Blame - ap/lib/libssl/openssl-1.1.1o/crypto/pem/pem_pk8.c - R306

blob: ab6c4c6bde30a1dd227d97accfdb8c1c348fd844 [file] [log] [blame]

yuezonghe	824eb0c	2024-06-27 02:32:26 -0700	[diff] [blame]	1	/*
				2	* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
				3	*
				4	* Licensed under the OpenSSL license (the "License"). You may not use
				5	* this file except in compliance with the License. You can obtain a copy
				6	* in the file LICENSE in the source distribution or at
				7	* https://www.openssl.org/source/license.html
				8	*/
				9
				10	#include <stdio.h>
				11	#include "internal/cryptlib.h"
				12	#include <openssl/buffer.h>
				13	#include <openssl/objects.h>
				14	#include <openssl/evp.h>
				15	#include <openssl/x509.h>
				16	#include <openssl/pkcs12.h>
				17	#include <openssl/pem.h>
				18
				19	static int do_pk8pkey(BIO bp, EVP_PKEY x, int isder,
				20	int nid, const EVP_CIPHER *enc,
				21	char kstr, int klen, pem_password_cb cb, void *u);
				22
				23	#ifndef OPENSSL_NO_STDIO
				24	static int do_pk8pkey_fp(FILE bp, EVP_PKEY x, int isder,
				25	int nid, const EVP_CIPHER *enc,
				26	char kstr, int klen, pem_password_cb cb, void *u);
				27	#endif
				28	/*
				29	* These functions write a private key in PKCS#8 format: it is a "drop in"
				30	* replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
				31	* is NULL then it uses the unencrypted private key form. The 'nid' versions
				32	* uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
				33	*/
				34
				35	int PEM_write_bio_PKCS8PrivateKey_nid(BIO bp, EVP_PKEY x, int nid,
				36	char *kstr, int klen,
				37	pem_password_cb cb, void u)
				38	{
				39	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
				40	}
				41
				42	int PEM_write_bio_PKCS8PrivateKey(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
				43	char *kstr, int klen,
				44	pem_password_cb cb, void u)
				45	{
				46	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
				47	}
				48
				49	int i2d_PKCS8PrivateKey_bio(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
				50	char *kstr, int klen,
				51	pem_password_cb cb, void u)
				52	{
				53	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
				54	}
				55
				56	int i2d_PKCS8PrivateKey_nid_bio(BIO bp, EVP_PKEY x, int nid,
				57	char *kstr, int klen,
				58	pem_password_cb cb, void u)
				59	{
				60	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
				61	}
				62
				63	static int do_pk8pkey(BIO bp, EVP_PKEY x, int isder, int nid,
				64	const EVP_CIPHER enc, char kstr, int klen,
				65	pem_password_cb cb, void u)
				66	{
				67	X509_SIG *p8;
				68	PKCS8_PRIV_KEY_INFO *p8inf;
				69	char buf[PEM_BUFSIZE];
				70	int ret;
				71
				72	if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) {
				73	PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
				74	return 0;
				75	}
				76	if (enc \|\| (nid != -1)) {
				77	if (!kstr) {
				78	if (!cb)
				79	klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
				80	else
				81	klen = cb(buf, PEM_BUFSIZE, 1, u);
				82	if (klen <= 0) {
				83	PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
				84	PKCS8_PRIV_KEY_INFO_free(p8inf);
				85	return 0;
				86	}
				87
				88	kstr = buf;
				89	}
				90	p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
				91	if (kstr == buf)
				92	OPENSSL_cleanse(buf, klen);
				93	PKCS8_PRIV_KEY_INFO_free(p8inf);
				94	if (p8 == NULL)
				95	return 0;
				96	if (isder)
				97	ret = i2d_PKCS8_bio(bp, p8);
				98	else
				99	ret = PEM_write_bio_PKCS8(bp, p8);
				100	X509_SIG_free(p8);
				101	return ret;
				102	} else {
				103	if (isder)
				104	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
				105	else
				106	ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
				107	PKCS8_PRIV_KEY_INFO_free(p8inf);
				108	return ret;
				109	}
				110	}
				111
				112	EVP_PKEY d2i_PKCS8PrivateKey_bio(BIO bp, EVP_PKEY *x, pem_password_cb cb,
				113	void *u)
				114	{
				115	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
				116	X509_SIG *p8 = NULL;
				117	int klen;
				118	EVP_PKEY *ret;
				119	char psbuf[PEM_BUFSIZE];
				120	p8 = d2i_PKCS8_bio(bp, NULL);
				121	if (!p8)
				122	return NULL;
				123	if (cb)
				124	klen = cb(psbuf, PEM_BUFSIZE, 0, u);
				125	else
				126	klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
				127	if (klen < 0) {
				128	PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
				129	X509_SIG_free(p8);
				130	return NULL;
				131	}
				132	p8inf = PKCS8_decrypt(p8, psbuf, klen);
				133	X509_SIG_free(p8);
				134	OPENSSL_cleanse(psbuf, klen);
				135	if (!p8inf)
				136	return NULL;
				137	ret = EVP_PKCS82PKEY(p8inf);
				138	PKCS8_PRIV_KEY_INFO_free(p8inf);
				139	if (!ret)
				140	return NULL;
				141	if (x) {
				142	EVP_PKEY_free(*x);
				143	*x = ret;
				144	}
				145	return ret;
				146	}
				147
				148	#ifndef OPENSSL_NO_STDIO
				149
				150	int i2d_PKCS8PrivateKey_fp(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
				151	char kstr, int klen, pem_password_cb cb, void *u)
				152	{
				153	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
				154	}
				155
				156	int i2d_PKCS8PrivateKey_nid_fp(FILE fp, EVP_PKEY x, int nid,
				157	char *kstr, int klen,
				158	pem_password_cb cb, void u)
				159	{
				160	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
				161	}
				162
				163	int PEM_write_PKCS8PrivateKey_nid(FILE fp, EVP_PKEY x, int nid,
				164	char *kstr, int klen,
				165	pem_password_cb cb, void u)
				166	{
				167	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
				168	}
				169
				170	int PEM_write_PKCS8PrivateKey(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
				171	char kstr, int klen, pem_password_cb cb,
				172	void *u)
				173	{
				174	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
				175	}
				176
				177	static int do_pk8pkey_fp(FILE fp, EVP_PKEY x, int isder, int nid,
				178	const EVP_CIPHER enc, char kstr, int klen,
				179	pem_password_cb cb, void u)
				180	{
				181	BIO *bp;
				182	int ret;
				183
				184	if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
				185	PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
				186	return 0;
				187	}
				188	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
				189	BIO_free(bp);
				190	return ret;
				191	}
				192
				193	EVP_PKEY d2i_PKCS8PrivateKey_fp(FILE fp, EVP_PKEY *x, pem_password_cb cb,
				194	void *u)
				195	{
				196	BIO *bp;
				197	EVP_PKEY *ret;
				198
				199	if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
				200	PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
				201	return NULL;
				202	}
				203	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
				204	BIO_free(bp);
				205	return ret;
				206	}
				207
				208	#endif
				209
				210	IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
				211
				212
				213	IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
				214	PKCS8_PRIV_KEY_INFO)