[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Wed Mar 10 22:12:59 UTC 2021
The branch master has been updated
via 7a45d51ce3268d16409405b9d54d7b4bb77a7fc3 (commit)
via a30823c80f8c1f4ac22fb358cab65ce4e81a5046 (commit)
from c8511e89804749e82d1212fba1dc06c86a266ee4 (commit)
- Log -----------------------------------------------------------------
commit 7a45d51ce3268d16409405b9d54d7b4bb77a7fc3
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Mar 9 17:27:55 2021 +1000
Use BIO_f_readbuffer() in the decoder to support stdin.
Fixes #13185
Fixes #13352
Removed the existing code in file_store that was trying to figure out the
input type.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
commit a30823c80f8c1f4ac22fb358cab65ce4e81a5046
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Mar 9 17:25:26 2021 +1000
Add new filter BIO BIO_f_readbuffer()
This allows BIO_tell() and BIO_seek() to work for BIO's that do
not support these methods. The main use case for this is file/fd BIO's
that use stdin.
This works for stdin taken from input redirection (command < file),
and stdin via pipe (cat file | command).
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14407)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 7 +
crypto/bio/bf_readbuff.c | 268 +++++++++++++++++++++++
crypto/bio/build.info | 2 +-
crypto/encode_decode/decoder_lib.c | 11 +
doc/build.info | 6 +
doc/man3/BIO_f_readbuffer.pod | 61 ++++++
doc/man7/bio.pod | 3 +-
include/openssl/bio.h.in | 1 +
providers/implementations/storemgmt/file_store.c | 170 +-------------
test/recipes/20-test_dhparam.t | 6 +-
util/libcrypto.num | 1 +
11 files changed, 374 insertions(+), 162 deletions(-)
create mode 100644 crypto/bio/bf_readbuff.c
create mode 100644 doc/man3/BIO_f_readbuffer.pod
diff --git a/CHANGES.md b/CHANGES.md
index b5b9583287..a547b40829 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,13 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Add filter BIO BIO_f_readbuffer() that allows BIO_tell() and BIO_seek() to
+ work on read only BIO source/sinks that do not support these functions.
+ This allows piping or redirection of a file BIO using stdin to be buffered
+ into memory. This is used internally in OSSL_DECODER_from_bio().
+
+ *Shane Lontis*
+
* OSSL_STORE_INFO_get_type() may now return an additional value. In 1.1.1
this function would return one of the values OSSL_STORE_INFO_NAME,
OSSL_STORE_INFO_PKEY, OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_CERT or
diff --git a/crypto/bio/bf_readbuff.c b/crypto/bio/bf_readbuff.c
new file mode 100644
index 0000000000..673d592ec0
--- /dev/null
+++ b/crypto/bio/bf_readbuff.c
@@ -0,0 +1,268 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is a read only BIO filter that can be used to add BIO_tell() and
+ * BIO_seek() support to source/sink BIO's (such as a file BIO that uses stdin).
