1 /* 2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some engine deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <stdio.h> 14 #include "internal/cryptlib.h" 15 #include <openssl/bn.h> 16 #include <openssl/evp.h> 17 #include <openssl/objects.h> 18 #include <openssl/decoder.h> 19 #include <openssl/engine.h> 20 #include <openssl/x509.h> 21 #include <openssl/asn1.h> 22 #include "crypto/asn1.h" 23 #include "crypto/evp.h" 24 #include "crypto/x509.h" 25 #include "internal/asn1.h" 26 #include "internal/sizes.h" 27 28 static EVP_PKEY * 29 d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp, 30 long length, OSSL_LIB_CTX *libctx, const char *propq) 31 { 32 OSSL_DECODER_CTX *dctx = NULL; 33 size_t len = length; 34 EVP_PKEY *pkey = NULL, *bak_a = NULL; 35 EVP_PKEY **ppkey = &pkey; 36 const char *key_name = NULL; 37 char keytypebuf[OSSL_MAX_NAME_SIZE]; 38 int ret; 39 const unsigned char *p = *pp; 40 const char *structure; 41 PKCS8_PRIV_KEY_INFO *p8info; 42 const ASN1_OBJECT *algoid; 43 44 if (keytype != EVP_PKEY_NONE) { 45 key_name = evp_pkey_type2name(keytype); 46 if (key_name == NULL) 47 return NULL; 48 } 49 50 /* This is just a probe. It might fail, so we ignore errors */ 51 ERR_set_mark(); 52 p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len); 53 ERR_pop_to_mark(); 54 if (p8info != NULL) { 55 int64_t v; 56 57 /* ascertain version is 0 or 1 as per RFC5958 */ 58 if (!ASN1_INTEGER_get_int64(&v, p8info->version) 59 || (v != 0 && v != 1)) { 60 *pp = p; 61 ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR); 62 PKCS8_PRIV_KEY_INFO_free(p8info); 63 return NULL; 64 } 65 if (key_name == NULL 66 && PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info) 67 && OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0)) 68 key_name = keytypebuf; 69 structure = "PrivateKeyInfo"; 70 PKCS8_PRIV_KEY_INFO_free(p8info); 71 } else { 72 structure = "type-specific"; 73 } 74 *pp = p; 75 76 if (a != NULL && (bak_a = *a) != NULL) 77 ppkey = a; 78 dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name, 79 EVP_PKEY_KEYPAIR, libctx, propq); 80 if (a != NULL) 81 *a = bak_a; 82 if (dctx == NULL) 83 goto err; 84 85 ret = OSSL_DECODER_from_data(dctx, pp, &len); 86 OSSL_DECODER_CTX_free(dctx); 87 if (ret 88 && *ppkey != NULL 89 && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) { 90 if (a != NULL) 91 *a = *ppkey; 92 return *ppkey; 93 } 94 95 err: 96 if (ppkey != a) 97 EVP_PKEY_free(*ppkey); 98 return NULL; 99 } 100 101 EVP_PKEY * 102 ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, 103 long length, OSSL_LIB_CTX *libctx, const char *propq) 104 { 105 EVP_PKEY *ret; 106 const unsigned char *p = *pp; 107 108 if (a == NULL || *a == NULL) { 109 if ((ret = EVP_PKEY_new()) == NULL) { 110 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); 111 return NULL; 112 } 113 } else { 114 ret = *a; 115 #ifndef OPENSSL_NO_ENGINE 116 ENGINE_finish(ret->engine); 117 ret->engine = NULL; 118 #endif 119 } 120 121 if (!EVP_PKEY_set_type(ret, keytype)) { 122 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); 123 goto err; 124 } 125 126 ERR_set_mark(); 127 if (!ret->ameth->old_priv_decode || 128 !ret->ameth->old_priv_decode(ret, &p, length)) { 129 if (ret->ameth->priv_decode != NULL 130 || ret->ameth->priv_decode_ex != NULL) { 131 EVP_PKEY *tmp; 132 PKCS8_PRIV_KEY_INFO *p8 = NULL; 133 p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); 134 if (p8 == NULL) { 135 ERR_clear_last_mark(); 136 goto err; 137 } 138 tmp = evp_pkcs82pkey_legacy(p8, libctx, propq); 139 PKCS8_PRIV_KEY_INFO_free(p8); 140 if (tmp == NULL) { 141 ERR_clear_last_mark(); 142 goto err; 143 } 144 EVP_PKEY_free(ret); 145 ret = tmp; 146 ERR_pop_to_mark(); 147 if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret)) 148 goto err; 149 } else { 150 ERR_clear_last_mark(); 151 ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); 152 goto err; 153 } 154 } else { 155 ERR_clear_last_mark(); 156 } 157 *pp = p; 158 if (a != NULL) 159 *a = ret; 160 return ret; 161 err: 162 if (a == NULL || *a != ret) 163 EVP_PKEY_free(ret); 164 return NULL; 165 } 166 167 EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp, 168 long length, OSSL_LIB_CTX *libctx, 169 const char *propq) 170 { 171 EVP_PKEY *ret; 172 173 ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq); 174 /* try the legacy path if the decoder failed */ 175 if (ret == NULL) 176 ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); 177 return ret; 178 } 179 180 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, 181 long length) 182 { 183 return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL); 184 } 185 186 static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a, 187 const unsigned char **pp, 188 long length, 189 OSSL_LIB_CTX *libctx, 190 const char *propq) 191 { 192 STACK_OF(ASN1_TYPE) *inkey; 193 const unsigned char *p; 194 int keytype; 195 196 p = *pp; 197 /* 198 * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by 199 * analyzing it we can determine the passed structure: this assumes the 200 * input is surrounded by an ASN1 SEQUENCE. 201 */ 202 inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); 203 p = *pp; 204 /* 205 * Since we only need to discern "traditional format" RSA and DSA keys we 206 * can just count the elements. 207 */ 208 if (sk_ASN1_TYPE_num(inkey) == 6) { 209 keytype = EVP_PKEY_DSA; 210 } else if (sk_ASN1_TYPE_num(inkey) == 4) { 211 keytype = EVP_PKEY_EC; 212 } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not 213 * traditional format */ 214 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); 215 EVP_PKEY *ret; 216 217 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); 218 if (p8 == NULL) { 219 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 220 return NULL; 221 } 222 ret = evp_pkcs82pkey_legacy(p8, libctx, propq); 223 PKCS8_PRIV_KEY_INFO_free(p8); 224 if (ret == NULL) 225 return NULL; 226 *pp = p; 227 if (a != NULL) { 228 *a = ret; 229 } 230 return ret; 231 } else { 232 keytype = EVP_PKEY_RSA; 233 } 234 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); 235 return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); 236 } 237 238 /* 239 * This works like d2i_PrivateKey() except it passes the keytype as 240 * EVP_PKEY_NONE, which then figures out the type during decoding. 241 */ 242 EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, 243 long length, OSSL_LIB_CTX *libctx, 244 const char *propq) 245 { 246 EVP_PKEY *ret; 247 248 ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq); 249 /* try the legacy path if the decoder failed */ 250 if (ret == NULL) 251 ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq); 252 return ret; 253 } 254 255 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, 256 long length) 257 { 258 return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL); 259 } 260