1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * We need to use some deprecated APIs
12 */
13 #include "internal/deprecated.h"
14
15 #include <stdio.h>
16 #include <openssl/buffer.h>
17 #include <openssl/objects.h>
18 #include <openssl/evp.h>
19 #include <openssl/x509.h>
20 #include <openssl/pkcs12.h>
21 #include <openssl/pem.h>
22 #include <openssl/engine.h>
23 #include <openssl/dh.h>
24 #include <openssl/decoder.h>
25 #include <openssl/ui.h>
26 #include "internal/cryptlib.h"
27 #include "internal/passphrase.h"
28 #include "crypto/asn1.h"
29 #include "crypto/x509.h"
30 #include "crypto/evp.h"
31 #include "pem_local.h"
32
33 int ossl_pem_check_suffix(const char *pem_str, const char *suffix);
34
pem_read_bio_key_decoder(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u,OSSL_LIB_CTX * libctx,const char * propq,int selection)35 static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x,
36 pem_password_cb *cb, void *u,
37 OSSL_LIB_CTX *libctx,
38 const char *propq,
39 int selection)
40 {
41 EVP_PKEY *pkey = NULL;
42 OSSL_DECODER_CTX *dctx = NULL;
43 int pos, newpos;
44
45 if ((pos = BIO_tell(bp)) < 0)
46 /* We can depend on BIO_tell() thanks to the BIO_f_readbuffer() */
47 return NULL;
48
49 dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL,
50 selection, libctx, propq);
51
52 if (dctx == NULL)
53 return NULL;
54
55 if (cb == NULL)
56 cb = PEM_def_callback;
57
58 if (!OSSL_DECODER_CTX_set_pem_password_cb(dctx, cb, u))
59 goto err;
60
61 ERR_set_mark();
62 while (!OSSL_DECODER_from_bio(dctx, bp) || pkey == NULL)
63 if (BIO_eof(bp) != 0 || (newpos = BIO_tell(bp)) < 0 || newpos <= pos) {
64 ERR_clear_last_mark();
65 goto err;
66 } else {
67 if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_UNSUPPORTED) {
68 /* unsupported PEM data, try again */
69 ERR_pop_to_mark();
70 ERR_set_mark();
71 } else {
72 /* other error, bail out */
73 ERR_clear_last_mark();
74 goto err;
75 }
76 pos = newpos;
77 }
78 ERR_pop_to_mark();
79
80 /* if we were asked for private key, the public key is optional */
81 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
82 selection = selection & ~OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
83
84 if (!evp_keymgmt_util_has(pkey, selection)) {
85 EVP_PKEY_free(pkey);
86 pkey = NULL;
87 ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
88 goto err;
89 }
90
91 if (x != NULL) {
92 EVP_PKEY_free(*x);
93 *x = pkey;
94 }
95
96 err:
97 OSSL_DECODER_CTX_free(dctx);
98 return pkey;
99 }
100
pem_read_bio_key_legacy(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u,OSSL_LIB_CTX * libctx,const char * propq,int selection)101 static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x,
102 pem_password_cb *cb, void *u,
103 OSSL_LIB_CTX *libctx,
104 const char *propq,
105 int selection)
106 {
107 char *nm = NULL;
108 const unsigned char *p = NULL;
109 unsigned char *data = NULL;
110 long len;
111 int slen;
112 EVP_PKEY *ret = NULL;
113
114 ERR_set_mark(); /* not interested in PEM read errors */
115 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
116 if (!PEM_bytes_read_bio_secmem(&data, &len, &nm,
117 PEM_STRING_EVP_PKEY,
118 bp, cb, u)) {
119 ERR_pop_to_mark();
120 return NULL;
121 }
122 } else {
123 const char *pem_string = PEM_STRING_PARAMETERS;
124
125 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
126 pem_string = PEM_STRING_PUBLIC;
127 if (!PEM_bytes_read_bio(&data, &len, &nm,
128 pem_string,
129 bp, cb, u)) {
130 ERR_pop_to_mark();
131 return NULL;
132 }
133 }
134 ERR_clear_last_mark();
