mirror of
https://github.com/opnsense/src.git
synced 2026-06-08 08:12:27 -04:00
e4520c8bd1
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l | cut -c 3- | sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835
158 lines
4.9 KiB
C
158 lines
4.9 KiB
C
/*
|
|
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/core.h>
|
|
#include <openssl/core_dispatch.h>
|
|
#include <openssl/core_names.h>
|
|
#include <openssl/core_object.h>
|
|
#include <openssl/asn1.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/objects.h>
|
|
#include <openssl/pkcs12.h>
|
|
#include <openssl/x509.h>
|
|
#include <openssl/proverr.h>
|
|
#include "internal/asn1.h"
|
|
#include "internal/sizes.h"
|
|
#include "prov/bio.h"
|
|
#include "prov/implementations.h"
|
|
#include "endecoder_local.h"
|
|
|
|
static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
|
|
static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
|
|
static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
|
|
|
|
/*
|
|
* Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
|
|
*/
|
|
struct epki2pki_ctx_st {
|
|
PROV_CTX *provctx;
|
|
};
|
|
|
|
static void *epki2pki_newctx(void *provctx)
|
|
{
|
|
struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
|
|
|
|
if (ctx != NULL)
|
|
ctx->provctx = provctx;
|
|
return ctx;
|
|
}
|
|
|
|
static void epki2pki_freectx(void *vctx)
|
|
{
|
|
struct epki2pki_ctx_st *ctx = vctx;
|
|
|
|
OPENSSL_free(ctx);
|
|
}
|
|
|
|
/*
|
|
* The selection parameter in epki2pki_decode() is not used by this function
|
|
* because it's not relevant just to decode EncryptedPrivateKeyInfo to
|
|
* PrivateKeyInfo.
|
|
*/
|
|
static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
|
|
OSSL_CALLBACK *data_cb, void *data_cbarg,
|
|
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
|
|
{
|
|
struct epki2pki_ctx_st *ctx = vctx;
|
|
BUF_MEM *mem = NULL;
|
|
unsigned char *der = NULL;
|
|
const unsigned char *pder = NULL;
|
|
long der_len = 0;
|
|
X509_SIG *p8 = NULL;
|
|
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
|
|
const X509_ALGOR *alg = NULL;
|
|
BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
|
|
int ok = 0;
|
|
|
|
if (in == NULL)
|
|
return 0;
|
|
|
|
ok = (asn1_d2i_read_bio(in, &mem) >= 0);
|
|
BIO_free(in);
|
|
|
|
/* We return "empty handed". This is not an error. */
|
|
if (!ok)
|
|
return 1;
|
|
|
|
pder = der = (unsigned char *)mem->data;
|
|
der_len = (long)mem->length;
|
|
OPENSSL_free(mem);
|
|
|
|
ok = 1; /* Assume good */
|
|
ERR_set_mark();
|
|
if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
|
|
char pbuf[1024];
|
|
size_t plen = 0;
|
|
|
|
ERR_clear_last_mark();
|
|
|
|
if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
|
|
ok = 0;
|
|
} else {
|
|
const ASN1_OCTET_STRING *oct;
|
|
unsigned char *new_der = NULL;
|
|
int new_der_len = 0;
|
|
|
|
X509_SIG_get0(p8, &alg, &oct);
|
|
if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
|
|
oct->data, oct->length,
|
|
&new_der, &new_der_len, 0,
|
|
PROV_LIBCTX_OF(ctx->provctx), NULL)) {
|
|
ok = 0;
|
|
} else {
|
|
OPENSSL_free(der);
|
|
der = new_der;
|
|
der_len = new_der_len;
|
|
}
|
|
alg = NULL;
|
|
}
|
|
X509_SIG_free(p8);
|
|
} else {
|
|
ERR_pop_to_mark();
|
|
}
|
|
|
|
ERR_set_mark();
|
|
pder = der;
|
|
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
|
|
ERR_pop_to_mark();
|
|
|
|
if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
|
|
/*
|
|
* We have something and recognised it as PrivateKeyInfo, so let's
|
|
* pass all the applicable data to the callback.
|
|
*/
|
|
char keytype[OSSL_MAX_NAME_SIZE];
|
|
OSSL_PARAM params[5], *p = params;
|
|
int objtype = OSSL_OBJECT_PKEY;
|
|
|
|
OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
|
|
|
|
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
|
|
keytype, 0);
|
|
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
|
|
"PrivateKeyInfo", 0);
|
|
*p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
|
|
der, der_len);
|
|
*p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
|
|
*p = OSSL_PARAM_construct_end();
|
|
|
|
ok = data_cb(params, data_cbarg);
|
|
}
|
|
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
|
OPENSSL_free(der);
|
|
return ok;
|
|
}
|
|
|
|
const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
|
|
{ OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
|
|
{ OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
|
|
{ OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
|
|
{ 0, NULL }
|
|
};
|