1 /* 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/buffer.h> 13 #include <openssl/objects.h> 14 #include <openssl/evp.h> 15 #include <openssl/x509.h> 16 #include <openssl/pkcs12.h> 17 #include <openssl/pem.h> 18 #include <openssl/engine.h> 19 #include <openssl/dh.h> 20 #include "internal/asn1_int.h" 21 #include "internal/evp_int.h" 22 23 int pem_check_suffix(const char *pem_str, const char *suffix); 24 25 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, 26 void *u) 27 { 28 char *nm = NULL; 29 const unsigned char *p = NULL; 30 unsigned char *data = NULL; 31 long len; 32 int slen; 33 EVP_PKEY *ret = NULL; 34 35 if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, 36 cb, u)) 37 return NULL; 38 p = data; 39 40 if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { 41 PKCS8_PRIV_KEY_INFO *p8inf; 42 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 43 if (!p8inf) 44 goto p8err; 45 ret = EVP_PKCS82PKEY(p8inf); 46 if (x) { 47 EVP_PKEY_free((EVP_PKEY *)*x); 48 *x = ret; 49 } 50 PKCS8_PRIV_KEY_INFO_free(p8inf); 51 } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) { 52 PKCS8_PRIV_KEY_INFO *p8inf; 53 X509_SIG *p8; 54 int klen; 55 char psbuf[PEM_BUFSIZE]; 56 p8 = d2i_X509_SIG(NULL, &p, len); 57 if (!p8) 58 goto p8err; 59 if (cb) 60 klen = cb(psbuf, PEM_BUFSIZE, 0, u); 61 else 62 klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); 63 if (klen < 0) { 64 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); 65 X509_SIG_free(p8); 66 goto err; 67 } 68 p8inf = PKCS8_decrypt(p8, psbuf, klen); 69 X509_SIG_free(p8); 70 OPENSSL_cleanse(psbuf, klen); 71 if (!p8inf) 72 goto p8err; 73 ret = EVP_PKCS82PKEY(p8inf); 74 if (x) { 75 EVP_PKEY_free((EVP_PKEY *)*x); 76 *x = ret; 77 } 78 PKCS8_PRIV_KEY_INFO_free(p8inf); 79 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) { 80 const EVP_PKEY_ASN1_METHOD *ameth; 81 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); 82 if (!ameth || !ameth->old_priv_decode) 83 goto p8err; 84 ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len); 85 } 86 p8err: 87 if (ret == NULL) 88 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); 89 err: 90 OPENSSL_secure_free(nm); 91 OPENSSL_secure_clear_free(data, len); 92 return ret; 93 } 94 95 int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 96 unsigned char *kstr, int klen, 97 pem_password_cb *cb, void *u) 98 { 99 if (x->ameth == NULL || x->ameth->priv_encode != NULL) 100 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, 101 (char *)kstr, klen, cb, u); 102 return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u); 103 } 104 105 int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, 106 const EVP_CIPHER *enc, 107 unsigned char *kstr, int klen, 108 pem_password_cb *cb, void *u) 109 { 110 char pem_str[80]; 111 BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); 112 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, 113 pem_str, bp, x, enc, kstr, klen, cb, u); 114 } 115 116 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) 117 { 118 char *nm = NULL; 119 const unsigned char *p = NULL; 120 unsigned char *data = NULL; 121 long len; 122 int slen; 123 EVP_PKEY *ret = NULL; 124 125 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, 126 bp, 0, NULL)) 127 return NULL; 128 p = data; 129 130 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) { 131 ret = EVP_PKEY_new(); 132 if (ret == NULL) 133 goto err; 134 if (!EVP_PKEY_set_type_str(ret, nm, slen) 135 || !ret->ameth->param_decode 136 || !ret->ameth->param_decode(ret, &p, len)) { 137 EVP_PKEY_free(ret); 138 ret = NULL; 139 goto err; 140 } 141 if (x) { 142 EVP_PKEY_free((EVP_PKEY *)*x); 143 *x = ret; 144 } 145 } 146 err: 147 if (ret == NULL) 148 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB); 149 OPENSSL_free(nm); 150 OPENSSL_free(data); 151 return ret; 152 } 153 154 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) 155 { 156 char pem_str[80]; 157 if (!x->ameth || !x->ameth->param_encode) 158 return 0; 159 160 BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str); 161 return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode, 162 pem_str, bp, x, NULL, NULL, 0, 0, NULL); 163 } 164 165 #ifndef OPENSSL_NO_STDIO 166 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, 167 void *u) 168 { 169 BIO *b; 170 EVP_PKEY *ret; 171 172 if ((b = BIO_new(BIO_s_file())) == NULL) { 173 PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB); 174 return 0; 175 } 176 BIO_set_fp(b, fp, BIO_NOCLOSE); 177 ret = PEM_read_bio_PrivateKey(b, x, cb, u); 178 BIO_free(b); 179 return ret; 180 } 181 182 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 183 unsigned char *kstr, int klen, 184 pem_password_cb *cb, void *u) 185 { 186 BIO *b; 187 int ret; 188 189 if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { 190 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB); 191 return 0; 192 } 193 ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); 194 BIO_free(b); 195 return ret; 196 } 197 198 #endif 199 200 #ifndef OPENSSL_NO_DH 201 202 /* Transparently read in PKCS#3 or X9.42 DH parameters */ 203 204 DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) 205 { 206 char *nm = NULL; 207 const unsigned char *p = NULL; 208 unsigned char *data = NULL; 209 long len; 210 DH *ret = NULL; 211 212 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u)) 213 return NULL; 214 p = data; 215 216 if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0) 217 ret = d2i_DHxparams(x, &p, len); 218 else 219 ret = d2i_DHparams(x, &p, len); 220 221 if (ret == NULL) 222 PEMerr(PEM_F_PEM_READ_BIO_DHPARAMS, ERR_R_ASN1_LIB); 223 OPENSSL_free(nm); 224 OPENSSL_free(data); 225 return ret; 226 } 227 228 # ifndef OPENSSL_NO_STDIO 229 DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) 230 { 231 BIO *b; 232 DH *ret; 233 234 if ((b = BIO_new(BIO_s_file())) == NULL) { 235 PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB); 236 return 0; 237 } 238 BIO_set_fp(b, fp, BIO_NOCLOSE); 239 ret = PEM_read_bio_DHparams(b, x, cb, u); 240 BIO_free(b); 241 return ret; 242 } 243 # endif 244 245 #endif 246