135 p = data;
136
137 if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
138 PKCS8_PRIV_KEY_INFO *p8inf;
139
140 if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len)) == NULL)
141 goto p8err;
142 ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
143 if (x != NULL) {
144 EVP_PKEY_free(*x);
145 *x = ret;
146 }
147 PKCS8_PRIV_KEY_INFO_free(p8inf);
148 } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
149 PKCS8_PRIV_KEY_INFO *p8inf;
150 X509_SIG *p8;
151 int klen;
152 char psbuf[PEM_BUFSIZE];
153
154 if ((p8 = d2i_X509_SIG(NULL, &p, len)) == NULL)
155 goto p8err;
156 if (cb != NULL)
157 klen = cb(psbuf, PEM_BUFSIZE, 0, u);
158 else
159 klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
160 if (klen < 0) {
161 ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
162 X509_SIG_free(p8);
163 goto err;
164 }
165 p8inf = PKCS8_decrypt(p8, psbuf, klen);
166 X509_SIG_free(p8);
167 OPENSSL_cleanse(psbuf, klen);
168 if (p8inf == NULL)
169 goto p8err;
170 ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
171 if (x != NULL) {
172 EVP_PKEY_free(*x);
173 *x = ret;
174 }
175 PKCS8_PRIV_KEY_INFO_free(p8inf);
176 } else if ((slen = ossl_pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
177 const EVP_PKEY_ASN1_METHOD *ameth;
178 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
179 if (ameth == NULL || ameth->old_priv_decode == NULL)
180 goto p8err;
181 ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx,
182 propq);
183 } else if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0
184 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
185 /* Trying legacy PUBKEY decoding only if we do not want private key. */
186 ret = ossl_d2i_PUBKEY_legacy(x, &p, len);
187 } else if ((selection & EVP_PKEY_KEYPAIR) == 0
188 && (slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) {
189 /* Trying legacy params decoding only if we do not want a key. */
190 ret = EVP_PKEY_new();
191 if (ret == NULL)
192 goto err;
193 if (!EVP_PKEY_set_type_str(ret, nm, slen)
194 || !ret->ameth->param_decode
195 || !ret->ameth->param_decode(ret, &p, len)) {
196 EVP_PKEY_free(ret);
197 ret = NULL;
198 goto err;
199 }
200 if (x) {
201 EVP_PKEY_free(*x);
202 *x = ret;
203 }
204 }
205
206 p8err:
207 if (ret == NULL && ERR_peek_last_error() == 0)
208 /* ensure some error is reported but do not hide the real one */
209 ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
210 err:
211 OPENSSL_secure_free(nm);
212 OPENSSL_secure_clear_free(data, len);
213 return ret;
214 }
215
pem_read_bio_key(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u,OSSL_LIB_CTX * libctx,const char * propq,int selection)216 static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
217 pem_password_cb *cb, void *u,
218 OSSL_LIB_CTX *libctx,
219 const char *propq,
220 int selection)
221 {
222 EVP_PKEY *ret = NULL;
223 BIO *new_bio = NULL;
224 int pos;
225 struct ossl_passphrase_data_st pwdata = { 0 };
226
227 if ((pos = BIO_tell(bp)) < 0) {
228 new_bio = BIO_new(BIO_f_readbuffer());
229 if (new_bio == NULL)
230 return NULL;
231 bp = BIO_push(new_bio, bp);
232 pos = BIO_tell(bp);
233 }
234
235 if (cb == NULL)
236 cb = PEM_def_callback;
237
238 if (!ossl_pw_set_pem_password_cb(&pwdata, cb, u)
239 || !ossl_pw_enable_passphrase_caching(&pwdata))
240 goto err;
241
242 ERR_set_mark();
243 ret = pem_read_bio_key_decoder(bp, x, ossl_pw_pem_password, &pwdata,
244 libctx, propq, selection);
245 if (ret == NULL
246 && (BIO_seek(bp, pos) < 0
247 || (ret = pem_read_bio_key_legacy(bp, x,
