2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/buffer.h>
13 #include <openssl/objects.h>
14 #include <openssl/evp.h>
15 #include <openssl/x509.h>
16 #include <openssl/pkcs12.h>
17 #include <openssl/pem.h>
18 #include <openssl/engine.h>
19 #include <openssl/dh.h>
20 #include <openssl/store.h>
21 #include <openssl/ui.h>
22 #include "crypto/store.h"
23 #include "crypto/asn1.h"
24 #include "crypto/evp.h"
25 #include "pem_local.h"
27 int pem_check_suffix(const char *pem_str
, const char *suffix
);
29 static EVP_PKEY
*pem_read_bio_key(BIO
*bp
, EVP_PKEY
**x
,
30 pem_password_cb
*cb
, void *u
,
31 OPENSSL_CTX
*libctx
, const char *propq
,
32 int expected_store_info_type
,
36 OSSL_STORE_CTX
*ctx
= NULL
;
37 OSSL_STORE_INFO
*info
= NULL
;
38 const UI_METHOD
*ui_method
= NULL
;
39 UI_METHOD
*allocated_ui_method
= NULL
;
41 if (expected_store_info_type
!= OSSL_STORE_INFO_PKEY
42 && expected_store_info_type
!= OSSL_STORE_INFO_PUBKEY
43 && expected_store_info_type
!= OSSL_STORE_INFO_PARAMS
) {
44 ERR_raise(ERR_LIB_PEM
, ERR_R_PASSED_INVALID_ARGUMENT
);
48 if (u
!= NULL
&& cb
== NULL
)
49 cb
= PEM_def_callback
;
51 ui_method
= UI_null();
53 ui_method
= allocated_ui_method
= UI_UTIL_wrap_read_pem_callback(cb
, 0);
54 if (ui_method
== NULL
)
57 if ((ctx
= OSSL_STORE_attach(bp
, "file", libctx
, propq
, ui_method
, u
,
60 #ifndef OPENSSL_NO_SECURE_HEAP
63 if (!OSSL_STORE_ctrl(ctx
, OSSL_STORE_C_USE_SECMEM
, &on
))
68 while (!OSSL_STORE_eof(ctx
)
69 && (info
= OSSL_STORE_load(ctx
)) != NULL
) {
70 if (OSSL_STORE_INFO_get_type(info
) == expected_store_info_type
) {
71 switch (expected_store_info_type
) {
72 case OSSL_STORE_INFO_PKEY
:
73 ret
= OSSL_STORE_INFO_get1_PKEY(info
);
75 case OSSL_STORE_INFO_PUBKEY
:
76 ret
= OSSL_STORE_INFO_get1_PUBKEY(info
);
78 case OSSL_STORE_INFO_PARAMS
:
79 ret
= OSSL_STORE_INFO_get1_PARAMS(info
);
83 OSSL_STORE_INFO_free(info
);
87 if (ret
!= NULL
&& x
!= NULL
)
91 OSSL_STORE_close(ctx
);
92 UI_destroy_method(allocated_ui_method
);
93 OSSL_STORE_INFO_free(info
);
97 EVP_PKEY
*PEM_read_bio_PUBKEY_ex(BIO
*bp
, EVP_PKEY
**x
,
98 pem_password_cb
*cb
, void *u
,
99 OPENSSL_CTX
*libctx
, const char *propq
)
101 return pem_read_bio_key(bp
, x
, cb
, u
, libctx
, propq
,
102 OSSL_STORE_INFO_PUBKEY
, 0);
105 EVP_PKEY
*PEM_read_bio_PUBKEY(BIO
*bp
, EVP_PKEY
**x
, pem_password_cb
*cb
,
108 return PEM_read_bio_PUBKEY_ex(bp
, x
, cb
, u
, NULL
, NULL
);
111 #ifndef OPENSSL_NO_STDIO
112 EVP_PKEY
*PEM_read_PUBKEY_ex(FILE *fp
, EVP_PKEY
**x
,
113 pem_password_cb
*cb
, void *u
,
114 OPENSSL_CTX
*libctx
, const char *propq
)
119 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
120 PEMerr(0, ERR_R_BUF_LIB
);
123 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
124 ret
= PEM_read_bio_PUBKEY_ex(b
, x
, cb
, u
, libctx
, propq
);
129 EVP_PKEY
*PEM_read_PUBKEY(FILE *fp
, EVP_PKEY
**x
, pem_password_cb
*cb
, void *u
)
131 return PEM_read_PUBKEY_ex(fp
, x
, cb
, u
, NULL
, NULL
);
135 EVP_PKEY
*PEM_read_bio_PrivateKey_ex(BIO
*bp
, EVP_PKEY
**x
,
136 pem_password_cb
*cb
, void *u
,
137 OPENSSL_CTX
*libctx
, const char *propq
)
139 return pem_read_bio_key(bp
, x
, cb
, u
, libctx
, propq
,
140 OSSL_STORE_INFO_PKEY
, 1);
143 EVP_PKEY
*PEM_read_bio_PrivateKey(BIO
*bp
, EVP_PKEY
**x
, pem_password_cb
*cb
,
146 return PEM_read_bio_PrivateKey_ex(bp
, x
, cb
, u
, NULL
, NULL
);
149 PEM_write_cb_fnsig(PrivateKey
, EVP_PKEY
, BIO
, write_bio
)
151 IMPLEMENT_PEM_provided_write_body_vars(EVP_PKEY
, PrivateKey
);
153 IMPLEMENT_PEM_provided_write_body_pass();
154 IMPLEMENT_PEM_provided_write_body_main(EVP_PKEY
