2 * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Support for PVK format keys and related structures (such a PUBLICKEYBLOB
12 * and PRIVATEKEYBLOB).
16 * RSA and DSA low level APIs are deprecated for public use, but still ok for
19 #include "internal/deprecated.h"
21 #include <openssl/pem.h>
22 #include <openssl/rand.h>
23 #include <openssl/bn.h>
24 #include <openssl/dsa.h>
25 #include <openssl/rsa.h>
26 #include <openssl/kdf.h>
27 #include <openssl/core_names.h>
28 #include "internal/cryptlib.h"
29 #include "crypto/pem.h"
30 #include "crypto/evp.h"
33 * Utility function: read a DWORD (4 byte unsigned integer) in little endian
37 static unsigned int read_ledword(const unsigned char **in
)
39 const unsigned char *p
= *in
;
42 ret
= (unsigned int)*p
++;
43 ret
|= (unsigned int)*p
++ << 8;
44 ret
|= (unsigned int)*p
++ << 16;
45 ret
|= (unsigned int)*p
++ << 24;
51 * Read a BIGNUM in little endian format. The docs say that this should take
55 static int read_lebn(const unsigned char **in
, unsigned int nbyte
, BIGNUM
**r
)
57 *r
= BN_lebin2bn(*in
, nbyte
, NULL
);
65 * Create an EVP_PKEY from a type specific key.
66 * This takes ownership of |key|, as long as the |evp_type| is acceptable
67 * (EVP_PKEY_RSA or EVP_PKEY_DSA), even if the resulting EVP_PKEY wasn't
70 #define isdss_to_evp_type(isdss) \
71 (isdss == 0 ? EVP_PKEY_RSA : isdss == 1 ? EVP_PKEY_DSA : EVP_PKEY_NONE)
72 static EVP_PKEY
*evp_pkey_new0_key(void *key
, int evp_type
)
74 EVP_PKEY
*pkey
= NULL
;
77 * It's assumed that if |key| is NULL, something went wrong elsewhere
78 * and suitable errors are already reported.
83 if (!ossl_assert(evp_type
== EVP_PKEY_RSA
|| evp_type
== EVP_PKEY_DSA
)) {
84 ERR_raise(ERR_LIB_PEM
, ERR_R_INTERNAL_ERROR
);
88 if ((pkey
= EVP_PKEY_new()) != NULL
) {
91 if (EVP_PKEY_set1_RSA(pkey
, key
))
93 ERR_raise(ERR_LIB_PEM
, ERR_R_EVP_LIB
);
97 #ifndef OPENSSL_NO_DSA
99 if (EVP_PKEY_set1_DSA(pkey
, key
))
101 ERR_raise(ERR_LIB_PEM
, ERR_R_EVP_LIB
);
108 ERR_raise(ERR_LIB_PEM
, ERR_R_EVP_LIB
);
115 #ifndef OPENSSL_NO_DSA
125 /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
127 # define MS_PUBLICKEYBLOB 0x6
128 # define MS_PRIVATEKEYBLOB 0x7
129 # define MS_RSA1MAGIC 0x31415352L
130 # define MS_RSA2MAGIC 0x32415352L
131 # define MS_DSS1MAGIC 0x31535344L
132 # define MS_DSS2MAGIC 0x32535344L
134 # define MS_KEYALG_RSA_KEYX 0xa400
135 # define MS_KEYALG_DSS_SIGN 0x2200
137 # define MS_KEYTYPE_KEYX 0x1
138 # define MS_KEYTYPE_SIGN 0x2
140 /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
141 # define MS_PVKMAGIC 0xb0b5f11eL
142 /* Salt length for PVK files */
143 # define PVK_SALTLEN 0x10
144 /* Maximum length in PVK header */
145 # define PVK_MAX_KEYLEN 102400
146 /* Maximum salt length */
147 # define PVK_MAX_SALTLEN 10240
150 * Read the MSBLOB header and get relevant data from it.
152 * |pisdss| and |pispub| have a double role, as they can be used for
153 * discovery as well as to check the blob meets expectations.
154 * |*pisdss| is the indicator for whether the key is a DSA key or not.
155 * |*pispub| is the indicator for whether the key is public or not.
156 * In both cases, the following input values apply:
158 * 0 Expected to not be what the variable indicates.
