X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Fd2i_pr.c;h=a4d240e7c4513c78e702e1083bbf688a7d25dd43;hp=5f1a96d808fe607e79ecd2120db026bff117de6b;hb=HEAD;hpb=5fe736e5fc29353706c2c1a5ae8bd97f3d7a35e9 diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 5f1a96d808..44e685c496 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -1,134 +1,187 @@ -/* crypto/asn1/d2i_pr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include -#ifndef OPENSSL_NO_ENGINE -# include -#endif +#include +#include #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "internal/asn1.h" +#include "internal/sizes.h" -EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) +static EVP_PKEY * +d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, const char *propq) +{ + OSSL_DECODER_CTX *dctx = NULL; + size_t len = length; + EVP_PKEY *pkey = NULL, *bak_a = NULL; + EVP_PKEY **ppkey = &pkey; + const char *key_name = NULL; + char keytypebuf[OSSL_MAX_NAME_SIZE]; + int ret; + const unsigned char *p = *pp; + const char *structure; + PKCS8_PRIV_KEY_INFO *p8info; + const ASN1_OBJECT *algoid; + + if (keytype != EVP_PKEY_NONE) { + key_name = evp_pkey_type2name(keytype); + if (key_name == NULL) + return NULL; + } + + /* This is just a probe. It might fail, so we ignore errors */ + ERR_set_mark(); + p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len); + ERR_pop_to_mark(); + if (p8info != NULL) { + if (key_name == NULL + && PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info) + && OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0)) + key_name = keytypebuf; + structure = "PrivateKeyInfo"; + PKCS8_PRIV_KEY_INFO_free(p8info); + } else { + structure = "type-specific"; + } + *pp = p; + + if (a != NULL && (bak_a = *a) != NULL) + ppkey = a; + dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name, + EVP_PKEY_KEYPAIR, libctx, propq); + if (a != NULL) + *a = bak_a; + if (dctx == NULL) + goto err; + + ret = OSSL_DECODER_from_data(dctx, pp, &len); + OSSL_DECODER_CTX_free(dctx); + if (ret + && *ppkey != NULL + && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) { + if (a != NULL) + *a = *ppkey; + return *ppkey; + } + + err: + if (ppkey != a) + EVP_PKEY_free(*ppkey); + return NULL; +} + +EVP_PKEY * +ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *ret; + const unsigned char *p = *pp; - if ((a == NULL) || (*a == NULL)) { + if (a == NULL || *a == NULL) { if ((ret = EVP_PKEY_new()) == NULL) { - ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB); - return (NULL); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + return NULL; } } else { ret = *a; #ifndef OPENSSL_NO_ENGINE - if (ret->engine) { - ENGINE_finish(ret->engine); - ret->engine = NULL; - } + ENGINE_finish(ret->engine); + ret->engine = NULL; #endif } - if (!EVP_PKEY_set_type(ret, type)) { - ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + if (!EVP_PKEY_set_type(ret, keytype)) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; } + ERR_set_mark(); if (!ret->ameth->old_priv_decode || - !ret->ameth->old_priv_decode(ret, pp, length)) { - if (ret->ameth->priv_decode) { + !ret->ameth->old_priv_decode(ret, &p, length)) { + if (ret->ameth->priv_decode != NULL + || ret->ameth->priv_decode_ex != NULL) { + EVP_PKEY *tmp; PKCS8_PRIV_KEY_INFO *p8 = NULL; - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); - if (!p8) + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); + if (p8 == NULL) { + ERR_clear_last_mark(); goto err; - EVP_PKEY_free(ret); - ret = EVP_PKCS82PKEY(p8); + } + tmp = evp_pkcs82pkey_legacy(p8, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8); - + if (tmp == NULL) { + ERR_clear_last_mark(); + goto err; + } + EVP_PKEY_free(ret); + ret = tmp; + ERR_pop_to_mark(); + if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret)) + goto err; } else { - ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); + ERR_clear_last_mark(); + ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); goto err; } + } else { + ERR_clear_last_mark(); } + *pp = p; if (a != NULL) - (*a) = ret; - return (ret); + *a = ret; + return ret; err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) + if (a == NULL || *a != ret) EVP_PKEY_free(ret); - return (NULL); + return NULL; } -/* - * This works like d2i_PrivateKey() except it automatically works out the - * type - */ +EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq) +{ + EVP_PKEY *ret; -EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, - long length) + ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq); + /* try the legacy path if the decoder failed */ + if (ret == NULL) + ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); + return ret; +} + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length) +{ + return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL); +} + +static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a, + const unsigned char **pp, + long length, + OSSL_LIB_CTX *libctx, + const char *propq) { STACK_OF(ASN1_TYPE) *inkey; const unsigned char *p; int keytype; + p = *pp; /* * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by @@ -136,33 +189,60 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, * input is surrounded by an ASN1 SEQUENCE. */ inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); + p = *pp; /* * Since we only need to discern "traditional format" RSA and DSA keys we * can just count the elements. */ - if (sk_ASN1_TYPE_num(inkey) == 6) + if (sk_ASN1_TYPE_num(inkey) == 6) { keytype = EVP_PKEY_DSA; - else if (sk_ASN1_TYPE_num(inkey) == 4) + } else if (sk_ASN1_TYPE_num(inkey) == 4) { keytype = EVP_PKEY_EC; - else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not + } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not * traditional format */ - PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); EVP_PKEY *ret; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); - if (!p8) { - ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, - ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + if (p8 == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return NULL; } - ret = EVP_PKCS82PKEY(p8); + ret = evp_pkcs82pkey_legacy(p8, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8); - if (a) { + if (ret == NULL) + return NULL; + *pp = p; + if (a != NULL) { *a = ret; } return ret; - } else + } else { keytype = EVP_PKEY_RSA; + } sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); - return d2i_PrivateKey(keytype, a, pp, length); + return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); +} + +/* + * This works like d2i_PrivateKey() except it passes the keytype as + * EVP_PKEY_NONE, which then figures out the type during decoding. + */ +EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq) +{ + EVP_PKEY *ret; + + ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq); + /* try the legacy path if the decoder failed */ + if (ret == NULL) + ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq); + return ret; +} + +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length) +{ + return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL); }