, bio
);
157 if (x
->ameth
== NULL
|| x
->ameth
->priv_encode
!= NULL
)
158 return PEM_write_bio_PKCS8PrivateKey(out
, x
, enc
,
159 (const char *)kstr
, klen
, cb
, u
);
160 return PEM_write_bio_PrivateKey_traditional(out
, x
, enc
, kstr
, klen
, cb
, u
);
163 int PEM_write_bio_PrivateKey_traditional(BIO
*bp
, const EVP_PKEY
*x
,
164 const EVP_CIPHER
*enc
,
165 const unsigned char *kstr
, int klen
,
166 pem_password_cb
*cb
, void *u
)
169 BIO_snprintf(pem_str
, 80, "%s PRIVATE KEY", x
->ameth
->pem_str
);
170 return PEM_ASN1_write_bio((i2d_of_void
*)i2d_PrivateKey
,
171 pem_str
, bp
, x
, enc
, kstr
, klen
, cb
, u
);
174 EVP_PKEY
*PEM_read_bio_Parameters_ex(BIO
*bp
, EVP_PKEY
**x
,
175 OPENSSL_CTX
*libctx
, const char *propq
)
177 return pem_read_bio_key(bp
, x
, NULL
, NULL
, libctx
, propq
,
178 OSSL_STORE_INFO_PARAMS
, 0);
181 EVP_PKEY
*PEM_read_bio_Parameters(BIO
*bp
, EVP_PKEY
**x
)
183 return PEM_read_bio_Parameters_ex(bp
, x
, NULL
, NULL
);
186 PEM_write_fnsig(Parameters
, EVP_PKEY
, BIO
, write_bio
)
189 IMPLEMENT_PEM_provided_write_body_vars(EVP_PKEY
, Parameters
);
191 IMPLEMENT_PEM_provided_write_body_main(EVP_PKEY
, bio
);
194 if (!x
->ameth
|| !x
->ameth
->param_encode
)
197 BIO_snprintf(pem_str
, 80, "%s PARAMETERS", x
->ameth
->pem_str
);
198 return PEM_ASN1_write_bio((i2d_of_void
*)x
->ameth
->param_encode
,
199 pem_str
, out
, x
, NULL
, NULL
, 0, 0, NULL
);
202 #ifndef OPENSSL_NO_STDIO
203 EVP_PKEY
*PEM_read_PrivateKey_ex(FILE *fp
, EVP_PKEY
**x
, pem_password_cb
*cb
,
204 void *u
, OPENSSL_CTX
*libctx
,
210 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
211 PEMerr(0, ERR_R_BUF_LIB
);
214 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
215 ret
= PEM_read_bio_PrivateKey_ex(b
, x
, cb
, u
, libctx
, propq
);
220 EVP_PKEY
*PEM_read_PrivateKey(FILE *fp
, EVP_PKEY
**x
, pem_password_cb
*cb
,
223 return PEM_read_PrivateKey_ex(fp
, x
, cb
, u
, NULL
, NULL
);
226 int PEM_write_PrivateKey(FILE *fp
, const EVP_PKEY
*x
, const EVP_CIPHER
*enc
,
227 const unsigned char *kstr
, int klen
,
228 pem_password_cb
*cb
, void *u
)
233 if ((b
= BIO_new_fp(fp
, BIO_NOCLOSE
)) == NULL
) {
234 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY
, ERR_R_BUF_LIB
);
237 ret
= PEM_write_bio_PrivateKey(b
, x
, enc
, kstr
, klen
, cb
, u
);
244 #ifndef OPENSSL_NO_DH
246 /* Transparently read in PKCS#3 or X9.42 DH parameters */
248 DH
*PEM_read_bio_DHparams(BIO
*bp
, DH
**x
, pem_password_cb
*cb
, void *u
)
251 EVP_PKEY
*pkey
= NULL
;
252 OSSL_STORE_CTX
*ctx
= NULL
;
253 OSSL_STORE_INFO
*info
= NULL
;
254 UI_METHOD
*ui_method
= NULL
;
256 if ((ui_method
= UI_UTIL_wrap_read_pem_callback(cb
, 0)) == NULL
)
259 if ((ctx
= OSSL_STORE_attach(bp
, "file", NULL
, NULL
, ui_method
, u
,
260 NULL
, NULL
)) == NULL
)
263 while (!OSSL_STORE_eof(ctx
) && (info
= OSSL_STORE_load(ctx
)) != NULL
) {
264 if (OSSL_STORE_INFO_get_type(info
) == OSSL_STORE_INFO_PARAMS
) {
265 pkey
= OSSL_STORE_INFO_get0_PARAMS(info
);
266 if (EVP_PKEY_id(pkey
) == EVP_PKEY_DHX
267 || EVP_PKEY_id(pkey
) == EVP_PKEY_DH
) {
268 ret
= EVP_PKEY_get1_DH(pkey
);
272 OSSL_STORE_INFO_free(info
);
276 if (ret
!= NULL
&& x
!= NULL
)
280 OSSL_STORE_close(ctx
);
281 UI_destroy_method(ui_method
);
282 OSSL_STORE_INFO_free(info
);
286 # ifndef OPENSSL_NO_STDIO
287 DH
*PEM_read_DHparams(FILE *fp
, DH
**x
, pem_password_cb
*cb
, void *u
)
292 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
293 PEMerr(PEM_F_PEM_READ_DHPARAMS
, ERR_R_BUF_LIB
);
296 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
297 ret
= PEM_read_bio_DHparams(b
, x
, cb
, u
);