2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
14 #include "internal/cryptlib.h"
15 #include <openssl/bn.h>
16 #include <openssl/evp.h>
17 #include <openssl/objects.h>
18 #include <openssl/engine.h>
19 #include <openssl/x509.h>
20 #include <openssl/asn1.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
24 EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
25 long length, OPENSSL_CTX *libctx, const char *propq)
28 const unsigned char *p = *pp;
30 if ((a == NULL) || (*a == NULL)) {
31 if ((ret = EVP_PKEY_new()) == NULL) {
32 ASN1err(0, ERR_R_EVP_LIB);
37 #ifndef OPENSSL_NO_ENGINE
38 ENGINE_finish(ret->engine);
43 if (!EVP_PKEY_set_type(ret, type)) {
44 ASN1err(0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
48 if (!ret->ameth->old_priv_decode ||
49 !ret->ameth->old_priv_decode(ret, &p, length)) {
50 if (ret->ameth->priv_decode != NULL
51 || ret->ameth->priv_decode_with_libctx != NULL) {
53 PKCS8_PRIV_KEY_INFO *p8 = NULL;
54 p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
57 tmp = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq);
58 PKCS8_PRIV_KEY_INFO_free(p8);
63 if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
66 ASN1err(0, ERR_R_ASN1_LIB);
75 if (a == NULL || *a != ret)
80 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
83 return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
87 * This works like d2i_PrivateKey() except it automatically works out the
91 EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
92 long length, OPENSSL_CTX *libctx,
95 STACK_OF(ASN1_TYPE) *inkey;
96 const unsigned char *p;
100 * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
101 * analyzing it we can determine the passed structure: this assumes the
102 * input is surrounded by an ASN1 SEQUENCE.
104 inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
107 * Since we only need to discern "traditional format" RSA and DSA keys we
108 * can just count the elements.
110 if (sk_ASN1_TYPE_num(inkey) == 6) {
111 keytype = EVP_PKEY_DSA;
112 } else if (sk_ASN1_TYPE_num(inkey) == 4) {
113 keytype = EVP_PKEY_EC;
114 } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
115 * traditional format */
116 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
119 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
121 ASN1err(0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
124 ret = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq);
125 PKCS8_PRIV_KEY_INFO_free(p8);
134 keytype = EVP_PKEY_RSA;
136 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
137 return d2i_PrivateKey_ex(keytype, a, pp, length, libctx, propq);
140 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
143 return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);