name, nlen) != nlen) || (BIO_write(bp, "-----\n", 6) != 6)) goto err; i = header != NULL ? strlen(header) : 0; @@ -653,13 +652,11 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, EVP_EncodeFinal(ctx, buf, &outl); if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) goto err; - if ((BIO_write(bp, "-----END ", 9) != 9) || - (BIO_write(bp, name, nlen) != nlen) || - (BIO_write(bp, "-----\n", 6) != 6)) + if ((BIO_write(bp, "-----END ", 9) != 9) || (BIO_write(bp, name, nlen) != nlen) || (BIO_write(bp, "-----\n", 6) != 6)) goto err; retval = i + outl; - err: +err: if (retval == 0) ERR_raise(ERR_LIB_PEM, reason); EVP_ENCODE_CTX_free(ctx); @@ -669,7 +666,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, #ifndef OPENSSL_NO_STDIO int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, - long *len) + long *len) { BIO *b; int ret; @@ -692,7 +689,7 @@ static int sanitize_line(char *linebuf, int len, unsigned int flags, int first_c if (first_call) { /* Other BOMs imply unsupported multibyte encoding, * so don't strip them and let the error raise */ - const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + const unsigned char utf8_bom[3] = { 0xEF, 0xBB, 0xBF }; if (len > 3 && memcmp(linebuf, utf8_bom, 3) == 0) { memmove(linebuf, linebuf + 3, len - 3); @@ -770,8 +767,8 @@ static int get_name(BIO *bp, char **name, unsigned int flags) /* Allow leading empty or non-matching lines. */ } while (strncmp(linebuf, beginstr, BEGINLEN) != 0 - || len < TAILLEN - || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0); + || len < TAILLEN + || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0); linebuf[len - TAILLEN] = '\0'; len = len - BEGINLEN - TAILLEN + 1; *name = pem_malloc(len, flags); @@ -806,7 +803,7 @@ enum header_status { * We need the name of the PEM-encoded type to verify the end string. */ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, - unsigned int flags) + unsigned int flags) { BIO *tmp = *header; char *linebuf, *p; @@ -824,7 +821,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, return 0; } - while(1) { + while (1) { flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { @@ -838,7 +835,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, * appear due to reading a line up until the char before the newline. */ prev_partial_line_read = partial_line_read; - partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n'; + partial_line_read = len == LINESIZE - 1 && linebuf[LINESIZE - 2] != '\n'; if (got_header == MAYBE_HEADER) { if (memchr(linebuf, ':', len) != NULL) @@ -870,8 +867,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, if (strncmp(linebuf, endstr, ENDLEN) == 0) { p = linebuf + ENDLEN; namelen = strlen(name); - if (strncmp(p, name, namelen) != 0 || - strncmp(p + namelen, tailstr, TAILLEN) != 0) { + if (strncmp(p, name, namelen) != 0 || strncmp(p + namelen, tailstr, TAILLEN) != 0) { ERR_raise(ERR_LIB_PEM, PEM_R_BAD_END_LINE); goto err; } @@ -916,14 +912,14 @@ err: * for line endings). Other characters are malformed input and will be rejected. */ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, - unsigned char **data, long *len_out, unsigned int flags) + unsigned char **data, long *len_out, unsigned int flags) { EVP_ENCODE_CTX *ctx = NULL; const BIO_METHOD *bmeth; BIO *headerB = NULL, *dataB = NULL; char *name = NULL; int len, taillen, headerlen, ret = 0; - BUF_MEM * buf_mem; + BUF_MEM *buf_mem; *len_out = 0; *name_out = *header = NULL; @@ -961,10 +957,12 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, } EVP_DecodeInit(ctx); - if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len, - (unsigned char*)buf_mem->data, len) < 0 - || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]), - &taillen) < 0) { + if (EVP_DecodeUpdate(ctx, (unsigned char *)buf_mem->data, &len, + (unsigned char *)buf_mem->data, len) + < 0 + || EVP_DecodeFinal(ctx, (unsigned char *)&(buf_mem->data[len]), + &taillen) + < 0) { ERR_raise(ERR_LIB_PEM, PEM_R_BAD_BASE64_DECODE); goto end; } @@ -1001,7 +999,7 @@ end: } int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, - long *len) + long *len) { return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE); } |