/src/openssl34/crypto/asn1/d2i_pr.c

Source
/*
 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/decoder.h>
#include <openssl/engine.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "internal/asn1.h"
#include "internal/sizes.h"

static EVP_PKEY *
d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
    long length, OSSL_LIB_CTX *libctx, const char *propq)
{
    OSSL_DECODER_CTX *dctx = NULL;
    size_t len = length;
    EVP_PKEY *pkey = NULL, *bak_a = NULL;
    EVP_PKEY **ppkey = &pkey;
    const char *key_name = NULL;
    char keytypebuf[OSSL_MAX_NAME_SIZE];
    int ret;
    const unsigned char *p = *pp;
    const char *structure;
    PKCS8_PRIV_KEY_INFO *p8info;
    const ASN1_OBJECT *algoid;

    if (keytype != EVP_PKEY_NONE) {
        key_name = evp_pkey_type2name(keytype);
        if (key_name == NULL)
            return NULL;
    }

    /* This is just a probe. It might fail, so we ignore errors */
    ERR_set_mark();
    p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len);
    ERR_pop_to_mark();
    if (p8info != NULL) {
        if (key_name == NULL
            && PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info)
            && OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0))
            key_name = keytypebuf;
        structure = "PrivateKeyInfo";
        PKCS8_PRIV_KEY_INFO_free(p8info);
    } else {
        structure = "type-specific";
    }
    *pp = p;

    if (a != NULL && (bak_a = *a) != NULL)
        ppkey = a;
    dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name,
        EVP_PKEY_KEYPAIR, libctx, propq);
    if (a != NULL)
        *a = bak_a;
    if (dctx == NULL)
        goto err;

    ret = OSSL_DECODER_from_data(dctx, pp, &len);
    OSSL_DECODER_CTX_free(dctx);
    if (ret
        && *ppkey != NULL
        && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) {
        if (a != NULL)
            *a = *ppkey;
        return *ppkey;
    }

err:
    if (ppkey != a)
        EVP_PKEY_free(*ppkey);
    return NULL;
}

EVP_PKEY *
ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp,
    long length, OSSL_LIB_CTX *libctx, const char *propq)
{
    EVP_PKEY *ret;
    const unsigned char *p = *pp;

    if (a == NULL || *a == NULL) {
        if ((ret = EVP_PKEY_new()) == NULL) {
            ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
            return NULL;
        }
    } else {
        ret = *a;
#ifndef OPENSSL_NO_ENGINE
        ENGINE_finish(ret->engine);
        ret->engine = NULL;
#endif
    }

    if (!EVP_PKEY_set_type(ret, keytype)) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
        goto err;
    }

    ERR_set_mark();
    if (!ret->ameth->old_priv_decode || !ret->ameth->old_priv_decode(ret, &p, length)) {
        if (ret->ameth->priv_decode != NULL
            || ret->ameth->priv_decode_ex != NULL) {
            EVP_PKEY *tmp;
            PKCS8_PRIV_KEY_INFO *p8 = NULL;
            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
            if (p8 == NULL) {
                ERR_clear_last_mark();
                goto err;
            }
            tmp = evp_pkcs82pkey_legacy(p8, libctx, propq);
            PKCS8_PRIV_KEY_INFO_free(p8);
            if (tmp == NULL) {
                ERR_clear_last_mark();
                goto err;
            }
            EVP_PKEY_free(ret);
            ret = tmp;
            ERR_pop_to_mark();
            if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret))
                goto err;
        } else {
            ERR_clear_last_mark();
            ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
            goto err;
        }
    } else {
        ERR_clear_last_mark();
    }
    *pp = p;
    if (a != NULL)
        *a = ret;
    return ret;
err:
    if (a == NULL || *a != ret)
        EVP_PKEY_free(ret);
    return NULL;
}

EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp,
    long length, OSSL_LIB_CTX *libctx,
    const char *propq)
{
    EVP_PKEY *ret;

    ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq);
    /* try the legacy path if the decoder failed */
    if (ret == NULL)
        ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
    return ret;
}

EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
    long length)
{
    return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
}

static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a,
    const unsigned char **pp,
    long length,
    OSSL_LIB_CTX *libctx,
    const char *propq)
{
    STACK_OF(ASN1_TYPE) *inkey;
    const unsigned char *p;
    int keytype;

    p = *pp;
    /*
     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
     * analyzing it we can determine the passed structure: this assumes the
     * input is surrounded by an ASN1 SEQUENCE.
     */
    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
    p = *pp;
    /*
     * Since we only need to discern "traditional format" RSA and DSA keys we
     * can just count the elements.
     */
    if (sk_ASN1_TYPE_num(inkey) == 6) {
        keytype = EVP_PKEY_DSA;
    } else if (sk_ASN1_TYPE_num(inkey) == 4) {
        keytype = EVP_PKEY_EC;
    } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
                                                * traditional format */
        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
        EVP_PKEY *ret;

