src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo Buehler <tb@cvs.openbsd.org>	2018-08-24 20:07:43 +0000
committer	Theo Buehler <tb@cvs.openbsd.org>	2018-08-24 20:07:43 +0000
commit	8c98714ec23e1e2dcf8489b2422309fa8c463627 (patch)
tree	402b7b6f6607ba9568d6502a0ad39eefe3d7bc8e
parent	d8ad98af1ba2464b962e32c7eb79ee270ca5451e (diff)

Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()

Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing

Diffstat

-rw-r--r--

lib/libcrypto/Symbols.list

-rw-r--r--

lib/libcrypto/asn1/p8_pkey.c

-rw-r--r--

lib/libcrypto/evp/evp_pkey.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_attr.c

-rw-r--r--

lib/libcrypto/x509/x509.h

5 files changed, 46 insertions, 98 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 191e967e345..ea5c93995b3 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list

@@ -1350,7 +1350,6 @@ EVP_PBE_cleanup

EVP_PBE_find

EVP_PKCS82PKEY

EVP_PKEY2PKCS8

-EVP_PKEY2PKCS8_broken

EVP_PKEY_CTX_ctrl

EVP_PKEY_CTX_ctrl_str

EVP_PKEY_CTX_dup

@@ -2193,9 +2192,10 @@ PKCS8_PRIV_KEY_INFO_new

PKCS8_add_keyusage

PKCS8_decrypt

PKCS8_encrypt

+PKCS8_pkey_add1_attr_by_NID

PKCS8_pkey_get0

+PKCS8_pkey_get0_attrs

PKCS8_pkey_set0

-PKCS8_set_broken

PKEY_USAGE_PERIOD_free

PKEY_USAGE_PERIOD_it

PKEY_USAGE_PERIOD_new

diff --git a/lib/libcrypto/asn1/p8_pkey.c b/lib/libcrypto/asn1/p8_pkey.c
index 71d579456af..8f5e303e417 100644
--- a/lib/libcrypto/asn1/p8_pkey.c
+++ b/lib/libcrypto/asn1/p8_pkey.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p8_pkey.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */

+/* $OpenBSD: p8_pkey.c,v 1.18 2018/08/24 20:07:41 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -69,11 +69,8 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)

/* Since the structure must still be valid use ASN1_OP_FREE_PRE */

if (operation == ASN1_OP_FREE_PRE) {

PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;

- if (key->pkey != NULL &&

- key->pkey->type == V_ASN1_OCTET_STRING &&

- key->pkey->value.octet_string != NULL)

- explicit_bzero(key->pkey->value.octet_string->data,

- key->pkey->value.octet_string->length);

+ if (key->pkey != NULL)

+ explicit_bzero(key->pkey->data, key->pkey->length);

}

return 1;

}

@@ -95,7 +92,7 @@ static const ASN1_TEMPLATE PKCS8_PRIV_KEY_INFO_seq_tt[] = {

{

.offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey),

.field_name = "pkey",

- .item = &ASN1_ANY_it,

+ .item = &ASN1_OCTET_STRING_it,

{

.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,

@@ -145,33 +142,14 @@ int

PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,

int ptype, void *pval, unsigned char *penc, int penclen)

{

- unsigned char **ppenc = NULL;

if (version >= 0) {

if (!ASN1_INTEGER_set(priv->version, version))

return 0;

}

- if (penc) {

- int pmtype;

- ASN1_OCTET_STRING *oct;

- oct = ASN1_OCTET_STRING_new();

- if (!oct)

- return 0;

- oct->data = penc;

- ppenc = &oct->data;

- oct->length = penclen;

- if (priv->broken == PKCS8_NO_OCTET)

- pmtype = V_ASN1_SEQUENCE;

- else

- pmtype = V_ASN1_OCTET_STRING;

- ASN1_TYPE_set(priv->pkey, pmtype, oct);

- }

- if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {

- /* If call fails do not swallow 'enc' */

- if (ppenc)

- *ppenc = NULL;

+ if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))

return 0;

- }

+ if (penc != NULL)

+ ASN1_STRING_set0(priv->pkey, penc, penclen);

return 1;

}

@@ -179,23 +157,30 @@ int

PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen,

X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)

{

- if (ppkalg)

+ if (ppkalg != NULL)

*ppkalg = p8->pkeyalg->algorithm;

- if (p8->pkey->type == V_ASN1_OCTET_STRING) {

- p8->broken = PKCS8_OK;

- if (pk) {

- *pk = p8->pkey->value.octet_string->data;

- *ppklen = p8->pkey->value.octet_string->length;

- }

- } else if (p8->pkey->type == V_ASN1_SEQUENCE) {

- p8->broken = PKCS8_NO_OCTET;

