2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/core_names.h>
11 #include <openssl/bio.h>
12 #include <openssl/params.h>
13 #include <openssl/provider.h>
14 #include <openssl/evperr.h>
15 #include <openssl/ecerr.h>
16 #include <openssl/x509err.h>
17 #include "internal/passphrase.h"
18 #include "crypto/decoder.h"
19 #include "encoder_local.h"
22 struct decoder_process_data_st {
23 OSSL_DECODER_CTX *ctx;
28 /* Index of the current decoder instance to be processed */
29 size_t current_decoder_inst_index;
32 static int decoder_process(const OSSL_PARAM params[], void *arg);
34 int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
36 struct decoder_process_data_st data;
39 memset(&data, 0, sizeof(data));
43 /* Enable passphrase caching */
44 (void)ossl_pw_enable_passphrase_caching(&ctx->pwdata);
46 ok = decoder_process(NULL, &data);
48 /* Clear any internally cached passphrase */
49 (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
54 #ifndef OPENSSL_NO_STDIO
55 static BIO *bio_from_file(FILE *fp)
59 if ((b = BIO_new(BIO_s_file())) == NULL) {
60 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB);
63 BIO_set_fp(b, fp, BIO_NOCLOSE);
67 int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *fp)
69 BIO *b = bio_from_file(fp);
73 ret = OSSL_DECODER_from_bio(ctx, b);
80 int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata,
86 if (pdata == NULL || *pdata == NULL || pdata_len == NULL) {
87 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
91 membio = BIO_new_mem_buf(*pdata, (int)*pdata_len);
92 if (OSSL_DECODER_from_bio(ctx, membio)) {
93 *pdata_len = (size_t)BIO_get_mem_data(membio, pdata);
101 int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx,
102 const char *input_type)
104 if (!ossl_assert(ctx != NULL)) {
105 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
110 * NULL is a valid starting input type, and means that the caller leaves
111 * it to code to discover what the starting input type is.
113 ctx->start_input_type = input_type;
117 OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder,
120 OSSL_DECODER_INSTANCE *decoder_inst = NULL;
121 OSSL_PARAM params[2];
123 if (!ossl_assert(decoder != NULL)) {
124 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
128 if (decoder->get_params == NULL) {
129 ERR_raise(ERR_LIB_OSSL_DECODER,
130 OSSL_DECODER_R_MISSING_GET_PARAMS);
134 if ((decoder_inst = OPENSSL_zalloc(sizeof(*decoder_inst))) == NULL) {
135 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
138 if (!OSSL_DECODER_up_ref(decoder)) {
139 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR);
143 /* Cache the input type for this encoder */
145 OSSL_PARAM_construct_utf8_ptr(OSSL_DECODER_PARAM_INPUT_TYPE,
146 (char **)&decoder_inst->input_type, 0);
147 params[1] = OSSL_PARAM_construct_end();
149 if (!decoder->get_params(params)
150 || !OSSL_PARAM_modified(¶ms[0]))
153 decoder_inst->decoder = decoder;
154 decoder_inst->decoderctx = decoderctx;
157 ossl_decoder_instance_free(decoder_inst);
161 void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst)
163 if (decoder_inst != NULL) {
164 if (decoder_inst->decoder != NULL)
165 decoder_inst->decoder->freectx(decoder_inst->decoderctx);
166 decoder_inst->decoderctx = NULL;
167 OSSL_DECODER_free(decoder_inst->decoder);
168 decoder_inst->decoder = NULL;
169 OPENSSL_free(decoder_inst);
173 int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx,
174 OSSL_DECODER_INSTANCE *di)
176 if (ctx->decoder_insts == NULL
177 && (ctx->decoder_insts =
178 sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) {
179 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
183 return (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, di) > 0);
186 int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder)
188 OSSL_DECODER_INSTANCE *decoder_inst = NULL;
189 const OSSL_PROVIDER *prov = NULL;
190 void *decoderctx = NULL;
191 void *provctx = NULL;
193 if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) {
194 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
198 prov = OSSL_DECODER_provider(decoder);
199 provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
201 if ((decoderctx = decoder->newctx(provctx)) == NULL
203 ossl_decoder_instance_new(decoder, decoderctx)) == NULL)
205 /* Avoid double free of decoderctx on further errors */
208 if (!ossl_decoder_ctx_add_decoder_inst(ctx, decoder_inst))
213 ossl_decoder_instance_free(decoder_inst);
214 if (decoderctx != NULL)
215 decoder->freectx(decoderctx);
219 int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx,
220 OSSL_LIB_CTX *libctx, const char *propq)
223 * This function goes through existing decoder methods in
224 * |ctx->decoder_insts|, and tries to fetch new decoders that produce
225 * what the existing ones want as input, and push those newly fetched
226 * decoders on top of the same stack.
