1 /* $OpenBSD: p_lib.c,v 1.61 2024/08/22 12:24:24 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58 /* ====================================================================
59 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * licensing@OpenSSL.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 */
105
106 #include <stdio.h>
107 #include <stdlib.h>
108 #include <string.h>
109
110 #include <openssl/asn1.h>
111 #include <openssl/bio.h>
112 #include <openssl/cmac.h>
113 #include <openssl/crypto.h>
114 #include <openssl/err.h>
115 #include <openssl/evp.h>
116 #include <openssl/objects.h>
117 #include <openssl/x509.h>
118
119 #ifndef OPENSSL_NO_DH
120 #include <openssl/dh.h>
121 #endif
122 #ifndef OPENSSL_NO_DSA
123 #include <openssl/dsa.h>
124 #endif
125 #ifndef OPENSSL_NO_EC
126 #include <openssl/ec.h>
127 #endif
128 #ifndef OPENSSL_NO_RSA
129 #include <openssl/rsa.h>
130 #endif
131
132 #include "evp_local.h"
133
134 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
135 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
136 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth;
137 extern const EVP_PKEY_ASN1_METHOD dsa1_asn1_meth;
138 extern const EVP_PKEY_ASN1_METHOD dsa2_asn1_meth;
139 extern const EVP_PKEY_ASN1_METHOD dsa3_asn1_meth;
140 extern const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth;
141 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
142 extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
143 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
144 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
145 extern const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth;
146 extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
147 extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
148
149 static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
150 &cmac_asn1_meth,
151 &dh_asn1_meth,
152 &dsa_asn1_meth,
153 &dsa1_asn1_meth,
154 &dsa2_asn1_meth,
155 &dsa3_asn1_meth,
156 &dsa4_asn1_meth,
157 &eckey_asn1_meth,
158 &ed25519_asn1_meth,
159 &hmac_asn1_meth,
160 &rsa_asn1_meth,
161 &rsa2_asn1_meth,
162 &rsa_pss_asn1_meth,
163 &x25519_asn1_meth,
164 };
165
166 #define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
167
168 int
EVP_PKEY_asn1_get_count(void)169 EVP_PKEY_asn1_get_count(void)
170 {
171 return N_ASN1_METHODS;
172 }
173 LCRYPTO_ALIAS(EVP_PKEY_asn1_get_count);
174
175 const EVP_PKEY_ASN1_METHOD *
EVP_PKEY_asn1_get0(int idx)176 EVP_PKEY_asn1_get0(int idx)
177 {
178 if (idx < 0 || idx >= N_ASN1_METHODS)
179 return NULL;
180
181 return asn1_methods[idx];
182 }
183 LCRYPTO_ALIAS(EVP_PKEY_asn1_get0);
184
185 const EVP_PKEY_ASN1_METHOD *
EVP_PKEY_asn1_find(ENGINE ** engine,int pkey_id)186 EVP_PKEY_asn1_find(ENGINE **engine, int pkey_id)
187 {
188 size_t i;
189
190 if (engine != NULL)
191 *engine = NULL;
192
193 for (i = 0; i < N_ASN1_METHODS; i++) {
194 if (asn1_methods[i]->pkey_id == pkey_id)
195 return asn1_methods[i]->base_method;
196 }
197
198 return NULL;
199 }
200 LCRYPTO_ALIAS(EVP_PKEY_asn1_find);
201
202 const EVP_PKEY_ASN1_METHOD *
EVP_PKEY_asn1_find_str(ENGINE ** engine,const char * str,int len)203 EVP_PKEY_asn1_find_str(ENGINE **engine, const char *str, int len)
204 {
205 const EVP_PKEY_ASN1_METHOD *ameth;
206 size_t i, str_len;
207
208 if (engine != NULL)
209 *engine = NULL;
210
211 if (len < -1)
212 return NULL;
213 if (len == -1)
