[thirdparty/openssl.git] / crypto / pem / pem_pkey.c

/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* We need to use some deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs12.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#include <openssl/dh.h>
#include <openssl/decoder.h>
#include <openssl/ui.h>
#include "crypto/asn1.h"
#include "crypto/x509.h"
#include "crypto/evp.h"
#include "pem_local.h"

int ossl_pem_check_suffix(const char *pem_str, const char *suffix);

static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x,
                                          pem_password_cb *cb, void *u,
                                          OSSL_LIB_CTX *libctx,
                                          const char *propq,
                                          int selection)
{
    EVP_PKEY *pkey = NULL;
    OSSL_DECODER_CTX *dctx = NULL;
    int pos, newpos;

    if ((pos = BIO_tell(bp)) < 0)
        /* We can depend on BIO_tell() thanks to the BIO_f_readbuffer() */
        return NULL;

    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL,
                                         selection, libctx, propq);

    if (dctx == NULL)
        return NULL;

    if (cb == NULL)
        cb = PEM_def_callback;

    if (!OSSL_DECODER_CTX_set_pem_password_cb(dctx, cb, u))
        goto err;

    while (!OSSL_DECODER_from_bio(dctx, bp) || pkey == NULL)
        if (BIO_eof(bp) != 0 || (newpos = BIO_tell(bp)) < 0 || newpos <= pos)
            goto err;
        else
            pos = newpos;

    if (!evp_keymgmt_util_has(pkey, selection)) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
        ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
        goto err;
    }

    if (x != NULL) {
        EVP_PKEY_free(*x);
        *x = pkey;
    }

 err:
    OSSL_DECODER_CTX_free(dctx);
    return pkey;
}

static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x,
                                         pem_password_cb *cb, void *u,
                                         OSSL_LIB_CTX *libctx,
                                         const char *propq,
                                         int selection)
{
    char *nm = NULL;
    const unsigned char *p = NULL;
    unsigned char *data = NULL;
    long len;
    int slen;
    EVP_PKEY *ret = NULL;

    ERR_set_mark();  /* not interested in PEM read errors */
    if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
        if (!PEM_bytes_read_bio_secmem(&data, &len, &nm,
                                       PEM_STRING_EVP_PKEY,
                                       bp, cb, u)) {
            ERR_pop_to_mark();
            return NULL;
         }
    } else {
        const char *pem_string = PEM_STRING_PARAMETERS;

        if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
            pem_string = PEM_STRING_PUBLIC;
        if (!PEM_bytes_read_bio(&data, &len, &nm,
                                pem_string,
                                bp, cb, u)) {
            ERR_pop_to_mark();
            return NULL;
        }
    }
    ERR_clear_last_mark();
    p = data;

    if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
        PKCS8_PRIV_KEY_INFO *p8inf;

        if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len)) == NULL)
            goto p8err;
        ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
        if (x != NULL) {
            EVP_PKEY_free(*x);
            *x = ret;
        }
        PKCS8_PRIV_KEY_INFO_free(p8inf);
    } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
        PKCS8_PRIV_KEY_INFO *p8inf;
        X509_SIG *p8;
        int klen;
        char psbuf[PEM_BUFSIZE];

