/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <stdio.h>
#include "internal/cryptlib.h"
+#include <openssl/core_dispatch.h>
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
const char *kstr, int klen,
- pem_password_cb *cb, void *u);
+ pem_password_cb *cb, void *u,
+ const char *propq);
#ifndef OPENSSL_NO_STDIO
static int do_pk8pkey_fp(FILE *bp, const EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
const char *kstr, int klen,
- pem_password_cb *cb, void *u);
+ pem_password_cb *cb, void *u,
+ const char *propq);
#endif
/*
* These functions write a private key in PKCS#8 format: it is a "drop in"
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+ return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u, NULL);
}
int PEM_write_bio_PKCS8PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+ return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u, NULL);
}
int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+ return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u, NULL);
}
int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid,
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+ return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u, NULL);
}
static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
const EVP_CIPHER *enc, const char *kstr, int klen,
- pem_password_cb *cb, void *u)
+ pem_password_cb *cb, void *u, const char *propq)
{
int ret = 0;
- const char *pq = isder
- ? OSSL_ENCODER_PrivateKey_TO_DER_PQ
- : OSSL_ENCODER_PrivateKey_TO_PEM_PQ;
- OSSL_ENCODER_CTX *ctx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(x, pq);
+ const char *outtype = isder ? "DER" : "PEM";
+ OSSL_ENCODER_CTX *ctx =
+ OSSL_ENCODER_CTX_new_for_pkey(x, OSSL_KEYMGMT_SELECT_ALL,
+ outtype, "PrivateKeyInfo", propq);
if (ctx == NULL)
return 0;
}
}
- if (OSSL_ENCODER_CTX_get_encoder(ctx) != NULL) {
+ /*
+ * NOTE: There is no attempt to do a EVP_CIPHER_fetch() using the nid,
+ * since the nid is a PBE algorithm which can't be fetched currently.
+ * (e.g. NID_pbe_WithSHA1And2_Key_TripleDES_CBC). Just use the legacy
+ * path if the NID is passed.
+ */
+ if (nid == -1 && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
ret = 1;
if (enc != NULL) {
ret = 0;
- if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_name(enc), NULL)) {
+ if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc),
+ NULL)) {
const unsigned char *ukstr = (const unsigned char *)kstr;
/*
&& !OSSL_ENCODER_CTX_set_passphrase(ctx, ukstr, klen))
ret = 0;
else if (cb != NULL
- && !OSSL_ENCODER_CTX_set_passphrase_cb(ctx, cb, u))
+ && !OSSL_ENCODER_CTX_set_pem_password_cb(ctx, cb, u))
ret = 0;
}
}
ret = 0;
if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) {
- PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+ ERR_raise(ERR_LIB_PEM, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
goto legacy_end;
}
if (enc || (nid != -1)) {
if (kstr == NULL) {
klen = cb(buf, PEM_BUFSIZE, 1, u);
- if (klen <= 0) {
- PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
+ if (klen < 0) {
+ ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY);
goto legacy_end;
}
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen < 0) {
- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+ ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
return NULL;
}
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+ return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u, NULL);
}
int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid,
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+ return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u, NULL);
}
int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid,
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+ return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u, NULL);
}
int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc,
const char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+ return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u, NULL);
}
static int do_pk8pkey_fp(FILE *fp, const EVP_PKEY *x, int isder, int nid,
const EVP_CIPHER *enc, const char *kstr, int klen,
- pem_password_cb *cb, void *u)
+ pem_password_cb *cb, void *u, const char *propq)
{
BIO *bp;
int ret;
if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
- PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
+ ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
return 0;
}
- ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+ ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u, propq);
BIO_free(bp);
return ret;
}
EVP_PKEY *ret;
if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
+ ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
return NULL;
}
ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);