+ * It does this by caching ALL data read from the BIO source/sink into a
+ * resizable memory buffer.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+#define DEFAULT_BUFFER_SIZE 4096
+
+static int readbuffer_write(BIO *h, const char *buf, int num);
+static int readbuffer_read(BIO *h, char *buf, int size);
+static int readbuffer_puts(BIO *h, const char *str);
+static int readbuffer_gets(BIO *h, char *str, int size);
+static long readbuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int readbuffer_new(BIO *h);
+static int readbuffer_free(BIO *data);
+static long readbuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD methods_readbuffer = {
+ BIO_TYPE_BUFFER,
+ "readbuffer",
+ bwrite_conv,
+ readbuffer_write,
+ bread_conv,
+ readbuffer_read,
+ readbuffer_puts,
+ readbuffer_gets,
+ readbuffer_ctrl,
+ readbuffer_new,
+ readbuffer_free,
+ readbuffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_readbuffer(void)
+{
+ return &methods_readbuffer;
+}
+
+static int readbuffer_new(BIO *bi)
+{
+ BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+ if (ctx == NULL)
+ return 0;
+ ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+ ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+ if (ctx->ibuf == NULL) {
+ OPENSSL_free(ctx);
+ return 0;
+ }
+
+ bi->init = 1;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return 1;
+}
+
+static int readbuffer_free(BIO *a)
+{
+ BIO_F_BUFFER_CTX *b;
+
+ if (a == NULL)
+ return 0;
+ b = (BIO_F_BUFFER_CTX *)a->ptr;
+ OPENSSL_free(b->ibuf);
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return 1;
+}
+
+static int readbuffer_resize(BIO_F_BUFFER_CTX *ctx, int sz)
+{
+ char *tmp;
+
+ /* Figure out how many blocks are required */
+ sz += (ctx->ibuf_off + DEFAULT_BUFFER_SIZE - 1);
+ sz = DEFAULT_BUFFER_SIZE * (sz / DEFAULT_BUFFER_SIZE);
+
+ /* Resize if the buffer is not big enough */
+ if (sz > ctx->ibuf_size) {
+ tmp = OPENSSL_realloc(ctx->ibuf, sz);
+ if (tmp == NULL)
+ return 0;
+ ctx->ibuf = tmp;
+ ctx->ibuf_size = sz;
+ }
+ return 1;
+}
+
+static int readbuffer_read(BIO *b, char *out, int outl)
+{
+ int i, num = 0;
+ BIO_F_BUFFER_CTX *ctx;
+
+ if (out == NULL || outl == 0)
+ return 0;
+ ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+ if ((ctx == NULL) || (b->next_bio == NULL))
+ return 0;
+ BIO_clear_retry_flags(b);
+
+ for (;;) {
+ i = ctx->ibuf_len;
+ /* If there is something in the buffer just read it. */
+ if (i != 0) {
+ if (i > outl)
+ i = outl;
+ memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);
+ ctx->ibuf_off += i;
+ ctx->ibuf_len -= i;
+ num += i;
+ /* Exit if we have read the bytes required out of the buffer */
+ if (outl == i)
+ return num;
+ outl -= i;
+ out += i;
+ }
+
+ /* Only gets here if the buffer has been consumed */
+ if (!readbuffer_resize(ctx, outl))
+ return 0;
+
+ /* Do some buffering by reading from the next bio */
+ i = BIO_read(b->next_bio, ctx->ibuf + ctx->ibuf_off, outl);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ else
+ return num; /* i == 0 */
+ }
+ ctx->ibuf_len = i;
+ }
+}
+
+static int readbuffer_write(BIO *b, const char *in, int inl)
+{
+ return 0;
+}
+static int readbuffer_puts(BIO *b, const char *str)
+{
+ return 0;
+}
+
+static long readbuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO_F_BUFFER_CTX *ctx;
+ long ret = 1, sz;
+
+ ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_EOF:
+ if (ctx->ibuf_len > 0)
+ return 0;
+ if (b->next_bio == NULL)
+ return 1;
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+
+ case BIO_C_FILE_SEEK:
+ case BIO_CTRL_RESET:
+ sz = ctx->ibuf_off + ctx->ibuf_len;
+ /* Assume it can only seek backwards */
+ if (num < 0 || num > sz)
+ return 0;
+ ctx->ibuf_off = num;
+ ctx->ibuf_len = sz - num;
+ break;
+
+ case BIO_C_FILE_TELL:
+ case BIO_CTRL_INFO:
+ ret = (long)ctx->ibuf_off;
+ break;
+ case BIO_CTRL_PENDING:
+ ret = (long)ctx->ibuf_len;
+ if (ret == 0) {
+ if (b->next_bio == NULL)
+ return 0;
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ }
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ return ret;
+}
+
+static long readbuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+ if (b->next_bio == NULL)
