1 /* $OpenBSD: p_lib.c,v 1.60 2024/04/09 13:52:41 beck Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58 /* ====================================================================
59 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * licensing@OpenSSL.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 */
105
106 #include <stdio.h>
107 #include <stdlib.h>
108 #include <string.h>
109
110 #include <openssl/asn1.h>
111 #include <openssl/bio.h>
112 #include <openssl/cmac.h>
113 #include <openssl/crypto.h>
114 #include <openssl/err.h>
115 #include <openssl/evp.h>
116 #include <openssl/objects.h>
117 #include <openssl/x509.h>
118
119 #ifndef OPENSSL_NO_DH
120 #include <openssl/dh.h>
121 #endif
122 #ifndef OPENSSL_NO_DSA
123 #include <openssl/dsa.h>
124 #endif
125 #ifndef OPENSSL_NO_EC
126 #include <openssl/ec.h>
127 #endif
128 #ifndef OPENSSL_NO_RSA
129 #include <openssl/rsa.h>
130 #endif
131
132 #include "evp_local.h"
133
134 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
135 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
136 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth;
137 extern const EVP_PKEY_ASN1_METHOD dsa1_asn1_meth;
138 extern const EVP_PKEY_ASN1_METHOD dsa2_asn1_meth;
139 extern const EVP_PKEY_ASN1_METHOD dsa3_asn1_meth;
140 extern const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth;
141 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
142 extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
143 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
144 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
145 extern const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth;
146 extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
147 extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
148
149 static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
150 &cmac_asn1_meth,
151 &dh_asn1_meth,
152 &dsa_asn1_meth,
153 &dsa1_asn1_meth,
154 &dsa2_asn1_meth,
155 &dsa3_asn1_meth,
156 &dsa4_asn1_meth,
157 &eckey_asn1_meth,
158 &ed25519_asn1_meth,
159 &hmac_asn1_meth,
160 &rsa_asn1_meth,
161 &rsa2_asn1_meth,
162 &rsa_pss_asn1_meth,
163 &x25519_asn1_meth,
164 };
165
166 #define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
167
168 int
EVP_PKEY_asn1_get_count(void)169 EVP_PKEY_asn1_get_count(void)
170 {
171 return N_ASN1_METHODS;
172 }
173 LCRYPTO_ALIAS(EVP_PKEY_asn1_get_count);
174
175 const EVP_PKEY_ASN1_METHOD *
EVP_PKEY_asn1_get0(int idx)176 EVP_PKEY_asn1_get0(int idx)
177 {
178 if (idx < 0 || idx >= N_ASN1_METHODS)
179 return NULL;
180
181 return asn1_methods[idx];
182 }
183 LCRYPTO_ALIAS(EVP_PKEY_asn1_get0);
184
185 const EVP_PKEY_ASN1_METHOD *
EVP_PKEY_asn1_find(ENGINE ** engine,int pkey_id)186 EVP_PKEY_asn1_find(ENGINE **engine, int pkey_id)
187 {
188 size_t i;
189
190 if (engine != NULL)
191 *engine = NULL;
192
193 for (i = 0; i < N_ASN1_METHODS; i++) {
194 if (asn1_methods[i]->pkey_id == pkey_id)
195 return asn1_methods[i]->base_method;
196 }
197
198 return NULL;
199 }
200 LCRYPTO_ALIAS(EVP_PKEY_asn1_find);
201
202 const EVP_PKEY_ASN1_METHOD *
EVP_PKEY_asn1_find_str(ENGINE ** engine,const char * str,int len)203 EVP_PKEY_asn1_find_str(ENGINE **engine, const char *str, int len)
204 {
205 const EVP_PKEY_ASN1_METHOD *ameth;
206 size_t i, str_len;
207
208 if (engine != NULL)
209 *engine = NULL;
210
211 if (len < -1)
212 return NULL;
213 if (len == -1)
