static OSSL_FUNC_deserializer_freectx_fn der2rsa_freectx;
static OSSL_FUNC_deserializer_gettable_params_fn der2rsa_gettable_params;
static OSSL_FUNC_deserializer_get_params_fn der2rsa_get_params;
+static OSSL_FUNC_deserializer_settable_ctx_params_fn der2rsa_settable_ctx_params;
+static OSSL_FUNC_deserializer_set_ctx_params_fn der2rsa_set_ctx_params;
static OSSL_FUNC_deserializer_deserialize_fn der2rsa_deserialize;
static OSSL_FUNC_deserializer_export_object_fn der2rsa_export_object;
struct der2rsa_ctx_st {
PROV_CTX *provctx;
-#if 0
struct pkcs8_encrypt_ctx_st sc;
-#endif
};
static void *der2rsa_newctx(void *provctx)
if (ctx != NULL) {
ctx->provctx = provctx;
+ /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */
+ ctx->sc.pbe_nid = -1;
}
return ctx;
}
{
struct der2rsa_ctx_st *ctx = vctx;
+ EVP_CIPHER_free(ctx->sc.cipher);
+ OPENSSL_clear_free(ctx->sc.cipher_pass, ctx->sc.cipher_pass_length);
OPENSSL_free(ctx);
}
return 1;
}
+
+static const OSSL_PARAM *der2rsa_settable_ctx_params(void)
+{
+ static const OSSL_PARAM settables[] = {
+ OSSL_PARAM_utf8_string(OSSL_DESERIALIZER_PARAM_CIPHER, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_DESERIALIZER_PARAM_PROPERTIES, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_DESERIALIZER_PARAM_PASS, NULL, 0),
+ OSSL_PARAM_END,
+ };
+
+ return settables;
+}
+
+static int der2rsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+ struct der2rsa_ctx_st *ctx = vctx;
+ OPENSSL_CTX *libctx = PROV_CTX_get0_library_context(ctx->provctx);
+ const OSSL_PARAM *p;
+
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_CIPHER))
+ != NULL) {
+ const OSSL_PARAM *propsp =
+ OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_PROPERTIES);
+ const char *props = NULL;
+
+ if (p->data_type != OSSL_PARAM_UTF8_STRING)
+ return 0;
+ if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING)
+ return 0;
+ props = (propsp != NULL ? propsp->data : NULL);
+
+ EVP_CIPHER_free(ctx->sc.cipher);
+ ctx->sc.cipher = NULL;
+ ctx->sc.cipher_intent = p->data != NULL;
+ if (p->data != NULL
+ && ((ctx->sc.cipher = EVP_CIPHER_fetch(libctx, p->data, props))
+ == NULL))
+ return 0;
+ }
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_PASS))
+ != NULL) {
+ OPENSSL_clear_free(ctx->sc.cipher_pass, ctx->sc.cipher_pass_length);
+ ctx->sc.cipher_pass = NULL;
+ if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0,
+ &ctx->sc.cipher_pass_length))
+ return 0;
+ }
+ return 1;
+}
+
static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
unsigned char *der = NULL;
const unsigned char *derp;
long der_len = 0;
+ unsigned char *new_der = NULL;
+ long new_der_len;
EVP_PKEY *pkey = NULL;
int ok = 0;
+ ctx->sc.cb = pw_cb;
+ ctx->sc.cbarg = pw_cbarg;
+
if (!ossl_prov_read_der(ctx->provctx, cin, &der, &der_len))
return 0;
- derp = der;
-#if 0 /* PKCS#8 decryption coming soon */
- X509_SIG *p8 = NULL;
- if ((p8 = d2i_X509_SIG(NULL, &derp, der_len)) != NULL) {
- const X509_ALGOR *dalg = NULL;
- const ASN1_OCTET_STRING *doct = NULL;
- unsigned char *new_data = NULL;
- int new_data_len;
-
- /* passphrase fetching code TBA */
- X509_SIG_get0(p8, &dalg, &doct);
- if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass),
- doct->data, doct->length,
- &new_data, &new_data_len, 0))
- goto nop8;
+ /*
+ * Opportunistic attempt to decrypt. If it doesn't work, we try to
+ * decode our input unencrypted.
+ */
+ if (ctx->sc.cipher_intent
+ && ossl_prov_der_from_p8(&new_der, &new_der_len, der, der_len,
+ &ctx->sc)) {
OPENSSL_free(der);
- der = new_data;
- der_len = new_data_len;
+ der = new_der;
+ der_len = new_der_len;
}
- X509_SIG_free(p8);
- nop8:
-#endif
derp = der;
if ((pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &derp, der_len,
(void (*)(void))der2rsa_gettable_params },
{ OSSL_FUNC_DESERIALIZER_GET_PARAMS,
(void (*)(void))der2rsa_get_params },
+ { OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS,
+ (void (*)(void))der2rsa_settable_ctx_params },
+ { OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS,
+ (void (*)(void))der2rsa_set_ctx_params },
{ OSSL_FUNC_DESERIALIZER_DESERIALIZE,
(void (*)(void))der2rsa_deserialize },
{ OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT,