Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/implementations/encode_decode/decode_pem2der.c
103857 views
1
/*

2
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
/*

11
 * RSA low level APIs are deprecated for public use, but still ok for

12
 * internal use.

13
 */

14
#include "internal/deprecated.h"

15


16
#include <string.h>

17


18
#include <openssl/core_dispatch.h>

19
#include <openssl/core_names.h>

20
#include <openssl/core_object.h>

21
#include <openssl/crypto.h>

22
#include <openssl/err.h>

23
#include <openssl/params.h>

24
#include <openssl/pem.h>

25
#include <openssl/proverr.h>

26
#include "internal/nelem.h"

27
#include "internal/sizes.h"

28
#include "prov/bio.h"

29
#include "prov/decoders.h"

30
#include "prov/implementations.h"

31
#include "endecoder_local.h"

32


33
static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,

34
    char **pem_name, char **pem_header,

35
    unsigned char **data, long *len)

36
{

37
    BIO *in = ossl_bio_new_from_core_bio(provctx, cin);

38
    int ok;

39


40
    if (in == NULL)

41
        return 0;

42
    ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0);

43


44
    BIO_free(in);

45
    return ok;

46
}

47


48
static OSSL_FUNC_decoder_newctx_fn pem2der_newctx;

49
static OSSL_FUNC_decoder_freectx_fn pem2der_freectx;

50
static OSSL_FUNC_decoder_decode_fn pem2der_decode;

51


52
/*

53
 * Context used for PEM to DER decoding.

54
 */

55
struct pem2der_ctx_st {

56
    PROV_CTX *provctx;

57
    char data_structure[OSSL_MAX_CODEC_STRUCT_SIZE];

58
    char propq[OSSL_MAX_PROPQUERY_SIZE];

59
};

60


61
static void *pem2der_newctx(void *provctx)

62
{

63
    struct pem2der_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

64


65
    if (ctx != NULL)

66
        ctx->provctx = provctx;

67
    return ctx;

68
}

69


70
static void pem2der_freectx(void *vctx)

71
{

72
    struct pem2der_ctx_st *ctx = vctx;

73


74
    OPENSSL_free(ctx);

75
}

76


77
static const OSSL_PARAM *pem2der_settable_ctx_params(ossl_unused void *provctx)

78
{

79
    static const OSSL_PARAM settables[] = {

80
        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),

81
        OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, NULL, 0),

82
        OSSL_PARAM_END

83
    };

84
    return settables;

85
}

86


87
static int pem2der_set_ctx_params(void *vctx, const OSSL_PARAM params[])

88
{

89
    struct pem2der_ctx_st *ctx = vctx;

90
    const OSSL_PARAM *p;

91
    char *str;

92


93
    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);

94
    str = ctx->propq;

95
    if (p != NULL

96
        && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))

97
        return 0;

98


99
    p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_STRUCTURE);

100
    str = ctx->data_structure;

101
    if (p != NULL

102
        && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->data_structure)))

103
        return 0;

104


105
    return 1;

106
}

107


108
/* pem_password_cb compatible function */

109
struct pem2der_pass_data_st {

110
    OSSL_PASSPHRASE_CALLBACK *cb;

111
    void *cbarg;

112
};

113


114
static int pem2der_pass_helper(char *buf, int num, int w, void *data)

115
{

116
    struct pem2der_pass_data_st *pass_data = data;

117
    size_t plen;

118


119
    if (pass_data == NULL

120
        || pass_data->cb == NULL

121
        || !pass_data->cb(buf, num, &plen, NULL, pass_data->cbarg))

122
        return -1;

123
    return (int)plen;

124
}

125


126
static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,

127
    OSSL_CALLBACK *data_cb, void *data_cbarg,

128
    OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)

129
{

130
    /*

131
     * PEM names we recognise.  Other PEM names should be recognised by

132
     * other decoder implementations.

133
     */

134
    static struct pem_name_map_st {

135
        const char *pem_name;

136
        int object_type;

137
        const char *data_type;

138
        const char *data_structure;

139
    } pem_name_map[] = {

140
        /* PKCS#8 and SubjectPublicKeyInfo */

141
        { PEM_STRING_PKCS8, OSSL_OBJECT_PKEY, NULL, "EncryptedPrivateKeyInfo" },

142
        { PEM_STRING_PKCS8INF, OSSL_OBJECT_PKEY, NULL, "PrivateKeyInfo" },

143
#define PKCS8_LAST_IDX 1

144
        { PEM_STRING_PUBLIC, OSSL_OBJECT_PKEY, NULL, "SubjectPublicKeyInfo" },

145
#define SPKI_LAST_IDX 2

146
        /* Our set of type specific PEM types */

147
        { PEM_STRING_DHPARAMS, OSSL_OBJECT_PKEY, "DH", "type-specific" },

148
        { PEM_STRING_DHXPARAMS, OSSL_OBJECT_PKEY, "X9.42 DH", "type-specific" },

149
        { PEM_STRING_DSA, OSSL_OBJECT_PKEY, "DSA", "type-specific" },

150
        { PEM_STRING_DSA_PUBLIC, OSSL_OBJECT_PKEY, "DSA", "type-specific" },

151
        { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" },

152
        { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" },

153
        { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" },

154
        { PEM_STRING_SM2PRIVATEKEY, OSSL_OBJECT_PKEY, "SM2", "type-specific" },

155
        { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" },

156
        { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" },

157
        { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" },

158


159
        /*

160
         * A few others that there is at least have an object type for, even

161
         * though there is no provider interface to handle such objects, yet.

