pem_pkey.c 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245
  1. /*
  2. * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/buffer.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/evp.h>
  14. #include <openssl/x509.h>
  15. #include <openssl/pkcs12.h>
  16. #include <openssl/pem.h>
  17. #include <openssl/engine.h>
  18. #include <openssl/dh.h>
  19. #include "internal/asn1_int.h"
  20. #include "internal/evp_int.h"
  21. int pem_check_suffix(const char *pem_str, const char *suffix);
  22. EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
  23. void *u)
  24. {
  25. char *nm = NULL;
  26. const unsigned char *p = NULL;
  27. unsigned char *data = NULL;
  28. long len;
  29. int slen;
  30. EVP_PKEY *ret = NULL;
  31. if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp,
  32. cb, u))
  33. return NULL;
  34. p = data;
  35. if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
  36. PKCS8_PRIV_KEY_INFO *p8inf;
  37. p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
  38. if (!p8inf)
  39. goto p8err;
  40. ret = EVP_PKCS82PKEY(p8inf);
  41. if (x) {
  42. EVP_PKEY_free((EVP_PKEY *)*x);
  43. *x = ret;
  44. }
  45. PKCS8_PRIV_KEY_INFO_free(p8inf);
  46. } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
  47. PKCS8_PRIV_KEY_INFO *p8inf;
  48. X509_SIG *p8;
  49. int klen;
  50. char psbuf[PEM_BUFSIZE];
  51. p8 = d2i_X509_SIG(NULL, &p, len);
  52. if (!p8)
  53. goto p8err;
  54. if (cb)
  55. klen = cb(psbuf, PEM_BUFSIZE, 0, u);
  56. else
  57. klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
  58. if (klen <= 0) {
  59. PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
  60. X509_SIG_free(p8);
  61. goto err;
  62. }
  63. p8inf = PKCS8_decrypt(p8, psbuf, klen);
  64. X509_SIG_free(p8);
  65. OPENSSL_cleanse(psbuf, klen);
  66. if (!p8inf)
  67. goto p8err;
  68. ret = EVP_PKCS82PKEY(p8inf);
  69. if (x) {
  70. EVP_PKEY_free((EVP_PKEY *)*x);
  71. *x = ret;
  72. }
  73. PKCS8_PRIV_KEY_INFO_free(p8inf);
  74. } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
  75. const EVP_PKEY_ASN1_METHOD *ameth;
  76. ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
  77. if (!ameth || !ameth->old_priv_decode)
  78. goto p8err;
  79. ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
  80. }
  81. p8err:
  82. if (ret == NULL)
  83. PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
  84. err:
  85. OPENSSL_secure_free(nm);
  86. OPENSSL_secure_clear_free(data, len);
  87. return ret;
  88. }
  89. int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
  90. unsigned char *kstr, int klen,
  91. pem_password_cb *cb, void *u)
  92. {
  93. if (x->ameth == NULL || x->ameth->priv_encode != NULL)
  94. return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
  95. (char *)kstr, klen, cb, u);
  96. return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u);
  97. }
  98. int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
  99. const EVP_CIPHER *enc,
  100. unsigned char *kstr, int klen,
  101. pem_password_cb *cb, void *u)
  102. {
  103. char pem_str[80];
  104. BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
  105. return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
  106. pem_str, bp, x, enc, kstr, klen, cb, u);
  107. }
  108. EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
  109. {
  110. char *nm = NULL;
  111. const unsigned char *p = NULL;
  112. unsigned char *data = NULL;
  113. long len;
  114. int slen;
  115. EVP_PKEY *ret = NULL;
  116. if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
  117. bp, 0, NULL))
  118. return NULL;
  119. p = data;
  120. if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) {
  121. ret = EVP_PKEY_new();
  122. if (ret == NULL)
  123. goto err;
  124. if (!EVP_PKEY_set_type_str(ret, nm, slen)
  125. || !ret->ameth->param_decode
  126. || !ret->ameth->param_decode(ret, &p, len)) {
  127. EVP_PKEY_free(ret);
  128. ret = NULL;
  129. goto err;
  130. }
  131. if (x) {
  132. EVP_PKEY_free((EVP_PKEY *)*x);
  133. *x = ret;
  134. }
  135. }
  136. err:
  137. if (ret == NULL)
  138. PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
  139. OPENSSL_free(nm);
  140. OPENSSL_free(data);
  141. return ret;
  142. }
  143. int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
  144. {
  145. char pem_str[80];
  146. if (!x->ameth || !x->ameth->param_encode)
  147. return 0;
  148. BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
  149. return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
  150. pem_str, bp, x, NULL, NULL, 0, 0, NULL);
  151. }
  152. #ifndef OPENSSL_NO_STDIO
  153. EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
  154. void *u)
  155. {
  156. BIO *b;
  157. EVP_PKEY *ret;
  158. if ((b = BIO_new(BIO_s_file())) == NULL) {
  159. PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
  160. return 0;
  161. }
  162. BIO_set_fp(b, fp, BIO_NOCLOSE);
  163. ret = PEM_read_bio_PrivateKey(b, x, cb, u);
  164. BIO_free(b);
  165. return ret;
  166. }
  167. int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
  168. unsigned char *kstr, int klen,
  169. pem_password_cb *cb, void *u)
  170. {
  171. BIO *b;
  172. int ret;
  173. if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
  174. PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
  175. return 0;
  176. }
  177. ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
  178. BIO_free(b);
  179. return ret;
  180. }
  181. #endif
  182. #ifndef OPENSSL_NO_DH
  183. /* Transparently read in PKCS#3 or X9.42 DH parameters */
  184. DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
  185. {
  186. char *nm = NULL;
  187. const unsigned char *p = NULL;
  188. unsigned char *data = NULL;
  189. long len;
  190. DH *ret = NULL;
  191. if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u))
  192. return NULL;
  193. p = data;
  194. if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0)
  195. ret = d2i_DHxparams(x, &p, len);
  196. else
  197. ret = d2i_DHparams(x, &p, len);
  198. if (ret == NULL)
  199. PEMerr(PEM_F_PEM_READ_BIO_DHPARAMS, ERR_R_ASN1_LIB);
  200. OPENSSL_free(nm);
  201. OPENSSL_free(data);
  202. return ret;
  203. }
  204. # ifndef OPENSSL_NO_STDIO
  205. DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
  206. {
  207. BIO *b;
  208. DH *ret;
  209. if ((b = BIO_new(BIO_s_file())) == NULL) {
  210. PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB);
  211. return 0;
  212. }
  213. BIO_set_fp(b, fp, BIO_NOCLOSE);
  214. ret = PEM_read_bio_DHparams(b, x, cb, u);
  215. BIO_free(b);
  216. return ret;
  217. }
  218. # endif
  219. #endif