+ return 0;
+ return BIO_callback_ctrl(b->next_bio, cmd, fp);
+}
+
+static int readbuffer_gets(BIO *b, char *buf, int size)
+{
+ BIO_F_BUFFER_CTX *ctx;
+ int num = 0, num_chars, found_newline;
+ char *p;
+
+ if (size == 0)
+ return 0;
+ --size; /* the passed in size includes the terminator - so remove it here */
+ ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+ BIO_clear_retry_flags(b);
+
+ for (;;) {
+ if (ctx->ibuf_len > 0) {
+ p = &(ctx->ibuf[ctx->ibuf_off]);
+ found_newline = 0;
+ for (num_chars = 0;
+ (num_chars < ctx->ibuf_len) && (num_chars < size);
+ num_chars++) {
+ *(buf++) = p[num_chars];
+ if (p[num_chars] == '\n') {
+ found_newline = 1;
+ num_chars++;
+ break;
+ }
+ }
+ num += num_chars;
+ size -= num_chars;
+ ctx->ibuf_len -= num_chars;
+ ctx->ibuf_off += num_chars;
+ if (found_newline || size == 0) {
+ *buf = '\0';
+ return num;
+ }
+ } else {
+ /* read another line and resize if we have to */
+ if (!readbuffer_resize(ctx, size))
+ return 0;
+
+ /* Read another line from the next bio using BIO_gets */
+ num_chars = BIO_gets(b->next_bio, ctx->ibuf + ctx->ibuf_off,
+ 1 + size);
+ if (num_chars <= 0) {
+ BIO_copy_next_retry(b);
+ *buf = '\0';
+ return num > 0 ? num : num_chars;
+ }
+ ctx->ibuf_len = num_chars;
+ }
+ }
+}
diff --git a/crypto/bio/build.info b/crypto/bio/build.info
index 8e3f530f88..227071f0ce 100644
--- a/crypto/bio/build.info
+++ b/crypto/bio/build.info
@@ -15,4 +15,4 @@ SOURCE[../../libcrypto]=\
# Filters
SOURCE[../../libcrypto]=\
- bf_null.c bf_buff.c bf_lbuf.c bf_nbio.c bf_prefix.c
+ bf_null.c bf_buff.c bf_lbuf.c bf_nbio.c bf_prefix.c bf_readbuff.c
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 635a656216..f161c7cd5b 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -39,7 +39,14 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
{
struct decoder_process_data_st data;
int ok = 0;
+ BIO *new_bio = NULL;
+ if (BIO_tell(in) < 0) {
+ new_bio = BIO_new(BIO_f_readbuffer());
+ if (new_bio == NULL)
+ return 0;
+ in = BIO_push(new_bio, in);
+ }
memset(&data, 0, sizeof(data));
data.ctx = ctx;
data.bio = in;
@@ -52,6 +59,10 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
/* Clear any internally cached passphrase */
(void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
+ if (new_bio != NULL) {
+ BIO_pop(new_bio);
+ BIO_free(new_bio);
+ }
return ok;
}
diff --git a/doc/build.info b/doc/build.info
index e53b3d1007..0a13f26927 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -570,6 +570,10 @@ DEPEND[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod
GENERATE[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod
DEPEND[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod
GENERATE[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod
+DEPEND[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod
+GENERATE[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod
+DEPEND[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod
+GENERATE[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod
DEPEND[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod
GENERATE[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod
DEPEND[man/man3/BIO_f_ssl.3]=man3/BIO_f_ssl.pod
@@ -2772,6 +2776,7 @@ html/man3/BIO_f_cipher.html \
html/man3/BIO_f_md.html \
html/man3/BIO_f_null.html \
html/man3/BIO_f_prefix.html \
+html/man3/BIO_f_readbuffer.html \
html/man3/BIO_f_ssl.html \
html/man3/BIO_find_type.html \
html/man3/BIO_get_data.html \
@@ -3342,6 +3347,7 @@ man/man3/BIO_f_cipher.3 \
man/man3/BIO_f_md.3 \
man/man3/BIO_f_null.3 \
man/man3/BIO_f_prefix.3 \
+man/man3/BIO_f_readbuffer.3 \
man/man3/BIO_f_ssl.3 \
man/man3/BIO_find_type.3 \
man/man3/BIO_get_data.3 \
diff --git a/doc/man3/BIO_f_readbuffer.pod b/doc/man3/BIO_f_readbuffer.pod
new file mode 100644
index 0000000000..35e708f9ad
--- /dev/null
+++ b/doc/man3/BIO_f_readbuffer.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+BIO_f_readbuffer
+- read only buffering BIO that supports BIO_tell() and BIO_seek()
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_f_readbuffer(void);
+
+=head1 DESCRIPTION
+
+BIO_f_readbuffer() returns the read buffering BIO method.