159 * 1 Expected to be what the variable indicates.
160 * -1 No expectations, this function will assign 0 or 1 depending on
163 int ossl_do_blob_header(const unsigned char **in
, unsigned int length
,
164 unsigned int *pmagic
, unsigned int *pbitlen
,
165 int *pisdss
, int *pispub
)
167 const unsigned char *p
= *in
;
173 case MS_PUBLICKEYBLOB
:
175 ERR_raise(ERR_LIB_PEM
, PEM_R_EXPECTING_PRIVATE_KEY_BLOB
);
181 case MS_PRIVATEKEYBLOB
:
183 ERR_raise(ERR_LIB_PEM
, PEM_R_EXPECTING_PUBLIC_KEY_BLOB
);
195 ERR_raise(ERR_LIB_PEM
, PEM_R_BAD_VERSION_NUMBER
);
198 /* Ignore reserved, aiKeyAlg */
200 *pmagic
= read_ledword(&p
);
201 *pbitlen
= read_ledword(&p
);
203 /* Consistency check for private vs public */
208 ERR_raise(ERR_LIB_PEM
, PEM_R_EXPECTING_PRIVATE_KEY_BLOB
);
216 ERR_raise(ERR_LIB_PEM
, PEM_R_EXPECTING_PUBLIC_KEY_BLOB
);
222 ERR_raise(ERR_LIB_PEM
, PEM_R_BAD_MAGIC_NUMBER
);
226 /* Check that we got the expected type */
231 ERR_raise(ERR_LIB_PEM
, PEM_R_EXPECTING_DSS_KEY_BLOB
);
239 ERR_raise(ERR_LIB_PEM
, PEM_R_EXPECTING_RSA_KEY_BLOB
);
246 ERR_raise(ERR_LIB_PEM
, PEM_R_BAD_MAGIC_NUMBER
);
253 unsigned int ossl_blob_length(unsigned bitlen
, int isdss
, int ispub
)
255 unsigned int nbyte
= (bitlen
+ 7) >> 3;
256 unsigned int hnbyte
= (bitlen
+ 15) >> 4;
261 * Expected length: 20 for q + 3 components bitlen each + 24 for seed
265 return 44 + 3 * nbyte
;
267 * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed
271 return 64 + 2 * nbyte
;
273 /* Expected length: 4 for 'e' + 'n' */
278 * Expected length: 4 for 'e' and 7 other components. 2
279 * components are bitlen size, 5 are bitlen/2
281 return 4 + 2 * nbyte
+ 5 * hnbyte
;
286 static void *do_b2i_key(const unsigned char **in
, unsigned int length
,
287 int *isdss
, int *ispub
)
289 const unsigned char *p
= *in
;
290 unsigned int bitlen
, magic
;
293 if (ossl_do_blob_header(&p
, length
, &magic
, &bitlen
, isdss
, ispub
) <= 0) {
294 ERR_raise(ERR_LIB_PEM
, PEM_R_KEYBLOB_HEADER_PARSE_ERROR
);
298 if (length
< ossl_blob_length(bitlen
, *isdss
, *ispub
)) {
299 ERR_raise(ERR_LIB_PEM
, PEM_R_KEYBLOB_TOO_SHORT
);
303 key
= ossl_b2i_RSA_after_header(&p
, bitlen
, *ispub
);
304 #ifndef OPENSSL_NO_DSA
306 key
= ossl_b2i_DSA_after_header(&p
, bitlen
, *ispub
);
310 ERR_raise(ERR_LIB_PEM
, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE
);
317 EVP_PKEY
*ossl_b2i(const unsigned char **in
, unsigned int length
, int *ispub
)
320 void *key
= do_b2i_key(in
, length
, &isdss
, ispub
);
322 return evp_pkey_new0_key(key
, isdss_to_evp_type(isdss
));
325 EVP_PKEY
*ossl_b2i_bio(BIO
*in
, int *ispub
)
327 const unsigned char *p
;
328 unsigned char hdr_buf
[16], *buf
= NULL
;
329 unsigned int bitlen
