Decouple the EVP and PEM code.

EVP_PKEY_asn1_find can already be private. EVP_PKEY_asn1_find_str is used only so the PEM code can get at legacy encoders. Since this is all legacy non-PKCS8 stuff, we can just explicitly list out the three cases in the two places that need it. If this changes, we can later add a table in crypto/pem mapping string to EVP_PKEY type. With this, EVP_PKEY_ASN1_METHOD is no longer exposed in the public API and nothing outside of EVP_PKEY reaches into it. Unexport all of that. Change-Id: Iab661014247dbdbc31e5e9887364176ec5ad2a6d Reviewed-on: https://boringssl-review.googlesource.com/6871 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2016-01-03 14:02:50 +0300
committer: Adam Langley <agl@google.com> 2016-02-27 01:50:21 +0300
commit: 8ebc0f55a01539a9eef39e162c25d09303f4013b (patch)
tree: 4737f7fdcea7abe1a2701b7baec6de00279042dd /crypto/pem
parent: 3f4f7ee08fe0e36c87519befcaff073dc5a90e95 (diff)
2 files changed, 14 insertions, 53 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index deaf26ab..6e928a65 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -71,13 +71,10 @@
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 
-#include "../evp/internal.h"
-
 #define MIN_LENGTH      4
 
 static int load_iv(char **fromp, unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
-int pem_check_suffix(const char *pem_str, const char *suffix);
 
 void PEM_proc_type(char *buf, int type)
 {
@@ -144,23 +141,11 @@ static int check_pem(const char *nm, const char *name)
     /* Make PEM_STRING_EVP_PKEY match any private key */
 
     if (!strcmp(name, PEM_STRING_EVP_PKEY)) {
-        int slen;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        if (!strcmp(nm, PEM_STRING_PKCS8))
-            return 1;
-        if (!strcmp(nm, PEM_STRING_PKCS8INF))
-            return 1;
-        slen = pem_check_suffix(nm, "PRIVATE KEY");
-        if (slen > 0) {
-            /*
-             * NB: ENGINE implementations wont contain a deprecated old
-             * private key decode function so don't look for them.
-             */
-            ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
-            if (ameth && ameth->old_priv_decode)
-                return 1;
-        }
-        return 0;
+        return !strcmp(nm, PEM_STRING_PKCS8) ||
+               !strcmp(nm, PEM_STRING_PKCS8INF) ||
+               !strcmp(nm, PEM_STRING_RSA) ||
+               !strcmp(nm, PEM_STRING_EC) ||
+               !strcmp(nm, PEM_STRING_DSA);
     }
 
     /* Permit older strings */
@@ -779,28 +764,6 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
     return (0);
 }
 
-/*
- * Check pem string and return prefix length. If for example the pem_str ==
- * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
- * string "RSA".
- */
-
-int pem_check_suffix(const char *pem_str, const char *suffix)
-{
-    int pem_len = strlen(pem_str);
-    int suffix_len = strlen(suffix);
-    const char *p;
-    if (suffix_len + 1 >= pem_len)
-        return 0;
-    p = pem_str + pem_len - suffix_len;
-    if (strcmp(p, suffix))
-        return 0;
-    p--;
-    if (*p != ' ')
-        return 0;
-    return p - pem_str;
-}
-
 int PEM_def_callback(char *buf, int size, int rwflag, void *userdata)
 {
     if (!buf || !userdata) {
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index c1467f7c..058c0311 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -69,10 +69,6 @@
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 
-#include "../evp/internal.h"
-
-int pem_check_suffix(const char *pem_str, const char *suffix);
-
 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                   void *u)
 {
@@ -80,7 +76,6 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     const unsigned char *p = NULL;
     unsigned char *data = NULL;
     long len;
-    int slen;
     EVP_PKEY *ret = NULL;
 
     if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
@@ -128,12 +123,15 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
             *x = ret;
         }
         PKCS8_PRIV_KEY_INFO_free(p8inf);
-    } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
-        if (!ameth || !ameth->old_priv_decode)
-            goto p8err;
-        ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
+    } else if (strcmp(nm, PEM_STRING_RSA) == 0) {
+        /* TODO(davidben): d2i_PrivateKey parses PKCS#8 along with the
+         * standalone format. This and the cases below probably should not
+         * accept PKCS#8. */
+        ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len);
+    } else if (strcmp(nm, PEM_STRING_EC) == 0) {
+        ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len);
+    } else if (strcmp(nm, PEM_STRING_DSA) == 0) {
+        ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len);
     }
  p8err:
     if (ret == NULL)
author	David Benjamin <davidben@chromium.org>	2016-01-03 14:02:50 +0300
committer	Adam Langley <agl@google.com>	2016-02-27 01:50:21 +0300
commit	8ebc0f55a01539a9eef39e162c25d09303f4013b (patch)
tree	4737f7fdcea7abe1a2701b7baec6de00279042dd /crypto/pem
parent	3f4f7ee08fe0e36c87519befcaff073dc5a90e95 (diff)