EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
{
char *nm=NULL;
const unsigned char *p=NULL;
unsigned char *data=NULL;
long len;
int slen;
EVP_PKEY *ret=NULL;
if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
bp, 0, NULL))
return NULL;
p = data;
if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)
{
ret = EVP_PKEY_new();
if (!ret)
goto err;
if (!EVP_PKEY_set_type_str(ret, nm, slen)
|| !ret->ameth->param_decode
|| !ret->ameth->param_decode(ret, &p, len))
{
EVP_PKEY_free(ret);
ret = NULL;
goto err;
}
if(x)
{
if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
*x = ret;
}
}
err:
if (ret == NULL)
PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB);
free(nm);
free(data);
return(ret);
}
static int check_pem(const char *nm, const char *name)
{
/* Normal matching nm and name */
if (strcmp(nm, name) == 0)
return 1;
/* Make PEM_STRING_EVP_PKEY match any private key */
if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) {
int slen;
const EVP_PKEY_ASN1_METHOD *ameth;
if (strcmp(nm, PEM_STRING_PKCS8) == 0)
return 1;
if (strcmp(nm, PEM_STRING_PKCS8INF) == 0)
return 1;
slen = pem_check_suffix(nm, "PRIVATE KEY");
if (slen > 0) {
/*
* NB: ENGINE implementations won't contain a deprecated old
* private key decode function so don't look for them.
*/
ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
if (ameth && ameth->old_priv_decode)
return 1;
}
return 0;
}
if (strcmp(name, PEM_STRING_PARAMETERS) == 0) {
int slen;
const EVP_PKEY_ASN1_METHOD *ameth;
slen = pem_check_suffix(nm, "PARAMETERS");
if (slen > 0) {
ENGINE *e;
ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
if (ameth) {
int r;
if (ameth->param_decode)
r = 1;
else
r = 0;
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(e);
#endif
return r;
}
}
return 0;
}
/* If reading DH parameters handle X9.42 DH format too */
if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0
&& strcmp(name, PEM_STRING_DHPARAMS) == 0)
return 1;
/* Permit older strings */
if (strcmp(nm, PEM_STRING_X509_OLD) == 0
&& strcmp(name, PEM_STRING_X509) == 0)
return 1;
if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0
&& strcmp(name, PEM_STRING_X509_REQ) == 0)
return 1;
/* Allow normal certs to be read as trusted certs */
if (strcmp(nm, PEM_STRING_X509) == 0
&& strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
return 1;
if (strcmp(nm, PEM_STRING_X509_OLD) == 0
&& strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
return 1;
/* Some CAs use PKCS#7 with CERTIFICATE headers */
if (strcmp(nm, PEM_STRING_X509) == 0
&& strcmp(name, PEM_STRING_PKCS7) == 0)
return 1;
if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0
&& strcmp(name, PEM_STRING_PKCS7) == 0)
return 1;
#ifndef OPENSSL_NO_CMS
if (strcmp(nm, PEM_STRING_X509) == 0
&& strcmp(name, PEM_STRING_CMS) == 0)
return 1;
/* Allow CMS to be read from PKCS#7 headers */
if (strcmp(nm, PEM_STRING_PKCS7) == 0
&& strcmp(name, PEM_STRING_CMS) == 0)
return 1;
#endif
return 0;
}
EVP_PKEY *
PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
char *nm = NULL;
const unsigned char *p = NULL;
unsigned char *data = NULL;
long len;
int slen;
EVP_PKEY *ret = NULL;
if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY,
bp, cb, u))
return NULL;
p = data;
if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
EVP_PKEY_free(*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
X509_SIG *p8;
int klen;
char psbuf[PEM_BUFSIZE];
p8 = d2i_X509_SIG(NULL, &p, len);
if (!p8)
goto p8err;
if (cb)
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
EVP_PKEY_free(*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
const EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
if (!ameth || !ameth->old_priv_decode)
goto p8err;
ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
}
p8err:
if (ret == NULL)
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
err:
free(nm);
OPENSSL_cleanse(data, len);
free(data);
return (ret);
}
/*
* Key parameter decoder.
*/
static OSSL_STORE_INFO *try_decode_params(const char *pem_name,
const char *pem_header,
const unsigned char *blob,
size_t len, void **pctx,
int *matchcount,
const UI_METHOD *ui_method,
void *ui_data)
{
OSSL_STORE_INFO *store_info = NULL;
int slen = 0;
EVP_PKEY *pkey = NULL;
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
int ok = 0;
if (pem_name != NULL) {
if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0)
return NULL;
*matchcount = 1;
}
if (slen > 0) {
if ((pkey = EVP_PKEY_new()) == NULL) {
OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
return NULL;
}
if (EVP_PKEY_set_type_str(pkey, pem_name, slen)
&& (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL
&& ameth->param_decode != NULL
&& ameth->param_decode(pkey, &blob, len))
ok = 1;
} else {
int i;
EVP_PKEY *tmp_pkey = NULL;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
const unsigned char *tmp_blob = blob;
if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) {
OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
break;
}
ameth = EVP_PKEY_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id)
&& (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL
&& ameth->param_decode != NULL
&& ameth->param_decode(tmp_pkey, &tmp_blob, len)) {
if (pkey != NULL)
EVP_PKEY_free(tmp_pkey);
else
pkey = tmp_pkey;
tmp_pkey = NULL;
(*matchcount)++;
}
}
EVP_PKEY_free(tmp_pkey);
if (*matchcount == 1) {
ok = 1;
}
}
if (ok)
store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
if (store_info == NULL)
EVP_PKEY_free(pkey);
return store_info;
}
static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
const char *pem_header,
const unsigned char *blob,
size_t len, void **pctx,
int *matchcount,
const UI_METHOD *ui_method,
void *ui_data)
{
OSSL_STORE_INFO *store_info = NULL;
EVP_PKEY *pkey = NULL;
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
if (pem_name != NULL) {
if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf =
d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len);
*matchcount = 1;
if (p8inf != NULL)
pkey = EVP_PKCS82PKEY(p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else {
int slen;
if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
&& (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
slen)) != NULL) {
*matchcount = 1;
pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len);
}
}
} else {
int i;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
EVP_PKEY *tmp_pkey = NULL;
const unsigned char *tmp_blob = blob;
ameth = EVP_PKEY_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len);
if (tmp_pkey != NULL) {
if (pkey != NULL)
EVP_PKEY_free(tmp_pkey);
else
pkey = tmp_pkey;
(*matchcount)++;
}
}
if (*matchcount > 1) {
EVP_PKEY_free(pkey);
pkey = NULL;
}
}
if (pkey == NULL)
/* No match */
return NULL;
store_info = OSSL_STORE_INFO_new_PKEY(pkey);
if (store_info == NULL)
EVP_PKEY_free(pkey);
return store_info;
}