/src/openssl/providers/implementations/encode_decode/decode_msblob2key.c

Source
/*
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <string.h>

#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/core_object.h>
#include <openssl/crypto.h>
#include <openssl/params.h>
#include <openssl/pem.h> /* For public PVK functions */
#include <openssl/x509.h>
#include <openssl/err.h>
#include "internal/passphrase.h"
#include "crypto/pem.h" /* For internal PVK and "blob" headers */
#include "crypto/rsa.h"
#include "prov/bio.h"
#include "prov/implementations.h"
#include "prov/endecoder_local.h"

struct msblob2key_ctx_st; /* Forward declaration */
typedef void *b2i_of_void_fn(const unsigned char **in, unsigned int bitlen,
    int ispub);
typedef void adjust_key_fn(void *, struct msblob2key_ctx_st *ctx);
typedef void free_key_fn(void *);
struct keytype_desc_st {
    int type; /* EVP key type */
    const char *name; /* Keytype */
    const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */

    b2i_of_void_fn *read_private_key;
    b2i_of_void_fn *read_public_key;
    adjust_key_fn *adjust_key;
    free_key_fn *free_key;
};

static OSSL_FUNC_decoder_freectx_fn msblob2key_freectx;
static OSSL_FUNC_decoder_decode_fn msblob2key_decode;
static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object;

/*
 * Context used for DER to key decoding.
 */
struct msblob2key_ctx_st {
    PROV_CTX *provctx;
    const struct keytype_desc_st *desc;
    /* The selection that is passed to msblob2key_decode() */
    int selection;
};

static struct msblob2key_ctx_st *
msblob2key_newctx(void *provctx, const struct keytype_desc_st *desc)
{
    struct msblob2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

    if (ctx != NULL) {
        ctx->provctx = provctx;
        ctx->desc = desc;
    }
    return ctx;
}

static void msblob2key_freectx(void *vctx)
{
    struct msblob2key_ctx_st *ctx = vctx;

    OPENSSL_free(ctx);
}

static int msblob2key_does_selection(void *provctx, int selection)
{
    if (selection == 0)
        return 1;

    if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != 0)
        return 1;

    return 0;
}

static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
    OSSL_CALLBACK *data_cb, void *data_cbarg,
    OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
    struct msblob2key_ctx_st *ctx = vctx;
    BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
    const unsigned char *p;
    unsigned char hdr_buf[16], *buf = NULL;
    unsigned int bitlen, magic, length;
    int isdss = -1;
    int ispub = -1;
    void *key = NULL;
    int ok = 0;

    if (in == NULL)
        return 0;

    if (BIO_read(in, hdr_buf, 16) != 16) {
        ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
        goto next;
    }
    ERR_set_mark();
    p = hdr_buf;
    ok = ossl_do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) > 0;
    ERR_pop_to_mark();
    if (!ok)
        goto next;

    ctx->selection = selection;
    ok = 0; /* Assume that we fail */

    if ((isdss && ctx->desc->type != EVP_PKEY_DSA)
        || (!isdss && ctx->desc->type != EVP_PKEY_RSA))
        goto next;

    length = ossl_blob_length(bitlen, isdss, ispub);
    if (length > BLOB_MAX_LENGTH) {
        ERR_raise(ERR_LIB_PEM, PEM_R_HEADER_TOO_LONG);
        goto next;
    }
    buf = OPENSSL_malloc(length);
    if (buf == NULL)
        goto end;
    p = buf;
    if (BIO_read(in, buf, length) != (int)length) {
        ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
        goto next;
    }

    if ((selection == 0
            || (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
        && !ispub
        && ctx->desc->read_private_key != NULL) {
        struct ossl_passphrase_data_st pwdata;

        memset(&pwdata, 0, sizeof(pwdata));
        if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg))
            goto end;
        p = buf;
        key = ctx->desc->read_private_key(&p, bitlen, ispub);
        if (selection != 0 && key == NULL)
            goto next;
    }
    if (key == NULL && (selection == 0 || (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
        && ispub
        && ctx->desc->read_public_key != NULL) {
        p = buf;
        key = ctx->desc->read_public_key(&p, bitlen, ispub);
        if (selection != 0 && key == NULL)
            goto next;
    }

    if (key != NULL && ctx->desc->adjust_key != NULL)
        ctx->desc->adjust_key(key, ctx);

next:
    /*
     * Indicated that we successfully decoded something, or not at all.
     * Ending up "empty handed" is not an error.
     */
    ok = 1;

