/src/openssl36/providers/implementations/encode_decode/decode_epki2pki.c

Source
/*
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
/* clang-format off */

/* clang-format on */

#include <openssl/core.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/core_object.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include <openssl/proverr.h>
#include "internal/cryptlib.h"
#include "internal/asn1.h"
#include "internal/sizes.h"
#include "prov/bio.h"
#include "prov/decoders.h"
#include "prov/implementations.h"
#include "prov/endecoder_local.h"

static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params;
static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params;

/*
 * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
 */
struct epki2pki_ctx_st {
    PROV_CTX *provctx;
    char propq[OSSL_MAX_PROPQUERY_SIZE];
};

static void *epki2pki_newctx(void *provctx)
{
    struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

    if (ctx != NULL)
        ctx->provctx = provctx;
    return ctx;
}

static void epki2pki_freectx(void *vctx)
{
    struct epki2pki_ctx_st *ctx = vctx;

    OPENSSL_free(ctx);
}

/* clang-format off */
/* Machine generated by util/perl/OpenSSL/paramnames.pm */
#ifndef epki2pki_set_ctx_params_list
static const OSSL_PARAM epki2pki_set_ctx_params_list[] = {
    OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
    OSSL_PARAM_END
};
#endif

#ifndef epki2pki_set_ctx_params_st
struct epki2pki_set_ctx_params_st {
    OSSL_PARAM *propq;
};
#endif

#ifndef epki2pki_set_ctx_params_decoder
static int epki2pki_set_ctx_params_decoder
    (const OSSL_PARAM *p, struct epki2pki_set_ctx_params_st *r)
{
    const char *s;

    memset(r, 0, sizeof(*r));
    if (p != NULL)
        for (; (s = p->key) != NULL; p++)
            if (ossl_likely(strcmp("properties", s + 0) == 0)) {
                /* OSSL_DECODER_PARAM_PROPERTIES */
                if (ossl_unlikely(r->propq != NULL)) {
                    ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                   "param %s is repeated", s);
                    return 0;
                }
                r->propq = (OSSL_PARAM *)p;
            }
    return 1;
}
#endif
/* End of machine generated */
/* clang-format on */

static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx)
{
    return epki2pki_set_ctx_params_list;
}

static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    struct epki2pki_ctx_st *ctx = vctx;
    struct epki2pki_set_ctx_params_st p;
    char *str;

    if (ctx == NULL || !epki2pki_set_ctx_params_decoder(params, &p))
        return 0;

    str = ctx->propq;
    if (p.propq != NULL
        && !OSSL_PARAM_get_utf8_string(p.propq, &str, sizeof(ctx->propq)))
        return 0;

    return 1;
}

/*
 * The selection parameter in epki2pki_decode() is not used by this function
 * because it's not relevant just to decode EncryptedPrivateKeyInfo to
 * PrivateKeyInfo.
 */
static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
    OSSL_CALLBACK *data_cb, void *data_cbarg,
    OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
    struct epki2pki_ctx_st *ctx = vctx;
    BUF_MEM *mem = NULL;
    unsigned char *der = NULL;
    long der_len = 0;
    BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
    int ok = 0;

    if (in == NULL)
        return 0;

    ok = (asn1_d2i_read_bio(in, &mem) >= 0);
    BIO_free(in);

    /* We return "empty handed".  This is not an error. */
    if (!ok)
        return 1;

    der = (unsigned char *)mem->data;
    der_len = (long)mem->length;
    OPENSSL_free(mem);

    ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg,
        pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx),
        ctx->propq);
    OPENSSL_free(der);
    return ok;
}

int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection,
    OSSL_CALLBACK *data_cb, void *data_cbarg,
    OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
    OSSL_LIB_CTX *libctx, const char *propq)
{
    const unsigned char *pder = der;
    unsigned char *new_der = NULL;
    X509_SIG *p8 = NULL;
    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
    const X509_ALGOR *alg = NULL;
    int ok = 1; /* Assume good */

    ERR_set_mark();
    if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
        char pbuf[1024];
        size_t plen = 0;

        ERR_clear_last_mark();

        if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
            ok = 0;
        } else {
            const ASN1_OCTET_STRING *oct;
            int new_der_len = 0;

            X509_SIG_get0(p8, &alg, &oct);
            if (!PKCS12_pbe_crypt_ex(alg, pbuf, (int)plen,
                    oct->data, oct->length,
                    &new_der, &new_der_len, 0,
                    libctx, propq)) {
                ok = 0;
            } else {
                der = new_der;
                der_len = new_der_len;
            }
            alg = NULL;
        }
        X509_SIG_free(p8);
    } else {
        ERR_pop_to_mark();
    }

