CloverBootloader/Library/OpensslLib/openssl/providers/implementations/encode_decode/decode_epki2pki.c

/*
 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/core_object.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include <openssl/proverr.h>
#include "internal/asn1.h"
#include "internal/sizes.h"
#include "prov/bio.h"
#include "prov/implementations.h"
#include "endecoder_local.h"

static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
static OSSL_FUNC_decoder_decode_fn epki2pki_decode;

/*
 * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
 */
struct epki2pki_ctx_st {
    PROV_CTX *provctx;
};

static void *epki2pki_newctx(void *provctx)
{
    struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

    if (ctx != NULL)
        ctx->provctx = provctx;
    return ctx;
}

static void epki2pki_freectx(void *vctx)
{
    struct epki2pki_ctx_st *ctx = vctx;

    OPENSSL_free(ctx);
}

/*
 * The selection parameter in epki2pki_decode() is not used by this function
 * because it's not relevant just to decode EncryptedPrivateKeyInfo to
 * PrivateKeyInfo.
 */
static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                           OSSL_CALLBACK *data_cb, void *data_cbarg,
                           OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
    struct epki2pki_ctx_st *ctx = vctx;
    BUF_MEM *mem = NULL;
    unsigned char *der = NULL;
    const unsigned char *pder = NULL;
    long der_len = 0;
    X509_SIG *p8 = NULL;
    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
    const X509_ALGOR *alg = NULL;
    BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
    int ok = 0;

    if (in == NULL)
        return 0;

    ok = (asn1_d2i_read_bio(in, &mem) >= 0);
    BIO_free(in);

    /* We return "empty handed".  This is not an error. */
    if (!ok)
        return 1;

    pder = der = (unsigned char *)mem->data;
    der_len = (long)mem->length;
    OPENSSL_free(mem);

    ok = 1;                      /* Assume good */
    ERR_set_mark();
    if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
        char pbuf[1024];
        size_t plen = 0;

        ERR_clear_last_mark();

        if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
            ok = 0;
        } else {
            const ASN1_OCTET_STRING *oct;
            unsigned char *new_der = NULL;
            int new_der_len = 0;

            X509_SIG_get0(p8, &alg, &oct);
            if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
                                     oct->data, oct->length,
                                     &new_der, &new_der_len, 0,
                                     PROV_LIBCTX_OF(ctx->provctx), NULL)) {
                ok = 0;
            } else {
                OPENSSL_free(der);
                der = new_der;
                der_len = new_der_len;
            }
            alg = NULL;
        }
        X509_SIG_free(p8);
    } else {
        ERR_pop_to_mark();
    }

    ERR_set_mark();
    pder = der;
    p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
    ERR_pop_to_mark();

    if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
        /*
         * We have something and recognised it as PrivateKeyInfo, so let's
         * pass all the applicable data to the callback.
         */
        char keytype[OSSL_MAX_NAME_SIZE];
        OSSL_PARAM params[5], *p = params;
        int objtype = OSSL_OBJECT_PKEY;

        OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);

        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
                                                keytype, 0);
        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
                                                "PrivateKeyInfo", 0);
        *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
                                                 der, der_len);
        *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
        *p = OSSL_PARAM_construct_end();

        ok = data_cb(params, data_cbarg);
    }
    PKCS8_PRIV_KEY_INFO_free(p8inf);
    OPENSSL_free(der);
    return ok;
}

const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
    { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
    { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
    { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
    { 0, NULL }
};
Take OpenSsl 3.0.9 from acidanthera audk. Doesn't link yet. 2024-01-10 10:22:53 +01:00			`/*`
			`* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.`
			`*`
			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`#include <openssl/core.h>`
			`#include <openssl/core_dispatch.h>`
			`#include <openssl/core_names.h>`
			`#include <openssl/core_object.h>`
			`#include <openssl/asn1.h>`
			`#include <openssl/err.h>`
			`#include <openssl/objects.h>`
			`#include <openssl/pkcs12.h>`
			`#include <openssl/x509.h>`
			`#include <openssl/proverr.h>`
			`#include "internal/asn1.h"`
			`#include "internal/sizes.h"`
			`#include "prov/bio.h"`
			`#include "prov/implementations.h"`
			`#include "endecoder_local.h"`