214 str_len = strlen(str);
215 else
216 str_len = len;
217
218 for (i = 0; i < N_ASN1_METHODS; i++) {
219 ameth = asn1_methods[i];
220 if ((ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
221 continue;
222 if (strlen(ameth->pem_str) != str_len)
223 continue;
224 if (strncasecmp(ameth->pem_str, str, str_len) == 0)
225 return ameth;
226 }
227
228 return NULL;
229 }
230 LCRYPTO_ALIAS(EVP_PKEY_asn1_find_str);
231
232 int
EVP_PKEY_asn1_get0_info(int * pkey_id,int * pkey_base_id,int * pkey_flags,const char ** info,const char ** pem_str,const EVP_PKEY_ASN1_METHOD * ameth)233 EVP_PKEY_asn1_get0_info(int *pkey_id, int *pkey_base_id, int *pkey_flags,
234 const char **info, const char **pem_str,
235 const EVP_PKEY_ASN1_METHOD *ameth)
236 {
237 if (ameth == NULL)
238 return 0;
239
240 if (pkey_id != NULL)
241 *pkey_id = ameth->pkey_id;
242 if (pkey_base_id != NULL)
243 *pkey_base_id = ameth->base_method->pkey_id;
244 if (pkey_flags != NULL)
245 *pkey_flags = ameth->pkey_flags;
246 if (info != NULL)
247 *info = ameth->info;
248 if (pem_str != NULL)
249 *pem_str = ameth->pem_str;
250
251 return 1;
252 }
253 LCRYPTO_ALIAS(EVP_PKEY_asn1_get0_info);
254
255 const EVP_PKEY_ASN1_METHOD*
EVP_PKEY_get0_asn1(const EVP_PKEY * pkey)256 EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
257 {
258 return pkey->ameth;
259 }
260 LCRYPTO_ALIAS(EVP_PKEY_get0_asn1);
261
262 int
EVP_PKEY_bits(const EVP_PKEY * pkey)263 EVP_PKEY_bits(const EVP_PKEY *pkey)
264 {
265 if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
266 return pkey->ameth->pkey_bits(pkey);
267 return 0;
268 }
269 LCRYPTO_ALIAS(EVP_PKEY_bits);
270
271 int
EVP_PKEY_security_bits(const EVP_PKEY * pkey)272 EVP_PKEY_security_bits(const EVP_PKEY *pkey)
273 {
274 if (pkey == NULL)
275 return 0;
276 if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL)
277 return -2;
278
279 return pkey->ameth->pkey_security_bits(pkey);
280 }
281 LCRYPTO_ALIAS(EVP_PKEY_security_bits);
282
283 int
EVP_PKEY_size(const EVP_PKEY * pkey)284 EVP_PKEY_size(const EVP_PKEY *pkey)
285 {
286 if (pkey && pkey->ameth && pkey->ameth->pkey_size)
287 return pkey->ameth->pkey_size(pkey);
288 return 0;
289 }
290 LCRYPTO_ALIAS(EVP_PKEY_size);
291
292 int
EVP_PKEY_save_parameters(EVP_PKEY * pkey,int mode)293 EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
294 {
295 #ifndef OPENSSL_NO_DSA
296 if (pkey->type == EVP_PKEY_DSA) {
297 int ret = pkey->save_parameters;
298
299 if (mode >= 0)
300 pkey->save_parameters = mode;
301 return (ret);
302 }
303 #endif
304 #ifndef OPENSSL_NO_EC
305 if (pkey->type == EVP_PKEY_EC) {
306 int ret = pkey->save_parameters;
307
308 if (mode >= 0)
309 pkey->save_parameters = mode;
310 return (ret);
311 }
312 #endif
313 return (0);
314 }
315 LCRYPTO_ALIAS(EVP_PKEY_save_parameters);
316
317 int
EVP_PKEY_copy_parameters(EVP_PKEY * to,const EVP_PKEY * from)318 EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
319 {
320 if (to->type != from->type) {
321 EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
322 goto err;
323 }
324
325 if (EVP_PKEY_missing_parameters(from)) {
326 EVPerror(EVP_R_MISSING_PARAMETERS);
327 goto err;
328 }
329 if (from->ameth && from->ameth->param_copy)
330 return from->ameth->param_copy(to, from);
331
332 err:
333 return 0;
334 }
335 LCRYPTO_ALIAS(EVP_PKEY_copy_parameters);
336
337 int
EVP_PKEY_missing_parameters(const EVP_PKEY * pkey)338 EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
