2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
14 #include "internal/cryptlib.h"
15 #include <openssl/bn.h>
16 #include <openssl/evp.h>
17 #include <openssl/objects.h>
18 #include <openssl/engine.h>
19 #include <openssl/x509.h>
20 #include <openssl/asn1.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
24 EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
25 long length, OSSL_LIB_CTX *libctx,
29 const unsigned char *p = *pp;
31 if ((a == NULL) || (*a == NULL)) {
32 if ((ret = EVP_PKEY_new()) == NULL) {
33 ASN1err(0, ERR_R_EVP_LIB);
38 #ifndef OPENSSL_NO_ENGINE
39 ENGINE_finish(ret->engine);
44 if (!EVP_PKEY_set_type(ret, type)) {
45 ASN1err(0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
50 if (!ret->ameth->old_priv_decode ||
51 !ret->ameth->old_priv_decode(ret, &p, length)) {
52 if (ret->ameth->priv_decode != NULL
53 || ret->ameth->priv_decode_ex != NULL) {
55 PKCS8_PRIV_KEY_INFO *p8 = NULL;
56 p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
58 ERR_clear_last_mark();
61 tmp = EVP_PKCS82PKEY_ex(p8, libctx, propq);
62 PKCS8_PRIV_KEY_INFO_free(p8);
64 ERR_clear_last_mark();
70 if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
73 ERR_clear_last_mark();
74 ASN1err(0, ERR_R_ASN1_LIB);
78 ERR_clear_last_mark();
85 if (a == NULL || *a != ret)
90 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
93 return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
97 * This works like d2i_PrivateKey() except it automatically works out the
101 EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
102 long length, OSSL_LIB_CTX *libctx,
105 STACK_OF(ASN1_TYPE) *inkey;
106 const unsigned char *p;
110 * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
111 * analyzing it we can determine the passed structure: this assumes the
112 * input is surrounded by an ASN1 SEQUENCE.
114 inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
117 * Since we only need to discern "traditional format" RSA and DSA keys we
118 * can just count the elements.
120 if (sk_ASN1_TYPE_num(inkey) == 6) {
121 keytype = EVP_PKEY_DSA;
122 } else if (sk_ASN1_TYPE_num(inkey) == 4) {
123 keytype = EVP_PKEY_EC;
124 } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
125 * traditional format */
126 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
129 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
131 ASN1err(0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
134 ret = EVP_PKCS82PKEY_ex(p8, libctx, propq);
135 PKCS8_PRIV_KEY_INFO_free(p8);
144 keytype = EVP_PKEY_RSA;
146 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
147 return d2i_PrivateKey_ex(keytype, a, pp, length, libctx, propq);
150 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
153 return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);