        if ((p8 = d2i_X509_SIG(NULL, &p, len)) == NULL)
            goto p8err;
        if (cb != NULL)
            klen = cb(psbuf, PEM_BUFSIZE, 0, u);
        else
            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
        if (klen < 0) {
            ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
            X509_SIG_free(p8);
            goto err;
        }
        p8inf = PKCS8_decrypt(p8, psbuf, klen);
        X509_SIG_free(p8);
        OPENSSL_cleanse(psbuf, klen);
        if (p8inf == NULL)
            goto p8err;
        ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
        if (x != NULL) {
            EVP_PKEY_free(*x);
            *x = ret;
        }
        PKCS8_PRIV_KEY_INFO_free(p8inf);
    } else if ((slen = ossl_pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
        const EVP_PKEY_ASN1_METHOD *ameth;
        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
        if (ameth == NULL || ameth->old_priv_decode == NULL)
            goto p8err;
        ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx,
                                         propq);
    } else if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) {
        ret = ossl_d2i_PUBKEY_legacy(x, &p, len);
    } else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) {
        ret = EVP_PKEY_new();
        if (ret == NULL)
            goto err;
        if (!EVP_PKEY_set_type_str(ret, nm, slen)
            || !ret->ameth->param_decode
            || !ret->ameth->param_decode(ret, &p, len)) {
            EVP_PKEY_free(ret);
            ret = NULL;
            goto err;
        }
        if (x) {
            EVP_PKEY_free(*x);
            *x = ret;
        }
    }

 p8err:
    if (ret == NULL && ERR_peek_last_error() == 0)
        /* ensure some error is reported but do not hide the real one */
        ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
 err:
    OPENSSL_secure_free(nm);
    OPENSSL_secure_clear_free(data, len);
    return ret;
}

static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
                                  pem_password_cb *cb, void *u,
                                  OSSL_LIB_CTX *libctx,
                                  const char *propq,
                                  int selection)
{
    EVP_PKEY *ret;
    BIO *new_bio = NULL;
    int pos;

    if ((pos = BIO_tell(bp)) < 0) {
        new_bio = BIO_new(BIO_f_readbuffer());
        if (new_bio == NULL)
            return NULL;
        bp = BIO_push(new_bio, bp);
        pos = BIO_tell(bp);
    }

    ERR_set_mark();
    ret = pem_read_bio_key_decoder(bp, x, cb, u, libctx, propq, selection);
    if (ret == NULL
        && (BIO_seek(bp, pos) < 0
            || (ret = pem_read_bio_key_legacy(bp, x, cb, u,
                                              libctx, propq,
                                              selection)) == NULL))
        ERR_clear_last_mark();
    else
        ERR_pop_to_mark();

    if (new_bio != NULL) {
        BIO_pop(new_bio);
        BIO_free(new_bio);
    }
    return ret;
}

EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
                                 pem_password_cb *cb, void *u,
                                 OSSL_LIB_CTX *libctx, const char *propq)
{
    return pem_read_bio_key(bp, x, cb, u, libctx, propq,
                            EVP_PKEY_PUBLIC_KEY);
}

EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                              void *u)
{
    return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL);
}

#ifndef OPENSSL_NO_STDIO
EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
                             pem_password_cb *cb, void *u,
                             OSSL_LIB_CTX *libctx, const char *propq)
{
    BIO *b;
    EVP_PKEY *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
        return 0;
    }
    BIO_set_fp(b, fp, BIO_NOCLOSE);
    ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq);
    BIO_free(b);
    return ret;
}

EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
    return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL);
}
#endif

EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
                                     pem_password_cb *cb, void *u,
                                     OSSL_LIB_CTX *libctx, const char *propq)
{
    return pem_read_bio_key(bp, x, cb, u, libctx, propq,
                            EVP_PKEY_KEYPAIR);
}

EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                  void *u)
{
    return PEM_read_bio_PrivateKey_ex(bp, x, cb, u, NULL, NULL);
}

PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio)
{
    IMPLEMENT_PEM_provided_write_body_vars(pkey, PrivateKey, propq);

    IMPLEMENT_PEM_provided_write_body_pass();
    IMPLEMENT_PEM_provided_write_body_main(pkey, bio);

 legacy:
    if (x->ameth == NULL || x->ameth->priv_encode != NULL)
        return PEM_write_bio_PKCS8PrivateKey(out, x, enc,
                                             (const char *)kstr, klen, cb, u);
    return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u);
}

PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio)
{
    return PEM_write_bio_PrivateKey_ex(out, x, enc, kstr, klen, cb, u,
                                       NULL, NULL);
}