227 * Then it does the same again, but looping over the newly fetched
228 * decoders, until there are no more encoders to be fetched, or
229 * when we have done this 10 times.
231 * we do this with sliding windows on the stack by keeping track of indexes
235 * | DER to RSA | <--- w_prev_start
241 * | PEM to DER | <--- w_prev_end, w_new_start
245 size_t w_prev_start, w_prev_end; /* "previous" decoders */
246 size_t w_new_start, w_new_end; /* "new" decoders */
247 size_t count = 0; /* Calculates how many were added in each iteration */
248 size_t depth = 0; /* Counts the number of iterations */
250 if (!ossl_assert(ctx != NULL)) {
251 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
256 * If there is no stack of OSSL_DECODER_INSTANCE, we have nothing
257 * more to add. That's fine.
259 if (ctx->decoder_insts == NULL)
263 w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts);
267 w_new_start = w_new_end = w_prev_end;
269 for (i = w_prev_start; i < w_prev_end; i++) {
270 OSSL_DECODER_INSTANCE *decoder_inst =
271 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
272 const char *input_type =
273 OSSL_DECODER_INSTANCE_get_input_type(decoder_inst);
274 OSSL_DECODER *decoder = NULL;
277 * If the caller has specified what the initial input should be,
278 * and the decoder implementation we're looking at has that
279 * input type, there's no point adding on more implementations
280 * on top of this one, so we don't.
282 if (ctx->start_input_type != NULL
283 && strcasecmp(ctx->start_input_type, input_type) == 0)
287 decoder = OSSL_DECODER_fetch(libctx, input_type, propq);
290 if (decoder != NULL) {
294 * Check that we don't already have this decoder in our
295 * stack We only need to check among the newly added ones.
297 for (j = w_new_start; j < w_new_end; j++) {
298 OSSL_DECODER_INSTANCE *check_inst =
299 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, j);
301 if (decoder == check_inst->decoder) {
302 /* We found it, so drop the new fetch */
303 OSSL_DECODER_free(decoder);
314 * Apart from keeping w_new_end up to date, We don't care about
315 * errors here. If it doesn't collect, then it doesn't...
317 if (OSSL_DECODER_CTX_add_decoder(ctx, decoder)) /* ref++ */
319 OSSL_DECODER_free(decoder); /* ref-- */
321 /* How many were added in this iteration */
322 count = w_new_end - w_new_start;
324 /* Slide the "previous decoder" windows */
325 w_prev_start = w_new_start;
326 w_prev_end = w_new_end;
329 } while (count != 0 && depth <= 10);
334 int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx)
336 if (ctx == NULL || ctx->decoder_insts == NULL)
338 return sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts);
341 int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx,
342 OSSL_DECODER_CONSTRUCT *construct)
344 if (!ossl_assert(ctx != NULL)) {
345 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
348 ctx->construct = construct;
352 int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx,
353 void *construct_data)
355 if (!ossl_assert(ctx != NULL)) {
356 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
359 ctx->construct_data = construct_data;
363 int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx,
364 OSSL_DECODER_CLEANUP *cleanup)
366 if (!ossl_assert(ctx != NULL)) {
367 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
370 ctx->cleanup = cleanup;
374 OSSL_DECODER_CONSTRUCT *
375 OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx)
379 return ctx->construct;
382 void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx)
386 return ctx->construct_data;
389 OSSL_DECODER_CLEANUP *
390 OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx)
397 int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst,
398 void *reference, size_t reference_sz,
399 OSSL_CALLBACK *export_cb, void *export_cbarg)
401 OSSL_DECODER *decoder = NULL;
402 void *decoderctx = NULL;
404 if (!(ossl_assert(decoder_inst != NULL)
405 && ossl_assert(reference != NULL)
406 && ossl_assert(export_cb != NULL)
407 && ossl_assert(export_cbarg != NULL))) {
408 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
412 decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst);
413 decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst);
414 return decoder->export_object(decoderctx, reference, reference_sz,
415 export_cb, export_cbarg);
419 OSSL_DECODER_INSTANCE_get_decoder(OSSL_DECODER_INSTANCE *decoder_inst)
421 if (decoder_inst == NULL)