214 str_len = strlen(str);
215 else
216 str_len = len;
217
218 for (i = 0; i < N_ASN1_METHODS; i++) {
219 ameth = asn1_methods[i];
220 if ((ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
221 continue;
222 if (strlen(ameth->pem_str) != str_len)
223 continue;
224 if (strncasecmp(ameth->pem_str, str, str_len) == 0)
225 return ameth;
226 }
227
228 return NULL;
229 }
230 LCRYPTO_ALIAS(EVP_PKEY_asn1_find_str);
231
232 int
EVP_PKEY_asn1_get0_info(int * pkey_id,int * pkey_base_id,int * pkey_flags,const char ** info,const char ** pem_str,const EVP_PKEY_ASN1_METHOD * ameth)233 EVP_PKEY_asn1_get0_info(int *pkey_id, int *pkey_base_id, int *pkey_flags,
234 const char **info, const char **pem_str,
235 const EVP_PKEY_ASN1_METHOD *ameth)
236 {
237 if (ameth == NULL)
238 return 0;
239
240 if (pkey_id != NULL)
241 *pkey_id = ameth->pkey_id;
242 if (pkey_base_id != NULL)
243 *pkey_base_id = ameth->base_method->pkey_id;
244 if (pkey_flags != NULL)
245 *pkey_flags = ameth->pkey_flags;
246 if (info != NULL)
247 *info = ameth->info;
248 if (pem_str != NULL)
249 *pem_str = ameth->pem_str;
250
251 return 1;
252 }
253 LCRYPTO_ALIAS(EVP_PKEY_asn1_get0_info);
254
255 const EVP_PKEY_ASN1_METHOD*
EVP_PKEY_get0_asn1(const EVP_PKEY * pkey)256 EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
257 {
258 return pkey->ameth;
259 }
260 LCRYPTO_ALIAS(EVP_PKEY_get0_asn1);
261
262 int
EVP_PKEY_bits(const EVP_PKEY * pkey)263 EVP_PKEY_bits(const EVP_PKEY *pkey)
264 {
265 if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
266 return pkey->ameth->pkey_bits(pkey);
267 return 0;
268 }
269 LCRYPTO_ALIAS(EVP_PKEY_bits);
270
271 int
EVP_PKEY_security_bits(const EVP_PKEY * pkey)272 EVP_PKEY_security_bits(const EVP_PKEY *pkey)
273 {
274 if (pkey == NULL)
275 return 0;
276 if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL)
277 return -2;
278
279 return pkey->ameth->pkey_security_bits(pkey);
280 }
281 LCRYPTO_ALIAS(EVP_PKEY_security_bits);
282
283 int
EVP_PKEY_size(const EVP_PKEY * pkey)284 EVP_PKEY_size(const EVP_PKEY *pkey)
285 {
286 if (pkey && pkey->ameth && pkey->ameth->pkey_size)
287 return pkey->ameth->pkey_size(pkey);
288 return 0;
289 }
290 LCRYPTO_ALIAS(EVP_PKEY_size);
291
292 int
EVP_PKEY_save_parameters(EVP_PKEY * pkey,int mode)293 EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
294 {
295 #ifndef OPENSSL_NO_DSA
296 if (pkey->type == EVP_PKEY_DSA) {
297 int ret = pkey->save_parameters;
298
299 if (mode >= 0)
300 pkey->save_parameters = mode;
301 return (ret);
302 }
303 #endif
304 #ifndef OPENSSL_NO_EC
305 if (pkey->type == EVP_PKEY_EC) {
306 int ret = pkey->save_parameters;
307
308 if (mode >= 0)
309 pkey->save_parameters = mode;
310 return (ret);
311 }
312 #endif
313 return (0);
314 }
315 LCRYPTO_ALIAS(EVP_PKEY_save_parameters);
316
317 int
EVP_PKEY_copy_parameters(EVP_PKEY * to,const EVP_PKEY * from)318 EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
319 {
320 if (to->type != from->type) {
321 EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
322 goto err;
323 }
324
325 if (EVP_PKEY_missing_parameters(from)) {
326 EVPerror(EVP_R_MISSING_PARAMETERS);
327 goto err;
328 }
329 if (from->ameth && from->ameth->param_copy)
330 return from->ameth->param_copy(to, from);
331
332 err:
333 return 0;
334 }
335 LCRYPTO_ALIAS(EVP_PKEY_copy_parameters);
336
337 int
EVP_PKEY_missing_parameters(const EVP_PKEY * pkey)338 EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