/*
 * Note: there is no way to tell a provided pkey encoder to use "traditional"
 * encoding.  Therefore, if the pkey is provided, we try to take a copy 
 */
int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
                                         const EVP_CIPHER *enc,
                                         const unsigned char *kstr, int klen,
                                         pem_password_cb *cb, void *u)
{
    char pem_str[80];
    EVP_PKEY *copy = NULL;
    int ret;

    if (evp_pkey_is_assigned(x)
        && evp_pkey_is_provided(x)
        && evp_pkey_copy_downgraded(&copy, x))
        x = copy;

    if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) {
        ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
        return 0;
    }
    BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
    ret = PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
                             pem_str, bp, x, enc, kstr, klen, cb, u);

    EVP_PKEY_free(copy);
    return ret;
}

EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
                                     OSSL_LIB_CTX *libctx, const char *propq)
{
    return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
                            EVP_PKEY_KEY_PARAMETERS);
}

EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
{
    return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL);
}

PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio)
{
    char pem_str[80];
    IMPLEMENT_PEM_provided_write_body_vars(pkey, Parameters, NULL);

    IMPLEMENT_PEM_provided_write_body_main(pkey, bio);

 legacy:
    if (!x->ameth || !x->ameth->param_encode)
        return 0;

    BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
    return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
                              pem_str, out, x, NULL, NULL, 0, 0, NULL);
}

#ifndef OPENSSL_NO_STDIO
EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
                                 void *u, OSSL_LIB_CTX *libctx,
                                 const char *propq)
{
    BIO *b;
    EVP_PKEY *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
        return 0;
    }
    BIO_set_fp(b, fp, BIO_NOCLOSE);
    ret = PEM_read_bio_PrivateKey_ex(b, x, cb, u, libctx, propq);
    BIO_free(b);
    return ret;
}

EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
                              void *u)
{
    return PEM_read_PrivateKey_ex(fp, x, cb, u, NULL, NULL);
}

PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, FILE, write)
{
    BIO *b;
    int ret;

    if ((b = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
        ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
        return 0;
    }
    ret = PEM_write_bio_PrivateKey_ex(b, x, enc, kstr, klen, cb, u,
                                      libctx, propq);
    BIO_free(b);
    return ret;
}

PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, FILE, write)
{
    return PEM_write_PrivateKey_ex(out, x, enc, kstr, klen, cb, u, NULL, NULL);
}
#endif
Commit	Line	Data
62867571	1	/*
a28d06f3	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
1241126a	3	*
16742672	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
62867571 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
1241126a DSH	8	*/
1241126a DSH	9
b4c4a2c6	10	/* We need to use some deprecated APIs */
a1447076 RL	11	#define OPENSSL_SUPPRESS_DEPRECATED
a1447076 RL	12
1241126a	13	#include <stdio.h>
b39fc560	14	#include "internal/cryptlib.h"
1241126a DSH	15	#include <openssl/buffer.h>
	16	#include <openssl/objects.h>
	17	#include <openssl/evp.h>
1241126a DSH	18	#include <openssl/x509.h>
	19	#include <openssl/pkcs12.h>
	20	#include <openssl/pem.h>
3c27208f RS	21	#include <openssl/engine.h>
3c27208f RS	22	#include <openssl/dh.h>
b4c4a2c6	23	#include <openssl/decoder.h>
1427d33c	24	#include <openssl/ui.h>
25f2138b	25	#include "crypto/asn1.h"
b2f1b365	26	#include "crypto/x509.h"
25f2138b	27	#include "crypto/evp.h"
f864a939	28	#include "pem_local.h"
1241126a	29
b78c0166	30	int ossl_pem_check_suffix(const char pem_str, const char suffix);
1241126a	31
7bc027d7 TM	32	static EVP_PKEY pem_read_bio_key_decoder(BIO bp, EVP_PKEY **x,
	33	pem_password_cb cb, void u,
	34	OSSL_LIB_CTX *libctx,
	35	const char *propq,
	36	int selection)
0f113f3e	37	{
b4c4a2c6 TM	38	EVP_PKEY *pkey = NULL;
b4c4a2c6 TM	39	OSSL_DECODER_CTX *dctx = NULL;
07f65429 TM	40	int pos, newpos;
	41
	42	if ((pos = BIO_tell(bp)) < 0)
	43	/* We can depend on BIO_tell() thanks to the BIO_f_readbuffer() */
	44	return NULL;
b4c4a2c6 TM	45
	46	dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL,
	47	selection, libctx, propq);
	48
	49	if (dctx == NULL)
6e5ccd58	50	return NULL;
6e5ccd58	51
6e5ccd58	52	if (cb == NULL)
00eae3f9	53	cb = PEM_def_callback;
1427d33c	54
b4c4a2c6	55	if (!OSSL_DECODER_CTX_set_pem_password_cb(dctx, cb, u))
1427d33c	56	goto err;
b4c4a2c6 TM	57
b4c4a2c6 TM	58	while (!OSSL_DECODER_from_bio(dctx, bp) \|\| pkey == NULL)
07f65429	59	if (BIO_eof(bp) != 0 \|\| (newpos = BIO_tell(bp)) < 0 \|\| newpos <= pos)
0f113f3e	60	goto err;
07f65429 TM	61	else
07f65429 TM	62	pos = newpos;
1427d33c	63
b4c4a2c6 TM	64	if (!evp_keymgmt_util_has(pkey, selection)) {
	65	EVP_PKEY_free(pkey);
	66	pkey = NULL;
	67	ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
8d8fee64	68	goto err;
0f113f3e	69	}
1427d33c	70
b4c4a2c6 TM	71	if (x != NULL) {
	72	EVP_PKEY_free(*x);
	73	*x = pkey;
	74	}
1427d33c	75
0f113f3e	76	err:
b4c4a2c6 TM	77	OSSL_DECODER_CTX_free(dctx);
b4c4a2c6 TM	78	return pkey;
0f113f3e	79	}
1241126a	80
7bc027d7 TM	81	static EVP_PKEY pem_read_bio_key_legacy(BIO bp, EVP_PKEY **x,
	82	pem_password_cb cb, void u,
	83	OSSL_LIB_CTX *libctx,
	84	const char *propq,
	85	int selection)
	86	{
	87	char *nm = NULL;
	88	const unsigned char *p = NULL;
	89	unsigned char *data = NULL;
	90	long len;
	91	int slen;
	92	EVP_PKEY *ret = NULL;
	93
	94	ERR_set_mark(); /* not interested in PEM read errors */
	95	if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
	96	if (!PEM_bytes_read_bio_secmem(&data, &len, &nm,
	97	PEM_STRING_EVP_PKEY,
	98	bp, cb, u)) {
	99	ERR_pop_to_mark();
	100	return NULL;
