Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/implementations/encode_decode/decode_epki2pki.c
48383 views
1
/*

2
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
#include <openssl/core.h>

11
#include <openssl/core_dispatch.h>

12
#include <openssl/core_names.h>

13
#include <openssl/core_object.h>

14
#include <openssl/asn1.h>

15
#include <openssl/err.h>

16
#include <openssl/objects.h>

17
#include <openssl/pkcs12.h>

18
#include <openssl/x509.h>

19
#include <openssl/proverr.h>

20
#include "internal/asn1.h"

21
#include "internal/sizes.h"

22
#include "prov/bio.h"

23
#include "prov/decoders.h"

24
#include "prov/implementations.h"

25
#include "endecoder_local.h"

26


27
static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;

28
static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;

29
static OSSL_FUNC_decoder_decode_fn epki2pki_decode;

30
static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params;

31
static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params;

32


33
/*

34
 * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.

35
 */

36
struct epki2pki_ctx_st {

37
    PROV_CTX *provctx;

38
    char propq[OSSL_MAX_PROPQUERY_SIZE];

39
};

40


41
static void *epki2pki_newctx(void *provctx)

42
{

43
    struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

44


45
    if (ctx != NULL)

46
        ctx->provctx = provctx;

47
    return ctx;

48
}

49


50
static void epki2pki_freectx(void *vctx)

51
{

52
    struct epki2pki_ctx_st *ctx = vctx;

53


54
    OPENSSL_free(ctx);

55
}

56


57
static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx)

58
{

59
    static const OSSL_PARAM settables[] = {

60
        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),

61
        OSSL_PARAM_END

62
    };

63
    return settables;

64
}

65


66
static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[])

67
{

68
    struct epki2pki_ctx_st *ctx = vctx;

69
    const OSSL_PARAM *p;

70
    char *str = ctx->propq;

71


72
    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);

73
    if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))

74
        return 0;

75


76
    return 1;

77
}

78


79
/*

80
 * The selection parameter in epki2pki_decode() is not used by this function

81
 * because it's not relevant just to decode EncryptedPrivateKeyInfo to

82
 * PrivateKeyInfo.

83
 */

84
static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,

85
                           OSSL_CALLBACK *data_cb, void *data_cbarg,

86
                           OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)

87
{

88
    struct epki2pki_ctx_st *ctx = vctx;

89
    BUF_MEM *mem = NULL;

90
    unsigned char *der = NULL;

91
    long der_len = 0;

92
    BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);

93
    int ok = 0;

94


95
    if (in == NULL)

96
        return 0;

97


98
    ok = (asn1_d2i_read_bio(in, &mem) >= 0);

99
    BIO_free(in);

100


101
    /* We return "empty handed".  This is not an error. */

102
    if (!ok)

103
        return 1;

104


105
    der = (unsigned char *)mem->data;

106
    der_len = (long)mem->length;

107
    OPENSSL_free(mem);

108


109
    ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb, data_cbarg,

110
                                  pw_cb, pw_cbarg, PROV_LIBCTX_OF(ctx->provctx),

111
                                  ctx->propq);

112
    OPENSSL_free(der);

113
    return ok;

114
}

115


116
int ossl_epki2pki_der_decode(unsigned char *der, long der_len, int selection,

117
                             OSSL_CALLBACK *data_cb, void *data_cbarg,

118
                             OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,

119
                             OSSL_LIB_CTX *libctx, const char *propq)

120
{

121
    const unsigned char *pder = der;

122
    unsigned char *new_der = NULL;

123
    X509_SIG *p8 = NULL;

124
    PKCS8_PRIV_KEY_INFO *p8inf = NULL;

125
    const X509_ALGOR *alg = NULL;

126
    int ok = 1;     /* Assume good */

127


128
    ERR_set_mark();

129
    if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {

130
        char pbuf[1024];

131
        size_t plen = 0;

132


133
        ERR_clear_last_mark();

134


135
        if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {

136
            ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);

137
            ok = 0;

138
        } else {

139
            const ASN1_OCTET_STRING *oct;

140
            int new_der_len = 0;

141


142
            X509_SIG_get0(p8, &alg, &oct);

143
            if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,

144
                                     oct->data, oct->length,

145
                                     &new_der, &new_der_len, 0,

146
                                     libctx, propq)) {

147
                ok = 0;

148
            } else {

149
                der = new_der;

150
                der_len = new_der_len;

151
            }

152
            alg = NULL;

153
        }

154
        X509_SIG_free(p8);

155
    } else {

156
        ERR_pop_to_mark();

157
    }

158


159
    ERR_set_mark();

160
    pder = der;

161
    p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);

162
    ERR_pop_to_mark();

163


164
    if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {

165
        /*

166
         * We have something and recognised it as PrivateKeyInfo, so let's

167
         * pass all the applicable data to the callback.

168
         */

169
        char keytype[OSSL_MAX_NAME_SIZE];

170
        OSSL_PARAM params[6], *p = params;

171
        int objtype = OSSL_OBJECT_PKEY;

172


173
        OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);

174


175
        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

176
                                                keytype, 0);

177
        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_INPUT_TYPE,

178
                                                "DER", 0);

179
        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,

180
                                                "PrivateKeyInfo", 0);

181
        *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,

182
                                                 der, der_len);

183
        *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);

184
        *p = OSSL_PARAM_construct_end();

185


186
        ok = data_cb(params, data_cbarg);

187
    }

188
    PKCS8_PRIV_KEY_INFO_free(p8inf);

189
    OPENSSL_free(new_der);

190
    return ok;

191
}

192


193
const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {

194
    { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },

195
    { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },

196
    { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },

197
    { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,

198
      (void (*)(void))epki2pki_settable_ctx_params },

199
    { OSSL_FUNC_DECODER_SET_CTX_PARAMS,

200
      (void (*)(void))epki2pki_set_ctx_params },

201
    OSSL_DISPATCH_END

202
};

203


204