339 {
340 if (pkey->ameth && pkey->ameth->param_missing)
341 return pkey->ameth->param_missing(pkey);
342 return 0;
343 }
344 LCRYPTO_ALIAS(EVP_PKEY_missing_parameters);
345
346 int
EVP_PKEY_cmp_parameters(const EVP_PKEY * a,const EVP_PKEY * b)347 EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
348 {
349 if (a->type != b->type)
350 return -1;
351 if (a->ameth && a->ameth->param_cmp)
352 return a->ameth->param_cmp(a, b);
353 return -2;
354 }
355 LCRYPTO_ALIAS(EVP_PKEY_cmp_parameters);
356
357 int
EVP_PKEY_cmp(const EVP_PKEY * a,const EVP_PKEY * b)358 EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
359 {
360 if (a->type != b->type)
361 return -1;
362
363 if (a->ameth) {
364 int ret;
365 /* Compare parameters if the algorithm has them */
366 if (a->ameth->param_cmp) {
367 ret = a->ameth->param_cmp(a, b);
368 if (ret <= 0)
369 return ret;
370 }
371
372 if (a->ameth->pub_cmp)
373 return a->ameth->pub_cmp(a, b);
374 }
375
376 return -2;
377 }
378 LCRYPTO_ALIAS(EVP_PKEY_cmp);
379
380 EVP_PKEY *
EVP_PKEY_new(void)381 EVP_PKEY_new(void)
382 {
383 EVP_PKEY *pkey;
384
385 if ((pkey = calloc(1, sizeof(*pkey))) == NULL) {
386 EVPerror(ERR_R_MALLOC_FAILURE);
387 return NULL;
388 }
389
390 pkey->type = EVP_PKEY_NONE;
391 pkey->references = 1;
392 pkey->save_parameters = 1;
393
394 return pkey;
395 }
396 LCRYPTO_ALIAS(EVP_PKEY_new);
397
398 int
EVP_PKEY_up_ref(EVP_PKEY * pkey)399 EVP_PKEY_up_ref(EVP_PKEY *pkey)
400 {
401 return CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY) > 1;
402 }
403 LCRYPTO_ALIAS(EVP_PKEY_up_ref);
404
405 static void
evp_pkey_free_pkey_ptr(EVP_PKEY * pkey)406 evp_pkey_free_pkey_ptr(EVP_PKEY *pkey)
407 {
408 if (pkey == NULL || pkey->ameth == NULL || pkey->ameth->pkey_free == NULL)
409 return;
410
411 pkey->ameth->pkey_free(pkey);
412 pkey->pkey.ptr = NULL;
413 }
414
415 void
EVP_PKEY_free(EVP_PKEY * pkey)416 EVP_PKEY_free(EVP_PKEY *pkey)
417 {
418 if (pkey == NULL)
419 return;
420
421 if (CRYPTO_add(&pkey->references, -1, CRYPTO_LOCK_EVP_PKEY) > 0)
422 return;
423
424 evp_pkey_free_pkey_ptr(pkey);
425 freezero(pkey, sizeof(*pkey));
426 }
427 LCRYPTO_ALIAS(EVP_PKEY_free);
428
429 int
EVP_PKEY_set_type(EVP_PKEY * pkey,int type)430 EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
431 {
432 const EVP_PKEY_ASN1_METHOD *ameth;
433
434 evp_pkey_free_pkey_ptr(pkey);
435
436 if ((ameth = EVP_PKEY_asn1_find(NULL, type)) == NULL) {
437 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
438 return 0;
439 }
440 if (pkey != NULL) {
441 pkey->ameth = ameth;
442 pkey->type = pkey->ameth->pkey_id;
443 }
444
445 return 1;
446 }
447 LCRYPTO_ALIAS(EVP_PKEY_set_type);
448
449 int
EVP_PKEY_set_type_str(EVP_PKEY * pkey,const char * str,int len)450 EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
451 {
452 const EVP_PKEY_ASN1_METHOD *ameth;
453
454 evp_pkey_free_pkey_ptr(pkey);
455
456 if ((ameth = EVP_PKEY_asn1_find_str(NULL, str, len)) == NULL) {
457 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
458 return 0;
459 }
460 if (pkey != NULL) {
461 pkey->ameth = ameth;
462 pkey->type = pkey->ameth->pkey_id;
463 }
464
465 return 1;
466 }
467 LCRYPTO_ALIAS(EVP_PKEY_set_type_str);
468
469 int
EVP_PKEY_assign(EVP_PKEY * pkey,int type,void * key)470 EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
471 {
472 if (!EVP_PKEY_set_type(pkey, type))