	101	}
	102	} else {
	103	const char *pem_string = PEM_STRING_PARAMETERS;
	104
	105	if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
	106	pem_string = PEM_STRING_PUBLIC;
	107	if (!PEM_bytes_read_bio(&data, &len, &nm,
	108	pem_string,
	109	bp, cb, u)) {
	110	ERR_pop_to_mark();
	111	return NULL;
	112	}
	113	}
	114	ERR_clear_last_mark();
	115	p = data;
	116
	117	if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
	118	PKCS8_PRIV_KEY_INFO *p8inf;
	119
	120	if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len)) == NULL)
	121	goto p8err;
	122	ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
	123	if (x != NULL) {
	124	EVP_PKEY_free(*x);
	125	*x = ret;
	126	}
	127	PKCS8_PRIV_KEY_INFO_free(p8inf);
	128	} else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
	129	PKCS8_PRIV_KEY_INFO *p8inf;
	130	X509_SIG *p8;
	131	int klen;
	132	char psbuf[PEM_BUFSIZE];
	133
	134	if ((p8 = d2i_X509_SIG(NULL, &p, len)) == NULL)
	135	goto p8err;
	136	if (cb != NULL)
	137	klen = cb(psbuf, PEM_BUFSIZE, 0, u);
	138	else
	139	klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
	140	if (klen < 0) {
	141	ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
	142	X509_SIG_free(p8);
	143	goto err;
	144	}
145	p8inf = PKCS8_decrypt(p8, psbuf, klen);
146	X509_SIG_free(p8);
147	OPENSSL_cleanse(psbuf, klen);
148	if (p8inf == NULL)
149	goto p8err;
150	ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
151	if (x != NULL) {
152	EVP_PKEY_free(*x);
153	*x = ret;
154	}
155	PKCS8_PRIV_KEY_INFO_free(p8inf);
156	} else if ((slen = ossl_pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
157	const EVP_PKEY_ASN1_METHOD *ameth;
158	ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
159	if (ameth == NULL \|\| ameth->old_priv_decode == NULL)
160	goto p8err;
b2f1b365 MC	161	ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx,
b2f1b365 MC	162	propq);
7bc027d7	163	} else if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) {
b2f1b365	164	ret = ossl_d2i_PUBKEY_legacy(x, &p, len);
7bc027d7 TM	165	} else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) {
	166	ret = EVP_PKEY_new();
	167	if (ret == NULL)
	168	goto err;
	169	if (!EVP_PKEY_set_type_str(ret, nm, slen)
	170	\|\| !ret->ameth->param_decode
	171	\|\| !ret->ameth->param_decode(ret, &p, len)) {
	172	EVP_PKEY_free(ret);
	173	ret = NULL;
	174	goto err;
	175	}
	176	if (x) {
	177	EVP_PKEY_free(*x);
	178	*x = ret;
	179	}
	180	}
	181
	182	p8err:
8a709c5e TM	183	if (ret == NULL && ERR_peek_last_error() == 0)
8a709c5e TM	184	/* ensure some error is reported but do not hide the real one */
7bc027d7 TM	185	ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
	186	err:
	187	OPENSSL_secure_free(nm);
	188	OPENSSL_secure_clear_free(data, len);
	189	return ret;
	190	}
	191
	192	static EVP_PKEY pem_read_bio_key(BIO bp, EVP_PKEY **x,
	193	pem_password_cb cb, void u,
	194	OSSL_LIB_CTX *libctx,
	195	const char *propq,
	196	int selection)
	197	{
	198	EVP_PKEY *ret;
	199	BIO *new_bio = NULL;
	200	int pos;
	201
	202	if ((pos = BIO_tell(bp)) < 0) {
	203	new_bio = BIO_new(BIO_f_readbuffer());
	204	if (new_bio == NULL)
	205	return NULL;
	206	bp = BIO_push(new_bio, bp);
	207	pos = BIO_tell(bp);
	208	}
	209
	210	ERR_set_mark();
	211	ret = pem_read_bio_key_decoder(bp, x, cb, u, libctx, propq, selection);