339 {
340 if (pkey->ameth && pkey->ameth->param_missing)
341 return pkey->ameth->param_missing(pkey);
342 return 0;
343 }
344 LCRYPTO_ALIAS(EVP_PKEY_missing_parameters);
345
346 int
EVP_PKEY_cmp_parameters(const EVP_PKEY * a,const EVP_PKEY * b)347 EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
348 {
349 if (a->type != b->type)
350 return -1;
351 if (a->ameth && a->ameth->param_cmp)
352 return a->ameth->param_cmp(a, b);
353 return -2;
354 }
355 LCRYPTO_ALIAS(EVP_PKEY_cmp_parameters);
356
357 int
EVP_PKEY_cmp(const EVP_PKEY * a,const EVP_PKEY * b)358 EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
359 {
360 if (a->type != b->type)
361 return -1;
362
363 if (a->ameth) {
364 int ret;
365 /* Compare parameters if the algorithm has them */
366 if (a->ameth->param_cmp) {
367 ret = a->ameth->param_cmp(a, b);
368 if (ret <= 0)
369 return ret;
370 }
371
372 if (a->ameth->pub_cmp)
373 return a->ameth->pub_cmp(a, b);
374 }
375
376 return -2;
377 }
378 LCRYPTO_ALIAS(EVP_PKEY_cmp);
379
380 EVP_PKEY *
EVP_PKEY_new(void)381 EVP_PKEY_new(void)
382 {
383 EVP_PKEY *pkey;
384
385 if ((pkey = calloc(1, sizeof(*pkey))) == NULL) {
386 EVPerror(ERR_R_MALLOC_FAILURE);
387 return NULL;
388 }
389
390 pkey->type = EVP_PKEY_NONE;
391 pkey->references = 1;
392 pkey->save_parameters = 1;
393
394 return pkey;
395 }
396 LCRYPTO_ALIAS(EVP_PKEY_new);
397
398 int
EVP_PKEY_up_ref(EVP_PKEY * pkey)399 EVP_PKEY_up_ref(EVP_PKEY *pkey)
400 {
401 return CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY) > 1;
402 }
403 LCRYPTO_ALIAS(EVP_PKEY_up_ref);
404
405 static void
evp_pkey_free_pkey_ptr(EVP_PKEY * pkey)406 evp_pkey_free_pkey_ptr(EVP_PKEY *pkey)
407 {
408 if (pkey == NULL || pkey->ameth == NULL || pkey->ameth->pkey_free == NULL)
409 return;
410
411 pkey->ameth->pkey_free(pkey);
412 pkey->pkey.ptr = NULL;
413 }
414
415 void
EVP_PKEY_free(EVP_PKEY * pkey)416 EVP_PKEY_free(EVP_PKEY *pkey)
417 {
418 if (pkey == NULL)
419 return;
420
421 if (CRYPTO_add(&pkey->references, -1, CRYPTO_LOCK_EVP_PKEY) > 0)
422 return;
423
424 evp_pkey_free_pkey_ptr(pkey);
425 sk_X509_ATTRIBUTE_pop_free(pkey->attributes, X509_ATTRIBUTE_free);
426 freezero(pkey, sizeof(*pkey));
427 }
428 LCRYPTO_ALIAS(EVP_PKEY_free);
429
430 int
EVP_PKEY_set_type(EVP_PKEY * pkey,int type)431 EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
432 {
433 const EVP_PKEY_ASN1_METHOD *ameth;
434
435 evp_pkey_free_pkey_ptr(pkey);
436
437 if ((ameth = EVP_PKEY_asn1_find(NULL, type)) == NULL) {
438 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
439 return 0;
440 }
441 if (pkey != NULL) {
442 pkey->ameth = ameth;
443 pkey->type = pkey->ameth->pkey_id;
444 }
445
446 return 1;
447 }
448 LCRYPTO_ALIAS(EVP_PKEY_set_type);
449
450 int
EVP_PKEY_set_type_str(EVP_PKEY * pkey,const char * str,int len)451 EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
452 {
453 const EVP_PKEY_ASN1_METHOD *ameth;
454
455 evp_pkey_free_pkey_ptr(pkey);
456
457 if ((ameth = EVP_PKEY_asn1_find_str(NULL, str, len)) == NULL) {
458 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
459 return 0;
460 }
461 if (pkey != NULL) {
462 pkey->ameth = ameth;
463 pkey->type = pkey->ameth->pkey_id;
464 }
465
466 return 1;
467 }
468 LCRYPTO_ALIAS(EVP_PKEY_set_type_str);
469
470 int
EVP_PKEY_assign(EVP_PKEY * pkey,int type,void * key)471 EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