    /*
     * We free resources here so it's not held up during the callback, because
     * we know the process is recursive and the allocated chunks of memory
     * add up.
     */
    OPENSSL_free(buf);
    BIO_free(in);
    buf = NULL;
    in = NULL;

    if (key != NULL) {
        OSSL_PARAM params[4];
        int object_type = OSSL_OBJECT_PKEY;

        params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
        params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
            (char *)ctx->desc->name, 0);
        /* The address of the key becomes the octet string */
        params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
            &key, sizeof(key));
        params[3] = OSSL_PARAM_construct_end();

        ok = data_cb(params, data_cbarg);
    }

end:
    BIO_free(in);
    OPENSSL_free(buf);
    ctx->desc->free_key(key);

    return ok;
}

static int
msblob2key_export_object(void *vctx,
    const void *reference, size_t reference_sz,
    OSSL_CALLBACK *export_cb, void *export_cbarg)
{
    struct msblob2key_ctx_st *ctx = vctx;
    OSSL_FUNC_keymgmt_export_fn *export = ossl_prov_get_keymgmt_export(ctx->desc->fns);
    void *keydata;

    if (reference_sz == sizeof(keydata) && export != NULL) {
        int selection = ctx->selection;

        if (selection == 0)
            selection = OSSL_KEYMGMT_SELECT_ALL;
        /* The contents of the reference is the address to our object */
        keydata = *(void **)reference;

        return export(keydata, selection, export_cb, export_cbarg);
    }
    return 0;
}

/* ---------------------------------------------------------------------- */

#define dsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header
#define dsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header
#define dsa_adjust NULL
#define dsa_free (void (*)(void *)) DSA_free

/* ---------------------------------------------------------------------- */

#define rsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header
#define rsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header

static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx)
{
    ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
}

#define rsa_free (void (*)(void *)) RSA_free

/* ---------------------------------------------------------------------- */

#define IMPLEMENT_MSBLOB(KEYTYPE, keytype)                             \
    static const struct keytype_desc_st mstype##2##keytype##_desc = {  \
        EVP_PKEY_##KEYTYPE, #KEYTYPE,                                  \
        ossl_##keytype##_keymgmt_functions,                            \
        keytype##_decode_private_key,                                  \
        keytype##_decode_public_key,                                   \
        keytype##_adjust,                                              \
        keytype##_free                                                 \
    };                                                                 \
    static OSSL_FUNC_decoder_newctx_fn msblob2##keytype##_newctx;      \
    static void *msblob2##keytype##_newctx(void *provctx)              \
    {                                                                  \
        return msblob2key_newctx(provctx, &mstype##2##keytype##_desc); \
    }                                                                  \
    const OSSL_DISPATCH                                                \
        ossl_msblob_to_##keytype##_decoder_functions[]                 \
        = {                                                            \
              { OSSL_FUNC_DECODER_NEWCTX,                              \
                  (void (*)(void))msblob2##keytype##_newctx },         \
              { OSSL_FUNC_DECODER_FREECTX,                             \
                  (void (*)(void))msblob2key_freectx },                \
              { OSSL_FUNC_DECODER_DOES_SELECTION,                      \
                  (void (*)(void))msblob2key_does_selection },         \
              { OSSL_FUNC_DECODER_DECODE,                              \
                  (void (*)(void))msblob2key_decode },                 \
              { OSSL_FUNC_DECODER_EXPORT_OBJECT,                       \
                  (void (*)(void))msblob2key_export_object },          \
              OSSL_DISPATCH_END                                        \
          }

#ifndef OPENSSL_NO_DSA
IMPLEMENT_MSBLOB(DSA, dsa);
#endif
IMPLEMENT_MSBLOB(RSA, rsa);