	212	if (ret == NULL
	213	&& (BIO_seek(bp, pos) < 0
	214	\|\| (ret = pem_read_bio_key_legacy(bp, x, cb, u,
	215	libctx, propq,
	216	selection)) == NULL))
	217	ERR_clear_last_mark();
	218	else
	219	ERR_pop_to_mark();
	220
	221	if (new_bio != NULL) {
	222	BIO_pop(new_bio);
	223	BIO_free(new_bio);
	224	}
	225	return ret;
	226	}
	227
6e5ccd58 RL	228	EVP_PKEY PEM_read_bio_PUBKEY_ex(BIO bp, EVP_PKEY **x,
6e5ccd58 RL	229	pem_password_cb cb, void u,
b4250010	230	OSSL_LIB_CTX libctx, const char propq)
6e5ccd58 RL	231	{
6e5ccd58 RL	232	return pem_read_bio_key(bp, x, cb, u, libctx, propq,
b4c4a2c6	233	EVP_PKEY_PUBLIC_KEY);
6e5ccd58 RL	234	}
	235
	236	EVP_PKEY PEM_read_bio_PUBKEY(BIO bp, EVP_PKEY *x, pem_password_cb cb,
	237	void *u)
	238	{
	239	return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL);
	240	}
	241
	242	#ifndef OPENSSL_NO_STDIO
	243	EVP_PKEY PEM_read_PUBKEY_ex(FILE fp, EVP_PKEY **x,
	244	pem_password_cb cb, void u,
b4250010	245	OSSL_LIB_CTX libctx, const char propq)
6e5ccd58 RL	246	{
	247	BIO *b;
	248	EVP_PKEY *ret;
	249
	250	if ((b = BIO_new(BIO_s_file())) == NULL) {
9311d0c4	251	ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
6e5ccd58 RL	252	return 0;
	253	}
	254	BIO_set_fp(b, fp, BIO_NOCLOSE);
	255	ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq);
	256	BIO_free(b);
	257	return ret;
	258	}
	259
	260	EVP_PKEY PEM_read_PUBKEY(FILE fp, EVP_PKEY *x, pem_password_cb cb, void *u)
	261	{
	262	return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL);
	263	}
	264	#endif
	265
	266	EVP_PKEY PEM_read_bio_PrivateKey_ex(BIO bp, EVP_PKEY **x,
	267	pem_password_cb cb, void u,
b4250010	268	OSSL_LIB_CTX libctx, const char propq)
6e5ccd58 RL	269	{
6e5ccd58 RL	270	return pem_read_bio_key(bp, x, cb, u, libctx, propq,
b4c4a2c6	271	EVP_PKEY_KEYPAIR);
6e5ccd58 RL	272	}
6e5ccd58 RL	273
1531241c MC	274	EVP_PKEY PEM_read_bio_PrivateKey(BIO bp, EVP_PKEY *x, pem_password_cb cb,
	275	void *u)
	276	{
	277	return PEM_read_bio_PrivateKey_ex(bp, x, cb, u, NULL, NULL);
	278	}
	279
9256e8a2	280	PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio)
0f113f3e	281	{
fe75766c	282	IMPLEMENT_PEM_provided_write_body_vars(pkey, PrivateKey, propq);
f864a939 RL	283
f864a939 RL	284	IMPLEMENT_PEM_provided_write_body_pass();
fe75766c	285	IMPLEMENT_PEM_provided_write_body_main(pkey, bio);
f864a939 RL	286
f864a939 RL	287	legacy:
05dba815	288	if (x->ameth == NULL \|\| x->ameth->priv_encode != NULL)
f864a939	289	return PEM_write_bio_PKCS8PrivateKey(out, x, enc,
de0799b0	290	(const char *)kstr, klen, cb, u);
f864a939	291	return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u);
05dba815	292	}
e4263314	293
9256e8a2 RL	294	PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio)
	295	{
	296	return PEM_write_bio_PrivateKey_ex(out, x, enc, kstr, klen, cb, u,
	297	NULL, NULL);
	298	}
	299
4ce1025a RL	300	/*
	301	* Note: there is no way to tell a provided pkey encoder to use "traditional"
	302	* encoding. Therefore, if the pkey is provided, we try to take a copy
4ce1025a	303	*/
de0799b0	304	int PEM_write_bio_PrivateKey_traditional(BIO bp, const EVP_PKEY x,
05dba815	305	const EVP_CIPHER *enc,
de0799b0	306	const unsigned char *kstr, int klen,
05dba815 DSH	307	pem_password_cb cb, void u)