- if (pk) {

- *pk = p8->pkey->value.sequence->data;

- *ppklen = p8->pkey->value.sequence->length;

- }

- } else

- return 0;

- if (pa)

+ if (pk != NULL) {

+ *pk = ASN1_STRING_data(p8->pkey);

+ *ppklen = ASN1_STRING_length(p8->pkey);

+ }

+ if (pa != NULL)

*pa = p8->pkeyalg;

return 1;

}

+const STACK_OF(X509_ATTRIBUTE) *

+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)

+ return p8->attributes;

+int

+PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,

+ const unsigned char *bytes, int len)

+ if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes,

+ len) != NULL)

+ return 1;

+ return 0;

diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c
index 6e0d5cc3a2d..aa075d63925 100644
--- a/lib/libcrypto/evp/evp_pkey.c
+++ b/lib/libcrypto/evp/evp_pkey.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: evp_pkey.c,v 1.20 2018/05/13 06:48:00 tb Exp $ */

+/* $OpenBSD: evp_pkey.c,v 1.21 2018/08/24 20:07:41 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -105,16 +105,10 @@ error:

return NULL;

}

-PKCS8_PRIV_KEY_INFO *

-EVP_PKEY2PKCS8(EVP_PKEY *pkey)

- return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);

/* Turn a private key into a PKCS8 structure */

PKCS8_PRIV_KEY_INFO *

-EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)

+EVP_PKEY2PKCS8(EVP_PKEY *pkey)

{

PKCS8_PRIV_KEY_INFO *p8;

@@ -122,7 +116,6 @@ EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)

EVPerror(ERR_R_MALLOC_FAILURE);

return NULL;

}

- p8->broken = broken;

if (pkey->ameth) {

if (pkey->ameth->priv_encode) {

@@ -145,27 +138,6 @@ error:

return NULL;

}

-PKCS8_PRIV_KEY_INFO *

-PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)

- switch (broken) {

- case PKCS8_OK:

- p8->broken = PKCS8_OK;

- return p8;

- break;

- case PKCS8_NO_OCTET:

- p8->broken = PKCS8_NO_OCTET;

- p8->pkey->type = V_ASN1_SEQUENCE;

- return p8;

- break;

- default:

- EVPerror(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);

- return NULL;

- }

/* EVP_PKEY attribute functions */

int

diff --git a/lib/libcrypto/pkcs12/p12_attr.c b/lib/libcrypto/pkcs12/p12_attr.c
index 78d510b1009..65bfaa039ed 100644
--- a/lib/libcrypto/pkcs12/p12_attr.c
+++ b/lib/libcrypto/pkcs12/p12_attr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_attr.c,v 1.11 2018/05/13 14:15:01 tb Exp $ */

+/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -77,14 +77,10 @@ PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)

int

PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)

{

- unsigned char us_val;

+ unsigned char us_val = (unsigned char)usage;

- us_val = (unsigned char) usage;

- if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,

- V_ASN1_BIT_STRING, &us_val, 1))

- return 1;

- else

- return 0;

+ return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, V_ASN1_BIT_STRING,

+ &us_val, 1);

}

/* Add a friendlyname to a safebag */

diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index 25af8314b24..6c1f8eb6e94 100644
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: x509.h,v 1.71 2018/08/24 19:59:32 tb Exp $ */

+/* $OpenBSD: x509.h,v 1.72 2018/08/24 20:07:42 tb Exp $ */

@@ -561,19 +561,12 @@ X509_ALGOR *prf;

/* PKCS#8 private key info structure */

-struct pkcs8_priv_key_info_st

- {

- int broken; /* Flag for various broken formats */

-#define PKCS8_OK 0

-#define PKCS8_NO_OCTET 1

-#define PKCS8_EMBEDDED_PARAM 2

-#define PKCS8_NS_DB 3

-#define PKCS8_NEG_PRIVKEY 4

+struct pkcs8_priv_key_info_st {

ASN1_INTEGER *version;

X509_ALGOR *pkeyalg;

- ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */

+ ASN1_OCTET_STRING *pkey;

STACK_OF(X509_ATTRIBUTE) *attributes;

- };

+};

#ifdef __cplusplus

}

@@ -1296,8 +1289,6 @@ extern const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it;

EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);

PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);

-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);

-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);

int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,

int version, int ptype, void *pval,

@@ -1307,6 +1298,10 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,

X509_ALGOR **pa,

PKCS8_PRIV_KEY_INFO *p8);

+const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);

+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,

+ const unsigned char *bytes, int len);

int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,

int ptype, void *pval,

unsigned char *penc, int penclen);