    ERR_set_mark();
    pder = der;
    p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
    ERR_pop_to_mark();

    if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
        /*
         * We have something and recognised it as PrivateKeyInfo, so let's
         * pass all the applicable data to the callback.
         */
        char keytype[OSSL_MAX_NAME_SIZE];
        OSSL_PARAM params[6], *p = params;
        int objtype = OSSL_OBJECT_PKEY;

        OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);

        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
            keytype, 0);
        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE,
            "DER", 0);
        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
            "PrivateKeyInfo", 0);
        *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
            der, der_len);
        *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
        *p = OSSL_PARAM_construct_end();

        ok = data_cb(params, data_cbarg);
    }
    PKCS8_PRIV_KEY_INFO_free(p8inf);
    OPENSSL_free(new_der);
    return ok;
}

const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
    { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
    { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
    { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
    { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
        (void (*)(void))epki2pki_settable_ctx_params },
    { OSSL_FUNC_DECODER_SET_CTX_PARAMS,
        (void (*)(void))epki2pki_set_ctx_params },
    OSSL_DISPATCH_END
};

Coverage Report

Created: 2025-12-31 06:58

Line	Count	Source
1		/*
2		* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9		/* clang-format off */
10
11		/* clang-format on */
12
13		#include <openssl/core.h>
14		#include <openssl/core_dispatch.h>
15		#include <openssl/core_names.h>
16		#include <openssl/core_object.h>
17		#include <openssl/asn1.h>
18		#include <openssl/err.h>
19		#include <openssl/objects.h>
20		#include <openssl/pkcs12.h>
21		#include <openssl/x509.h>
22		#include <openssl/proverr.h>
23		#include "internal/cryptlib.h"
24		#include "internal/asn1.h"
25		#include "internal/sizes.h"
26		#include "prov/bio.h"
27		#include "prov/decoders.h"
28		#include "prov/implementations.h"
29		#include "prov/endecoder_local.h"
30
31		static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
32		static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
33		static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
34		static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params;
35		static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params;
36
37		/*
38		* Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
39		*/
40		struct epki2pki_ctx_st {
41		PROV_CTX *provctx;
42		char propq[OSSL_MAX_PROPQUERY_SIZE];
43		};
44
45		static void epki2pki_newctx(void provctx)
46	1.24M	{
47	1.24M	struct epki2pki_ctx_st ctx = OPENSSL_zalloc(sizeof(ctx));
48
49	1.24M	if (ctx != NULL)
50	1.24M	ctx->provctx = provctx;
51	1.24M	return ctx;
52	1.24M	}
53
54		static void epki2pki_freectx(void *vctx)
55	1.24M	{
56	1.24M	struct epki2pki_ctx_st *ctx = vctx;
57
58	1.24M	OPENSSL_free(ctx);
59	1.24M	}
60
61		/* clang-format off */
62		/* Machine generated by util/perl/OpenSSL/paramnames.pm */
63		#ifndef epki2pki_set_ctx_params_list
64		static const OSSL_PARAM epki2pki_set_ctx_params_list[] = {
65		OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
66		OSSL_PARAM_END
67		};
68		#endif
69
70		#ifndef epki2pki_set_ctx_params_st
71		struct epki2pki_set_ctx_params_st {
72		OSSL_PARAM *propq;
73		};
74		#endif
75
76		#ifndef epki2pki_set_ctx_params_decoder
77		static int epki2pki_set_ctx_params_decoder
78		(const OSSL_PARAM p, struct epki2pki_set_ctx_params_st r)
79	414	{
80	414	const char *s;
81
82	414	memset(r, 0, sizeof(*r));
83	414	if (p != NULL)
84	828	for (; (s = p->key) != NULL; p++)
85	414	if (ossl_likely(strcmp("properties", s + 0) == 0)) {
86		/* OSSL_DECODER_PARAM_PROPERTIES */
87	0	if (ossl_unlikely(r->propq != NULL)) {
88	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
89	0	"param %s is repeated", s);
90	0	return 0;
91	0	}
92	0	r->propq = (OSSL_PARAM *)p;
93	0	}
94	414	return 1;
95	414	}
96		#endif
97		/* End of machine generated */
98		/* clang-format on */
99
100		static const OSSL_PARAM epki2pki_settable_ctx_params(ossl_unused void provctx)
101	0	{
102	0	return epki2pki_set_ctx_params_list;
103	0	}
104
105		static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