	308	{
	309	char pem_str[80];
4ce1025a RL	310	EVP_PKEY *copy = NULL;
	311	int ret;
	312
	313	if (evp_pkey_is_assigned(x)
	314	&& evp_pkey_is_provided(x)
	315	&& evp_pkey_copy_downgraded(&copy, x))
	316	x = copy;
87d91d22 RL	317
	318	if (x->ameth == NULL \|\| x->ameth->old_priv_encode == NULL) {
	319	ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
	320	return 0;
	321	}
0f113f3e	322	BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
4ce1025a RL	323	ret = PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
	324	pem_str, bp, x, enc, kstr, klen, cb, u);
	325
	326	EVP_PKEY_free(copy);
	327	return ret;
0f113f3e	328	}
e4263314	329
6e5ccd58	330	EVP_PKEY PEM_read_bio_Parameters_ex(BIO bp, EVP_PKEY **x,
b4250010	331	OSSL_LIB_CTX libctx, const char propq)
0f113f3e	332	{
6e5ccd58	333	return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
b4c4a2c6	334	EVP_PKEY_KEY_PARAMETERS);
6e5ccd58	335	}
1427d33c	336
6e5ccd58 RL	337	EVP_PKEY PEM_read_bio_Parameters(BIO bp, EVP_PKEY **x)
	338	{
	339	return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL);
0f113f3e	340	}
db98bbc1	341
f864a939	342	PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio)
0f113f3e MC	343	{
0f113f3e MC	344	char pem_str[80];
fe75766c	345	IMPLEMENT_PEM_provided_write_body_vars(pkey, Parameters, NULL);
f864a939	346
fe75766c	347	IMPLEMENT_PEM_provided_write_body_main(pkey, bio);
f864a939 RL	348
f864a939 RL	349	legacy:
0f113f3e MC	350	if (!x->ameth \|\| !x->ameth->param_encode)
0f113f3e MC	351	return 0;
db98bbc1	352
0f113f3e MC	353	BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
0f113f3e MC	354	return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
f864a939	355	pem_str, out, x, NULL, NULL, 0, 0, NULL);
0f113f3e	356	}
e4263314	357
4b618848	358	#ifndef OPENSSL_NO_STDIO
1531241c	359	EVP_PKEY PEM_read_PrivateKey_ex(FILE fp, EVP_PKEY *x, pem_password_cb cb,
b4250010	360	void u, OSSL_LIB_CTX libctx,
1531241c	361	const char *propq)
0f113f3e MC	362	{
	363	BIO *b;
	364	EVP_PKEY *ret;
1241126a	365
0f113f3e	366	if ((b = BIO_new(BIO_s_file())) == NULL) {
9311d0c4	367	ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
26a7d938	368	return 0;
0f113f3e MC	369	}
0f113f3e MC	370	BIO_set_fp(b, fp, BIO_NOCLOSE);
1531241c	371	ret = PEM_read_bio_PrivateKey_ex(b, x, cb, u, libctx, propq);
0f113f3e	372	BIO_free(b);
26a7d938	373	return ret;
0f113f3e	374	}
e4263314	375
1531241c MC	376	EVP_PKEY PEM_read_PrivateKey(FILE fp, EVP_PKEY *x, pem_password_cb cb,
	377	void *u)
	378	{
	379	return PEM_read_PrivateKey_ex(fp, x, cb, u, NULL, NULL);
	380	}
	381
9256e8a2	382	PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, FILE, write)
0f113f3e MC	383	{
	384	BIO *b;
	385	int ret;
e4263314	386
9256e8a2	387	if ((b = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
9311d0c4	388	ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
0f113f3e MC	389	return 0;
0f113f3e MC	390	}
9256e8a2 RL	391	ret = PEM_write_bio_PrivateKey_ex(b, x, enc, kstr, klen, cb, u,
9256e8a2 RL	392	libctx, propq);
0f113f3e MC	393	BIO_free(b);
	394	return ret;
	395	}
e4263314	396
9256e8a2 RL	397	PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, FILE, write)
	398	{
	399	return PEM_write_PrivateKey_ex(out, x, enc, kstr, klen, cb, u, NULL, NULL);
	400	}
1241126a	401	#endif