162
         * However, this is beneficial for the OSSL_STORE result handler.

163
         */

164
        { PEM_STRING_X509, OSSL_OBJECT_CERT, NULL, "Certificate" },

165
        { PEM_STRING_X509_TRUSTED, OSSL_OBJECT_CERT, NULL, "Certificate" },

166
        { PEM_STRING_X509_OLD, OSSL_OBJECT_CERT, NULL, "Certificate" },

167
        { PEM_STRING_X509_CRL, OSSL_OBJECT_CRL, NULL, "CertificateList" }

168
    };

169
    struct pem2der_ctx_st *ctx = vctx;

170
    char *pem_name = NULL, *pem_header = NULL;

171
    size_t i;

172
    unsigned char *der = NULL;

173
    long der_len = 0;

174
    int ok = 0;

175
    int objtype = OSSL_OBJECT_UNKNOWN;

176


177
    ok = read_pem(ctx->provctx, cin, &pem_name, &pem_header,

178
             &der, &der_len)

179
        > 0;

180
    /* We return "empty handed".  This is not an error. */

181
    if (!ok)

182
        return 1;

183


184
    /*

185
     * 10 is the number of characters in "Proc-Type:", which

186
     * PEM_get_EVP_CIPHER_INFO() requires to be present.

187
     * If the PEM header has less characters than that, it's

188
     * not worth spending cycles on it.

189
     */

190
    if (strlen(pem_header) > 10) {

191
        EVP_CIPHER_INFO cipher;

192
        struct pem2der_pass_data_st pass_data;

193


194
        ok = 0; /* Assume that we fail */

195
        pass_data.cb = pw_cb;

196
        pass_data.cbarg = pw_cbarg;

197
        if (!PEM_get_EVP_CIPHER_INFO(pem_header, &cipher)

198
            || !PEM_do_header(&cipher, der, &der_len,

199
                pem2der_pass_helper, &pass_data))

200
            goto end;

201
    }

202


203
    /*

204
     * Indicated that we successfully decoded something, or not at all.

205
     * Ending up "empty handed" is not an error.

206
     */

207
    ok = 1;

208


209
    /* Have a look to see if we recognise anything */

210
    for (i = 0; i < OSSL_NELEM(pem_name_map); i++)

211
        if (strcmp(pem_name, pem_name_map[i].pem_name) == 0)

212
            break;

213


214
    if (i < OSSL_NELEM(pem_name_map)) {

215
        OSSL_PARAM params[5], *p = params;

216
        /* We expect these to be read only so casting away the const is ok */

217
        char *data_type = (char *)pem_name_map[i].data_type;

218
        char *data_structure = (char *)pem_name_map[i].data_structure;

219


220
        /*

221
         * Since this may perform decryption, we need to check the selection to

222
         * avoid password prompts for objects of no interest.

223
         */

224
        if (i <= PKCS8_LAST_IDX

225
            && ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)

226
                || OPENSSL_strcasecmp(ctx->data_structure, "EncryptedPrivateKeyInfo") == 0

227
                || OPENSSL_strcasecmp(ctx->data_structure, "PrivateKeyInfo") == 0)) {

228
            ok = ossl_epki2pki_der_decode(der, der_len, selection, data_cb,

229
                data_cbarg, pw_cb, pw_cbarg,

230
                PROV_LIBCTX_OF(ctx->provctx),

231
                ctx->propq);

232
            goto end;

233
        }

234


235
        if (i <= SPKI_LAST_IDX

236
            && ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY)

237
                || OPENSSL_strcasecmp(ctx->data_structure, "SubjectPublicKeyInfo") == 0)) {

238
            ok = ossl_spki2typespki_der_decode(der, der_len, selection, data_cb,

239
                data_cbarg, pw_cb, pw_cbarg,

240
                PROV_LIBCTX_OF(ctx->provctx),

241
                ctx->propq);

242
            goto end;

243
        }

244


245
        objtype = pem_name_map[i].object_type;

246
        if (data_type != NULL)

247
            *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

248
                data_type, 0);

249


250
        /* We expect this to be read only so casting away the const is ok */

251
        if (data_structure != NULL)

252
            *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,

253
                data_structure, 0);

254
        *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,

255
            der, der_len);

256
        *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);

257


258
        *p = OSSL_PARAM_construct_end();

259


260
        ok = data_cb(params, data_cbarg);

261
    }

262


263
end:

264
    OPENSSL_free(pem_name);

265
    OPENSSL_free(pem_header);

266
    OPENSSL_free(der);

267
    return ok;

268
}

269


270
const OSSL_DISPATCH ossl_pem_to_der_decoder_functions[] = {

271
    { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))pem2der_newctx },

272
    { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))pem2der_freectx },

273
    { OSSL_FUNC_DECODER_DECODE, (void (*)(void))pem2der_decode },

274
    { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,

275
        (void (*)(void))pem2der_settable_ctx_params },

276
    { OSSL_FUNC_DECODER_SET_CTX_PARAMS,

277
        (void (*)(void))pem2der_set_ctx_params },

278
    OSSL_DISPATCH_END

279
};

280


281