423 return decoder_inst->decoder;
427 OSSL_DECODER_INSTANCE_get_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst)
429 if (decoder_inst == NULL)
431 return decoder_inst->decoderctx;
435 OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst)
437 if (decoder_inst == NULL)
439 return decoder_inst->input_type;
442 static int decoder_process(const OSSL_PARAM params[], void *arg)
444 struct decoder_process_data_st *data = arg;
445 OSSL_DECODER_CTX *ctx = data->ctx;
446 OSSL_DECODER_INSTANCE *decoder_inst = NULL;
447 OSSL_DECODER *decoder = NULL;
448 BIO *bio = data->bio;
453 struct decoder_process_data_st new_data;
454 const char *object_type = NULL;
456 memset(&new_data, 0, sizeof(new_data));
457 new_data.ctx = data->ctx;
459 if (params == NULL) {
460 /* First iteration, where we prepare for what is to come */
462 data->current_decoder_inst_index =
463 OSSL_DECODER_CTX_get_num_decoders(ctx);
470 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts,
471 data->current_decoder_inst_index);
472 decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst);
474 if (ctx->construct != NULL
475 && ctx->construct(decoder_inst, params, ctx->construct_data)) {
480 /* The constructor didn't return success */
483 * so we try to use the object we got and feed it to any next
484 * decoder that will take it. Object references are not
486 * If this data isn't present, decoding has failed.
489 p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA);
490 if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING)
492 new_data.bio = BIO_new_mem_buf(p->data, (int)p->data_size);
493 if (new_data.bio == NULL)
497 /* Get the object type if there is one */
498 p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE);
499 if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &object_type))
504 * If we have no more decoders to look through at this point,
507 if (data->current_decoder_inst_index == 0)
510 if ((loc = BIO_tell(bio)) < 0) {
511 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB);
515 for (i = data->current_decoder_inst_index; i-- > 0;) {
516 OSSL_DECODER_INSTANCE *new_decoder_inst =
517 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
518 OSSL_DECODER *new_decoder =
519 OSSL_DECODER_INSTANCE_get_decoder(new_decoder_inst);
520 void *new_decoderctx =
521 OSSL_DECODER_INSTANCE_get_decoder_ctx(new_decoder_inst);
522 const char *new_input_type =
523 OSSL_DECODER_INSTANCE_get_input_type(new_decoder_inst);
526 * If |decoder| is NULL, it means we've just started, and the caller
527 * may have specified what it expects the initial input to be. If
528 * that's the case, we do this extra check.
530 if (decoder == NULL && ctx->start_input_type != NULL
531 && strcasecmp(ctx->start_input_type, new_input_type) != 0)
535 * If we have a previous decoder, we check that the input type
536 * of the next to be used matches the type of this previous one.
537 * input_type is a cache of the parameter "input-type" value for
540 if (decoder != NULL && !OSSL_DECODER_is_a(decoder, new_input_type))
544 * If the previous decoder gave us an object type, we check to see
545 * if that matches the decoder we're currently considering.
547 if (object_type != NULL && !OSSL_DECODER_is_a(new_decoder, object_type))
551 * Checking the return value of BIO_reset() or BIO_seek() is unsafe.
552 * Furthermore, BIO_reset() is unsafe to use if the source BIO happens
553 * to be a BIO_s_mem(), because the earlier BIO_tell() gives us zero
554 * no matter where we are in the underlying buffer we're reading from.
556 * So, we simply do a BIO_seek(), and use BIO_tell() that we're back
557 * at the same position. This is a best effort attempt, but BIO_seek()
558 * and BIO_tell() should come as a pair...
560 (void)BIO_seek(bio, loc);
561 if (BIO_tell(bio) != loc)
565 new_data.current_decoder_inst_index = i;
566 ok = new_decoder->decode(new_decoderctx, (OSSL_CORE_BIO *)bio,
567 decoder_process, &new_data,
568 ossl_pw_passphrase_callback_dec,
569 &new_data.ctx->pwdata);
572 err = ERR_peek_last_error();
573 if ((ERR_GET_LIB(err) == ERR_LIB_EVP
574 && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)
575 #ifndef OPENSSL_NO_EC
576 || (ERR_GET_LIB(err) == ERR_LIB_EC
577 && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP)
579 || (ERR_GET_LIB(err) == ERR_LIB_X509
580 && ERR_GET_REASON(err) == X509_R_UNSUPPORTED_ALGORITHM))
581 break; /* fatal error; preserve it on the error queue and stop */
585 BIO_free(new_data.bio);