+
+This BIO filter can be inserted on top of BIO's that do not support BIO_tell()
+or BIO_seek() (e.g. A file BIO that uses stdin).
+
+Data read from a read buffering BIO comes from an internal buffer which is
+filled from the next BIO in the chain.
+
+BIO_gets() is supported for read buffering BIOs.
+Writing data to a read buffering BIO is not supported.
+
+Calling BIO_reset() on a read buffering BIO does not clear any buffered data.
+
+=head1 NOTES
+
+Read buffering BIOs implement BIO_read_ex() by using BIO_read_ex() operations
+on the next BIO (e.g. a file BIO) in the chain and storing the result in an
+internal buffer, from which bytes are given back to the caller as appropriate
+for the call. BIO_read_ex() is guaranteed to give the caller the number of bytes
+it asks for, unless there's an error or end of communication is reached in the
+next BIO. The internal buffer can grow to cache the entire contents of the next
+BIO in the chain. BIO_seek() uses the internal buffer, so that it can only seek
+into data that is already read.
+
+=head1 RETURN VALUES
+
+BIO_f_readbuffer() returns the read buffering BIO method.
+
+=head1 SEE ALSO
+
+L<bio(7)>,
+L<BIO_read(3)>,
+L<BIO_gets(3)>,
+L<BIO_reset(3)>,
+L<BIO_ctrl(3)>.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/bio.pod b/doc/man7/bio.pod
index bb23e56961..092bdde184 100644
--- a/doc/man7/bio.pod
+++ b/doc/man7/bio.pod
@@ -64,6 +64,7 @@ L<BIO_ctrl(3)>,
L<BIO_f_base64(3)>, L<BIO_f_buffer(3)>,
L<BIO_f_cipher(3)>, L<BIO_f_md(3)>,
L<BIO_f_null(3)>, L<BIO_f_ssl(3)>,
+L<BIO_f_readbuffer(3)>,
L<BIO_find_type(3)>, L<BIO_new(3)>,
L<BIO_new_bio_pair(3)>,
L<BIO_push(3)>, L<BIO_read_ex(3)>,
@@ -76,7 +77,7 @@ L<BIO_should_retry(3)>
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
index 6bb4876022..3b2f7e98f5 100644
--- a/include/openssl/bio.h.in
+++ b/include/openssl/bio.h.in
@@ -647,6 +647,7 @@ const BIO_METHOD *BIO_s_bio(void);
const BIO_METHOD *BIO_s_null(void);
const BIO_METHOD *BIO_f_null(void);
const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_readbuffer(void);
const BIO_METHOD *BIO_f_linebuffer(void);
const BIO_METHOD *BIO_f_nbio_test(void);
const BIO_METHOD *BIO_f_prefix(void);
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index ab4b4055d9..1ea820e2a4 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -8,30 +8,26 @@
*/
#include "e_os.h" /* To get strncasecmp() on Windows */
+
#include <string.h>
#include <sys/stat.h>
-#include <ctype.h>
+#include <ctype.h> /* isdigit */
#include <assert.h>
-#include <openssl/core.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/core_object.h>
-#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/err.h>
-#include <openssl/buffer.h>
#include <openssl/params.h>
#include <openssl/decoder.h>
-#include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
#include <openssl/proverr.h>
+#include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
#include "internal/cryptlib.h"
#include "internal/o_dir.h"
-#include "crypto/pem.h" /* For PVK and "blob" PEM headers */
#include "crypto/decoder.h"
#include "prov/implementations.h"
#include "prov/bio.h"
-#include "prov/provider_ctx.h"
#include "file_store_local.h"
DEFINE_STACK_OF(OSSL_STORE_INFO)
@@ -74,10 +70,6 @@ struct file_ctx_st {
IS_DIR /* Pass directory entry names */
} type;
- /* Flag bits */
- unsigned int flag_attached:1;
- unsigned int flag_buffered:1;
-
union {
/* Used with |IS_FILE| */
struct {
@@ -299,139 +291,18 @@ static void *file_open(void *provctx, const char *uri)
return ctx;
}
-/*
- * Attached input streams must be treated very very carefully to avoid
- * nasty surprises.