, magic
, length
;
332 EVP_PKEY
*pkey
= NULL
;
334 if (BIO_read(in
, hdr_buf
, 16) != 16) {
335 ERR_raise(ERR_LIB_PEM
, PEM_R_KEYBLOB_TOO_SHORT
);
339 if (ossl_do_blob_header(&p
, 16, &magic
, &bitlen
, &isdss
, ispub
) <= 0)
342 length
= ossl_blob_length(bitlen
, isdss
, *ispub
);
343 if (length
> BLOB_MAX_LENGTH
) {
344 ERR_raise(ERR_LIB_PEM
, PEM_R_HEADER_TOO_LONG
);
347 buf
= OPENSSL_malloc(length
);
351 if (BIO_read(in
, buf
, length
) != (int)length
) {
352 ERR_raise(ERR_LIB_PEM
, PEM_R_KEYBLOB_TOO_SHORT
);
357 key
= ossl_b2i_RSA_after_header(&p
, bitlen
, *ispub
);
358 #ifndef OPENSSL_NO_DSA
360 key
= ossl_b2i_DSA_after_header(&p
, bitlen
, *ispub
);
364 ERR_raise(ERR_LIB_PEM
, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE
);
368 pkey
= evp_pkey_new0_key(key
, isdss_to_evp_type(isdss
));
374 #ifndef OPENSSL_NO_DSA
375 DSA
*ossl_b2i_DSA_after_header(const unsigned char **in
, unsigned int bitlen
,
378 const unsigned char *p
= *in
;
381 BIGNUM
*pbn
= NULL
, *qbn
= NULL
, *gbn
= NULL
, *priv_key
= NULL
;
382 BIGNUM
*pub_key
= NULL
;
383 unsigned int nbyte
= (bitlen
+ 7) >> 3;
388 if (!read_lebn(&p
, nbyte
, &pbn
))
391 if (!read_lebn(&p
, 20, &qbn
))
394 if (!read_lebn(&p
, nbyte
, &gbn
))
398 if (!read_lebn(&p
, nbyte
, &pub_key
))
401 if (!read_lebn(&p
, 20, &priv_key
))
404 /* Set constant time flag before public key calculation */
405 BN_set_flags(priv_key
, BN_FLG_CONSTTIME
);
407 /* Calculate public key */
411 if ((ctx
= BN_CTX_new()) == NULL
)
414 if (!BN_mod_exp(pub_key
, gbn
, priv_key
, pbn
, ctx
))
420 if (!DSA_set0_pqg(dsa
, pbn
, qbn
, gbn
))
422 pbn
= qbn
= gbn
= NULL
;
423 if (!DSA_set0_key(dsa
, pub_key
, priv_key
))
425 pub_key
= priv_key
= NULL
;
431 ERR_raise(ERR_LIB_PEM
, ERR_R_DSA_LIB
);
434 ERR_raise(ERR_LIB_PEM
, ERR_R_BN_LIB
);
448 RSA
*ossl_b2i_RSA_after_header(const unsigned char **in
, unsigned int bitlen
,
451 const unsigned char *pin
= *in
;
452 BIGNUM
*e
= NULL
, *n
= NULL
, *d
= NULL
;
453 BIGNUM
*p
= NULL
, *q
= NULL
, *dmp1
= NULL
, *dmq1
= NULL
, *iqmp
= NULL
;
455 unsigned int nbyte
= (bitlen
+ 7) >> 3;
456 unsigned int hnbyte
= (bitlen
+ 15) >> 4;
464 if (!BN_set_word(e
, read_ledword(&pin
)))
466 if (!read_lebn(&pin
, nbyte
, &n
))
469 if (!read_lebn(&pin
, hnbyte
, &p
))
471 if (!read_lebn(&pin
, hnbyte
, &q
))
473 if (!read_lebn(&pin
, hnbyte
, &dmp1
))
475 if (!read_lebn(&pin
, hnbyte
, &dmq1
))
477 if (!read_lebn(&pin
, hnbyte
, &iqmp
))
479 if (!read_lebn(&pin
, nbyte
, &d
))
481 if (!RSA_set0_factors(rsa
, p
, q
))
484 if (!RSA_set0_crt_params(rsa
, dmp1
, dmq1
, iqmp
))
486 dmp1
= dmq1
= iqmp
= NULL
;
488 if (!RSA_set0_key(rsa
, n
, e
, d
))
496 ERR_raise(ERR_LIB_PEM
, ERR_R_RSA_LIB
