diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-09-07 12:25:17 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-09-09 16:35:22 +0200 |
| commit | 8ae40cf57d2138af92a3479e23f35037ae8c5c30 (patch) | |
| tree | 18b15b731f9b593f93716e05884cb0b9ba0a54a5 /providers | |
| parent | ce43db7a3fcd18866385a4552f5e4a83adfc0979 (diff) | |
ENCODER: Refactor provider implementations, and some cleanup
The encoder implementations were implemented by unnecessarily copying
code into numerous topical source files, making them hard to maintain.
This changes merges all those into two source files, one that encodes
into DER and PEM, the other to text.
Diverse small cleanups are included.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12803)
Diffstat (limited to 'providers')
34 files changed, 2236 insertions, 5026 deletions
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index 82eea21049..68bcfb4828 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -131,6 +131,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_NOT_A_PRIVATE_KEY 221 # define PROV_R_NOT_A_PUBLIC_KEY 220 # define PROV_R_NOT_INSTANTIATED 193 +# define PROV_R_NOT_PARAMETERS 224 # define PROV_R_NOT_SUPPORTED 136 # define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 # define PROV_R_NO_KEY_SET 114 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 6d6a254dd6..75f24f88d7 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -136,6 +136,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PRIVATE_KEY), "not a private key"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PUBLIC_KEY), "not a public key"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_INSTANTIATED), "not instantiated"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_PARAMETERS), "not parameters"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_SUPPORTED), "not supported"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH), "not xof or invalid length"}, diff --git a/providers/encoders.inc b/providers/encoders.inc index 4d894a73e5..284703c6e8 100644 --- a/providers/encoders.inc +++ b/providers/encoders.inc @@ -11,102 +11,161 @@ # error Macro ENCODER undefined #endif - ENCODER("RSA", "yes", "text", "private", rsa_priv_text_encoder_functions), - ENCODER("RSA", "yes", "text", "public", rsa_pub_text_encoder_functions), - ENCODER("RSA", "yes", "der", "private", rsa_priv_der_encoder_functions), - ENCODER("RSA", "yes", "der", "public", rsa_pub_der_encoder_functions), - ENCODER("RSA", "yes", "pem", "private", rsa_priv_pem_encoder_functions), - ENCODER("RSA", "yes", "pem", "public", rsa_pub_pem_encoder_functions), + ENCODER("RSA", "yes", "text", "private", + rsa_priv_to_text_encoder_functions), + ENCODER("RSA", "yes", "text", "public", + rsa_pub_to_text_encoder_functions), + ENCODER("RSA", "yes", "der", "private", + rsa_priv_to_der_encoder_functions), + ENCODER("RSA", "yes", "der", "public", + rsa_pub_to_der_encoder_functions), + ENCODER("RSA", "yes", "pem", "private", + rsa_priv_to_pem_encoder_functions), + ENCODER("RSA", "yes", "pem", "public", + rsa_pub_to_pem_encoder_functions), ENCODER("RSA-PSS", "yes", "text", "private", - rsa_priv_text_encoder_functions), - ENCODER("RSA-PSS", "yes", "text", "public", rsa_pub_text_encoder_functions), - ENCODER("RSA-PSS", "yes", "der", "private", rsa_priv_der_encoder_functions), - ENCODER("RSA-PSS", "yes", "der", "public", rsa_pub_der_encoder_functions), - ENCODER("RSA-PSS", "yes", "pem", "private", rsa_priv_pem_encoder_functions), - ENCODER("RSA-PSS", "yes", "pem", "public", rsa_pub_pem_encoder_functions), + rsa_priv_to_text_encoder_functions), + ENCODER("RSA-PSS", "yes", "text", "public", + rsa_pub_to_text_encoder_functions), + ENCODER("RSA-PSS", "yes", "der", "private", + rsa_priv_to_der_encoder_functions), + ENCODER("RSA-PSS", "yes", "der", "public", + rsa_pub_to_der_encoder_functions), + ENCODER("RSA-PSS", "yes", "pem", "private", + rsa_priv_to_pem_encoder_functions), + ENCODER("RSA-PSS", "yes", "pem", "public", + rsa_pub_to_pem_encoder_functions), #ifndef