/src/openssl/crypto/asn1/d2i_pr.c

Source
/*
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/decoder.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "crypto/x509.h"
#include "internal/asn1.h"
#include "internal/sizes.h"

static EVP_PKEY *
d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
                       long length, OSSL_LIB_CTX *libctx, const char *propq)
{
    OSSL_DECODER_CTX *dctx = NULL;
    size_t len = length;
    EVP_PKEY *pkey = NULL, *bak_a = NULL;
    EVP_PKEY **ppkey = &pkey;
    const char *key_name = NULL;
    char keytypebuf[OSSL_MAX_NAME_SIZE];
    int ret;
    const unsigned char *p = *pp;
    const char *structure;
    PKCS8_PRIV_KEY_INFO *p8info;
    const ASN1_OBJECT *algoid;

    if (keytype != EVP_PKEY_NONE) {
        key_name = evp_pkey_type2name(keytype);
        if (key_name == NULL)
            return NULL;
    }

    /* This is just a probe. It might fail, so we ignore errors */
    ERR_set_mark();
    p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
    ERR_pop_to_mark();
    if (p8info != NULL) {
        int64_t v;

        /* ascertain version is 0 or 1 as per RFC5958 */
        if (!ASN1_INTEGER_get_int64(&v, p8info->version)
            || (v != 0 && v != 1)) {
            *pp = p;
            ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR);
            PKCS8_PRIV_KEY_INFO_free(p8info);
            return NULL;
        }
        if (key_name == NULL
                && PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info)
                && OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0))
            key_name = keytypebuf;
        structure = "PrivateKeyInfo";
        PKCS8_PRIV_KEY_INFO_free(p8info);
    } else {
        structure = "type-specific";
    }
    *pp = p;

    if (a != NULL && (bak_a = *a) != NULL)
        ppkey = a;
    dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name,
                                         EVP_PKEY_KEYPAIR, libctx, propq);
    if (a != NULL)
        *a = bak_a;
    if (dctx == NULL)
        goto err;

    ret = OSSL_DECODER_from_data(dctx, pp, &len);
    OSSL_DECODER_CTX_free(dctx);
    if (ret
        && *ppkey != NULL
        && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) {
        if (a != NULL)
            *a = *ppkey;
        return *ppkey;
    }

 err:
    if (ppkey != a)
        EVP_PKEY_free(*ppkey);
    return NULL;
}

EVP_PKEY *
ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp,
                           long length, OSSL_LIB_CTX *libctx, const char *propq)
{
    EVP_PKEY *ret;
    const unsigned char *p = *pp;

    if (a == NULL || *a == NULL) {
        if ((ret = EVP_PKEY_new()) == NULL) {
            ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
            return NULL;
        }
    } else {
        ret = *a;
    }

    if (!EVP_PKEY_set_type(ret, keytype)) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
        goto err;
    }

    ERR_set_mark();
    if (!ret->ameth->old_priv_decode ||
        !ret->ameth->old_priv_decode(ret, &p, length)) {
        if (ret->ameth->priv_decode != NULL
                || ret->ameth->priv_decode_ex != NULL) {
            EVP_PKEY *tmp;
            PKCS8_PRIV_KEY_INFO *p8 = NULL;
            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
            if (p8 == NULL) {
                ERR_clear_last_mark();
                goto err;
            }
            tmp = evp_pkcs82pkey_legacy(p8, libctx, propq);
            PKCS8_PRIV_KEY_INFO_free(p8);
            if (tmp == NULL) {
                ERR_clear_last_mark();
                goto err;
            }
            EVP_PKEY_free(ret);
            ret = tmp;
            ERR_pop_to_mark();
            if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret))
                goto err;
        } else {
            ERR_clear_last_mark();
            ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
            goto err;
        }
    } else {
      ERR_clear_last_mark();
    }
    *pp = p;
    if (a != NULL)
        *a = ret;
    return ret;
 err:
    if (a == NULL || *a != ret)
        EVP_PKEY_free(ret);
    return NULL;
}

EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp,
                            long length, OSSL_LIB_CTX *libctx,
                            const char *propq)
{
    EVP_PKEY *ret;

    ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq);
    /* try the legacy path if the decoder failed */
    if (ret == NULL)
        ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
    return ret;
}

EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         long length)
{
    return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
}

static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a,
                                           const unsigned char **pp,
                                           long length,
                                           OSSL_LIB_CTX *libctx,
                                           const char *propq)
{
    STACK_OF(ASN1_TYPE) *inkey;
    const unsigned char *p;
    int keytype;

    p = *pp;
    /*
     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
     * analyzing it we can determine the passed structure: this assumes the
     * input is surrounded by an ASN1 SEQUENCE.
     */
    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
    p = *pp;
    /*
     * Since we only need to discern "traditional format" RSA and DSA keys we
     * can just count the elements.
     */
    if (sk_ASN1_TYPE_num(inkey) == 6) {
        keytype = EVP_PKEY_DSA;
    } else if (sk_ASN1_TYPE_num(inkey) == 4) {
        keytype = EVP_PKEY_EC;
    } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
                                              * traditional format */
        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
        EVP_PKEY *ret;