);
499 ERR_raise(ERR_LIB_PEM
, ERR_R_BN_LIB
);
514 EVP_PKEY
*b2i_PrivateKey(const unsigned char **in
, long length
)
518 return ossl_b2i(in
, length
, &ispub
);
521 EVP_PKEY
*b2i_PublicKey(const unsigned char **in
, long length
)
525 return ossl_b2i(in
, length
, &ispub
);
528 EVP_PKEY
*b2i_PrivateKey_bio(BIO
*in
)
532 return ossl_b2i_bio(in
, &ispub
);
535 EVP_PKEY
*b2i_PublicKey_bio(BIO
*in
)
539 return ossl_b2i_bio(in
, &ispub
);
542 static void write_ledword(unsigned char **out
, unsigned int dw
)
544 unsigned char *p
= *out
;
547 *p
++ = (dw
>> 8) & 0xff;
548 *p
++ = (dw
>> 16) & 0xff;
549 *p
++ = (dw
>> 24) & 0xff;
553 static void write_lebn(unsigned char **out
, const BIGNUM
*bn
, int len
)
555 BN_bn2lebinpad(bn
, *out
, len
);
559 static int check_bitlen_rsa(const RSA
*rsa
, int ispub
, unsigned int *magic
);
560 static void write_rsa(unsigned char **out
, const RSA
*rsa
, int ispub
);
562 #ifndef OPENSSL_NO_DSA
563 static int check_bitlen_dsa(const DSA
*dsa
, int ispub
, unsigned int *magic
);
564 static void write_dsa(unsigned char **out
, const DSA
*dsa
, int ispub
);
567 static int do_i2b(unsigned char **out
, const EVP_PKEY
*pk
, int ispub
)
570 unsigned int bitlen
= 0, magic
= 0, keyalg
= 0;
571 int outlen
= -1, noinc
= 0;
573 if (EVP_PKEY_is_a(pk
, "RSA")) {
574 bitlen
= check_bitlen_rsa(EVP_PKEY_get0_RSA(pk
), ispub
, &magic
);
575 keyalg
= MS_KEYALG_RSA_KEYX
;
576 #ifndef OPENSSL_NO_DSA
577 } else if (EVP_PKEY_is_a(pk
, "DSA")) {
578 bitlen
= check_bitlen_dsa(EVP_PKEY_get0_DSA(pk
), ispub
, &magic
);
579 keyalg
= MS_KEYALG_DSS_SIGN
;
586 + ossl_blob_length(bitlen
, keyalg
== MS_KEYALG_DSS_SIGN
? 1 : 0, ispub
);
592 if ((p
= OPENSSL_malloc(outlen
)) == NULL
) {
600 *p
++ = MS_PUBLICKEYBLOB
;
602 *p
++ = MS_PRIVATEKEYBLOB
;
606 write_ledword(&p
, keyalg
);
607 write_ledword(&p
, magic
);
608 write_ledword(&p
, bitlen
);
609 if (keyalg
== MS_KEYALG_RSA_KEYX
)
610 write_rsa(&p
, EVP_PKEY_get0_RSA(pk
), ispub
);
611 #ifndef OPENSSL_NO_DSA
613 write_dsa(&p
, EVP_PKEY_get0_DSA(pk
), ispub
);
621 static int do_i2b_bio(BIO
*out
, const EVP_PKEY
*pk
, int ispub
)
623 unsigned char *tmp
= NULL
;
626 outlen
= do_i2b(&tmp
, pk
, ispub
);
629 wrlen
= BIO_write(out
, tmp
, outlen
);
636 static int check_bitlen_rsa(const RSA
*rsa
, int ispub
, unsigned int *pmagic
)
638 int nbyte
, hnbyte
, bitlen
;
641 RSA_get0_key(rsa
, NULL
, &e
, NULL
);
642 if (BN_num_bits(e
) > 32)
644 bitlen
= RSA_bits(rsa
);
645 nbyte
= RSA_size(rsa
);
646 hnbyte
= (bitlen
+ 15) >> 4;
648 *pmagic
= MS_RSA1MAGIC
;
651 const BIGNUM
*d
, *p
, *q
, *iqmp
, *dmp1
, *dmq1
;
653 *pmagic
= MS_RSA2MAGIC
;
656 * For private key each component must fit within nbyte or hnbyte.