472 {
473 if (!EVP_PKEY_set_type(pkey, type))
474 return 0;
475
476 return (pkey->pkey.ptr = key) != NULL;
477 }
478 LCRYPTO_ALIAS(EVP_PKEY_assign);
479
480 EVP_PKEY *
EVP_PKEY_new_raw_private_key(int type,ENGINE * engine,const unsigned char * private_key,size_t len)481 EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
482 const unsigned char *private_key, size_t len)
483 {
484 EVP_PKEY *pkey;
485
486 if ((pkey = EVP_PKEY_new()) == NULL)
487 goto err;
488
489 if (!EVP_PKEY_set_type(pkey, type))
490 goto err;
491
492 if (pkey->ameth->set_priv_key == NULL) {
493 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
494 goto err;
495 }
496 if (!pkey->ameth->set_priv_key(pkey, private_key, len)) {
497 EVPerror(EVP_R_KEY_SETUP_FAILED);
498 goto err;
499 }
500
501 return pkey;
502
503 err:
504 EVP_PKEY_free(pkey);
505
506 return NULL;
507 }
508 LCRYPTO_ALIAS(EVP_PKEY_new_raw_private_key);
509
510 EVP_PKEY *
EVP_PKEY_new_raw_public_key(int type,ENGINE * engine,const unsigned char * public_key,size_t len)511 EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
512 const unsigned char *public_key, size_t len)
513 {
514 EVP_PKEY *pkey;
515
516 if ((pkey = EVP_PKEY_new()) == NULL)
517 goto err;
518
519 if (!EVP_PKEY_set_type(pkey, type))
520 goto err;
521
522 if (pkey->ameth->set_pub_key == NULL) {
523 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
524 goto err;
525 }
526 if (!pkey->ameth->set_pub_key(pkey, public_key, len)) {
527 EVPerror(EVP_R_KEY_SETUP_FAILED);
528 goto err;
529 }
530
531 return pkey;
532
533 err:
534 EVP_PKEY_free(pkey);
535
536 return NULL;
537 }
538 LCRYPTO_ALIAS(EVP_PKEY_new_raw_public_key);
539
540 int
EVP_PKEY_get_raw_private_key(const EVP_PKEY * pkey,unsigned char * out_private_key,size_t * out_len)541 EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
542 unsigned char *out_private_key, size_t *out_len)
543 {
544 if (pkey->ameth->get_priv_key == NULL) {
545 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
546 return 0;
547 }
548 if (!pkey->ameth->get_priv_key(pkey, out_private_key, out_len)) {
549 EVPerror(EVP_R_GET_RAW_KEY_FAILED);
550 return 0;
551 }
552
553 return 1;
554 }
555 LCRYPTO_ALIAS(EVP_PKEY_get_raw_private_key);
556
557 int
EVP_PKEY_get_raw_public_key(const EVP_PKEY * pkey,unsigned char * out_public_key,size_t * out_len)558 EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
559 unsigned char *out_public_key, size_t *out_len)
560 {
561 if (pkey->ameth->get_pub_key == NULL) {
562 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
563 return 0;
564 }
565 if (!pkey->ameth->get_pub_key(pkey, out_public_key, out_len)) {
566 EVPerror(EVP_R_GET_RAW_KEY_FAILED);
567 return 0;
568 }
569
570 return 1;
571 }
572 LCRYPTO_ALIAS(EVP_PKEY_get_raw_public_key);
573
574 EVP_PKEY *
EVP_PKEY_new_CMAC_key(ENGINE * e,const unsigned char * priv,size_t len,const EVP_CIPHER * cipher)575 EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
576 const EVP_CIPHER *cipher)
577 {
578 EVP_PKEY *pkey = NULL;
579 CMAC_CTX *cmctx = NULL;
580
581 if ((pkey = EVP_PKEY_new()) == NULL)
582 goto err;
583 if ((cmctx = CMAC_CTX_new()) == NULL)
584 goto err;
585
586 if (!EVP_PKEY_set_type(pkey, EVP_PKEY_CMAC))
587 goto err;
588
589 if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) {
590 EVPerror(EVP_R_KEY_SETUP_FAILED);
591 goto err;
592 }
593
594 pkey->pkey.ptr = cmctx;
595
596 return pkey;
597
