1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include "internal/cryptlib.h"
15 #include <openssl/bn.h>
16 #include <openssl/evp.h>
17 #include <openssl/objects.h>
18 #include <openssl/decoder.h>
19 #include <openssl/engine.h>
20 #include <openssl/x509.h>
21 #include <openssl/asn1.h>
22 #include "crypto/asn1.h"
23 #include "crypto/evp.h"
24 #include "crypto/x509.h"
25 #include "internal/asn1.h"
26 #include "internal/sizes.h"
27
28 static EVP_PKEY *
d2i_PrivateKey_decoder(int keytype,EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)29 d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
30 long length, OSSL_LIB_CTX *libctx, const char *propq)
31 {
32 OSSL_DECODER_CTX *dctx = NULL;
33 size_t len = length;
34 EVP_PKEY *pkey = NULL, *bak_a = NULL;
35 EVP_PKEY **ppkey = &pkey;
36 const char *key_name = NULL;
37 char keytypebuf[OSSL_MAX_NAME_SIZE];
38 int ret;
39 const unsigned char *p = *pp;
40 const char *structure;
41 PKCS8_PRIV_KEY_INFO *p8info;
42 const ASN1_OBJECT *algoid;
43
44 if (keytype != EVP_PKEY_NONE) {
45 key_name = evp_pkey_type2name(keytype);
46 if (key_name == NULL)
47 return NULL;
48 }
49
50 /* This is just a probe. It might fail, so we ignore errors */
51 ERR_set_mark();
52 p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len);
53 ERR_pop_to_mark();
54 if (p8info != NULL) {
55 int64_t v;
56
57 /* ascertain version is 0 or 1 as per RFC5958 */
58 if (!ASN1_INTEGER_get_int64(&v, p8info->version)
59 || (v != 0 && v != 1)) {
60 *pp = p;
61 ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR);
62 PKCS8_PRIV_KEY_INFO_free(p8info);
63 return NULL;
64 }
65 if (key_name == NULL
66 && PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info)
67 && OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0))
68 key_name = keytypebuf;
69 structure = "PrivateKeyInfo";
70 PKCS8_PRIV_KEY_INFO_free(p8info);
71 } else {
72 structure = "type-specific";
73 }
74 *pp = p;
75
76 if (a != NULL && (bak_a = *a) != NULL)
77 ppkey = a;
78 dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name,
79 EVP_PKEY_KEYPAIR, libctx, propq);
80 if (a != NULL)
81 *a = bak_a;
82 if (dctx == NULL)
83 goto err;
84
85 ret = OSSL_DECODER_from_data(dctx, pp, &len);
86 OSSL_DECODER_CTX_free(dctx);
87 if (ret
88 && *ppkey != NULL
89 && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) {
90 if (a != NULL)
91 *a = *ppkey;
92 return *ppkey;
93 }
94
95 err:
96 if (ppkey != a)
97 EVP_PKEY_free(*ppkey);
98 return NULL;
99 }
100
101 EVP_PKEY *
ossl_d2i_PrivateKey_legacy(int keytype,EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)102 ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp,
103 long length, OSSL_LIB_CTX *libctx, const char *propq)
104 {
105 EVP_PKEY *ret;
106 const unsigned char *p = *pp;
107
108 if (a == NULL || *a == NULL) {
109 if ((ret = EVP_PKEY_new()) == NULL) {
110 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
111 return NULL;
112 }
113 } else {
114 ret = *a;
115 #ifndef OPENSSL_NO_ENGINE
116 ENGINE_finish(ret->engine);
117 ret->engine = NULL;
118 #endif
119 }
120
121 if (!EVP_PKEY_set_type(ret, keytype)) {
122 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
123 goto err;
124 }
125
126 ERR_set_mark();
127 if (!ret->ameth->old_priv_decode || !ret->ameth->old_priv_decode(ret, &p, length)) {
128 if (ret->ameth->priv_decode != NULL
129 || ret->ameth->priv_decode_ex != NULL) {
130 EVP_PKEY *tmp;
131 PKCS8_PRIV_KEY_INFO *p8 = NULL;
132 p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
133 if (p8 == NULL) {
134 ERR_clear_last_mark();
135 goto err;
136 }
137 tmp = evp_pkcs82pkey_legacy(p8, libctx, propq);
138 PKCS8_PRIV_KEY_INFO_free(p8);
139 if (tmp == NULL) {