473 return 0;
474
475 return (pkey->pkey.ptr = key) != NULL;
476 }
477 LCRYPTO_ALIAS(EVP_PKEY_assign);
478
479 EVP_PKEY *
EVP_PKEY_new_raw_private_key(int type,ENGINE * engine,const unsigned char * private_key,size_t len)480 EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
481 const unsigned char *private_key, size_t len)
482 {
483 EVP_PKEY *pkey;
484
485 if ((pkey = EVP_PKEY_new()) == NULL)
486 goto err;
487
488 if (!EVP_PKEY_set_type(pkey, type))
489 goto err;
490
491 if (pkey->ameth->set_priv_key == NULL) {
492 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
493 goto err;
494 }
495 if (!pkey->ameth->set_priv_key(pkey, private_key, len)) {
496 EVPerror(EVP_R_KEY_SETUP_FAILED);
497 goto err;
498 }
499
500 return pkey;
501
502 err:
503 EVP_PKEY_free(pkey);
504
505 return NULL;
506 }
507 LCRYPTO_ALIAS(EVP_PKEY_new_raw_private_key);
508
509 EVP_PKEY *
EVP_PKEY_new_raw_public_key(int type,ENGINE * engine,const unsigned char * public_key,size_t len)510 EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
511 const unsigned char *public_key, size_t len)
512 {
513 EVP_PKEY *pkey;
514
515 if ((pkey = EVP_PKEY_new()) == NULL)
516 goto err;
517
518 if (!EVP_PKEY_set_type(pkey, type))
519 goto err;
520
521 if (pkey->ameth->set_pub_key == NULL) {
522 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
523 goto err;
524 }
525 if (!pkey->ameth->set_pub_key(pkey, public_key, len)) {
526 EVPerror(EVP_R_KEY_SETUP_FAILED);
527 goto err;
528 }
529
530 return pkey;
531
532 err:
533 EVP_PKEY_free(pkey);
534
535 return NULL;
536 }
537 LCRYPTO_ALIAS(EVP_PKEY_new_raw_public_key);
538
539 int
EVP_PKEY_get_raw_private_key(const EVP_PKEY * pkey,unsigned char * out_private_key,size_t * out_len)540 EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
541 unsigned char *out_private_key, size_t *out_len)
542 {
543 if (pkey->ameth->get_priv_key == NULL) {
544 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
545 return 0;
546 }
547 if (!pkey->ameth->get_priv_key(pkey, out_private_key, out_len)) {
548 EVPerror(EVP_R_GET_RAW_KEY_FAILED);
549 return 0;
550 }
551
552 return 1;
553 }
554 LCRYPTO_ALIAS(EVP_PKEY_get_raw_private_key);
555
556 int
EVP_PKEY_get_raw_public_key(const EVP_PKEY * pkey,unsigned char * out_public_key,size_t * out_len)557 EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
558 unsigned char *out_public_key, size_t *out_len)
559 {
560 if (pkey->ameth->get_pub_key == NULL) {
561 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
562 return 0;
563 }
564 if (!pkey->ameth->get_pub_key(pkey, out_public_key, out_len)) {
565 EVPerror(EVP_R_GET_RAW_KEY_FAILED);
566 return 0;
567 }
568
569 return 1;
570 }
571 LCRYPTO_ALIAS(EVP_PKEY_get_raw_public_key);
572
573 EVP_PKEY *
EVP_PKEY_new_CMAC_key(ENGINE * e,const unsigned char * priv,size_t len,const EVP_CIPHER * cipher)574 EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
575 const EVP_CIPHER *cipher)
576 {
577 EVP_PKEY *pkey = NULL;
578 CMAC_CTX *cmctx = NULL;
579
580 if ((pkey = EVP_PKEY_new()) == NULL)
581 goto err;
582 if ((cmctx = CMAC_CTX_new()) == NULL)
583 goto err;
584
585 if (!EVP_PKEY_set_type(pkey, EVP_PKEY_CMAC))
586 goto err;
587
588 if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) {
589 EVPerror(EVP_R_KEY_SETUP_FAILED);
590 goto err;
591 }
592
593 pkey->pkey.ptr = cmctx;
594
595 return pkey;
596
597 err:
598 EVP_PKEY_free(pkey);