658 RSA_get0_key(rsa
, NULL
, NULL
, &d
);
659 if (BN_num_bytes(d
) > nbyte
)
661 RSA_get0_factors(rsa
, &p
, &q
);
662 RSA_get0_crt_params(rsa
, &dmp1
, &dmq1
, &iqmp
);
663 if ((BN_num_bytes(iqmp
) > hnbyte
)
664 || (BN_num_bytes(p
) > hnbyte
)
665 || (BN_num_bytes(q
) > hnbyte
)
666 || (BN_num_bytes(dmp1
) > hnbyte
)
667 || (BN_num_bytes(dmq1
) > hnbyte
))
672 ERR_raise(ERR_LIB_PEM
, PEM_R_UNSUPPORTED_KEY_COMPONENTS
);
676 static void write_rsa(unsigned char **out
, const RSA
*rsa
, int ispub
)
679 const BIGNUM
*n
, *d
, *e
, *p
, *q
, *iqmp
, *dmp1
, *dmq1
;
681 nbyte
= RSA_size(rsa
);
682 hnbyte
= (RSA_bits(rsa
) + 15) >> 4;
683 RSA_get0_key(rsa
, &n
, &e
, &d
);
684 write_lebn(out
, e
, 4);
685 write_lebn(out
, n
, nbyte
);
688 RSA_get0_factors(rsa
, &p
, &q
);
689 RSA_get0_crt_params(rsa
, &dmp1
, &dmq1
, &iqmp
);
690 write_lebn(out
, p
, hnbyte
);
691 write_lebn(out
, q
, hnbyte
);
692 write_lebn(out
, dmp1
, hnbyte
);
693 write_lebn(out
, dmq1
, hnbyte
);
694 write_lebn(out
, iqmp
, hnbyte
);
695 write_lebn(out
, d
, nbyte
);
698 #ifndef OPENSSL_NO_DSA
699 static int check_bitlen_dsa(const DSA
*dsa
, int ispub
, unsigned int *pmagic
)
702 const BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
703 const BIGNUM
*pub_key
= NULL
, *priv_key
= NULL
;
705 DSA_get0_pqg(dsa
, &p
, &q
, &g
);
706 DSA_get0_key(dsa
, &pub_key
, &priv_key
);
707 bitlen
= BN_num_bits(p
);
708 if ((bitlen
& 7) || (BN_num_bits(q
) != 160)
709 || (BN_num_bits(g
) > bitlen
))
712 if (BN_num_bits(pub_key
) > bitlen
)
714 *pmagic
= MS_DSS1MAGIC
;
716 if (BN_num_bits(priv_key
) > 160)
718 *pmagic
= MS_DSS2MAGIC
;
723 ERR_raise(ERR_LIB_PEM
, PEM_R_UNSUPPORTED_KEY_COMPONENTS
);
727 static void write_dsa(unsigned char **out
, const DSA
*dsa
, int ispub
)
730 const BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
731 const BIGNUM
*pub_key
= NULL
, *priv_key
= NULL
;
733 DSA_get0_pqg(dsa
, &p
, &q
, &g
);
734 DSA_get0_key(dsa
, &pub_key
, &priv_key
);
735 nbyte
= BN_num_bytes(p
);
736 write_lebn(out
, p
, nbyte
);
737 write_lebn(out
, q
, 20);
738 write_lebn(out
, g
, nbyte
);
740 write_lebn(out
, pub_key
, nbyte
);
742 write_lebn(out
, priv_key
, 20);
743 /* Set "invalid" for seed structure values */
744 memset(*out
, 0xff, 24);
750 int i2b_PrivateKey_bio(BIO
*out
, const EVP_PKEY
*pk
)
752 return do_i2b_bio(out
, pk
, 0);
755 int i2b_PublicKey_bio(BIO
*out
, const EVP_PKEY
*pk
)
757 return do_i2b_bio(out
, pk
, 1);
760 int ossl_do_PVK_header(const unsigned char **in
, unsigned int length
,
762 unsigned int *psaltlen
, unsigned int *pkeylen
)
764 const unsigned char *p
= *in
;
765 unsigned int pvk_magic
, is_encrypted
;
769 ERR_raise(ERR_LIB_PEM
, PEM_R_PVK_TOO_SHORT
);
774 ERR_raise(ERR_LIB_PEM
, PEM_R_PVK_TOO_SHORT
);
777 pvk_magic
= read_ledword(&p
);
778 if (pvk_magic
!= MS_PVKMAGIC
) {
779 ERR_raise(ERR_LIB_PEM
, PEM_R_BAD_MAGIC_NUMBER
);
788 is_encrypted
= read_ledword(&p
);
789 *psaltlen
= read_ledword(&p
);
790 *pkeylen
= read_ledword(&p
);
792 if (*pkeylen
> PVK_MAX_KEYLEN
|| *psaltlen
> PVK_MAX_SALTLEN
)
795 if (is_encrypted
&& *psaltlen
== 0) {
796 ERR_raise(ERR_LIB_PEM
, PEM_R_INCONSISTENT_HEADER
);
804 #ifndef OPENSSL_NO_RC4
805 static int derive_pvk_key(unsigned char *key
, size_t keylen
,
806 const unsigned char *salt
, unsigned int saltlen
,
807 const unsigned char *pass
, int passlen
,
808 OSSL_LIB_CTX
*libctx
, const char *propq
)
812 OSSL_PARAM params
[5], *p
= params
;
815 if ((kdf
= EVP_KDF_fetch(libctx
, "PVKKDF", propq
)) == NULL
)
817 ctx
= EVP_KDF_CTX_new(kdf
);
822 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT
,
823 (void *)salt
, saltlen
);
824 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD
,
825 (void *)pass
, passlen
);
826 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST
, SN_sha1
, 0);
827 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_PROPERTIES
,
829 *p
= OSSL_PARAM_construct_end();
831 rv
= EVP_KDF_derive(ctx
, key
, keylen
, params
);
832 EVP_KDF_CTX_free(ctx
);
837 static void *do_PVK_body_key(const unsigned char **in
,
838 unsigned int saltlen
, unsigned int keylen
,
839 pem_password_cb
*cb
, void *u
,
840 int *isdss
, int *ispub
,
841 OSSL_LIB_CTX
*libctx
, const char *propq
)
843 const unsigned char *p
= *in
;
844 unsigned char *enctmp
= NULL
;
845 unsigned char keybuf
[20];
847 #ifndef OPENSSL_NO_RC4
848 EVP_CIPHER
*rc4
= NULL
;
850 EVP_CIPHER_CTX
*cctx
= EVP_CIPHER_CTX_new();
853 ERR_raise(ERR_LIB_PEM
, ERR_R_EVP_LIB
);
858 #ifndef OPENSSL_NO_RC4
860 char psbuf
[PEM_BUFSIZE
];
861 int enctmplen
, inlen
;
865 inlen
= cb(psbuf
, PEM_BUFSIZE
, 0, u
);
867 inlen
= PEM_def_callback(psbuf
, PEM_BUFSIZE
, 0, u
);
869 ERR_raise(ERR_LIB_PEM
, PEM_R_BAD_PASSWORD_READ
);
872 enctmp
= OPENSSL_malloc(keylen
+ 8);
875 if (!derive_pvk_key(keybuf
, sizeof(keybuf
), p
, saltlen
,
876 (unsigned char *)psbuf
, inlen
, libctx
, propq
))
879 /* Copy BLOBHEADER across, decrypt rest */
880 memcpy(enctmp
, p
, 8);
883 ERR_raise(ERR_LIB_PEM
, PEM_R_PVK_TOO_SHORT
);
888 if ((rc4
= EVP_CIPHER_fetch(libctx
, "RC4", propq
)) == NULL
)
890 if (!EVP_DecryptInit_ex(cctx
, rc4
, NULL
, keybuf
, NULL
))
892 if (!EVP_DecryptUpdate(cctx
, q
, &enctmplen
, p
, inlen
))