Coverage Report

Created: 2025-12-10 06:24

Line	Count	Source
1		/*
2		* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*
11		* low level APIs are deprecated for public use, but still ok for
12		* internal use.
13		*/
14		#include "internal/deprecated.h"
15
16		#include <string.h>
17
18		#include <openssl/core_dispatch.h>
19		#include <openssl/core_names.h>
20		#include <openssl/core_object.h>
21		#include <openssl/crypto.h>
22		#include <openssl/params.h>
23		#include <openssl/pem.h> /* For public PVK functions */
24		#include <openssl/x509.h>
25		#include <openssl/err.h>
26		#include "internal/passphrase.h"
27		#include "crypto/pem.h" /* For internal PVK and "blob" headers */
28		#include "crypto/rsa.h"
29		#include "prov/bio.h"
30		#include "prov/implementations.h"
31		#include "prov/endecoder_local.h"
32
33		struct msblob2key_ctx_st; /* Forward declaration */
34		typedef void b2i_of_void_fn(const unsigned char *in, unsigned int bitlen,
35		int ispub);
36		typedef void adjust_key_fn(void , struct msblob2key_ctx_st ctx);
37		typedef void free_key_fn(void *);
38		struct keytype_desc_st {
39		int type; /* EVP key type */
40		const char name; / Keytype */
41		const OSSL_DISPATCH fns; / Keymgmt (to pilfer functions from) */
42
43		b2i_of_void_fn *read_private_key;
44		b2i_of_void_fn *read_public_key;
45		adjust_key_fn *adjust_key;
46		free_key_fn *free_key;
47		};
48
49		static OSSL_FUNC_decoder_freectx_fn msblob2key_freectx;
50		static OSSL_FUNC_decoder_decode_fn msblob2key_decode;
51		static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object;
52
53		/*
54		* Context used for DER to key decoding.
55		*/
56		struct msblob2key_ctx_st {
57		PROV_CTX *provctx;
58		const struct keytype_desc_st *desc;
59		/* The selection that is passed to msblob2key_decode() */
60		int selection;
61		};
62
63		static struct msblob2key_ctx_st *
64		msblob2key_newctx(void provctx, const struct keytype_desc_st desc)
65	0	{
66	0	struct msblob2key_ctx_st ctx = OPENSSL_zalloc(sizeof(ctx));
67
68	0	if (ctx != NULL) {
69	0	ctx->provctx = provctx;
70	0	ctx->desc = desc;
71	0	}
72	0	return ctx;
73	0	}
74
75		static void msblob2key_freectx(void *vctx)
76	0	{
77	0	struct msblob2key_ctx_st *ctx = vctx;
78
79	0	OPENSSL_free(ctx);
80	0	}
81
82		static int msblob2key_does_selection(void *provctx, int selection)
83	0	{
84	0	if (selection == 0)
85	0	return 1;
86
87	0	if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY \| OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != 0)
88	0	return 1;
89
90	0	return 0;
91	0	}
92
93		static int msblob2key_decode(void vctx, OSSL_CORE_BIO cin, int selection,
94		OSSL_CALLBACK data_cb, void data_cbarg,
95		OSSL_PASSPHRASE_CALLBACK pw_cb, void pw_cbarg)
96	0	{
97	0	struct msblob2key_ctx_st *ctx = vctx;
98	0	BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
99	0	const unsigned char *p;
100	0	unsigned char hdr_buf[16], *buf = NULL;
101	0	unsigned int bitlen, magic, length;
102	0	int isdss = -1;
103	0	int ispub = -1;
104	0	void *key = NULL;
105	0	int ok = 0;
106
107	0	if (in == NULL)
108	0	return 0;
109
110	0	if (BIO_read(in, hdr_buf, 16) != 16) {
111	0	ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
112	0	goto next;
113	0	}
114	0	ERR_set_mark();
115	0	p = hdr_buf;
116	0	ok = ossl_do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) > 0;
117	0	ERR_pop_to_mark();
118	0	if (!ok)
119	0	goto next;
120
121	0	ctx->selection = selection;
122	0	ok = 0; /* Assume that we fail */
123
124	0	if ((isdss && ctx->desc->type != EVP_PKEY_DSA)
125	0	\|\| (!isdss && ctx->desc->type != EVP_PKEY_RSA))
126	0	goto next;
127
128	0	length = ossl_blob_length(bitlen, isdss, ispub);
129	0	if (length > BLOB_MAX_LENGTH) {
130	0	ERR_raise(ERR_LIB_PEM, PEM_R_HEADER_TOO_LONG);
131	0	goto next;
132	0	}
133	0	buf = OPENSSL_malloc(length);
134	0	if (buf == NULL)
135	0	goto end;
136	0	p = buf;
137	0	if (BIO_read(in, buf, length) != (int)length) {
138	0	ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
139	0	goto next;
140	0	}
141
142	0	if ((selection == 0
143	0	\|\| (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
144	0	&& !ispub
145	0	&& ctx->desc->read_private_key != NULL) {
146	0	struct ossl_passphrase_data_st pwdata;
147
148	0	memset(&pwdata, 0, sizeof(pwdata));
149	0	if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg))
150	0	goto end;
151	0	p = buf;
152	0	key = ctx->desc->read_private_key(&p, bitlen, ispub);
153	0	if (selection != 0 && key == NULL)
