From 472a88b79e779342adc3b85b5bea318de038ae14 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 6 Apr 2020 18:18:18 +0100
Subject: [PATCH] Teach d2i_PrivateKey et al about libctx

The Ed448 private key decoding makes algorithm fetches. Therefore we teach
d2i_PrivateKey et al about libctx and make sure it is passed through the
layers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494)
---
 crypto/asn1/ameth_lib.c | 47 ++++++++++++----------------------------
 crypto/asn1/d2i_pr.c    | 48 ++++++++++++++++++++++++++---------------
 crypto/evp/evp_pkey.c   | 23 ++++++++++++++------
 crypto/x509/x_all.c     | 36 +++++++++++++++++++++++++++++++
 include/crypto/asn1.h   |  5 +++++
 include/crypto/evp.h    |  3 +++
 include/openssl/evp.h   |  6 ++++++
 include/openssl/x509.h  |  4 ++++
 util/libcrypto.num      |  4 ++++
 9 files changed, 120 insertions(+), 56 deletions(-)

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 9ea5b665ba..013e1d69e1 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -250,39 +250,20 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
 void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
                         const EVP_PKEY_ASN1_METHOD *src)
 {
-
-    dst->pub_decode = src->pub_decode;
-    dst->pub_encode = src->pub_encode;
-    dst->pub_cmp = src->pub_cmp;
-    dst->pub_print = src->pub_print;
-
-    dst->priv_decode = src->priv_decode;
-    dst->priv_encode = src->priv_encode;
-    dst->priv_print = src->priv_print;
-
-    dst->old_priv_encode = src->old_priv_encode;
-    dst->old_priv_decode = src->old_priv_decode;
-
-    dst->pkey_size = src->pkey_size;
-    dst->pkey_bits = src->pkey_bits;
-
-    dst->param_decode = src->param_decode;
-    dst->param_encode = src->param_encode;
-    dst->param_missing = src->param_missing;
-    dst->param_copy = src->param_copy;
-    dst->param_cmp = src->param_cmp;
-    dst->param_print = src->param_print;
-
-    dst->pkey_free = src->pkey_free;
-    dst->pkey_ctrl = src->pkey_ctrl;
-
-    dst->item_sign = src->item_sign;
-    dst->item_verify = src->item_verify;
-
-    dst->siginf_set = src->siginf_set;
-
-    dst->pkey_check = src->pkey_check;
-
+    int pkey_id = dst->pkey_id;
+    int pkey_base_id = dst->pkey_base_id;
+    unsigned long pkey_flags = dst->pkey_flags;
+    char *pem_str = dst->pem_str;
+    char *info = dst->info;
+
+    *dst = *src;
+
+    /* We only copy the function pointers so restore the other values */
+    dst->pkey_id = pkey_id;
+    dst->pkey_base_id = pkey_base_id;
+    dst->pkey_flags = pkey_flags;
+    dst->pem_str = pem_str;
+    dst->info = info;
 }
 
 void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 08101a826b..a1f8b570bc 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -18,15 +18,15 @@
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
-                         long length)
+EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
+                            long length, OPENSSL_CTX *libctx, const char *propq)
 {
     EVP_PKEY *ret;
     const unsigned char *p = *pp;
 
     if ((a == NULL) || (*a == NULL)) {
         if ((ret = EVP_PKEY_new()) == NULL) {
-            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+            ASN1err(0, ERR_R_EVP_LIB);
             return NULL;
         }
     } else {
@@ -38,26 +38,27 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
     }
 
     if (!EVP_PKEY_set_type(ret, type)) {
-        ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        ASN1err(0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
         goto err;
     }
 
     if (!ret->ameth->old_priv_decode ||
         !ret->ameth->old_priv_decode(ret, &p, length)) {
-        if (ret->ameth->priv_decode) {
+        if (ret->ameth->priv_decode != NULL
+                || ret->ameth->priv_decode_with_libctx != NULL) {
             EVP_PKEY *tmp;
             PKCS8_PRIV_KEY_INFO *p8 = NULL;
             p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
             if (p8 == NULL)
                 goto err;
-            tmp = EVP_PKCS82PKEY(p8);
+            tmp = evp_pkcs82pkey_int(p8, libctx, propq);
             PKCS8_PRIV_KEY_INFO_free(p8);
             if (tmp == NULL)
                 goto err;
             EVP_PKEY_free(ret);
             ret = tmp;
         } else {
-            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            ASN1err(0, ERR_R_ASN1_LIB);
             goto err;
         }
     }
@@ -71,13 +72,20 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
     return NULL;
 }
 
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length)
+{
+    return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
+}
+
 /*
  * This works like d2i_PrivateKey() except it automatically works out the
  * type
  */
 
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
-                             long length)
+EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
+                                long length, OPENSSL_CTX *libctx,
+                                const char *propq)
 {
     STACK_OF(ASN1_TYPE) *inkey;
     const unsigned char *p;
@@ -94,22 +102,21 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
      * Since we only need to discern "traditional format" RSA and DSA keys we
      * can just count the elements.
      */
-    if (sk_ASN1_TYPE_num(inkey) == 6)
+    if (sk_ASN1_TYPE_num(inkey) == 6) {
         keytype = EVP_PKEY_DSA;
-    else if (sk_ASN1_TYPE_num(inkey) == 4)
+    } else if (sk_ASN1_TYPE_num(inkey) == 4) {
         keytype = EVP_PKEY_EC;
-    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
+    } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
                                               * traditional format */
         PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
         EVP_PKEY *ret;
 
         sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
         if (p8 == NULL) {
-            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
-                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+            ASN1err(0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
             return NULL;
         }
-        ret = EVP_PKCS82PKEY(p8);
+        ret = evp_pkcs82pkey_int(p8, libctx, propq);
         PKCS8_PRIV_KEY_INFO_free(p8);
         if (ret == NULL)
             return NULL;
@@ -118,8 +125,15 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
             *a = ret;
         }
         return ret;
-    } else
+    } else {
         keytype = EVP_PKEY_RSA;
+    }
     sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-    return d2i_PrivateKey(keytype, a, pp, length);
+    return d2i_PrivateKey_ex(keytype, a, pp, length, libctx, propq);
+}
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length)
+{
+    return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);
 }
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index a11b856c03..6a40f4b456 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -18,7 +18,8 @@
 