248 ossl_pw_pem_password, &pwdata,
249 libctx, propq,
250 selection)) == NULL))
251 ERR_clear_last_mark();
252 else
253 ERR_pop_to_mark();
254
255 err:
256 ossl_pw_clear_passphrase_data(&pwdata);
257 if (new_bio != NULL) {
258 BIO_pop(new_bio);
259 BIO_free(new_bio);
260 }
261 return ret;
262 }
263
PEM_read_bio_PUBKEY_ex(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u,OSSL_LIB_CTX * libctx,const char * propq)264 EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
265 pem_password_cb *cb, void *u,
266 OSSL_LIB_CTX *libctx, const char *propq)
267 {
268 return pem_read_bio_key(bp, x, cb, u, libctx, propq,
269 EVP_PKEY_PUBLIC_KEY);
270 }
271
PEM_read_bio_PUBKEY(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u)272 EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
273 void *u)
274 {
275 return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL);
276 }
277
278 #ifndef OPENSSL_NO_STDIO
PEM_read_PUBKEY_ex(FILE * fp,EVP_PKEY ** x,pem_password_cb * cb,void * u,OSSL_LIB_CTX * libctx,const char * propq)279 EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
280 pem_password_cb *cb, void *u,
281 OSSL_LIB_CTX *libctx, const char *propq)
282 {
283 BIO *b;
284 EVP_PKEY *ret;
285
286 if ((b = BIO_new(BIO_s_file())) == NULL) {
287 ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
288 return 0;
289 }
290 BIO_set_fp(b, fp, BIO_NOCLOSE);
291 ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq);
292 BIO_free(b);
293 return ret;
294 }
295
PEM_read_PUBKEY(FILE * fp,EVP_PKEY ** x,pem_password_cb * cb,void * u)296 EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
297 {
298 return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL);
299 }
300 #endif
301
PEM_read_bio_PrivateKey_ex(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u,OSSL_LIB_CTX * libctx,const char * propq)302 EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
303 pem_password_cb *cb, void *u,
304 OSSL_LIB_CTX *libctx, const char *propq)
305 {
306 return pem_read_bio_key(bp, x, cb, u, libctx, propq,
307 /* we also want the public key, if available */
308 EVP_PKEY_KEYPAIR);
309 }
310
PEM_read_bio_PrivateKey(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u)311 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
312 void *u)
313 {
314 return PEM_read_bio_PrivateKey_ex(bp, x, cb, u, NULL, NULL);
315 }
316
PEM_write_cb_ex_fnsig(PrivateKey,EVP_PKEY,BIO,write_bio)317 PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio)
318 {
319 IMPLEMENT_PEM_provided_write_body_vars(pkey, PrivateKey, propq);
320
321 IMPLEMENT_PEM_provided_write_body_pass();
322 IMPLEMENT_PEM_provided_write_body_main(pkey, bio);
323
324 legacy:
325 if (x != NULL && (x->ameth == NULL || x->ameth->priv_encode != NULL))
326 return PEM_write_bio_PKCS8PrivateKey(out, x, enc,
327 (const char *)kstr, klen, cb, u);
328 return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u);
329 }
330
PEM_write_cb_fnsig(PrivateKey,EVP_PKEY,BIO,write_bio)331 PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio)
332 {
333 return PEM_write_bio_PrivateKey_ex(out, x, enc, kstr, klen, cb, u,
334 NULL, NULL);
335 }
336
337 /*
338 * Note: there is no way to tell a provided pkey encoder to use "traditional"
339 * encoding. Therefore, if the pkey is provided, we try to take a copy
340 */
PEM_write_bio_PrivateKey_traditional(BIO * bp,const EVP_PKEY * x,const EVP_CIPHER * enc,const unsigned char * kstr,int klen,pem_password_cb * cb,void * u)341 int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