894 if (!EVP_DecryptFinal_ex(cctx
, q
+ enctmplen
, &enctmplen
))
896 magic
= read_ledword((const unsigned char **)&q
);
897 if (magic
!= MS_RSA2MAGIC
&& magic
!= MS_DSS2MAGIC
) {
899 memset(keybuf
+ 5, 0, 11);
900 if (!EVP_DecryptInit_ex(cctx
, rc4
, NULL
, keybuf
, NULL
))
902 if (!EVP_DecryptUpdate(cctx
, q
, &enctmplen
, p
, inlen
))
904 if (!EVP_DecryptFinal_ex(cctx
, q
+ enctmplen
, &enctmplen
))
906 magic
= read_ledword((const unsigned char **)&q
);
907 if (magic
!= MS_RSA2MAGIC
&& magic
!= MS_DSS2MAGIC
) {
908 ERR_raise(ERR_LIB_PEM
, PEM_R_BAD_DECRYPT
);
914 ERR_raise(ERR_LIB_PEM
, PEM_R_UNSUPPORTED_CIPHER
);
919 key
= do_b2i_key(&p
, keylen
, isdss
, ispub
);
921 EVP_CIPHER_CTX_free(cctx
);
922 #ifndef OPENSSL_NO_RC4
923 EVP_CIPHER_free(rc4
);
925 if (enctmp
!= NULL
) {
926 OPENSSL_cleanse(keybuf
, sizeof(keybuf
));
927 OPENSSL_free(enctmp
);
932 static void *do_PVK_key_bio(BIO
*in
, pem_password_cb
*cb
, void *u
,
933 int *isdss
, int *ispub
,
934 OSSL_LIB_CTX
*libctx
, const char *propq
)
936 unsigned char pvk_hdr
[24], *buf
= NULL
;
937 const unsigned char *p
;
940 unsigned int saltlen
, keylen
;
942 if (BIO_read(in
, pvk_hdr
, 24) != 24) {
943 ERR_raise(ERR_LIB_PEM
, PEM_R_PVK_DATA_TOO_SHORT
);
948 if (!ossl_do_PVK_header(&p
, 24, 0, &saltlen
, &keylen
))
950 buflen
= (int)keylen
+ saltlen
;
951 buf
= OPENSSL_malloc(buflen
);
955 if (BIO_read(in
, buf
, buflen
) != buflen
) {
956 ERR_raise(ERR_LIB_PEM
, PEM_R_PVK_DATA_TOO_SHORT
);
959 key
= do_PVK_body_key(&p
, saltlen
, keylen
, cb
, u
, isdss
, ispub
, libctx
, propq
);
962 OPENSSL_clear_free(buf
, buflen
);
966 #ifndef OPENSSL_NO_DSA
967 DSA
*b2i_DSA_PVK_bio_ex(BIO
*in
, pem_password_cb
*cb
, void *u
,
968 OSSL_LIB_CTX
*libctx
, const char *propq
)
971 int ispub
= 0; /* PVK keys are always private */
973 return do_PVK_key_bio(in
, cb
, u
, &isdss
, &ispub
, libctx
, propq
);
976 DSA
*b2i_DSA_PVK_bio(BIO
*in
, pem_password_cb
*cb
, void *u
)
978 return b2i_DSA_PVK_bio_ex(in
, cb
, u
, NULL
, NULL
);
982 RSA
*b2i_RSA_PVK_bio_ex(BIO
*in
, pem_password_cb
*cb
, void *u
,
983 OSSL_LIB_CTX
*libctx
, const char *propq
)
986 int ispub
= 0; /* PVK keys are always private */
988 return do_PVK_key_bio(in
, cb
, u
, &isdss
, &ispub
, libctx
, propq
);
991 RSA
*b2i_RSA_PVK_bio(BIO
*in
, pem_password_cb
*cb
, void *u
)
993 return b2i_RSA_PVK_bio_ex(in
, cb
, u
, NULL
, NULL
);
996 EVP_PKEY
*b2i_PVK_bio_ex(BIO
*in
, pem_password_cb
*cb
, void *u
,
997 OSSL_LIB_CTX
*libctx
, const char *propq
)
1001 void *key
= do_PVK_key_bio(in
, cb
, u
, &isdss
, &ispub
, NULL
, NULL
);
1003 return evp_pkey_new0_key(key