106	414	{
107	414	struct epki2pki_ctx_st *ctx = vctx;
108	414	struct epki2pki_set_ctx_params_st p;
109	414	char *str;
110
111	414	if (ctx == NULL \|\| !epki2pki_set_ctx_params_decoder(params, &p))
112	0	return 0;
113
114	414	str = ctx->propq;
115	414	if (p.propq != NULL
116	0	&& !OSSL_PARAM_get_utf8_string(p.propq, &str, sizeof(ctx->propq)))
117	0	return 0;
118
119	414	return 1;
120	414	}
121
122		/*
123		* The selection parameter in epki2pki_decode() is not used by this function
124		* because it's not relevant just to decode EncryptedPrivateKeyInfo to
125		* PrivateKeyInfo.
126		*/
127		static int epki2pki_decode(void vctx, OSSL_CORE_BIO cin, int selection,
128		OSSL_CALLBACK data_cb, void data_cbarg,
129		OSSL_PASSPHRASE_CALLBACK pw_cb, void pw_cbarg)
130	23.3k	{
131	23.3k	struct epki2pki_ctx_st *ctx = vctx;
132	23.3k	BUF_MEM *mem = NULL;
133	23.3k	unsigned char *der = NULL;
134	23.3k	long der_len = 0;
135	23.3k	BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
136	23.3k	int ok = 0;
137
138	23.3k	if (in == NULL)
139	0	return 0;
140
141	23.3k	ok = (asn1_d2i_read_bio(in, &mem) >= 0);
142	23.3k	BIO_free(in);
143
144		/* We return "empty handed". This is not an error. */
145	23.3k	if (!ok)
146	2.39k	return 1;
147
148	20.9k	der = (unsigned char *)mem->data;
149	20.9k	der_len = (long)mem->length;
150	20.9k	OPENSSL_free(mem);
151
152	20.9k	ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg,
153	20.9k	pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx),
154	20.9k	ctx->propq);
155	20.9k	OPENSSL_free(der);
156	20.9k	return ok;
157	23.3k	}
158
159		int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection,
160		OSSL_CALLBACK data_cb, void data_cbarg,
161		OSSL_PASSPHRASE_CALLBACK pw_cb, void pw_cbarg,
162		OSSL_LIB_CTX libctx, const char propq)
163	33.4k	{
164	33.4k	const unsigned char *pder = der;
165	33.4k	unsigned char *new_der = NULL;
166	33.4k	X509_SIG *p8 = NULL;
167	33.4k	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
168	33.4k	const X509_ALGOR *alg = NULL;
169	33.4k	int ok = 1; /* Assume good */
170
171	33.4k	ERR_set_mark();
172	33.4k	if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
173	130	char pbuf[1024];
174	130	size_t plen = 0;
175
176	130	ERR_clear_last_mark();
177
178	130	if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
179	130	ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
180	130	ok = 0;
181	130	} else {
182	0	const ASN1_OCTET_STRING *oct;
183	0	int new_der_len = 0;
184
185	0	X509_SIG_get0(p8, &alg, &oct);
186	0	if (!PKCS12_pbe_crypt_ex(alg, pbuf, (int)plen,
187	0	oct->data, oct->length,
188	0	&new_der, &new_der_len, 0,
189	0	libctx, propq)) {
190	0	ok = 0;
191	0	} else {
192	0	der = new_der;
193	0	der_len = new_der_len;
194	0	}
195	0	alg = NULL;
196	0	}
197	130	X509_SIG_free(p8);
198	33.3k	} else {
199	33.3k	ERR_pop_to_mark();
200	33.3k	}
201
202	33.4k	ERR_set_mark();
203	33.4k	pder = der;
204	33.4k	p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
205	33.4k	ERR_pop_to_mark();
206
207	33.4k	if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
208		/*
209		* We have something and recognised it as PrivateKeyInfo, so let's
210		* pass all the applicable data to the callback.
211		*/
212	13.5k	char keytype[OSSL_MAX_NAME_SIZE];
213	13.5k	OSSL_PARAM params[6], *p = params;
214	13.5k	int objtype = OSSL_OBJECT_PKEY;
215
216	13.5k	OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
217
218	13.5k	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
219	13.5k	keytype, 0);
220	13.5k	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE,
221	13.5k	"DER", 0);
222	13.5k	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
223	13.5k	"PrivateKeyInfo", 0);
224	13.5k	*p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
225	13.5k	der, der_len);
226	13.5k	*p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
227	13.5k	*p = OSSL_PARAM_construct_end();
228
229	13.5k	ok = data_cb(params, data_cbarg);
230	13.5k	}
231	33.4k	PKCS8_PRIV_KEY_INFO_free(p8inf);
232	33.4k	OPENSSL_free(new_der);
233	33.4k	return ok;
234	33.4k	}
235
236		const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
237		{ OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
238		{ OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
239		{ OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
240		{ OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
241		(void (*)(void))epki2pki_settable_ctx_params },
242		{ OSSL_FUNC_DECODER_SET_CTX_PARAMS,
243		(void (*)(void))epki2pki_set_ctx_params },
244		OSSL_DISPATCH_END
245		};