154	0	goto next;
155	0	}
156	0	if (key == NULL && (selection == 0 \|\| (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
157	0	&& ispub
158	0	&& ctx->desc->read_public_key != NULL) {
159	0	p = buf;
160	0	key = ctx->desc->read_public_key(&p, bitlen, ispub);
161	0	if (selection != 0 && key == NULL)
162	0	goto next;
163	0	}
164
165	0	if (key != NULL && ctx->desc->adjust_key != NULL)
166	0	ctx->desc->adjust_key(key, ctx);
167
168	0	next:
169		/*
170		* Indicated that we successfully decoded something, or not at all.
171		* Ending up "empty handed" is not an error.
172		*/
173	0	ok = 1;
174
175		/*
176		* We free resources here so it's not held up during the callback, because
177		* we know the process is recursive and the allocated chunks of memory
178		* add up.
179		*/
180	0	OPENSSL_free(buf);
181	0	BIO_free(in);
182	0	buf = NULL;
183	0	in = NULL;
184
185	0	if (key != NULL) {
186	0	OSSL_PARAM params[4];
187	0	int object_type = OSSL_OBJECT_PKEY;
188
189	0	params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
190	0	params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
191	0	(char *)ctx->desc->name, 0);
192		/* The address of the key becomes the octet string */
193	0	params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
194	0	&key, sizeof(key));
195	0	params[3] = OSSL_PARAM_construct_end();
196
197	0	ok = data_cb(params, data_cbarg);
198	0	}
199
200	0	end:
201	0	BIO_free(in);
202	0	OPENSSL_free(buf);
203	0	ctx->desc->free_key(key);
204
205	0	return ok;
206	0	}
207
208		static int
209		msblob2key_export_object(void *vctx,
210		const void *reference, size_t reference_sz,
211		OSSL_CALLBACK export_cb, void export_cbarg)
212	0	{
213	0	struct msblob2key_ctx_st *ctx = vctx;
214	0	OSSL_FUNC_keymgmt_export_fn *export = ossl_prov_get_keymgmt_export(ctx->desc->fns);
215	0	void *keydata;
216
217	0	if (reference_sz == sizeof(keydata) && export != NULL) {
218	0	int selection = ctx->selection;
219
220	0	if (selection == 0)
221	0	selection = OSSL_KEYMGMT_SELECT_ALL;
222		/* The contents of the reference is the address to our object */
223	0	keydata = (void *)reference;
224
225	0	return export(keydata, selection, export_cb, export_cbarg);
226	0	}
227	0	return 0;
228	0	}
229
230		/* ---------------------------------------------------------------------- */
231
232		#define dsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header
233		#define dsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header
234		#define dsa_adjust NULL
235		#define dsa_free (void ()(void )) DSA_free
236
237		/* ---------------------------------------------------------------------- */
238
239		#define rsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header
240		#define rsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header
241
242		static void rsa_adjust(void key, struct msblob2key_ctx_st ctx)
243	0	{
244	0	ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
245	0	}
246
247		#define rsa_free (void ()(void )) RSA_free
248
249		/* ---------------------------------------------------------------------- */
250
251		#define IMPLEMENT_MSBLOB(KEYTYPE, keytype) \
252		static const struct keytype_desc_st mstype##2##keytype##_desc = { \
253		EVP_PKEY_##KEYTYPE, #KEYTYPE, \
254		ossl_##keytype##_keymgmt_functions, \
255		keytype##_decode_private_key, \
256		keytype##_decode_public_key, \
257		keytype##_adjust, \
258		keytype##_free \
259		}; \
260		static OSSL_FUNC_decoder_newctx_fn msblob2##keytype##_newctx; \
261		static void msblob2##keytype##_newctx(void provctx) \
262	0	{ \
263	0	return msblob2key_newctx(provctx, &mstype##2##keytype##_desc); \
264	0	} \ Unexecuted instantiation: decode_msblob2key.c:msblob2dsa_newctx Unexecuted instantiation: decode_msblob2key.c:msblob2rsa_newctx
265		const OSSL_DISPATCH \
266		ossl_msblob_to_##keytype##_decoder_functions[] \
267		= { \
268		{ OSSL_FUNC_DECODER_NEWCTX, \
269		(void (*)(void))msblob2##keytype##_newctx }, \
270		{ OSSL_FUNC_DECODER_FREECTX, \
271		(void (*)(void))msblob2key_freectx }, \
272		{ OSSL_FUNC_DECODER_DOES_SELECTION, \
273		(void (*)(void))msblob2key_does_selection }, \
274		{ OSSL_FUNC_DECODER_DECODE, \
275		(void (*)(void))msblob2key_decode }, \
276		{ OSSL_FUNC_DECODER_EXPORT_OBJECT, \
277		(void (*)(void))msblob2key_export_object }, \
278		OSSL_DISPATCH_END \
279		}
280
281		#ifndef OPENSSL_NO_DSA
282		IMPLEMENT_MSBLOB(DSA, dsa);
283		#endif
284		IMPLEMENT_MSBLOB(RSA, rsa);