342 const EVP_CIPHER *enc,
343 const unsigned char *kstr, int klen,
344 pem_password_cb *cb, void *u)
345 {
346 char pem_str[80];
347 EVP_PKEY *copy = NULL;
348 int ret;
349
350 if (x == NULL)
351 return 0;
352
353 if (evp_pkey_is_assigned(x)
354 && evp_pkey_is_provided(x)
355 && evp_pkey_copy_downgraded(©, x))
356 x = copy;
357
358 if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) {
359 ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
360 EVP_PKEY_free(copy);
361 return 0;
362 }
363 BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
364 ret = PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
365 pem_str, bp, x, enc, kstr, klen, cb, u);
366
367 EVP_PKEY_free(copy);
368 return ret;
369 }
370
no_password_cb(char * buf,int num,int rwflag,void * userdata)371 static int no_password_cb(char *buf, int num, int rwflag, void *userdata)
372 {
373 return -1;
374 }
375
PEM_read_bio_Parameters_ex(BIO * bp,EVP_PKEY ** x,OSSL_LIB_CTX * libctx,const char * propq)376 EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
377 OSSL_LIB_CTX *libctx, const char *propq)
378 {
379 /*
380 * PEM_read_bio_Parameters(_ex) should never ask for a password. Any attempt
381 * to get a password just fails.
382 */
383 return pem_read_bio_key(bp, x, no_password_cb, NULL, libctx, propq,
384 EVP_PKEY_KEY_PARAMETERS);
385 }
386
PEM_read_bio_Parameters(BIO * bp,EVP_PKEY ** x)387 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
388 {
389 return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL);
390 }
391
PEM_write_fnsig(Parameters,EVP_PKEY,BIO,write_bio)392 PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio)
393 {
394 char pem_str[80];
395 IMPLEMENT_PEM_provided_write_body_vars(pkey, Parameters, NULL);
396
397 IMPLEMENT_PEM_provided_write_body_main(pkey, bio);
398
399 legacy:
400 if (!x->ameth || !x->ameth->param_encode)
401 return 0;
402
403 BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
404 return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
405 pem_str, out, x, NULL, NULL, 0, 0, NULL);
406 }
407
408 #ifndef OPENSSL_NO_STDIO
PEM_read_PrivateKey_ex(FILE * fp,EVP_PKEY ** x,pem_password_cb * cb,void * u,OSSL_LIB_CTX * libctx,const char * propq)409 EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
410 void *u, OSSL_LIB_CTX *libctx,
411 const char *propq)
412 {
413 BIO *b;
414 EVP_PKEY *ret;
415
416 if ((b = BIO_new(BIO_s_file())) == NULL) {
417 ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
418 return 0;
419 }
420 BIO_set_fp(b, fp, BIO_NOCLOSE);
421 ret = PEM_read_bio_PrivateKey_ex(b, x, cb, u, libctx, propq);
422 BIO_free(b);
423 return ret;
424 }
425
PEM_read_PrivateKey(FILE * fp,EVP_PKEY ** x,pem_password_cb * cb,void * u)426 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
427 void *u)
428 {
429 return PEM_read_PrivateKey_ex(fp, x, cb, u, NULL, NULL);
430 }
431
PEM_write_cb_ex_fnsig(PrivateKey,EVP_PKEY,FILE,write)432 PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, FILE, write)
433 {
434 BIO *b;
435 int ret;
436
437 if ((b = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
438 ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
439 return 0;
440 }
441 ret = PEM_write_bio_PrivateKey_ex(b, x, enc, kstr, klen, cb, u,
442 libctx, propq);
443 BIO_free(b);
444 return ret;
445 }
446
PEM_write_cb_fnsig(PrivateKey,EVP_PKEY,FILE,write)447 PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, FILE, write)
448 {
449 return PEM_write_PrivateKey_ex(out, x, enc, kstr, klen, cb, u, NULL, NULL);
450 }
451 #endif
452