598 err:
599 EVP_PKEY_free(pkey);
600 CMAC_CTX_free(cmctx);
601
602 return NULL;
603 }
604 LCRYPTO_ALIAS(EVP_PKEY_new_CMAC_key);
605
606 void *
EVP_PKEY_get0(const EVP_PKEY * pkey)607 EVP_PKEY_get0(const EVP_PKEY *pkey)
608 {
609 return pkey->pkey.ptr;
610 }
611 LCRYPTO_ALIAS(EVP_PKEY_get0);
612
613 const unsigned char *
EVP_PKEY_get0_hmac(const EVP_PKEY * pkey,size_t * len)614 EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
615 {
616 ASN1_OCTET_STRING *os;
617
618 if (pkey->type != EVP_PKEY_HMAC) {
619 EVPerror(EVP_R_EXPECTING_AN_HMAC_KEY);
620 return NULL;
621 }
622
623 os = EVP_PKEY_get0(pkey);
624 *len = os->length;
625
626 return os->data;
627 }
628 LCRYPTO_ALIAS(EVP_PKEY_get0_hmac);
629
630 #ifndef OPENSSL_NO_RSA
631 RSA *
EVP_PKEY_get0_RSA(EVP_PKEY * pkey)632 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
633 {
634 if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS)
635 return pkey->pkey.rsa;
636
637 EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
638 return NULL;
639 }
640 LCRYPTO_ALIAS(EVP_PKEY_get0_RSA);
641
642 RSA *
EVP_PKEY_get1_RSA(EVP_PKEY * pkey)643 EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
644 {
645 RSA *rsa;
646
647 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
648 return NULL;
649
650 RSA_up_ref(rsa);
651
652 return rsa;
653 }
654 LCRYPTO_ALIAS(EVP_PKEY_get1_RSA);
655
656 int
EVP_PKEY_set1_RSA(EVP_PKEY * pkey,RSA * key)657 EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
658 {
659 int ret = EVP_PKEY_assign_RSA(pkey, key);
660 if (ret != 0)
661 RSA_up_ref(key);
662 return ret;
663 }
664 LCRYPTO_ALIAS(EVP_PKEY_set1_RSA);
665 #endif
666
667 #ifndef OPENSSL_NO_DSA
668 DSA *
EVP_PKEY_get0_DSA(EVP_PKEY * pkey)669 EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
670 {
671 if (pkey->type != EVP_PKEY_DSA) {
672 EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
673 return NULL;
674 }
675 return pkey->pkey.dsa;
676 }
677 LCRYPTO_ALIAS(EVP_PKEY_get0_DSA);
678
679 DSA *
EVP_PKEY_get1_DSA(EVP_PKEY * pkey)680 EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
681 {
682 DSA *dsa;
683
684 if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL)
685 return NULL;
686
687 DSA_up_ref(dsa);
688
689 return dsa;
690 }
691 LCRYPTO_ALIAS(EVP_PKEY_get1_DSA);
692
693 int
EVP_PKEY_set1_DSA(EVP_PKEY * pkey,DSA * key)694 EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
695 {
696 int ret = EVP_PKEY_assign_DSA(pkey, key);
697 if (ret != 0)
698 DSA_up_ref(key);
699 return ret;
700 }
701 LCRYPTO_ALIAS(EVP_PKEY_set1_DSA);
702 #endif
703
704 #ifndef OPENSSL_NO_EC
705 EC_KEY *
EVP_PKEY_get0_EC_KEY(EVP_PKEY * pkey)706 EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
707 {
708 if (pkey->type != EVP_PKEY_EC) {
709 EVPerror(EVP_R_EXPECTING_A_EC_KEY);
710 return NULL;
711 }
712 return pkey->pkey.ec;
713 }
714 LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY);
715
716 EC_KEY *
EVP_PKEY_get1_EC_KEY(EVP_PKEY * pkey)717 EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
718 {
719 EC_KEY *key;
720
721 if ((key = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
722 return NULL;
723
724 EC_KEY_up_ref(key);
725
726 return key;
727 }
728 LCRYPTO_ALIAS(EVP_PKEY_get1_EC_KEY);
729
730 int
EVP_PKEY_set1_EC_KEY(EVP_PKEY * pkey,EC_KEY * key)731 EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
732 {
733 int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
