1 files changed, 53 insertions, 44 deletions
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
index 207ccda5ac..2828944777 100644
--- a/src/lib/libcrypto/asn1/d2i_pr.c
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -61,16 +61,12 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
-#ifndef OPENSSL_NO_RSA
+#include <openssl/engine.h>
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
 #endif
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
             long length)
@@ -85,47 +81,43 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                        return(NULL);
                        }
                }
-        else    ret= *a;
+        else
-        ret->save_type=type;
-        ret->type=EVP_PKEY_type(type);
-        switch (ret->type)
                {
-#ifndef OPENSSL_NO_RSA
+                ret= *a;
-        case EVP_PKEY_RSA:
+#ifndef OPENSSL_NO_ENGINE
-                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+                if (ret->engine)
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        ENGINE_finish(ret->engine);
-                        goto err;
+                        ret->engine = NULL;
                        }
-                break;
 #endif
-#ifndef OPENSSL_NO_DSA
+                }
-        case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+        if (!EVP_PKEY_set_type(ret, type))
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                {
+                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                }
+        if (!ret->ameth->old_priv_decode ||
+                        !ret->ameth->old_priv_decode(ret, pp, length))
+                {
+                if (ret->ameth->priv_decode) 
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        PKCS8_PRIV_KEY_INFO *p8=NULL;
-                        goto err;
+                        p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
-                        }
+                        if (!p8) goto err;
-                break;
+                        EVP_PKEY_free(ret);
-#endif
+                        ret = EVP_PKCS82PKEY(p8);
-#ifndef OPENSSL_NO_EC
+                        PKCS8_PRIV_KEY_INFO_free(p8);
-        case EVP_PKEY_EC:
-                if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
+                        } 
-                        (const unsigned char **)pp, length)) == NULL)
+                else 
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
                        goto err;
                        }
-                break;
+                }       
-#endif
-        default:
-                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-                goto err;
-                /* break; */
-                }
        if (a != NULL) (*a)=ret;
        return(ret);
 err:
@@ -146,8 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         * by analyzing it we can determine the passed structure: this
         * assumes the input is surrounded by an ASN1 SEQUENCE.
         */
-        inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
+        inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
-                        ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
        /* Since we only need to discern "traditional format" RSA and DSA
         * keys we can just count the elements.
         */
@@ -155,6 +146,24 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                keytype = EVP_PKEY_DSA;
        else if (sk_ASN1_TYPE_num(inkey) == 4)
                keytype = EVP_PKEY_EC;
+        else if (sk_ASN1_TYPE_num(inkey) == 3)  
+                { /* This seems to be PKCS8, not traditional format */
+                        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
+                        EVP_PKEY *ret;
+                        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+                        if (!p8) 
+                                {
+                                ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                                return NULL;
+                                }
+                        ret = EVP_PKCS82PKEY(p8);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+                        if (a) {
+                                *a = ret;
+                        }       
+                        return ret;
+                }
        else keytype = EVP_PKEY_RSA;
        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
        return d2i_PrivateKey(keytype, a, pp, length);

diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c index 207ccda5ac..2828944777 100644 --- a/src/lib/libcrypto/asn1/d2i_pr.c +++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -61,16 +61,12 @@
61	#include <openssl/bn.h>	61	#include <openssl/bn.h>
62	#include <openssl/evp.h>	62	#include <openssl/evp.h>
63	#include <openssl/objects.h>	63	#include <openssl/objects.h>
64	#include <openssl/asn1.h>	64	#ifndef OPENSSL_NO_ENGINE
65	#ifndef OPENSSL_NO_RSA	65	#include <openssl/engine.h>
66	#include <openssl/rsa.h>
67	#endif
68	#ifndef OPENSSL_NO_DSA
69	#include <openssl/dsa.h>
70	#endif
71	#ifndef OPENSSL_NO_EC
72	#include <openssl/ec.h>
73	#endif	66	#endif
		67	#include <openssl/x509.h>
		68	#include <openssl/asn1.h>
		69	#include "asn1_locl.h"
74		70
75	EVP_PKEY d2i_PrivateKey(int type, EVP_PKEY a, const unsigned char *pp,	71	EVP_PKEY d2i_PrivateKey(int type, EVP_PKEY a, const unsigned char *pp,
76	long length)	72	long length)
@@ -85,47 +81,43 @@ EVP_PKEY d2i_PrivateKey(int type, EVP_PKEY a, const unsigned char *pp,
85	return(NULL);	81	return(NULL);
86	}	82	}
87	}	83	}
88	else ret= *a;	84	else
89
90	ret->save_type=type;
91	ret->type=EVP_PKEY_type(type);
92	switch (ret->type)
93	{	85	{
94	#ifndef OPENSSL_NO_RSA	86	ret= *a;
95	case EVP_PKEY_RSA:	87	#ifndef OPENSSL_NO_ENGINE
96	if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,	88	if (ret->engine)
97	(const unsigned char *)pp,length)) == NULL) / TMP UGLY CAST */
98	{	89	{
99	ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);	90	ENGINE_finish(ret->engine);
100	goto err;	91	ret->engine = NULL;
101	}	92	}
102	break;
103	#endif	93	#endif
104	#ifndef OPENSSL_NO_DSA	94	}
105	case EVP_PKEY_DSA:	95
106	if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,	96	if (!EVP_PKEY_set_type(ret, type))
107	(const unsigned char *)pp,length)) == NULL) / TMP UGLY CAST */	97	{
		98	ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
		99	goto err;
		100	}
		101
		102	if (!ret->ameth->old_priv_decode \|\|
		103	!ret->ameth->old_priv_decode(ret, pp, length))
		104	{
		105	if (ret->ameth->priv_decode)
108	{	106	{
109	ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);	107	PKCS8_PRIV_KEY_INFO *p8=NULL;
110	goto err;	108	p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
111	}	109	if (!p8) goto err;
112	break;	110	EVP_PKEY_free(ret);
113	#endif	111	ret = EVP_PKCS82PKEY(p8);
114	#ifndef OPENSSL_NO_EC	112	PKCS8_PRIV_KEY_INFO_free(p8);
115	case EVP_PKEY_EC:	113
116	if ((ret->pkey.ec = d2i_ECPrivateKey(NULL,	114	}
117	(const unsigned char **)pp, length)) == NULL)	115	else
118	{	116	{
119	ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);	117	ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
120	goto err;	118	goto err;
121	}	119	}
122	break;	120	}
123	#endif
124	default:
125	ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
126	goto err;
127	/* break; */
128	}
129	if (a != NULL) (*a)=ret;	121	if (a != NULL) (*a)=ret;
130	return(ret);	122	return(ret);
131	err:	123	err:
@@ -146,8 +138,7 @@ EVP_PKEY d2i_AutoPrivateKey(EVP_PKEY a, const unsigned char *pp,
146	* by analyzing it we can determine the passed structure: this	138	* by analyzing it we can determine the passed structure: this
147	* assumes the input is surrounded by an ASN1 SEQUENCE.	139	* assumes the input is surrounded by an ASN1 SEQUENCE.
148	*/	140	*/
149	inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,	141	inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
150	ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
151	/* Since we only need to discern "traditional format" RSA and DSA	142	/* Since we only need to discern "traditional format" RSA and DSA
152	* keys we can just count the elements.	143	* keys we can just count the elements.
153	*/	144	*/
@@ -155,6 +146,24 @@ EVP_PKEY d2i_AutoPrivateKey(EVP_PKEY a, const unsigned char *pp,
155	keytype = EVP_PKEY_DSA;	146	keytype = EVP_PKEY_DSA;
156	else if (sk_ASN1_TYPE_num(inkey) == 4)	147	else if (sk_ASN1_TYPE_num(inkey) == 4)
157	keytype = EVP_PKEY_EC;	148	keytype = EVP_PKEY_EC;
		149	else if (sk_ASN1_TYPE_num(inkey) == 3)
		150	{ /* This seems to be PKCS8, not traditional format */
		151	PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
		152	EVP_PKEY *ret;
		153
		154	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
		155	if (!p8)
		156	{
		157	ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
		158	return NULL;
		159	}
		160	ret = EVP_PKCS82PKEY(p8);
		161	PKCS8_PRIV_KEY_INFO_free(p8);
		162	if (a) {
		163	*a = ret;
		164	}
		165	return ret;
		166	}
158	else keytype = EVP_PKEY_RSA;	167	else keytype = EVP_PKEY_RSA;
159	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);	168	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
160	return d2i_PrivateKey(keytype, a, pp, length);	169	return d2i_PrivateKey(keytype, a, pp, length);