        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
        if (p8 == NULL) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
            return NULL;
        }
        ret = evp_pkcs82pkey_legacy(p8, libctx, propq);
        PKCS8_PRIV_KEY_INFO_free(p8);
        if (ret == NULL)
            return NULL;
        *pp = p;
        if (a != NULL) {
            *a = ret;
        }
        return ret;
    } else {
        keytype = EVP_PKEY_RSA;
    }
    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
    return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
}

/*
 * This works like d2i_PrivateKey() except it passes the keytype as
 * EVP_PKEY_NONE, which then figures out the type during decoding.
 */
EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
    long length, OSSL_LIB_CTX *libctx,
    const char *propq)
{
    EVP_PKEY *ret;

    ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq);
    /* try the legacy path if the decoder failed */
    if (ret == NULL)
        ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq);
    return ret;
}

EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
    long length)
{
    return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);
}

Coverage Report

Created: 2025-12-31 06:58

Line	Count	Source
1		/*
2		* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/* We need to use some engine deprecated APIs */
11		#define OPENSSL_SUPPRESS_DEPRECATED
12
13		#include <stdio.h>
14		#include "internal/cryptlib.h"
15		#include <openssl/bn.h>
16		#include <openssl/evp.h>
17		#include <openssl/objects.h>
18		#include <openssl/decoder.h>
19		#include <openssl/engine.h>
20		#include <openssl/x509.h>
21		#include <openssl/asn1.h>
22		#include "crypto/asn1.h"
23		#include "crypto/evp.h"
24		#include "internal/asn1.h"
25		#include "internal/sizes.h"
26
27		static EVP_PKEY *
28		d2i_PrivateKey_decoder(int keytype, EVP_PKEY a, const unsigned char pp,
29		long length, OSSL_LIB_CTX libctx, const char propq)
30	24.4k	{
31	24.4k	OSSL_DECODER_CTX *dctx = NULL;
32	24.4k	size_t len = length;
33	24.4k	EVP_PKEY pkey = NULL, bak_a = NULL;
34	24.4k	EVP_PKEY **ppkey = &pkey;
35	24.4k	const char *key_name = NULL;
36	24.4k	char keytypebuf[OSSL_MAX_NAME_SIZE];
37	24.4k	int ret;
38	24.4k	const unsigned char p = pp;
39	24.4k	const char *structure;
40	24.4k	PKCS8_PRIV_KEY_INFO *p8info;
41	24.4k	const ASN1_OBJECT *algoid;
42
43	24.4k	if (keytype != EVP_PKEY_NONE) {
44	0	key_name = evp_pkey_type2name(keytype);
45	0	if (key_name == NULL)
46	0	return NULL;
47	0	}
48
49		/* This is just a probe. It might fail, so we ignore errors */
50	24.4k	ERR_set_mark();
51	24.4k	p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len);
52	24.4k	ERR_pop_to_mark();
53	24.4k	if (p8info != NULL) {
54	1.40k	if (key_name == NULL
55	1.40k	&& PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info)
56	1.40k	&& OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0))
57	1.40k	key_name = keytypebuf;
58	1.40k	structure = "PrivateKeyInfo";
59	1.40k	PKCS8_PRIV_KEY_INFO_free(p8info);
60	23.0k	} else {
61	23.0k	structure = "type-specific";
62	23.0k	}
63	24.4k	*pp = p;
64
65	24.4k	if (a != NULL && (bak_a = *a) != NULL)
66	0	ppkey = a;
67	24.4k	dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name,
68	24.4k	EVP_PKEY_KEYPAIR, libctx, propq);
69	24.4k	if (a != NULL)
70	0	*a = bak_a;
71	24.4k	if (dctx == NULL)
72	0	goto err;
73
74	24.4k	ret = OSSL_DECODER_from_data(dctx, pp, &len);
75	24.4k	OSSL_DECODER_CTX_free(dctx);
76	24.4k	if (ret
77	3.39k	&& *ppkey != NULL
78	3.39k	&& evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) {
79	3.39k	if (a != NULL)
80	0	a = ppkey;
81	3.39k	return *ppkey;
82	3.39k	}
83
84	21.1k	err:
85	21.1k	if (ppkey != a)
86	21.1k	EVP_PKEY_free(*ppkey);
87	21.1k	return NULL;
88	24.4k	}
89
90		EVP_PKEY *
91		ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY a, const unsigned char pp,
92		long length, OSSL_LIB_CTX libctx, const char propq)
93	54.9k	{
94	54.9k	EVP_PKEY *ret;
95	54.9k	const unsigned char p = pp;
96
97	54.9k	if (a == NULL \|\| *a == NULL) {
98	54.9k	if ((ret = EVP_PKEY_new()) == NULL) {
99	0	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
100	0	return NULL;
101	0	}
102	54.9k	} else {
103	0	ret = *a;
104	0	#ifndef OPENSSL_NO_ENGINE
105	0	ENGINE_finish(ret->engine);
106	0	ret->engine = NULL;
107	0	#endif
108	0	}
109