- *
- * This implementation tries to support input streams that can't be reset,
- * such as standard input. However, OSSL_DECODER assumes resettable streams,
- * and because the PEM decoder may read quite a bit of the input file to skip
- * past any non-PEM text that precedes the PEM block, we may need to detect
- * if the input stream is a PEM file early.
- *
- * If the input stream supports BIO_tell(), we assume that it also supports
- * BIO_seek(), making it a resettable stream and therefore safe to fully
- * unleash OSSL_DECODER.
- *
- * If the input stream doesn't support BIO_tell(), we must assume that we
- * have a non-resettable stream, and must tread carefully. We do so by
- * trying to detect if the input is PEM, MSBLOB or PVK, and if not, we
- * assume that it's DER.
- *
- * To detect if an input stream is PEM, MSBLOB or PVK, we use the buffer BIO
- * filter, which allows us a 4KiB resettable read-ahead. We *hope* that 4KiB
- * will be enough to find the start of the PEM block.
- *
- * It should be possible to use this same technique to detect other file
- * types as well.
- *
- * An alternative technique would be to have an endlessly caching BIO filter.
- * That would take away the need for all the detection here, and simply leave
- * it for OSSL_DECODER to find out on its own while supporting its demand for
- * resettable input streams.
- * That's a possible future development.
- */
-
-# define INPUT_TYPE_ANY NULL
-# define INPUT_TYPE_DER "DER"
-# define INPUT_TYPE_PEM "PEM"
-# define INPUT_TYPE_MSBLOB "MSBLOB"
-# define INPUT_TYPE_PVK "PVK"
-
void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
{
+ struct file_ctx_st *ctx;
BIO *new_bio = bio_new_from_core_bio(provctx, cin);
- BIO *new_bio_tmp = NULL;
- BIO *buff = NULL;
- char peekbuf[4096] = { 0, };
- int loc;
- const char *input_type = NULL;
- unsigned int flag_attached = 1;
- unsigned int flag_buffered = 0;
- struct file_ctx_st *ctx = NULL;
if (new_bio == NULL)
- return 0;
-
- /* Try to get the current position */
- loc = BIO_tell(new_bio);
-
- if ((buff = BIO_new(BIO_f_buffer())) == NULL
- || (new_bio_tmp = BIO_push(buff, new_bio)) == NULL)
- goto err;
-
- /* Assumption, if we can't detect PEM */
- input_type = INPUT_TYPE_DER;
- flag_buffered = 1;
- new_bio = new_bio_tmp;
-
- if (BIO_buffer_peek(new_bio, peekbuf, sizeof(peekbuf) - 1) > 0) {
-#ifndef OPENSSL_NO_DSA
- const unsigned char *p = NULL;
- unsigned int magic = 0, bitlen = 0;
- int isdss = 0, ispub = -1;
-# ifndef OPENSSL_NO_RC4
- unsigned int saltlen = 0, keylen = 0;
-# endif
-#endif
-
- peekbuf[sizeof(peekbuf) - 1] = '\0';
- if (strstr(peekbuf, "-----BEGIN ") != NULL)
- input_type = INPUT_TYPE_PEM;
-#ifndef OPENSSL_NO_DSA
- else if (p = (unsigned char *)peekbuf,
- ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen,
- &isdss, &ispub))
- input_type = INPUT_TYPE_MSBLOB;
-# ifndef OPENSSL_NO_RC4
- else if (p = (unsigned char *)peekbuf,
- ossl_do_PVK_header(&p, sizeof(peekbuf), 0, &saltlen, &keylen))
- input_type = INPUT_TYPE_PVK;
-# endif
-#endif
- }
-
- /*
- * After peeking, we know that the underlying source BIO has moved ahead
- * from its earlier position and that if it supports BIO_tell(), that
- * should be a number that differs from |loc|. Otherwise, we will get
- * the same value, which may one of:
- *
- * - zero (the source BIO doesn't support BIO_tell() / BIO_seek() /
- * BIO_reset())
- * - -1 (the underlying operating system / C library routines do not
- * support BIO_tell() / BIO_seek() / BIO_reset())
- *
- * If it turns out that the source BIO does support BIO_tell(), we pop
- * the buffer BIO filter and mark this input as |INPUT_TYPE_ANY|, which
- * fully unleashes OSSL_DECODER to do its thing.
