Codebase list libcryptx-perl / b4f5832
fix #67 (better handling of PEM decoding failures) Karel Miko 3 years ago
6 changed file(s) with 28 addition(s) and 24 deletion(s). Raw diff Collapse all Expand all
226226 }
227227 elsif (ref $param eq 'SCALAR') {
228228 my $data = $$param;
229 $data = pem_to_der($data) if $data =~ /-----BEGIN DH PARAMETERS-----\s*(.+)\s*-----END DH PARAMETERS-----/s;
229 if ($data =~ /-----BEGIN DH PARAMETERS-----\s*(.+)\s*-----END DH PARAMETERS-----/s) {
230 $data = pem_to_der($data) or croak "FATAL: PEM/params decode failed";
231 }
230232 return $self->_generate_key_dhparam($data);
231233 }
232234 elsif (ref $param eq 'HASH') {
3535 }
3636 elsif (@_ == 1 && ref $_[0] eq 'SCALAR') {
3737 my $data = ${$_[0]};
38 $data = pem_to_der($data) if $data =~ /-----BEGIN DSA PARAMETERS-----\s*(.+)\s*-----END DSA PARAMETERS-----/s;
38 if ($data =~ /-----BEGIN DSA PARAMETERS-----\s*(.+)\s*-----END DSA PARAMETERS-----/s) {
39 $data = pem_to_der($data) or croak "FATAL: PEM/params decode failed";
40 }
3941 return $self->_generate_key_dsaparam($data);
4042 }
4143 croak "FATAL: DSA generate_key - invalid args";
7577 croak "FATAL: invalid key data" unless $data;
7678
7779 if ($data =~ /-----BEGIN (DSA PRIVATE|DSA PUBLIC|PRIVATE|PUBLIC) KEY-----(.*?)-----END/sg) {
78 $data = pem_to_der($data, $password);
80 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
7981 return $self->_import($data);
8082 }
8183 elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
82 $data = pem_to_der($data);
84 $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed";
8385 my ($typ, $p, $q, $g, $y) = Crypt::PK::_ssh_parse($data);
8486 return $self->_import_hex(unpack('H*',$p), unpack('H*',$q), unpack('H*',$g), undef, unpack('H*',$y)) if $typ && $p && $q && $g && $y && $typ eq 'ssh-dss';
8587 }
218218 croak "FATAL: invalid key data" unless $data;
219219
220220 if ($data =~ /-----BEGIN (EC PRIVATE|EC PUBLIC|PUBLIC) KEY-----(.*?)-----END/sg) {
221 $data = pem_to_der($data, $password);
221 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
222222 my $rv = eval { $self->_import($data) } || eval { $self->_import_old($data) };
223223 return $rv if $rv;
224224 }
225225 elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
226 $data = pem_to_der($data, $password);
226 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
227227 return $self->_import_pkcs8($data, $password);
228228 }
229229 elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
230 $data = pem_to_der($data, $password);
230 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
231231 return $self->_import_pkcs8($data, $password);
232232 }
233233 elsif ($data =~ /^\s*(\{.*?\})\s*$/s) {
243243 }
244244 }
245245 elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) {
246 $data = pem_to_der($data);
246 $data = pem_to_der($data) or croak "FATAL: PEM/cert decode failed";
247247 return $self->_import_x509($data);
248248 }
249249 elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
250 $data = pem_to_der($data);
250 $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed";
251251 my ($typ, $skip, $pubkey) = Crypt::PK::_ssh_parse($data);
252252 return $self->import_key_raw($pubkey, "$2") if $pubkey && $typ =~ /^ecdsa-(.+?)-(.*)$/;
253253 }
6363 croak "FATAL: invalid key data" unless $data;
6464
6565 if ($data =~ /-----BEGIN PUBLIC KEY-----(.*?)-----END/sg) {
66 $data = pem_to_der($data, $password);
66 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
6767 return $self->_import($data);
6868 }
6969 elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
70 $data = pem_to_der($data, $password);
70 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
7171 return $self->_import_pkcs8($data, $password);
7272 }
7373 elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
74 $data = pem_to_der($data, $password);
74 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
7575 return $self->_import_pkcs8($data, $password);
7676 }
7777 elsif ($data =~ /-----BEGIN ED25519 PRIVATE KEY-----(.*?)-----END/sg) {
78 $data = pem_to_der($data, $password);
78 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
7979 return $self->_import_pkcs8($data, $password);
8080 }
8181 elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { # JSON
8686 }
8787 }
8888 elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) {
89 $data = pem_to_der($data);
89 $data = pem_to_der($data) or croak "FATAL: PEM/cert decode failed";
9090 return $self->_import_x509($data);
9191 }
9292 elsif ($data =~ /-----BEGIN OPENSSH PRIVATE KEY-----(.*?)-----END/sg) {
9696 croak "FATAL: OPENSSH PRIVATE KEY not supported";
9797 }
9898 elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
99 $data = pem_to_der($data);
99 $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed";
100100 my ($typ, $pubkey) = Crypt::PK::_ssh_parse($data);
101101 return $self->_import_raw($pubkey, 0) if $typ eq 'ssh-ed25519' && length($pubkey) == 32;
102102 }
121121 # PKCS#1 RSAPublicKey (PEM header: BEGIN RSA PUBLIC KEY)
122122 # PKCS#1 RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY)
123123 # X.509 SubjectPublicKeyInfo (PEM header: BEGIN PUBLIC KEY)
124 $data = pem_to_der($data, $password);
124 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
125125 return $self->_import($data) if $data;
126126 }
127127 elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
128128 # PKCS#8 PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY)
129 $data = pem_to_der($data, $password);
129 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
130130 return $self->_import_pkcs8($data, $password);
131131 }
132132 elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
133133 # PKCS#8 PrivateKeyInfo (PEM header: BEGIN ENCRYPTED PRIVATE KEY)
134 $data = pem_to_der($data, $password);
134 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
135135 return $self->_import_pkcs8($data, $password);
136136 }
137137 elsif ($data =~ /^\s*(\{.*?\})\s*$/s) {
146146 }
147147 }
148148 elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) {
149 $data = pem_to_der($data);
149 $data = pem_to_der($data) or croak "FATAL: PEM/cert decode failed";
150150 return $self->_import_x509($data);
151151 }
152152 elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
153 $data = pem_to_der($data);
153 $data = pem_to_der($data) or croak "FATAL: PEM/key decode failed";
154154 my ($typ, $N, $e) = Crypt::PK::_ssh_parse($data);
155155 return $self->_import_hex(unpack("H*", $e), unpack("H*", $N)) if $typ && $e && $N && $typ eq 'ssh-rsa';
156156 }
6363 croak "FATAL: invalid key data" unless $data;
6464
6565 if ($data =~ /-----BEGIN PUBLIC KEY-----(.*?)-----END/sg) {
66 $data = pem_to_der($data, $password);
66 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
6767 return $self->_import($data);
6868 }
6969 elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
70 $data = pem_to_der($data, $password);
70 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
7171 return $self->_import_pkcs8($data, $password);
7272 }
7373 elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
74 $data = pem_to_der($data, $password);
74 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
7575 return $self->_import_pkcs8($data, $password);
7676 }
7777 elsif ($data =~ /-----BEGIN X25519 PRIVATE KEY-----(.*?)-----END/sg) {
78 $data = pem_to_der($data, $password);
78 $data = pem_to_der($data, $password) or croak "FATAL: PEM/key decode failed";
7979 return $self->_import_pkcs8($data, $password);
8080 }
8181 elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { # JSON