From 4d7b383e989eff619a60eb1da1b18f613af65daf Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 14 Jul 2022 19:02:34 -0400 Subject: [PATCH] Remove PEM_X509_INFO_write_bio. Nothing calls this function, it doesn't support most key types, and accesses pkey.rsa without checking the type. Just remove it. Change-Id: I073dfe74c545c7e08578b85105c88a19bbddf58a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53505 Auto-Submit: David Benjamin Reviewed-by: Bob Beck Commit-Queue: Bob Beck --- crypto/pem/pem_info.c | 81 ------------------------------------------- include/openssl/pem.h | 4 --- 2 files changed, 85 deletions(-) diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index e30faa3f3b..04b4743709 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -263,84 +263,3 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, OPENSSL_free(data); return ret; } - -// A TJH addition -int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - unsigned char *kstr, int klen, pem_password_cb *cb, - void *u) { - int i, ret = 0; - unsigned char *data = NULL; - const char *objstr = NULL; - char buf[PEM_BUFSIZE]; - unsigned char *iv = NULL; - unsigned iv_len = 0; - - if (enc != NULL) { - iv_len = EVP_CIPHER_iv_length(enc); - objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER); - goto err; - } - } - - // now for the fun part ... if we have a private key then we have to be - // able to handle a not-yet-decrypted key being written out correctly ... - // if it is decrypted or it is non-encrypted then we use the base code - if (xi->x_pkey != NULL) { - if ((xi->enc_data != NULL) && (xi->enc_len > 0)) { - if (enc == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_R_CIPHER_IS_NULL); - goto err; - } - - // copy from weirdo names into more normal things - iv = xi->enc_cipher.iv; - data = (unsigned char *)xi->enc_data; - i = xi->enc_len; - - // we take the encryption data from the internal stuff rather - // than what the user has passed us ... as we have to match - // exactly for some strange reason - objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher)); - if (objstr == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER); - goto err; - } - - // create the right magic header stuff - assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf); - buf[0] = '\0'; - PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf, objstr, iv_len, (char *)iv); - - // use the normal code to write things out - i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); - if (i <= 0) { - goto err; - } - } else { - // Add DSA/DH - // normal optionally encrypted stuff - if (PEM_write_bio_RSAPrivateKey(bp, xi->x_pkey->dec_pkey->pkey.rsa, enc, - kstr, klen, cb, u) <= 0) { - goto err; - } - } - } - - // if we have a certificate then write it out now - if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) { - goto err; - } - - // we are ignoring anything else that is loaded into the X509_INFO - // structure for the moment ... as I don't need it so I'm not coding it - // here and Eric can do it when this makes it into the base library --tjh - - ret = 1; - -err: - OPENSSL_cleanse(buf, PEM_BUFSIZE); - return ret; -} diff --git a/include/openssl/pem.h b/include/openssl/pem.h index a94f27668e..56075ae8a4 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -349,10 +349,6 @@ OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio( BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, - EVP_CIPHER *enc, unsigned char *kstr, - int klen, pem_password_cb *cd, - void *u); OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len);