734 if (ret != 0)
735 EC_KEY_up_ref(key);
736 return ret;
737 }
738 LCRYPTO_ALIAS(EVP_PKEY_set1_EC_KEY);
739 #endif
740
741
742 #ifndef OPENSSL_NO_DH
743 DH *
EVP_PKEY_get0_DH(EVP_PKEY * pkey)744 EVP_PKEY_get0_DH(EVP_PKEY *pkey)
745 {
746 if (pkey->type != EVP_PKEY_DH) {
747 EVPerror(EVP_R_EXPECTING_A_DH_KEY);
748 return NULL;
749 }
750 return pkey->pkey.dh;
751 }
752 LCRYPTO_ALIAS(EVP_PKEY_get0_DH);
753
754 DH *
EVP_PKEY_get1_DH(EVP_PKEY * pkey)755 EVP_PKEY_get1_DH(EVP_PKEY *pkey)
756 {
757 DH *dh;
758
759 if ((dh = EVP_PKEY_get0_DH(pkey)) == NULL)
760 return NULL;
761
762 DH_up_ref(dh);
763
764 return dh;
765 }
766 LCRYPTO_ALIAS(EVP_PKEY_get1_DH);
767
768 int
EVP_PKEY_set1_DH(EVP_PKEY * pkey,DH * key)769 EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
770 {
771 int ret = EVP_PKEY_assign_DH(pkey, key);
772 if (ret != 0)
773 DH_up_ref(key);
774 return ret;
775 }
776 LCRYPTO_ALIAS(EVP_PKEY_set1_DH);
777 #endif
778
779 int
EVP_PKEY_type(int type)780 EVP_PKEY_type(int type)
781 {
782 const EVP_PKEY_ASN1_METHOD *ameth;
783
784 if ((ameth = EVP_PKEY_asn1_find(NULL, type)) != NULL)
785 return ameth->pkey_id;
786
787 return NID_undef;
788 }
789 LCRYPTO_ALIAS(EVP_PKEY_type);
790
791 int
EVP_PKEY_id(const EVP_PKEY * pkey)792 EVP_PKEY_id(const EVP_PKEY *pkey)
793 {
794 return pkey->type;
795 }
796 LCRYPTO_ALIAS(EVP_PKEY_id);
797
798 int
EVP_PKEY_base_id(const EVP_PKEY * pkey)799 EVP_PKEY_base_id(const EVP_PKEY *pkey)
800 {
801 return EVP_PKEY_type(pkey->type);
802 }
803 LCRYPTO_ALIAS(EVP_PKEY_base_id);
804
805 static int
unsup_alg(BIO * out,const EVP_PKEY * pkey,int indent,const char * kstr)806 unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr)
807 {
808 if (!BIO_indent(out, indent, 128))
809 return 0;
810 BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
811 kstr, OBJ_nid2ln(pkey->type));
812 return 1;
813 }
814
815 int
EVP_PKEY_print_public(BIO * out,const EVP_PKEY * pkey,int indent,ASN1_PCTX * pctx)816 EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
817 ASN1_PCTX *pctx)
818 {
819 if (pkey->ameth && pkey->ameth->pub_print)
820 return pkey->ameth->pub_print(out, pkey, indent, pctx);
821
822 return unsup_alg(out, pkey, indent, "Public Key");
823 }
824 LCRYPTO_ALIAS(EVP_PKEY_print_public);
825
826 int
EVP_PKEY_print_private(BIO * out,const EVP_PKEY * pkey,int indent,ASN1_PCTX * pctx)827 EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
828 ASN1_PCTX *pctx)
829 {
830 if (pkey->ameth && pkey->ameth->priv_print)
831 return pkey->ameth->priv_print(out, pkey, indent, pctx);
832
833 return unsup_alg(out, pkey, indent, "Private Key");
834 }
835 LCRYPTO_ALIAS(EVP_PKEY_print_private);
836
837 int
EVP_PKEY_print_params(BIO * out,const EVP_PKEY * pkey,int indent,ASN1_PCTX * pctx)838 EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
839 ASN1_PCTX *pctx)
840 {
841 if (pkey->ameth && pkey->ameth->param_print)
842 return pkey->ameth->param_print(out, pkey, indent, pctx);
843 return unsup_alg(out, pkey, indent, "Parameters");
844 }
845 LCRYPTO_ALIAS(EVP_PKEY_print_params);
846
847 int
EVP_PKEY_get_default_digest_nid(EVP_PKEY * pkey,int * pnid)848 EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
849 {
850 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
851 return -2;
852 return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
853 0, pnid);
854 }
855 LCRYPTO_ALIAS(EVP_PKEY_get_default_digest_nid);
856