PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12410)

providers/implementations/serializers/deserialize_common.c

@@ -8,10 +8,14 @@
  */
 
 #include <openssl/bio.h>
+#include <openssl/err.h>
 #include <openssl/buffer.h>
 #include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include "internal/cryptlib.h"
 #include "crypto/asn1.h"
-#include "prov/bio.h"
+#include "prov/bio.h"               /* ossl_prov_bio_printf() */
+#include "prov/providercommonerr.h" /* PROV_R_READ_KEY */
 #include "serializer_local.h"
 
 int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
@@ -40,3 +44,48 @@ int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
     BIO_free(in);
     return ok;
 }
+
+int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len,
+                          unsigned char *input_der, long input_der_len,
+                          struct pkcs8_encrypt_ctx_st *ctx)
+{
+    const unsigned char *derp;
+    X509_SIG *p8 = NULL;
+    int ok = 0;
+
+    if (!ossl_assert(new_der != NULL && *new_der == NULL)
+        || !ossl_assert(new_der_len != NULL))
+        return 0;
+
+    if (ctx->cipher == NULL)
+        return 0;
+
+    derp = input_der;
+    if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) {
+        char pbuf[PEM_BUFSIZE];
+        const void *pstr = ctx->cipher_pass;
+        size_t plen = ctx->cipher_pass_length;
+
+        if (pstr == NULL) {
+            pstr = pbuf;
+            if (!ctx->cb(pbuf, sizeof(pbuf), &plen, NULL, ctx->cbarg)) {
+                ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
+                pstr = NULL;
+            }
+        }
+
+        if (pstr != NULL) {
+            const X509_ALGOR *alg = NULL;
+            const ASN1_OCTET_STRING *oct = NULL;
+            int len = 0;
+
+            X509_SIG_get0(p8, &alg, &oct);
+            if (PKCS12_pbe_crypt(alg, pstr, plen, oct->data, oct->length,
+                                 new_der, &len, 0) != NULL)
+                ok = 1;
+            *new_der_len = len;
+        }
+    }
+    X509_SIG_free(p8);
+    return ok;
+}

providers/implementations/serializers/deserialize_der2rsa.c

@@ -26,6 +26,8 @@ static OSSL_FUNC_deserializer_newctx_fn der2rsa_newctx;
 static OSSL_FUNC_deserializer_freectx_fn der2rsa_freectx;
 static OSSL_FUNC_deserializer_gettable_params_fn der2rsa_gettable_params;
 static OSSL_FUNC_deserializer_get_params_fn der2rsa_get_params;
+static OSSL_FUNC_deserializer_settable_ctx_params_fn der2rsa_settable_ctx_params;
+static OSSL_FUNC_deserializer_set_ctx_params_fn der2rsa_set_ctx_params;
 static OSSL_FUNC_deserializer_deserialize_fn der2rsa_deserialize;
 static OSSL_FUNC_deserializer_export_object_fn der2rsa_export_object;
 
@@ -35,9 +37,7 @@ static OSSL_FUNC_deserializer_export_object_fn der2rsa_export_object;
 struct der2rsa_ctx_st {
     PROV_CTX *provctx;
 
-#if 0
     struct pkcs8_encrypt_ctx_st sc;
-#endif
 };
 
 static void *der2rsa_newctx(void *provctx)
@@ -46,6 +46,8 @@ static void *der2rsa_newctx(void *provctx)
 
     if (ctx != NULL) {
         ctx->provctx = provctx;
+        /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */
+        ctx->sc.pbe_nid = -1;
     }
     return ctx;
 }
@@ -54,6 +56,8 @@ static void der2rsa_freectx(void *vctx)
 {
     struct der2rsa_ctx_st *ctx = vctx;
 
+    EVP_CIPHER_free(ctx->sc.cipher);
+    OPENSSL_clear_free(ctx->sc.cipher_pass, ctx->sc.cipher_pass_length);
     OPENSSL_free(ctx);
 }
 
@@ -78,6 +82,56 @@ static int der2rsa_get_params(OSSL_PARAM params[])
     return 1;
 }
 