599 CMAC_CTX_free(cmctx);
600
601 return NULL;
602 }
603 LCRYPTO_ALIAS(EVP_PKEY_new_CMAC_key);
604
605 void *
EVP_PKEY_get0(const EVP_PKEY * pkey)606 EVP_PKEY_get0(const EVP_PKEY *pkey)
607 {
608 return pkey->pkey.ptr;
609 }
610 LCRYPTO_ALIAS(EVP_PKEY_get0);
611
612 const unsigned char *
EVP_PKEY_get0_hmac(const EVP_PKEY * pkey,size_t * len)613 EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
614 {
615 ASN1_OCTET_STRING *os;
616
617 if (pkey->type != EVP_PKEY_HMAC) {
618 EVPerror(EVP_R_EXPECTING_AN_HMAC_KEY);
619 return NULL;
620 }
621
622 os = EVP_PKEY_get0(pkey);
623 *len = os->length;
624
625 return os->data;
626 }
627 LCRYPTO_ALIAS(EVP_PKEY_get0_hmac);
628
629 #ifndef OPENSSL_NO_RSA
630 RSA *
EVP_PKEY_get0_RSA(EVP_PKEY * pkey)631 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
632 {
633 if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS)
634 return pkey->pkey.rsa;
635
636 EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
637 return NULL;
638 }
639 LCRYPTO_ALIAS(EVP_PKEY_get0_RSA);
640
641 RSA *
EVP_PKEY_get1_RSA(EVP_PKEY * pkey)642 EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
643 {
644 RSA *rsa;
645
646 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
647 return NULL;
648
649 RSA_up_ref(rsa);
650
651 return rsa;
652 }
653 LCRYPTO_ALIAS(EVP_PKEY_get1_RSA);
654
655 int
EVP_PKEY_set1_RSA(EVP_PKEY * pkey,RSA * key)656 EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
657 {
658 int ret = EVP_PKEY_assign_RSA(pkey, key);
659 if (ret != 0)
660 RSA_up_ref(key);
661 return ret;
662 }
663 LCRYPTO_ALIAS(EVP_PKEY_set1_RSA);
664 #endif
665
666 #ifndef OPENSSL_NO_DSA
667 DSA *
EVP_PKEY_get0_DSA(EVP_PKEY * pkey)668 EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
669 {
670 if (pkey->type != EVP_PKEY_DSA) {
671 EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
672 return NULL;
673 }
674 return pkey->pkey.dsa;
675 }
676 LCRYPTO_ALIAS(EVP_PKEY_get0_DSA);
677
678 DSA *
EVP_PKEY_get1_DSA(EVP_PKEY * pkey)679 EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
680 {
681 DSA *dsa;
682
683 if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL)
684 return NULL;
685
686 DSA_up_ref(dsa);
687
688 return dsa;
689 }
690 LCRYPTO_ALIAS(EVP_PKEY_get1_DSA);
691
692 int
EVP_PKEY_set1_DSA(EVP_PKEY * pkey,DSA * key)693 EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
694 {
695 int ret = EVP_PKEY_assign_DSA(pkey, key);
696 if (ret != 0)
697 DSA_up_ref(key);
698 return ret;
699 }
700 LCRYPTO_ALIAS(EVP_PKEY_set1_DSA);
701 #endif
702
703 #ifndef OPENSSL_NO_EC
704 EC_KEY *
EVP_PKEY_get0_EC_KEY(EVP_PKEY * pkey)705 EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
706 {
707 if (pkey->type != EVP_PKEY_EC) {
708 EVPerror(EVP_R_EXPECTING_A_EC_KEY);
709 return NULL;
710 }
711 return pkey->pkey.ec;
712 }
713 LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY);
714
715 EC_KEY *
EVP_PKEY_get1_EC_KEY(EVP_PKEY * pkey)716 EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
717 {
718 EC_KEY *key;
719
720 if ((key = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
721 return NULL;
722
723 EC_KEY_up_ref(key);
724
725 return key;
726 }
727 LCRYPTO_ALIAS(EVP_PKEY_get1_EC_KEY);
728
729 int
EVP_PKEY_set1_EC_KEY(EVP_PKEY * pkey,EC_KEY * key)730 EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
731 {
732 int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
733 if (ret != 0)