OPENSSL_NO_DH - ENCODER("DH", "yes", "text", "private", dh_priv_text_encoder_functions), - ENCODER("DH", "yes", "text", "public", dh_pub_text_encoder_functions), - ENCODER("DH", "yes", "text", "parameters", dh_param_text_encoder_functions), - ENCODER("DH", "yes", "der", "private", dh_priv_der_encoder_functions), - ENCODER("DH", "yes", "der", "public", dh_pub_der_encoder_functions), - ENCODER("DH", "yes", "der", "parameters", dh_param_der_encoder_functions), - ENCODER("DH", "yes", "pem", "private", dh_priv_pem_encoder_functions), - ENCODER("DH", "yes", "pem", "public", dh_pub_pem_encoder_functions), - ENCODER("DH", "yes", "pem", "parameters", dh_param_pem_encoder_functions), + ENCODER("DH", "yes", "text", "private", + dh_priv_to_text_encoder_functions), + ENCODER("DH", "yes", "text", "public", + dh_pub_to_text_encoder_functions), + ENCODER("DH", "yes", "text", "parameters", + dh_param_to_text_encoder_functions), + ENCODER("DH", "yes", "der", "private", + dh_priv_to_der_encoder_functions), + ENCODER("DH", "yes", "der", "public", + dh_pub_to_der_encoder_functions), + ENCODER("DH", "yes", "der", "parameters", + dh_param_to_der_encoder_functions), + ENCODER("DH", "yes", "pem", "private", + dh_priv_to_pem_encoder_functions), + ENCODER("DH", "yes", "pem", "public", + dh_pub_to_pem_encoder_functions), + ENCODER("DH", "yes", "pem", "parameters", + dh_param_to_pem_encoder_functions), - ENCODER("DHX", "yes", "text", "private", dh_priv_text_encoder_functions), - ENCODER("DHX", "yes", "text", "public", dh_pub_text_encoder_functions), - ENCODER("DHX", "yes", "text", "parameters", dh_param_text_encoder_functions), - ENCODER("DHX", "yes", "der", "private", dh_priv_der_encoder_functions), - ENCODER("DHX", "yes", "der", "public", dh_pub_der_encoder_functions), - ENCODER("DHX", "yes", "der", "parameters", dh_param_der_encoder_functions), - ENCODER("DHX", "yes", "pem", "private", dh_priv_pem_encoder_functions), - ENCODER("DHX", "yes", "pem", "public", dh_pub_pem_encoder_functions), - ENCODER("DHX", "yes", "pem", "parameters", dh_param_pem_encoder_functions), + ENCODER("DHX", "yes", "text", "private", + dh_priv_to_text_encoder_functions), + ENCODER("DHX", "yes", "text", "public", + dh_pub_to_text_encoder_functions), + ENCODER("DHX", "yes", "text", "parameters", + dh_param_to_text_encoder_functions), + ENCODER("DHX", "yes", "der", "private", + dh_priv_to_der_encoder_functions), + ENCODER("DHX", "yes", "der", "public", + dh_pub_to_der_encoder_functions), + ENCODER("DHX", "yes", "der", "parameters", + dh_param_to_der_encoder_functions), + ENCODER("DHX", "yes", "pem", "private", + dh_priv_to_pem_encoder_functions), + ENCODER("DHX", "yes", "pem", "public", + dh_pub_to_pem_encoder_functions), + ENCODER("DHX", "yes", "pem", "parameters", + dh_param_to_pem_encoder_functions), #endif #ifndef OPENSSL_NO_DSA - ENCODER("DSA", "yes", "text", "private", dsa_priv_text_encoder_functions), - ENCODER("DSA", "yes", "text", "public", dsa_pub_text_encoder_functions), + ENCODER("DSA", "yes", "text", "private", + dsa_priv_to_text_encoder_functions), + ENCODER("DSA", "yes", "text", "public", + dsa_pub_to_text_encoder_functions), ENCODER("DSA", "yes", "text", "parameters", - dsa_param_text_encoder_functions), - ENCODER("DSA", "yes", "der", "private", dsa_priv_der_encoder_functions), - ENCODER("DSA", "yes", "der", "public", dsa_pub_der_encoder_functions), - ENCODER("DSA", "yes", "der", "parameters", dsa_param_der_encoder_functions), - ENCODER("DSA", "yes", "pem", "private", dsa_priv_pem_encoder_functions), - ENCODER("DSA", "yes", "pem", "public", dsa_pub_pem_encoder_functions), - ENCODER("DSA", "yes", "pem", "parameters", dsa_param_pem_encoder_functions), + dsa_param_to_text_encoder_functions), + ENCODER("DSA", "yes", "der", "private", + dsa_priv_to_der_encoder_functions), + ENCODER("DSA", "yes", "der", "public", + dsa_pub_to_der_encoder_functions), + ENCODER("DSA", "yes", "der", "parameters", + dsa_param_to_der_encoder_functions), + ENCODER("DSA", "yes", "pem", "private", + dsa_priv_to_pem_encoder_functions), + ENCODER("DSA", "yes", "pem", "public", + dsa_pub_to_pem_encoder_functions), + ENCODER("DSA", "yes", "pem", "parameters", + dsa_param_to_pem_encoder_functions), #endif #ifndef OPENSSL_NO_EC ENCODER("X25519", "yes", "text", "private", - x25519_priv_print_encoder_functions), + x25519_priv_to_text_encoder_functions), ENCODER("X25519", "yes", "text", "public", - x25519_pub_print_encoder_functions), + x25519_pub_to_text_encoder_functions), ENCODER("X25519", "yes", "der", "private", - x25519_priv_der_encoder_functions), - ENCODER("X25519", "yes", "der", "public", x25519_pub_der_encoder_functions), + x25519_priv_to_der_encoder_functions), + ENCODER("X25519", "yes", "der", "public", + x25519_pub_to_der_encoder_functions), ENCODER("X25519", "yes", "pem", "private", - x25519_priv_pem_encoder_functions), - ENCODER("X25519", "yes", "pem", "public", x25519_pub_pem_encoder_functions), + x25519_priv_to_pem_encoder_functions), + ENCODER("X25519", "yes", "pem", "public", + x25519_pub_to_pem_encoder_functions), - ENCODER("X448", "no", "text", "private", x448_priv_print_encoder_functions), - ENCODER("X448", "no", "text", "public", x448_pub_print_encoder_functions), - ENCODER("X448", "no", "der", "private", x448_priv_der_encoder_functions), - ENCODER("X448", "no", "der", "public", x448_pub_der_encoder_functions), - ENCODER("X448", "no", "pem", "private", x448_priv_pem_encoder_functions), - ENCODER("X448", "no", "pem", "public", x448_pub_pem_encoder_functions), + ENCODER("X448", "yes", "text", "private", + x448_priv_to_text_encoder_functions), + ENCODER("X448", "yes", "text", "public", + x448_pub_to_text_encoder_functions), + ENCODER("X448", "yes", "der", "private", + x448_priv_to_der_encoder_functions), + ENCODER("X448", "yes", "der", "public", + x448_pub_to_der_encoder_functions), + ENCODER("X448", "yes", "pem", "private", + x448_priv_to_pem_encoder_functions), + ENCODER("X448", "yes", "pem", "public", + x448_pub_to_pem_encoder_functions), ENCODER("ED25519", "yes", "text", "private", - ed25519_priv_print_encoder_functions), + ed25519_priv_to_text_encoder_functions), ENCODER("ED25519", "yes", "text", "public", - ed25519_pub_print_encoder_functions), + ed25519_pub_to_text_encoder_functions), ENCODER("ED25519", "yes", "der", "private", - ed25519_priv_der_encoder_functions), + ed25519_priv_to_der_encoder_functions), ENCODER("ED25519", "yes", "der", "public", - ed25519_pub_der_encoder_functions), + ed25519_pub_to_der_encoder_functions), ENCODER("ED25519", "yes", "pem", "private", - ed25519_priv_pem_encoder_functions), + ed25519_priv_to_pem_encoder_functions), ENCODER("ED25519", "yes", "pem", "public", - ed25519_pub_pem_encoder_functions), + ed25519_pub_to_pem_encoder_functions), - ENCODER("ED448", "no", "text", "private", - ed448_priv_print_encoder_functions), - ENCODER("ED448", "no", "text", "public", ed448_pub_print_encoder_functions), - ENCODER("ED448", "no", "der", "private", ed448_priv_der_encoder_functions), - ENCODER("ED448", "no", "der", "public", ed448_pub_der_encoder_functions), - ENCODER("ED448", "no", "pem", "private", ed448_priv_pem_encoder_functions), - ENCODER("ED448", "no", "pem", "public", ed448_pub_pem_encoder_functions), + ENCODER("ED448", "yes", "text", "private", + ed448_priv_to_text_encoder_functions), + ENCODER("ED448", "yes", "text", "public", + ed448_pub_to_text_encoder_functions), + ENCODER("ED448", "yes", "der", "private", + ed448_priv_to_der_encoder_functions), + ENCODER("ED448", "yes", "der", "public", + ed448_pub_to_der_encoder_functions), + ENCODER("ED448", "yes", "pem", "private", + ed448_priv_to_pem_encoder_functions), + ENCODER("ED448", "yes", "pem", "public", + ed448_pub_to_pem_encoder_functions), - ENCODER("EC", "yes", "text", "private", ec_priv_text_encoder_functions), - ENCODER("EC", "yes", "text", "public", ec_pub_text_encoder_functions), - ENCODER("EC", "yes", "text", "parameters", ec_param_text_encoder_functions), - ENCODER("EC", "yes", "der", "private", ec_priv_der_encoder_functions), - ENCODER("EC", "yes", "der", "public", ec_pub_der_encoder_functions), - ENCODER("EC", "yes", "der", "parameters", ec_param_der_encoder_functions), - ENCODER("EC", "yes", "pem", "private", ec_priv_pem_encoder_functions), - ENCODER("EC", "yes", "pem", "public", ec_pub_pem_encoder_functions), - ENCODER("EC", "yes", "pem", "parameters", ec_param_pem_encoder_functions), + ENCODER("EC", "yes", "text", "private", + ec_priv_to_text_encoder_functions), + ENCODER("EC", "yes", "text", "public", + ec_pub_to_text_encoder_functions), + ENCODER("EC", "yes", "text", "parameters", + ec_param_to_text_encoder_functions), + ENCODER("EC", "yes", "der", "private", + ec_priv_to_der_encoder_functions), + ENCODER("EC", "yes", "der", "public", + ec_pub_to_der_encoder_functions), + ENCODER("EC", "yes", "der", "parameters", + ec_param_to_der_encoder_functions), + ENCODER("EC", "yes", "pem", "private", + ec_priv_to_pem_encoder_functions), + ENCODER("EC", "yes", "pem", "public", + ec_pub_to_pem_encoder_functions), + ENCODER("EC", "yes", "pem", "parameters", + ec_param_to_pem_encoder_functions), #endif diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info index 3e78849dfc..97e2264418 100644 --- a/providers/implementations/encode_decode/build.info +++ b/providers/implementations/encode_decode/build.info @@ -10,26 +10,12 @@ $DSA_GOAL=../../libimplementations.a $ECX_GOAL=../../libimplementations.a $EC_GOAL=../../libimplementations.a -SOURCE[$ENCODER_GOAL]=encoder_common.c decode_common.c +SOURCE[$ENCODER_GOAL]=endecoder_common.c SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c IF[{- !$disabled{dsa} -}] SOURCE[$DECODER_GOAL]=decode_ms2key.c ENDIF -SOURCE[$RSA_GOAL]=encoder_rsa.c encoder_rsa_priv.c encoder_rsa_pub.c -DEPEND[encoder_rsa.o]=../../common/include/prov/der_rsa.h - -IF[{- !$disabled{"dh"} || !$disabled{"dsa"} -}] - SOURCE[$FFC_GOAL]=encoder_ffc_params.c -ENDIF -IF[{- !$disabled{dh} -}] - SOURCE[$DH_GOAL]=encoder_dh.c encoder_dh_priv.c encoder_dh_pub.c encoder_dh_param.c -ENDIF -IF[{- !$disabled{dsa} -}] - SOURCE[$DSA_GOAL]=encoder_dsa.c encoder_dsa_priv.c encoder_dsa_pub.c encoder_dsa_param.c -ENDIF -IF[{- !$disabled{ec} -}] - SOURCE[$ECX_GOAL]=encoder_ecx.c encoder_ecx_priv.c encoder_ecx_pub.c - SOURCE[$EC_GOAL]=encoder_ec.c encoder_ec_priv.c encoder_ec_pub.c encoder_ec_param.c -ENDIF +SOURCE[$DECODER_GOAL]=encode_key2any.c encode_key2text.c +DEPEND[encode_key2any.o]=../../common/include/prov/der_rsa.h diff --git a/providers/implementations/encode_decode/decode_common.c b/providers/implementations/encode_decode/decode_common.c deleted file mode 100644 index 798d8f10b2..0000000000 --- a/providers/implementations/encode_decode/decode_common.