- */
- if (BIO_tell(new_bio) != loc) {
- /* In this case, anything goes */
- input_type = INPUT_TYPE_ANY;
-
- /* Restore the source BIO like it was when entering this function */
- new_bio = BIO_pop(buff);
- BIO_free(buff);
- (void)BIO_seek(new_bio, loc);
-
- flag_buffered = 0;
- }
-
- if ((ctx = file_open_stream(new_bio, NULL, input_type, provctx)) == NULL)
- goto err;
-
- ctx->flag_attached = flag_attached;
- ctx->flag_buffered = flag_buffered;
+ return NULL;
+ ctx = file_open_stream(new_bio, NULL, NULL, provctx);
+ if (ctx == NULL)
+ BIO_free(new_bio);
return ctx;
- err:
- if (flag_buffered) {
- new_bio = BIO_pop(buff);
- BIO_free(buff);
- }
- BIO_free(new_bio); /* Removes the provider BIO filter */
- return NULL;
}
/*-
@@ -854,30 +725,11 @@ static int file_close_dir(struct file_ctx_st *ctx)
static int file_close_stream(struct file_ctx_st *ctx)
{
- if (ctx->flag_buffered) {
- /*
- * file_attach() pushed a BIO_f_buffer() on top of the regular BIO.
- * Drop it.
- */
- BIO *buff = ctx->_.file.file;
-
- /* Detach buff */
- ctx->_.file.file = BIO_pop(ctx->_.file.file);
-
- BIO_free(buff);
- }
-
/*
- * If it was attached, we only free the top, as that's the provider BIO
- * filter. Otherwise, it was entirely allocated by this implementation,
- * and can safely be completely freed.
+ * This frees either the provider BIO filter (for file_attach()) OR
+ * the allocated file BIO (for file_open()).
*/
- if (ctx->flag_attached)
- BIO_free(ctx->_.file.file);
- else
- BIO_free_all(ctx->_.file.file);
-
- /* To avoid double free */
+ BIO_free(ctx->_.file.file);
ctx->_.file.file = NULL;
free_file_ctx(ctx);
diff --git a/test/recipes/20-test_dhparam.t b/test/recipes/20-test_dhparam.t
index 9bd947b0ee..78a63508b3 100644
--- a/test/recipes/20-test_dhparam.t
+++ b/test/recipes/20-test_dhparam.t
@@ -19,7 +19,7 @@ setup("test_dhparam");
plan skip_all => "DH is not supported in this build"
if disabled("dh");
-plan tests => 16;
+plan tests => 17;
sub checkdhparams {
my $file = shift; #Filename containing params
@@ -171,3 +171,7 @@ SKIP: {
checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512);
};
}
+
+ok(run(app(["openssl", "dhparam", "-noout", "-text"],
+ stdin => data_file("pkcs3-2-1024.pem"))),
+ "stdinbuffer input test that uses BIO_gets");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 309676f39b..2ca427c63b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5313,3 +5313,4 @@ EVP_RAND_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION:
EVP_RAND_CTX_settable_params ? 3_0_0 EXIST::FUNCTION:
RAND_set_DRBG_type ? 3_0_0 EXIST::FUNCTION:
RAND_set_seed_source_type ? 3_0_0 EXIST::FUNCTION:
+BIO_f_readbuffer ? 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list