OpenSSL 3 support for loading engine keys

[DCrow]

Openssl 3 still supports loading engines and some engines still haven't migrated to using providers.
In such cases it is possible to continue using engines. They can be loaded using openssl's config file.

Previously I could load a private key(provided by custom engine) like so

  OpenSSL::PKey.read("some private key")

But now even though engine is loaded the same command returns Could not parse PKey (OpenSSL::PKey::PKeyError).

Using OpenSSL::PKey.new_raw_private_key also did not help.
Locally installing ruby/openssl and reverting ossl_pkey_read_generic in ossl_pkey.c to the previous version(before openssl 3 support) did help, but this method is not viable for production.

Is it possible to provide some way to load such keys?

[rhenium]

Related to #722.

Could you tell us which engine you are using?

[DCrow]

Hello,
I am using GOST-engine.

Currently it is in the process of migrating to openssl 3 but it's still incomplete.

GOST-engine maintainer has recommended to load private keys using PEM_read_bio_PrivateKey which is used in ruby/openssl(but only for openssl < 3).

Here's an example with a private key which ruby/openssl (openssl >= 3) doesn't read but openssl says is valid.

openssl req -x509 -newkey gost2012_256 -pkeyopt paramset:A -nodes -keyout gost_private.pem -out gost_cert.crt -subj "/C=RU/ST=Test/L=Test/O=Test/OU=Test/CN=example.com"

openssl pkey -in ../gost_private.pem -check

For now I am using this to accomplish compatibility with engine provided keys, i.e. trying to read the key using the old way in addition to currently used way.

[rhenium]

I reproduced the error using the gost engine with OpenSSL 3.2.

According to https://github.com/gost-engine/engine/blob/e0a500ab877ba72cb14026a24d462dd923b90ced/README.prov.md, pkeys haven't been ported to a provider and are only implemented through the legacy engine interface.

$ openssl genpkey -engine gost -algorithm gost2012_256 -pkeyopt paramset:A >gost2012_256.pem
$ ruby -Ilib -ropenssl -e'OpenSSL.debug=true; p OpenSSL::PKey.read(File.read("./gost2012_256.pem"))'
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: DER)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: PEM)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: PEM)
-e:1: warning: error on stack: error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported (No supported data to decode. Input type: PEM)
-e:1:in `read': Could not parse PKey (OpenSSL::PKey::PKeyError)
	from -e:1:in `<main>'

OpenSSL::PKey.read currently entirely relies on the OSSL_DECODER API. This API apparently doesn't take care of legacy pkeys (i.e., not backed by a provider). I've overlooked it.

openssl/ext/openssl/ossl_pkey.c

Lines 82 to 181 in 043c503

	#if OSSL_OPENSSL_PREREQ(3, 0, 0)
	# include <openssl/decoder.h>
	static EVP_PKEY *
	ossl_pkey_read(BIO *bio, const char *input_type, int selection, VALUE pass)
	{
	void *ppass = (void *)pass;
	OSSL_DECODER_CTX *dctx;
	EVP_PKEY *pkey = NULL;
	int pos = 0, pos2;
	dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, input_type, NULL, NULL,
	selection, NULL, NULL);
	if (!dctx)
	goto out;
	if (OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb,
	ppass) != 1)
	goto out;
	while (1) {
	if (OSSL_DECODER_from_bio(dctx, bio) == 1)
	goto out;
	if (BIO_eof(bio))
	break;
	pos2 = BIO_tell(bio);
	if (pos2 < 0 || pos2 <= pos)
	break;
	ossl_clear_error();
	pos = pos2;
	}
	out:
	OSSL_BIO_reset(bio);
	OSSL_DECODER_CTX_free(dctx);
	return pkey;
	}
	EVP_PKEY *
	ossl_pkey_read_generic(BIO *bio, VALUE pass)
	{
	EVP_PKEY *pkey = NULL;
	/* First check DER, then check PEM. */
	const char *input_types[] = {"DER", "PEM"};
	int input_type_num = (int)(sizeof(input_types) / sizeof(char *));
	/*
	* Non-zero selections to try to decode.
	*
	* See EVP_PKEY_fromdata(3) - Selections to see all the selections.
	*
	* This is a workaround for the decoder failing to decode or returning
	* bogus keys with selection 0, if a key management provider is different
	* from a decoder provider. The workaround is to avoid using selection 0.
	*
	* Affected OpenSSL versions: >= 3.1.0, <= 3.1.2, or >= 3.0.0, <= 3.0.10
	* Fixed OpenSSL versions: 3.2, next release of the 3.1.z and 3.0.z
	*
	* See https://github.com/openssl/openssl/pull/21519 for details.
	*
	* First check for private key formats (EVP_PKEY_KEYPAIR). This is to keep
	* compatibility with ruby/openssl < 3.0 which decoded the following as a
	* private key.
	*
	* $ openssl ecparam -name prime256v1 -genkey -outform PEM
	* -----BEGIN EC PARAMETERS-----
	* BggqhkjOPQMBBw==
	* -----END EC PARAMETERS-----
	* -----BEGIN EC PRIVATE KEY-----
	* MHcCAQEEIAG8ugBbA5MHkqnZ9ujQF93OyUfL9tk8sxqM5Wv5tKg5oAoGCCqGSM49
	* AwEHoUQDQgAEVcjhJfkwqh5C7kGuhAf8XaAjVuG5ADwb5ayg/cJijCgs+GcXeedj
	* 86avKpGH84DXUlB23C/kPt+6fXYlitUmXQ==
	* -----END EC PRIVATE KEY-----
	*
	* While the first PEM block is a proper encoding of ECParameters, thus
	* OSSL_DECODER_from_bio() would pick it up, ruby/openssl used to return
	* the latter instead. Existing applications expect this behavior.
	*
	* Note that normally, the input is supposed to contain a single decodable
	* PEM block only, so this special handling should not create a new problem.
	*
	* Note that we need to create the OSSL_DECODER_CTX variable each time when
	* we use the different selection as a workaround.
	* See https://github.com/openssl/openssl/issues/20657 for details.
	*/
	int selections[] = {
	EVP_PKEY_KEYPAIR,
	EVP_PKEY_KEY_PARAMETERS,
	EVP_PKEY_PUBLIC_KEY
	};
	int selection_num = (int)(sizeof(selections) / sizeof(int));
	int i, j;
	for (i = 0; i < input_type_num; i++) {
	for (j = 0; j < selection_num; j++) {
	pkey = ossl_pkey_read(bio, input_types[i], selections[j], pass);
	if (pkey) {
	goto out;
	}
	}
	}
	out:
	return pkey;
	}

It looks like we have to fallback to legacy PEM decoding with EVP_PKEY_ASN1_METHOD if OSSL_DECODER fails.