, isdss_to_evp_type(isdss
));
1006 EVP_PKEY
*b2i_PVK_bio(BIO
*in
, pem_password_cb
*cb
, void *u
)
1008 return b2i_PVK_bio_ex(in
, cb
, u
, NULL
, NULL
);
1011 static int i2b_PVK(unsigned char **out
, const EVP_PKEY
*pk
, int enclevel
,
1012 pem_password_cb
*cb
, void *u
, OSSL_LIB_CTX
*libctx
,
1016 int outlen
= 24, pklen
;
1017 unsigned char *p
= NULL
, *start
= NULL
;
1018 EVP_CIPHER_CTX
*cctx
= NULL
;
1019 #ifndef OPENSSL_NO_RC4
1020 unsigned char *salt
= NULL
;
1021 EVP_CIPHER
*rc4
= NULL
;
1025 outlen
+= PVK_SALTLEN
;
1026 pklen
= do_i2b(NULL
, pk
, 0);
1035 start
= p
= OPENSSL_malloc(outlen
);
1040 cctx
= EVP_CIPHER_CTX_new();
1044 write_ledword(&p
, MS_PVKMAGIC
);
1045 write_ledword(&p
, 0);
1046 if (EVP_PKEY_get_id(pk
) == EVP_PKEY_RSA
)
1047 write_ledword(&p
, MS_KEYTYPE_KEYX
);
1048 #ifndef OPENSSL_NO_DSA
1050 write_ledword(&p
, MS_KEYTYPE_SIGN
);
1052 write_ledword(&p
, enclevel
? 1 : 0);
1053 write_ledword(&p
, enclevel
? PVK_SALTLEN
: 0);
1054 write_ledword(&p
, pklen
);
1056 #ifndef OPENSSL_NO_RC4
1057 if (RAND_bytes_ex(libctx
, p
, PVK_SALTLEN
, 0) <= 0)
1064 if (enclevel
!= 0) {
1065 #ifndef OPENSSL_NO_RC4
1066 char psbuf
[PEM_BUFSIZE
];
1067 unsigned char keybuf
[20];
1068 int enctmplen
, inlen
;
1070 inlen
= cb(psbuf
, PEM_BUFSIZE
, 1, u
);
1072 inlen
= PEM_def_callback(psbuf
, PEM_BUFSIZE
, 1, u
);
1074 ERR_raise(ERR_LIB_PEM
, PEM_R_BAD_PASSWORD_READ
);
1077 if (!derive_pvk_key(keybuf
, sizeof(keybuf
), salt
, PVK_SALTLEN
,
1078 (unsigned char *)psbuf
, inlen
, libctx
, propq
))
1080 if ((rc4
= EVP_CIPHER_fetch(libctx
, "RC4", propq
)) == NULL
)
1083 memset(keybuf
+ 5, 0, 11);
1084 p
= salt
+ PVK_SALTLEN
+ 8;
1085 if (!EVP_EncryptInit_ex(cctx
, rc4
, NULL
, keybuf
, NULL
))
1087 OPENSSL_cleanse(keybuf
, 20);
1088 if (!EVP_EncryptUpdate(cctx
, p
, &enctmplen
, p
, pklen
- 8))
1090 if (!EVP_EncryptFinal_ex(cctx
, p
+ enctmplen
, &enctmplen
))
1093 ERR_raise(ERR_LIB_PEM
, PEM_R_UNSUPPORTED_CIPHER
);
1102 EVP_CIPHER_CTX_free(cctx
);
1103 #ifndef OPENSSL_NO_RC4
1104 EVP_CIPHER_free(rc4
);
1107 OPENSSL_free(start
);
1112 int i2b_PVK_bio_ex(BIO
*out
, const EVP_PKEY
*pk
, int enclevel
,
1113 pem_password_cb
*cb
, void *u
, OSSL_LIB_CTX
*libctx
,
1116 unsigned char *tmp
= NULL
;
1119 outlen
= i2b_PVK(&tmp
, pk
, enclevel
, cb
, u
, libctx
, propq
);
1122 wrlen
= BIO_write(out
, tmp
, outlen
);
1124 if (wrlen
== outlen
) {
1127 ERR_raise(ERR_LIB_PEM
, PEM_R_BIO_WRITE_FAILURE
);
1131 int i2b_PVK_bio(BIO
*out
, const EVP_PKEY
*pk
, int enclevel
,
1132 pem_password_cb
*cb
, void *u
)
1134 return i2b_PVK_bio_ex(out
, pk
, enclevel
, cb
, u
, NULL
, NULL
);