 /* Extract a private key from a PKCS8 structure */
 
-EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
+EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
+                             const char *propq)
 {
     EVP_PKEY *pkey = NULL;
     const ASN1_OBJECT *algoid;
@@ -28,24 +29,29 @@ EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
         return NULL;
 
     if ((pkey = EVP_PKEY_new()) == NULL) {
-        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+        EVPerr(0, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
     if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
-        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        EVPerr(0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
         i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
         ERR_add_error_data(2, "TYPE=", obj_tmp);
         goto error;
     }
 
-    if (pkey->ameth->priv_decode) {
+    if (pkey->ameth->priv_decode_with_libctx != NULL) {
+        if (!pkey->ameth->priv_decode_with_libctx(pkey, p8, libctx, propq)) {
+            EVPerr(0, EVP_R_PRIVATE_KEY_DECODE_ERROR);
+            goto error;
+        }
+    } else if (pkey->ameth->priv_decode != NULL) {
         if (!pkey->ameth->priv_decode(pkey, p8)) {
-            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_PRIVATE_KEY_DECODE_ERROR);
+            EVPerr(0, EVP_R_PRIVATE_KEY_DECODE_ERROR);
             goto error;
         }
     } else {
-        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
+        EVPerr(0, EVP_R_METHOD_NOT_SUPPORTED);
         goto error;
     }
 
@@ -56,6 +62,11 @@ EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
     return NULL;
 }
 
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    return evp_pkcs82pkey_int(p8, NULL, NULL);
+}
+
 /* Turn a private key into a PKCS8 structure */
 
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey)
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index ce8c23b654..0f31c5155f 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -24,6 +24,7 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/x509v3.h>
+#include "crypto/asn1.h"
 
 static void clean_id_ctx(EVP_MD_CTX *ctx)
 {
@@ -594,6 +595,22 @@ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
     return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
 }
 
+EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OPENSSL_CTX *libctx,
+                               const char *propq)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(0, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = d2i_PrivateKey_ex_bio(b, a, libctx, propq);
+    BIO_free(b);
+    return ret;
+}
+
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey)
 {
     return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
@@ -642,6 +659,25 @@ EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
     return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
 }
 
+EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OPENSSL_CTX *libctx,
+                                const char *propq)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(bp, &b);
+    if (len < 0)
+        goto err;
+
+    p = (unsigned char *)b->data;
+    ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq);
+ err:
+    BUF_MEM_free(b);
+    return ret;
+}
+
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey)
 {
     return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 84e6e7f544..737c715e33 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -76,6 +76,11 @@ struct evp_pkey_asn1_method_st {
                       EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
                       const char *propq);
     OSSL_CALLBACK *import_from;
+
+    int (*priv_decode_with_libctx) (EVP_PKEY *pk,
+                                    const PKCS8_PRIV_KEY_INFO *p8inf,
+                                    OPENSSL_CTX *libctx,
+                                    const char *propq);
 } /* EVP_PKEY_ASN1_METHOD */ ;
 
 DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 38adbd0c82..3f9cc9c683 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -736,4 +736,7 @@ const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name);
  */
 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+
+EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
+                             const char *propq);
 #endif /* !defined(FIPS_MODE) */
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 3945e43fac..b1e2bb0dff 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1163,8 +1163,14 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         long length);
 int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp);
 
+
+EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
+                            long length, OPENSSL_CTX *libctx, const char *propq);
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                          long length);
+EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
+                                long length, OPENSSL_CTX *libctx,
+                                const char *propq);
 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                              long length);
 int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 8952e392a8..64156d495b 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -435,6 +435,8 @@ PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf);
 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key);
 int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OPENSSL_CTX *libctx,
+                               const char *propq);
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
 int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey);
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
@@ -475,6 +477,8 @@ PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf);
 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key);
 int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OPENSSL_CTX *libctx,
+                                const char *propq);
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 60202b9008..a867a3502f 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5050,3 +5050,7 @@ EVP_PKEY_get_ex_data                    ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_ec_paramgen_curve_name ?	3_0_0	EXIST::FUNCTION:EC
 EVP_PKEY_CTX_get_ec_paramgen_curve_name ?	3_0_0	EXIST::FUNCTION:EC
 EVP_PKEY_CTX_set_ec_paramgen_curve_nid  ?	3_0_0	EXIST::FUNCTION:EC
+d2i_PrivateKey_ex                       ?	3_0_0	EXIST::FUNCTION:
+d2i_AutoPrivateKey_ex                   ?	3_0_0	EXIST::FUNCTION:
+d2i_PrivateKey_ex_fp                    ?	3_0_0	EXIST::FUNCTION:STDIO
+d2i_PrivateKey_ex_bio                   ?	3_0_0	EXIST::FUNCTION:
-- 
2.34.1