        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
        if (p8 == NULL) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
            return NULL;
        }
        ret = evp_pkcs82pkey_legacy(p8, libctx, propq);
        PKCS8_PRIV_KEY_INFO_free(p8);
        if (ret == NULL)
            return NULL;
        *pp = p;
        if (a != NULL) {
            *a = ret;
        }
        return ret;
    } else {
        keytype = EVP_PKEY_RSA;
    }
    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
    return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
}

/*
 * This works like d2i_PrivateKey() except it passes the keytype as
 * EVP_PKEY_NONE, which then figures out the type during decoding.
 */
EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
                                long length, OSSL_LIB_CTX *libctx,
                                const char *propq)
{
    EVP_PKEY *ret;

    ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq);
    /* try the legacy path if the decoder failed */
    if (ret == NULL)
        ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq);
    return ret;
}

EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                             long length)
{
    return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);
}

Coverage Report

Created: 2025-12-08 06:22

Line	Count	Source
1		/*
2		* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include "internal/cryptlib.h"
12		#include <openssl/bn.h>
13		#include <openssl/evp.h>
14		#include <openssl/objects.h>
15		#include <openssl/decoder.h>
16		#include <openssl/x509.h>
17		#include <openssl/asn1.h>
18		#include "crypto/asn1.h"
19		#include "crypto/evp.h"
20		#include "crypto/x509.h"
21		#include "internal/asn1.h"
22		#include "internal/sizes.h"
23
24		static EVP_PKEY *
25		d2i_PrivateKey_decoder(int keytype, EVP_PKEY a, const unsigned char pp,
26		long length, OSSL_LIB_CTX libctx, const char propq)
27	0	{
28	0	OSSL_DECODER_CTX *dctx = NULL;
29	0	size_t len = length;
30	0	EVP_PKEY pkey = NULL, bak_a = NULL;
31	0	EVP_PKEY **ppkey = &pkey;
32	0	const char *key_name = NULL;
33	0	char keytypebuf[OSSL_MAX_NAME_SIZE];
34	0	int ret;
35	0	const unsigned char p = pp;
36	0	const char *structure;
37	0	PKCS8_PRIV_KEY_INFO *p8info;
38	0	const ASN1_OBJECT *algoid;
39
40	0	if (keytype != EVP_PKEY_NONE) {
41	0	key_name = evp_pkey_type2name(keytype);
42	0	if (key_name == NULL)
43	0	return NULL;
44	0	}
45
46		/* This is just a probe. It might fail, so we ignore errors */
47	0	ERR_set_mark();
48	0	p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
49	0	ERR_pop_to_mark();
50	0	if (p8info != NULL) {
51	0	int64_t v;
52
53		/* ascertain version is 0 or 1 as per RFC5958 */
54	0	if (!ASN1_INTEGER_get_int64(&v, p8info->version)
55	0	\|\| (v != 0 && v != 1)) {
56	0	*pp = p;
57	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR);
58	0	PKCS8_PRIV_KEY_INFO_free(p8info);
59	0	return NULL;
60	0	}
61	0	if (key_name == NULL
62	0	&& PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info)
63	0	&& OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0))
64	0	key_name = keytypebuf;
65	0	structure = "PrivateKeyInfo";
66	0	PKCS8_PRIV_KEY_INFO_free(p8info);
67	0	} else {
68	0	structure = "type-specific";
69	0	}
70	0	*pp = p;
71
72	0	if (a != NULL && (bak_a = *a) != NULL)
73	0	ppkey = a;
74	0	dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", structure, key_name,
75	0	EVP_PKEY_KEYPAIR, libctx, propq);
76	0	if (a != NULL)
77	0	*a = bak_a;
78	0	if (dctx == NULL)
79	0	goto err;
80
81	0	ret = OSSL_DECODER_from_data(dctx, pp, &len);
82	0	OSSL_DECODER_CTX_free(dctx);
83	0	if (ret
84	0	&& *ppkey != NULL
85	0	&& evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) {
86	0	if (a != NULL)
87	0	a = ppkey;
88	0	return *ppkey;
89	0	}
90
91	0	err:
92	0	if (ppkey != a)
93	0	EVP_PKEY_free(*ppkey);
94	0	return NULL;
95	0	}
96
97		EVP_PKEY *
98		ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY a, const unsigned char pp,
99		long length, OSSL_LIB_CTX libctx, const char propq)
100	0	{
101	0	EVP_PKEY *ret;
102	0	const unsigned char p = pp;
103
104	0	if (a == NULL \|\| *a == NULL) {
105	0	if ((ret = EVP_PKEY_new()) == NULL) {
106	0	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