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <openssl/core_names.h> -#include <openssl/bio.h> -#include <openssl/err.h> -#include <openssl/buffer.h> -#include <openssl/pem.h> /* For public PEM and PVK functions */ -#include <openssl/pkcs12.h> -#include "internal/pem.h" /* For internal PVK and "blob" functions */ -#include "internal/cryptlib.h" -#include "internal/asn1.h" -#include "internal/passphrase.h" -#include "prov/bio.h" /* ossl_prov_bio_printf() */ -#include "prov/providercommonerr.h" /* PROV_R_READ_KEY */ -#include "encoder_local.h" - -int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - unsigned char **data, long *len) -{ - BUF_MEM *mem = NULL; - BIO *in = bio_new_from_core_bio(provctx, cin); - int ok = (asn1_d2i_read_bio(in, &mem) >= 0); - - if (ok) { - *data = (unsigned char *)mem->data; - *len = (long)mem->length; - OPENSSL_free(mem); - } - BIO_free(in); - return ok; -} - -int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - char **pem_name, char **pem_header, - unsigned char **data, long *len) -{ - BIO *in = bio_new_from_core_bio(provctx, cin); - int ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0); - - BIO_free(in); - return ok; -} - -#ifndef OPENSSL_NO_DSA -EVP_PKEY *ossl_prov_read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - int *ispub) -{ - BIO *in = bio_new_from_core_bio(provctx, cin); - EVP_PKEY *pkey = ossl_b2i_bio(in, ispub); - - BIO_free(in); - return pkey; -} - -# ifndef OPENSSL_NO_RC4 -EVP_PKEY *ossl_prov_read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) -{ - BIO *in = NULL; - EVP_PKEY *pkey = NULL; - struct ossl_passphrase_data_st pwdata; - - memset(&pwdata, 0, sizeof(pwdata)); - if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg)) - return NULL; - - in = bio_new_from_core_bio(provctx, cin); - pkey = b2i_PVK_bio(in, ossl_pw_pem_password, &pwdata); - BIO_free(in); - - return pkey; -} -# endif -#endif - -int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len, - unsigned char *input_der, long input_der_len, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) -{ - const unsigned char *derp; - X509_SIG *p8 = NULL; - int ok = 0; - - if (!ossl_assert(new_der != NULL && *new_der == NULL) - || !ossl_assert(new_der_len != NULL)) - return 0; - - derp = input_der; - if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) { - char pbuf[PEM_BUFSIZE]; - size_t plen = 0; - - if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { - ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY); - } else { - const X509_ALGOR *alg = NULL; - const ASN1_OCTET_STRING *oct = NULL; - int len = 0; - - X509_SIG_get0(p8, &alg, &oct); - if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length, - new_der, &len, 0) != NULL) - ok = 1; - *new_der_len = len; - } - } - X509_SIG_free(p8); - return ok; -} diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index b8b268217d..011f05803d 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -17,13 +17,71 @@ #include <openssl/core_names.h> #include <openssl/core_object.h> #include <openssl/crypto.h> +#include <openssl/err.h> #include <openssl/params.h> +#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */ +#include <openssl/pkcs12.h> #include <openssl/x509.h> +#include "internal/cryptlib.h" /* ossl_assert() */ +#include "internal/asn1.h" +#include "crypto/ecx.h" #include "prov/bio.h" #include "prov/implementations.h" -#include "encoder_local.h" +#include "prov/providercommonerr.h" +#include "endecoder_local.h" -static OSSL_FUNC_decoder_newctx_fn der2rsa_newctx; +static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + BIO *in = bio_new_from_core_bio(provctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + } + BIO_free(in); + return ok; +} + +static int der_from_p8(unsigned char **new_der, long *new_der_len, + unsigned char *input_der, long input_der_len, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + const unsigned char *derp; + X509_SIG *p8 = NULL; + int ok = 0; + + if (!ossl_assert(new_der != NULL && *new_der == NULL) + || !ossl_assert(new_der_len != NULL)) + return 0; + + derp = input_der; + if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) { + char pbuf[PEM_BUFSIZE]; + size_t plen = 0; + + if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { + ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY); + } else { + const X509_ALGOR *alg = NULL; + const ASN1_OCTET_STRING *oct = NULL; + int len = 0; + + X509_SIG_get0(p8, &alg, &oct); + if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length, + new_der, &len, 0) != NULL) + ok = 1; + *new_der_len = len; + } + } + X509_SIG_free(p8); + return ok; +} + +/* ---------------------------------------------------------------------- */ static OSSL_FUNC_decoder_freectx_fn der2key_freectx; static OSSL_FUNC_decoder_gettable_params_fn der2key_gettable_params; @@ -109,15 +167,14 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, void *key = NULL; int ok = 0; - if (!ossl_prov_read_der(ctx->provctx, cin, &der, &der_len)) + if (!read_der(ctx->provctx, cin, &der, &der_len)) return 0; /* * Opportunistic attempt to decrypt. If it doesn't work, we try to * decode our input unencrypted. */ - if (ossl_prov_der_from_p8(&new_der, &new_der_len, der, der_len, - pw_cb, pw_cbarg)) { + if (der_from_p8(&new_der, &new_der_len, der, der_len, pw_cb, pw_cbarg)) { OPENSSL_free(der); der = new_der; der_len = new_der_len; @@ -203,6 +260,7 @@ static int der2key_export_object(void *vctx, { EVP_PKEY_##KEYTYPE, KEYTYPEstr, keytype##_keymgmt_functions, \ (extract_key_fn *)extract, \ (free_key_fn *)free }; \ + static OSSL_FUNC_decoder_newctx_fn der2##keytype##_newctx; \ static void *der2##keytype##_newctx(void *provctx) \ { \ return der2key_newctx(provctx, &keytype##_desc); \ diff --git a/providers/implementations/encode_decode/decode_ms2key.c b/providers/implementations/encode_decode/decode_ms2key.c index d8aa813ced..707e6bc08f 100644 --- a/providers/implementations/encode_decode/decode_ms2key.c +++ b/providers/implementations/encode_decode/decode_ms2key.c @@ -13,16 +13,51 @@ */ #include "internal/deprecated.h" +#include <string.h> + #include <openssl/core_dispatch.h> #include <openssl/core_names.h> #include <openssl/core_object.h> #include <openssl/crypto.h> #include <openssl/params.h> +#include <openssl/pem.h> /* For public PVK functions */ #include <openssl/x509.h> -#include "internal/pem.h" /* For PVK and "blob" PEM headers */ +#include "internal/pem.h" /* For internal PVK and "blob" headers */ +#include "internal/passphrase.h" #include "prov/bio.h" #include "prov/implementations.h" -#include "encoder_local.h" +#include "endecoder_local.h" + +#ifndef OPENSSL_NO_DSA +static EVP_PKEY *read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin, int *ispub) +{ + BIO *in = bio_new_from_core_bio(provctx, cin); + EVP_PKEY *pkey = ossl_b2i_bio(in, ispub); + + BIO_free(in); + return pkey; +} + +# ifndef OPENSSL_NO_RC4 +static EVP_PKEY *read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + BIO *in = NULL; + EVP_PKEY *pkey = NULL; + struct ossl_passphrase_data_st pwdata; + + memset(&pwdata, 0, sizeof(pwdata)); + if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg)) + return NULL; + + in = bio_new_from_core_bio(provctx, cin); + pkey = b2i_PVK_bio(in, ossl_pw_pem_password, &pwdata); + BIO_free(in); + + return pkey; +} +# endif +#endif static OSSL_FUNC_decoder_freectx_fn ms2key_freectx; static OSSL_FUNC_decoder_gettable_params_fn ms2key_gettable_params; @@ -159,7 +194,7 @@ static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, { struct ms2key_ctx_st *ctx = vctx; int ispub = -1; - EVP_PKEY *pkey = ossl_prov_read_msblob(ctx->provctx, cin, &ispub); + EVP_PKEY *pkey = read_msblob(ctx->provctx, cin, &ispub); in |