			`static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;`
			`static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;`
			`static OSSL_FUNC_decoder_decode_fn epki2pki_decode;`

			`/*`
			`* Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.`
			`*/`
			`struct epki2pki_ctx_st {`
			`PROV_CTX *provctx;`
			`};`

			`static void epki2pki_newctx(void provctx)`
			`{`
			`struct epki2pki_ctx_st ctx = OPENSSL_zalloc(sizeof(ctx));`

			`if (ctx != NULL)`
			`ctx->provctx = provctx;`
			`return ctx;`
			`}`

			`static void epki2pki_freectx(void *vctx)`
			`{`
			`struct epki2pki_ctx_st *ctx = vctx;`

			`OPENSSL_free(ctx);`
			`}`

			`/*`
			`* The selection parameter in epki2pki_decode() is not used by this function`
			`* because it's not relevant just to decode EncryptedPrivateKeyInfo to`
			`* PrivateKeyInfo.`
			`*/`
			`static int epki2pki_decode(void vctx, OSSL_CORE_BIO cin, int selection,`
			`OSSL_CALLBACK data_cb, void data_cbarg,`
			`OSSL_PASSPHRASE_CALLBACK pw_cb, void pw_cbarg)`
			`{`
			`struct epki2pki_ctx_st *ctx = vctx;`
			`BUF_MEM *mem = NULL;`
			`unsigned char *der = NULL;`
			`const unsigned char *pder = NULL;`
			`long der_len = 0;`
			`X509_SIG *p8 = NULL;`
			`PKCS8_PRIV_KEY_INFO *p8inf = NULL;`
			`const X509_ALGOR *alg = NULL;`
			`BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);`
			`int ok = 0;`

			`if (in == NULL)`
			`return 0;`

			`ok = (asn1_d2i_read_bio(in, &mem) >= 0);`
			`BIO_free(in);`

			`/* We return "empty handed". This is not an error. */`
			`if (!ok)`
			`return 1;`

			`pder = der = (unsigned char *)mem->data;`
			`der_len = (long)mem->length;`
			`OPENSSL_free(mem);`

			`ok = 1; /* Assume good */`
			`ERR_set_mark();`
			`if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {`
			`char pbuf[1024];`
			`size_t plen = 0;`

			`ERR_clear_last_mark();`

			`if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {`
			`ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);`
			`ok = 0;`
			`} else {`
			`const ASN1_OCTET_STRING *oct;`
			`unsigned char *new_der = NULL;`
			`int new_der_len = 0;`

			`X509_SIG_get0(p8, &alg, &oct);`
			`if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,`
			`oct->data, oct->length,`
			`&new_der, &new_der_len, 0,`
			`PROV_LIBCTX_OF(ctx->provctx), NULL)) {`
			`ok = 0;`
			`} else {`
			`OPENSSL_free(der);`
			`der = new_der;`
			`der_len = new_der_len;`
			`}`
			`alg = NULL;`
			`}`
			`X509_SIG_free(p8);`
			`} else {`
			`ERR_pop_to_mark();`
			`}`

			`ERR_set_mark();`
			`pder = der;`
			`p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);`
			`ERR_pop_to_mark();`

			`if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {`
			`/*`
			`* We have something and recognised it as PrivateKeyInfo, so let's`
			`* pass all the applicable data to the callback.`
			`*/`
			`char keytype[OSSL_MAX_NAME_SIZE];`
			`OSSL_PARAM params[5], *p = params;`
			`int objtype = OSSL_OBJECT_PKEY;`

			`OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);`

			`*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,`
			`keytype, 0);`
			`*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,`
			`"PrivateKeyInfo", 0);`
			`*p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,`
			`der, der_len);`
			`*p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);`
			`*p = OSSL_PARAM_construct_end();`

			`ok = data_cb(params, data_cbarg);`
			`}`
			`PKCS8_PRIV_KEY_INFO_free(p8inf);`
			`OPENSSL_free(der);`
			`return ok;`
			`}`

			`const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {`
			`{ OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },`
			`{ OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },`
			`{ OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },`
			`{ 0, NULL }`
			`};`