140 ERR_clear_last_mark();
141 goto err;
142 }
143 EVP_PKEY_free(ret);
144 ret = tmp;
145 ERR_pop_to_mark();
146 if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret))
147 goto err;
148 } else {
149 ERR_clear_last_mark();
150 ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
151 goto err;
152 }
153 } else {
154 ERR_clear_last_mark();
155 }
156 *pp = p;
157 if (a != NULL)
158 *a = ret;
159 return ret;
160 err:
161 if (a == NULL || *a != ret)
162 EVP_PKEY_free(ret);
163 return NULL;
164 }
165
d2i_PrivateKey_ex(int keytype,EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)166 EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp,
167 long length, OSSL_LIB_CTX *libctx,
168 const char *propq)
169 {
170 EVP_PKEY *ret;
171
172 ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq);
173 /* try the legacy path if the decoder failed */
174 if (ret == NULL)
175 ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
176 return ret;
177 }
178
d2i_PrivateKey(int type,EVP_PKEY ** a,const unsigned char ** pp,long length)179 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
180 long length)
181 {
182 return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
183 }
184
d2i_AutoPrivateKey_legacy(EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)185 static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a,
186 const unsigned char **pp,
187 long length,
188 OSSL_LIB_CTX *libctx,
189 const char *propq)
190 {
191 STACK_OF(ASN1_TYPE) *inkey;
192 const unsigned char *p;
193 int keytype;
194
195 p = *pp;
196 /*
197 * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
198 * analyzing it we can determine the passed structure: this assumes the
199 * input is surrounded by an ASN1 SEQUENCE.
200 */
201 inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
202 p = *pp;
203 /*
204 * Since we only need to discern "traditional format" RSA and DSA keys we
205 * can just count the elements.
206 */
207 if (sk_ASN1_TYPE_num(inkey) == 6) {
208 keytype = EVP_PKEY_DSA;
209 } else if (sk_ASN1_TYPE_num(inkey) == 4) {
210 keytype = EVP_PKEY_EC;
211 } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
212 * traditional format */
213 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
214 EVP_PKEY *ret;
215
216 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
217 if (p8 == NULL) {
218 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
219 return NULL;
220 }
221 ret = evp_pkcs82pkey_legacy(p8, libctx, propq);
222 PKCS8_PRIV_KEY_INFO_free(p8);
223 if (ret == NULL)
224 return NULL;
225 *pp = p;
226 if (a != NULL) {
227 *a = ret;
228 }
229 return ret;
230 } else {
231 keytype = EVP_PKEY_RSA;
232 }
233 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
234 return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
235 }
236
237 /*
238 * This works like d2i_PrivateKey() except it passes the keytype as
239 * EVP_PKEY_NONE, which then figures out the type during decoding.
240 */
d2i_AutoPrivateKey_ex(EVP_PKEY ** a,const unsigned char ** pp,long length,OSSL_LIB_CTX * libctx,const char * propq)241 EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
242 long length, OSSL_LIB_CTX *libctx,
243 const char *propq)
244 {
245 EVP_PKEY *ret;
246
247 ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq);
248 /* try the legacy path if the decoder failed */
249 if (ret == NULL)
250 ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq);
251 return ret;
252 }
253
d2i_AutoPrivateKey(EVP_PKEY ** a,const unsigned char ** pp,long length)254 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
255 long length)
256 {
257 return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);
258 }
259