110	54.9k	if (!EVP_PKEY_set_type(ret, keytype)) {
111	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
112	0	goto err;
113	0	}
114
115	54.9k	ERR_set_mark();
116	54.9k	if (!ret->ameth->old_priv_decode \|\| !ret->ameth->old_priv_decode(ret, &p, length)) {
117	53.6k	if (ret->ameth->priv_decode != NULL
118	53.6k	\|\| ret->ameth->priv_decode_ex != NULL) {
119	53.6k	EVP_PKEY *tmp;
120	53.6k	PKCS8_PRIV_KEY_INFO *p8 = NULL;
121	53.6k	p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
122	53.6k	if (p8 == NULL) {
123	53.5k	ERR_clear_last_mark();
124	53.5k	goto err;
125	53.5k	}
126	56	tmp = evp_pkcs82pkey_legacy(p8, libctx, propq);
127	56	PKCS8_PRIV_KEY_INFO_free(p8);
128	56	if (tmp == NULL) {
129	42	ERR_clear_last_mark();
130	42	goto err;
131	42	}
132	14	EVP_PKEY_free(ret);
133	14	ret = tmp;
134	14	ERR_pop_to_mark();
135	14	if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret))
136	6	goto err;
137	14	} else {
138	0	ERR_clear_last_mark();
139	0	ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
140	0	goto err;
141	0	}
142	53.6k	} else {
143	1.26k	ERR_clear_last_mark();
144	1.26k	}
145	1.27k	*pp = p;
146	1.27k	if (a != NULL)
147	0	*a = ret;
148	1.27k	return ret;
149	53.6k	err:
150	53.6k	if (a == NULL \|\| *a != ret)
151	53.6k	EVP_PKEY_free(ret);
152	53.6k	return NULL;
153	54.9k	}
154
155		EVP_PKEY d2i_PrivateKey_ex(int keytype, EVP_PKEY a, const unsigned char *pp,
156		long length, OSSL_LIB_CTX *libctx,
157		const char *propq)
158	0	{
159	0	EVP_PKEY *ret;
160
161	0	ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq);
162		/* try the legacy path if the decoder failed */
163	0	if (ret == NULL)
164	0	ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
165	0	return ret;
166	0	}
167
168		EVP_PKEY d2i_PrivateKey(int type, EVP_PKEY a, const unsigned char *pp,
169		long length)
170	0	{
171	0	return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
172	0	}
173
174		static EVP_PKEY d2i_AutoPrivateKey_legacy(EVP_PKEY *a,
175		const unsigned char **pp,
176		long length,
177		OSSL_LIB_CTX *libctx,
178		const char *propq)
179	61.8k	{
180	61.8k	STACK_OF(ASN1_TYPE) *inkey;
181	61.8k	const unsigned char *p;
182	61.8k	int keytype;
183
184	61.8k	p = *pp;
185		/*
186		* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
187		* analyzing it we can determine the passed structure: this assumes the
188		* input is surrounded by an ASN1 SEQUENCE.
189		*/
190	61.8k	inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
191	61.8k	p = *pp;
192		/*
193		* Since we only need to discern "traditional format" RSA and DSA keys we
194		* can just count the elements.
195		*/
196	61.8k	if (sk_ASN1_TYPE_num(inkey) == 6) {
197	1.14k	keytype = EVP_PKEY_DSA;
198	60.6k	} else if (sk_ASN1_TYPE_num(inkey) == 4) {
199	2.93k	keytype = EVP_PKEY_EC;
200	57.7k	} else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
201		* traditional format */
202	6.88k	PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
203	6.88k	EVP_PKEY *ret;
204
205	6.88k	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
206	6.88k	if (p8 == NULL) {
207	6.05k	ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
208	6.05k	return NULL;
209	6.05k	}
210	838	ret = evp_pkcs82pkey_legacy(p8, libctx, propq);
211	838	PKCS8_PRIV_KEY_INFO_free(p8);
212	838	if (ret == NULL)
213	684	return NULL;
214	154	*pp = p;
215	154	if (a != NULL) {
216	0	*a = ret;
217	0	}
218	154	return ret;
219	50.8k	} else {
220	50.8k	keytype = EVP_PKEY_RSA;
221	50.8k	}
222	54.9k	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
223	54.9k	return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
224	61.8k	}
225
226		/*
227		* This works like d2i_PrivateKey() except it passes the keytype as
228		* EVP_PKEY_NONE, which then figures out the type during decoding.
229		*/
230		EVP_PKEY d2i_AutoPrivateKey_ex(EVP_PKEY a, const unsigned char *pp,
231		long length, OSSL_LIB_CTX *libctx,
232		const char *propq)
233	71.4k	{
234	71.4k	EVP_PKEY *ret;
235
236	71.4k	ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq);
237		/* try the legacy path if the decoder failed */
238	71.4k	if (ret == NULL)
239	61.8k	ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq);
240	71.4k	return ret;
241	71.4k	}
242
243		EVP_PKEY d2i_AutoPrivateKey(EVP_PKEY a, const unsigned char *pp,
244		long length)
245	71.4k	{
246	71.4k	return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);
247	71.4k	}