734 EC_KEY_up_ref(key);
735 return ret;
736 }
737 LCRYPTO_ALIAS(EVP_PKEY_set1_EC_KEY);
738 #endif
739
740
741 #ifndef OPENSSL_NO_DH
742 DH *
EVP_PKEY_get0_DH(EVP_PKEY * pkey)743 EVP_PKEY_get0_DH(EVP_PKEY *pkey)
744 {
745 if (pkey->type != EVP_PKEY_DH) {
746 EVPerror(EVP_R_EXPECTING_A_DH_KEY);
747 return NULL;
748 }
749 return pkey->pkey.dh;
750 }
751 LCRYPTO_ALIAS(EVP_PKEY_get0_DH);
752
753 DH *
EVP_PKEY_get1_DH(EVP_PKEY * pkey)754 EVP_PKEY_get1_DH(EVP_PKEY *pkey)
755 {
756 DH *dh;
757
758 if ((dh = EVP_PKEY_get0_DH(pkey)) == NULL)
759 return NULL;
760
761 DH_up_ref(dh);
762
763 return dh;
764 }
765 LCRYPTO_ALIAS(EVP_PKEY_get1_DH);
766
767 int
EVP_PKEY_set1_DH(EVP_PKEY * pkey,DH * key)768 EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
769 {
770 int ret = EVP_PKEY_assign_DH(pkey, key);
771 if (ret != 0)
772 DH_up_ref(key);
773 return ret;
774 }
775 LCRYPTO_ALIAS(EVP_PKEY_set1_DH);
776 #endif
777
778 int
EVP_PKEY_type(int type)779 EVP_PKEY_type(int type)
780 {
781 const EVP_PKEY_ASN1_METHOD *ameth;
782
783 if ((ameth = EVP_PKEY_asn1_find(NULL, type)) != NULL)
784 return ameth->pkey_id;
785
786 return NID_undef;
787 }
788 LCRYPTO_ALIAS(EVP_PKEY_type);
789
790 int
EVP_PKEY_id(const EVP_PKEY * pkey)791 EVP_PKEY_id(const EVP_PKEY *pkey)
792 {
793 return pkey->type;
794 }
795 LCRYPTO_ALIAS(EVP_PKEY_id);
796
797 int
EVP_PKEY_base_id(const EVP_PKEY * pkey)798 EVP_PKEY_base_id(const EVP_PKEY *pkey)
799 {
800 return EVP_PKEY_type(pkey->type);
801 }
802 LCRYPTO_ALIAS(EVP_PKEY_base_id);
803
804 static int
unsup_alg(BIO * out,const EVP_PKEY * pkey,int indent,const char * kstr)805 unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr)
806 {
807 if (!BIO_indent(out, indent, 128))
808 return 0;
809 BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
810 kstr, OBJ_nid2ln(pkey->type));
811 return 1;
812 }
813
814 int
EVP_PKEY_print_public(BIO * out,const EVP_PKEY * pkey,int indent,ASN1_PCTX * pctx)815 EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
816 ASN1_PCTX *pctx)
817 {
818 if (pkey->ameth && pkey->ameth->pub_print)
819 return pkey->ameth->pub_print(out, pkey, indent, pctx);
820
821 return unsup_alg(out, pkey, indent, "Public Key");
822 }
823 LCRYPTO_ALIAS(EVP_PKEY_print_public);
824
825 int
EVP_PKEY_print_private(BIO * out,const EVP_PKEY * pkey,int indent,ASN1_PCTX * pctx)826 EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
827 ASN1_PCTX *pctx)
828 {
829 if (pkey->ameth && pkey->ameth->priv_print)
830 return pkey->ameth->priv_print(out, pkey, indent, pctx);
831
832 return unsup_alg(out, pkey, indent, "Private Key");
833 }
834 LCRYPTO_ALIAS(EVP_PKEY_print_private);
835
836 int
EVP_PKEY_print_params(BIO * out,const EVP_PKEY * pkey,int indent,ASN1_PCTX * pctx)837 EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
838 ASN1_PCTX *pctx)
839 {
840 if (pkey->ameth && pkey->ameth->param_print)
841 return pkey->ameth->param_print(out, pkey, indent, pctx);
842 return unsup_alg(out, pkey, indent, "Parameters");
843 }
844 LCRYPTO_ALIAS(EVP_PKEY_print_params);
845
846 int
EVP_PKEY_get_default_digest_nid(EVP_PKEY * pkey,int * pnid)847 EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
848 {
849 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
850 return -2;
851 return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
852 0, pnid);
853 }
854 LCRYPTO_ALIAS(EVP_PKEY_get_default_digest_nid);
855