+
+static const OSSL_PARAM *der2rsa_settable_ctx_params(void)
+{
+    static const OSSL_PARAM settables[] = {
+        OSSL_PARAM_utf8_string(OSSL_DESERIALIZER_PARAM_CIPHER, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_DESERIALIZER_PARAM_PROPERTIES, NULL, 0),
+        OSSL_PARAM_octet_string(OSSL_DESERIALIZER_PARAM_PASS, NULL, 0),
+        OSSL_PARAM_END,
+    };
+
+    return settables;
+}
+
+static int der2rsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    struct der2rsa_ctx_st *ctx = vctx;
+    OPENSSL_CTX *libctx = PROV_CTX_get0_library_context(ctx->provctx);
+    const OSSL_PARAM *p;
+
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_CIPHER))
+        != NULL) {
+        const OSSL_PARAM *propsp =
+            OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_PROPERTIES);
+        const char *props = NULL;
+
+        if (p->data_type != OSSL_PARAM_UTF8_STRING)
+            return 0;
+        if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING)
+            return 0;
+        props = (propsp != NULL ? propsp->data : NULL);
+
+        EVP_CIPHER_free(ctx->sc.cipher);
+        ctx->sc.cipher = NULL;
+        ctx->sc.cipher_intent = p->data != NULL;
+        if (p->data != NULL
+            && ((ctx->sc.cipher = EVP_CIPHER_fetch(libctx, p->data, props))
+                == NULL))
+            return 0;
+    }
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_PASS))
+        != NULL) {
+        OPENSSL_clear_free(ctx->sc.cipher_pass, ctx->sc.cipher_pass_length);
+        ctx->sc.cipher_pass = NULL;
+        if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0,
+                                         &ctx->sc.cipher_pass_length))
+            return 0;
+    }
+    return 1;
+}
+
 static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
                                OSSL_CALLBACK *data_cb, void *data_cbarg,
                                OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@@ -88,34 +142,28 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
     unsigned char *der = NULL;
     const unsigned char *derp;
     long der_len = 0;
+    unsigned char *new_der = NULL;
+    long new_der_len;
     EVP_PKEY *pkey = NULL;
     int ok = 0;
 
+    ctx->sc.cb = pw_cb;
+    ctx->sc.cbarg = pw_cbarg;
+
     if (!ossl_prov_read_der(ctx->provctx, cin, &der, &der_len))
         return 0;
 
-    derp = der;
-#if 0                            /* PKCS#8 decryption coming soon */
-    X509_SIG *p8 = NULL;
-    if ((p8 = d2i_X509_SIG(NULL, &derp, der_len)) != NULL) {
-        const X509_ALGOR *dalg = NULL;
-        const ASN1_OCTET_STRING *doct = NULL;
-        unsigned char *new_data = NULL;
-        int new_data_len;
-
-        /* passphrase fetching code TBA */
-        X509_SIG_get0(p8, &dalg, &doct);
-        if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass),
-                              doct->data, doct->length,
-                              &new_data, &new_data_len, 0))
-            goto nop8;
+    /*
+     * Opportunistic attempt to decrypt.  If it doesn't work, we try to
+     * decode our input unencrypted.
+     */
+    if (ctx->sc.cipher_intent
+        && ossl_prov_der_from_p8(&new_der, &new_der_len, der, der_len,
+                                 &ctx->sc)) {
         OPENSSL_free(der);
-        der = new_data;
-        der_len = new_data_len;
+        der = new_der;
+        der_len = new_der_len;
     }
-    X509_SIG_free(p8);
- nop8:
-#endif
 
     derp = der;
     if ((pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &derp, der_len,
@@ -171,6 +219,10 @@ const OSSL_DISPATCH der_to_rsa_deserializer_functions[] = {
       (void (*)(void))der2rsa_gettable_params },
     { OSSL_FUNC_DESERIALIZER_GET_PARAMS,
       (void (*)(void))der2rsa_get_params },
+    { OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS,
+      (void (*)(void))der2rsa_settable_ctx_params },
+    { OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS,
+      (void (*)(void))der2rsa_set_ctx_params },
     { OSSL_FUNC_DESERIALIZER_DESERIALIZE,
       (void (*)(void))der2rsa_deserialize },
     { OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT,

providers/implementations/serializers/serializer_local.h

@@ -165,3 +165,8 @@ int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
 int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
                        char **pem_name, char **pem_header,
                        unsigned char **data, long *len);
+
+int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len,
+                          unsigned char *input_der, long input_der_len,
+                          struct pkcs8_encrypt_ctx_st *ctx);
+