107	0	return NULL;
108	0	}
109	0	} else {
110	0	ret = *a;
111	0	}
112
113	0	if (!EVP_PKEY_set_type(ret, keytype)) {
114	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
115	0	goto err;
116	0	}
117
118	0	ERR_set_mark();
119	0	if (!ret->ameth->old_priv_decode \|\|
120	0	!ret->ameth->old_priv_decode(ret, &p, length)) {
121	0	if (ret->ameth->priv_decode != NULL
122	0	\|\| ret->ameth->priv_decode_ex != NULL) {
123	0	EVP_PKEY *tmp;
124	0	PKCS8_PRIV_KEY_INFO *p8 = NULL;
125	0	p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
126	0	if (p8 == NULL) {
127	0	ERR_clear_last_mark();
128	0	goto err;
129	0	}
130	0	tmp = evp_pkcs82pkey_legacy(p8, libctx, propq);
131	0	PKCS8_PRIV_KEY_INFO_free(p8);
132	0	if (tmp == NULL) {
133	0	ERR_clear_last_mark();
134	0	goto err;
135	0	}
136	0	EVP_PKEY_free(ret);
137	0	ret = tmp;
138	0	ERR_pop_to_mark();
139	0	if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret))
140	0	goto err;
141	0	} else {
142	0	ERR_clear_last_mark();
143	0	ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
144	0	goto err;
145	0	}
146	0	} else {
147	0	ERR_clear_last_mark();
148	0	}
149	0	*pp = p;
150	0	if (a != NULL)
151	0	*a = ret;
152	0	return ret;
153	0	err:
154	0	if (a == NULL \|\| *a != ret)
155	0	EVP_PKEY_free(ret);
156	0	return NULL;
157	0	}
158
159		EVP_PKEY d2i_PrivateKey_ex(int keytype, EVP_PKEY a, const unsigned char *pp,
160		long length, OSSL_LIB_CTX *libctx,
161		const char *propq)
162	0	{
163	0	EVP_PKEY *ret;
164
165	0	ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq);
166		/* try the legacy path if the decoder failed */
167	0	if (ret == NULL)
168	0	ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
169	0	return ret;
170	0	}
171
172		EVP_PKEY d2i_PrivateKey(int type, EVP_PKEY a, const unsigned char *pp,
173		long length)
174	0	{
175	0	return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL);
176	0	}
177
178		static EVP_PKEY d2i_AutoPrivateKey_legacy(EVP_PKEY *a,
179		const unsigned char **pp,
180		long length,
181		OSSL_LIB_CTX *libctx,
182		const char *propq)
183	0	{
184	0	STACK_OF(ASN1_TYPE) *inkey;
185	0	const unsigned char *p;
186	0	int keytype;
187
188	0	p = *pp;
189		/*
190		* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
191		* analyzing it we can determine the passed structure: this assumes the
192		* input is surrounded by an ASN1 SEQUENCE.
193		*/
194	0	inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
195	0	p = *pp;
196		/*
197		* Since we only need to discern "traditional format" RSA and DSA keys we
198		* can just count the elements.
199		*/
200	0	if (sk_ASN1_TYPE_num(inkey) == 6) {
201	0	keytype = EVP_PKEY_DSA;
202	0	} else if (sk_ASN1_TYPE_num(inkey) == 4) {
203	0	keytype = EVP_PKEY_EC;
204	0	} else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
205		* traditional format */
206	0	PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
207	0	EVP_PKEY *ret;
208
209	0	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
210	0	if (p8 == NULL) {
211	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
212	0	return NULL;
213	0	}
214	0	ret = evp_pkcs82pkey_legacy(p8, libctx, propq);
215	0	PKCS8_PRIV_KEY_INFO_free(p8);
216	0	if (ret == NULL)
217	0	return NULL;
218	0	*pp = p;
219	0	if (a != NULL) {
220	0	*a = ret;
221	0	}
222	0	return ret;
223	0	} else {
224	0	keytype = EVP_PKEY_RSA;
225	0	}
226	0	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
227	0	return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq);
228	0	}
229
230		/*
231		* This works like d2i_PrivateKey() except it passes the keytype as
232		* EVP_PKEY_NONE, which then figures out the type during decoding.
233		*/
234		EVP_PKEY d2i_AutoPrivateKey_ex(EVP_PKEY a, const unsigned char *pp,
235		long length, OSSL_LIB_CTX *libctx,
236		const char *propq)
237	0	{
238	0	EVP_PKEY *ret;
239
240	0	ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq);
241		/* try the legacy path if the decoder failed */
242	0	if (ret == NULL)
243	0	ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq);
244	0	return ret;
245	0	}
246
247		EVP_PKEY d2i_AutoPrivateKey(EVP_PKEY a, const unsigned char *pp,
248		long length)
249	0	{
250	0	return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL);
251	0	}