1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include "internal/cryptlib.h"
15 #include <openssl/bn.h>
16 #include <openssl/evp.h>
17 #include <openssl/objects.h>
18 #include <openssl/decoder.h>
19 #include <openssl/engine.h>
20 #include <openssl/x509.h>
21 #include <openssl/asn1.h>
22 #include "crypto/asn1.h"
23 #include "crypto/evp.h"
24 #include "crypto/x509.h"
25 #include "internal/asn1.h"
26 #include "internal/sizes.h"
27
28 static EVP_PKEY *
d2i_PrivateKey_decoder(int keytype,EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)29 d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
30 long length, OSSL_LIB_CTX *libctx, const char *propq)
31 {
32 OSSL_DECODER_CTX *dctx = NULL;
33 size_t len = length;
34 EVP_PKEY *pkey = NULL, *bak_a = NULL;
35 EVP_PKEY **ppkey = &pkey;
36 const char *key_name = NULL;
37 char keytypebuf[OSSL_MAX_NAME_SIZE];
38 int ret;
39 const unsigned char *p = *pp;
40 const char *structure;
41 PKCS8_PRIV_KEY_INFO *p8info;
42 const ASN1_OBJECT *algoid;
43
44 if (keytype != EVP_PKEY_NONE) {
45 key_name = evp_pkey_type2name(keytype);
46 if (key_name == NULL)
47 return NULL;
48 }
49
50 /* This is just a probe. It might fail, so we ignore errors */
51 ERR_set_mark();
52 p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len);
53 ERR_pop_to_mark();
54 if (p8info != NULL) {
55 int64_t v;
56
57 /* ascertain version is 0 or 1 as per RFC5958 */
58 if (!ASN1_INTEGER_get_int64(&v, p8info->version)
59 || (v != 0 && v != 1)) {
60 *pp = p;
61 ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR);
62 PKCS8_PRIV_KEY_INFO_free(p8info);
63 return NULL;
64 }
65 if (key_name == NULL
66 && PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info)
67 && OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0))
68 key_name = keytypebuf;
69 structure = "PrivateKeyInfo";
70 PKCS8_PRIV_KEY_INFO_free(p8info);
71 } else {
72 structure = "type-specific";
73 }
74 *pp = p;
75
76 if (a != NULL && (bak_a = *a) != NULL)
77 ppkey = a;
78 dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name,
79 EVP_PKEY_KEYPAIR, libctx, propq);
80 if (a != NULL)
81 *a = bak_a;
82 if (dctx == NULL)
83 goto err;
84
85 ret = OSSL_DECODER_from_data(dctx, pp, &len);
86 OSSL_DECODER_CTX_free(dctx);
87 if (ret
88 && *ppkey != NULL
89 && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) {
90 if (a != NULL)
91 *a = *ppkey;
92 return *ppkey;
93 }
94
95 err:
96 if (ppkey != a)
97 EVP_PKEY_free(*ppkey);
98 return NULL;
99 }
100
101 EVP_PKEY *
ossl_d2i_PrivateKey_legacy(int keytype,EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)102 ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp,
103 long length, OSSL_LIB_CTX *libctx, const char *propq)
104 {
105 EVP_PKEY *ret;
106 const unsigned char *p = *pp;
107
108 if (a == NULL || *a == NULL) {
109 if ((ret = EVP_PKEY_new()) == NULL) {
110 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
111 return NULL;
112 }
113 } else {
114 ret = *a;
115 #ifndef OPENSSL_NO_ENGINE
116 ENGINE_finish(ret->engine);
117 ret->engine = NULL;
118 #endif
119 }
120
121 if (!EVP_PKEY_set_type(ret, keytype)) {
122 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
123 goto err;
124 }
125
126 ERR_set_mark();
127 if (!ret->ameth->old_priv_decode ||
128 !ret->ameth->old_priv_decode(ret, &p, length)) {
129 if (ret->ameth->priv_decode != NULL
130 || ret->ameth->priv_decode_ex != NULL) {
131 EVP_PKEY *tmp;
132 PKCS8_PRIV_KEY_INFO *p8 = NULL;
133 p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
134 if (p8 == NULL) {
135 ERR_clear_last_mark();
136 goto err;
137 }
138 tmp = evp_pkcs82pkey_legacy(p8, libctx, propq);
139 PKCS8_PRIV_KEY_INFO_free(p8);
140 if (tmp == NULL) {
141 ERR_clear_last_mark();
142 goto err;
143 }
144 EVP_PKEY_free(ret);
145 ret = tmp;
146 ERR_pop_to_mark();
147 if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret))
148 goto err;
149 } else {
150 ERR_clear_last_mark();
151 ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
152 goto err;
153 }
154 } else {
155 ERR_clear_last_mark();
156 }
157 *pp = p;
158 if (a != NULL)
159 *a = ret;
160 return ret;
161 err:
162 if (a == NULL || *a != ret)
163 EVP_PKEY_free(ret);
164 return NULL;
165 }
166
d2i_PrivateKey_ex(int keytype,EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)167 EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp,
168 long length, OSSL_LIB_CTX *libctx,
169 const char *propq)
170 {
171 EVP_PKEY *ret;
172
173 ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq);
174 /* try the legacy path if the decoder failed */
175 if (ret == NULL)
176 ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
177 return ret;
178 }
179
d2i_PrivateKey(int type,EVP_PKEY ** a,const unsigned char ** pp,long length)180 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
181 long length)
182 {
183 return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
184 }
185
d2i_AutoPrivateKey_legacy(EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)186 static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a,
187 const unsigned char **pp,
188 long length,
189 OSSL_LIB_CTX *libctx,
190 const char *propq)
191 {
192 STACK_OF(ASN1_TYPE) *inkey;
193 const unsigned char *p;
194 int keytype;
195
196 p = *pp;
197 /*
198 * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
199 * analyzing it we can determine the passed structure: this assumes the
200 * input is surrounded by an ASN1 SEQUENCE.
201 */
202 inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
203 p = *pp;
204 /*
205 * Since we only need to discern "traditional format" RSA and DSA keys we
206 * can just count the elements.
207 */
208 if (sk_ASN1_TYPE_num(inkey) == 6) {
209 keytype = EVP_PKEY_DSA;
210 } else if (sk_ASN1_TYPE_num(inkey) == 4) {
211 keytype = EVP_PKEY_EC;
212 } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
213 * traditional format */
214 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
215 EVP_PKEY *ret;
216
217 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
218 if (p8 == NULL) {
219 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
220 return NULL;
221 }
222 ret = evp_pkcs82pkey_legacy(p8, libctx, propq);
223 PKCS8_PRIV_KEY_INFO_free(p8);
224 if (ret == NULL)
225 return NULL;
226 *pp = p;
227 if (a != NULL) {
228 *a = ret;
229 }
230 return ret;
231 } else {
232 keytype = EVP_PKEY_RSA;
233 }
234 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
235 return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
236 }
237
238 /*
239 * This works like d2i_PrivateKey() except it passes the keytype as
240 * EVP_PKEY_NONE, which then figures out the type during decoding.
241 */
d2i_AutoPrivateKey_ex(EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)242 EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
243 long length, OSSL_LIB_CTX *libctx,
244 const char *propq)
245 {
246 EVP_PKEY *ret;
247
248 ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq);
249 /* try the legacy path if the decoder failed */
250 if (ret == NULL)
251 ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq);
252 return ret;
253 }
254
d2i_AutoPrivateKey(EVP_PKEY ** a,const unsigned char ** pp,long length)255 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
256 long length)
257 {
258 return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);
259 }
260