1 /* $OpenBSD: x_pubkey.c,v 1.27 2018/03/17 14:55:39 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/opensslconf.h> 62 63 #include <openssl/asn1t.h> 64 #include <openssl/err.h> 65 #include <openssl/x509.h> 66 67 #ifndef OPENSSL_NO_DSA 68 #include <openssl/dsa.h> 69 #endif 70 #ifndef OPENSSL_NO_RSA 71 #include <openssl/rsa.h> 72 #endif 73 74 #include "asn1_locl.h" 75 76 /* Minor tweak to operation: free up EVP_PKEY */ 77 static int 78 pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 79 { 80 if (operation == ASN1_OP_FREE_POST) { 81 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; 82 EVP_PKEY_free(pubkey->pkey); 83 } 84 return 1; 85 } 86 87 static const ASN1_AUX X509_PUBKEY_aux = { 88 .asn1_cb = pubkey_cb, 89 }; 90 static const ASN1_TEMPLATE X509_PUBKEY_seq_tt[] = { 91 { 92 .offset = offsetof(X509_PUBKEY, algor), 93 .field_name = "algor", 94 .item = &X509_ALGOR_it, 95 }, 96 { 97 .offset = offsetof(X509_PUBKEY, public_key), 98 .field_name = "public_key", 99 .item = &ASN1_BIT_STRING_it, 100 }, 101 }; 102 103 const ASN1_ITEM X509_PUBKEY_it = { 104 .itype = ASN1_ITYPE_SEQUENCE, 105 .utype = V_ASN1_SEQUENCE, 106 .templates = X509_PUBKEY_seq_tt, 107 .tcount = sizeof(X509_PUBKEY_seq_tt) / sizeof(ASN1_TEMPLATE), 108 .funcs = &X509_PUBKEY_aux, 109 .size = sizeof(X509_PUBKEY), 110 .sname = "X509_PUBKEY", 111 }; 112 113 114 X509_PUBKEY * 115 d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len) 116 { 117 return (X509_PUBKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 118 &X509_PUBKEY_it); 119 } 120 121 int 122 i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **out) 123 { 124 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_PUBKEY_it); 125 } 126 127 X509_PUBKEY * 128 X509_PUBKEY_new(void) 129 { 130 return (X509_PUBKEY *)ASN1_item_new(&X509_PUBKEY_it); 131 } 132 133 void 134 X509_PUBKEY_free(X509_PUBKEY *a) 135 { 136 ASN1_item_free((ASN1_VALUE *)a, &X509_PUBKEY_it); 137 } 138 139 int 140 X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) 141 { 142 X509_PUBKEY *pk = NULL; 143 144 if (x == NULL) 145 return (0); 146 if ((pk = X509_PUBKEY_new()) == NULL) 147 goto error; 148 149 if (pkey->ameth) { 150 if (pkey->ameth->pub_encode) { 151 if (!pkey->ameth->pub_encode(pk, pkey)) { 152 X509error(X509_R_PUBLIC_KEY_ENCODE_ERROR); 153 goto error; 154 } 155 } else { 156 X509error(X509_R_METHOD_NOT_SUPPORTED); 157 goto error; 158 } 159 } else { 160 X509error(X509_R_UNSUPPORTED_ALGORITHM); 161 goto error; 162 } 163 164 if (*x != NULL) 165 X509_PUBKEY_free(*x); 166 167 *x = pk; 168 169 return 1; 170 171 error: 172 if (pk != NULL) 173 X509_PUBKEY_free(pk); 174 return 0; 175 } 176 177 EVP_PKEY * 178 X509_PUBKEY_get0(X509_PUBKEY *key) 179 { 180 EVP_PKEY *ret = NULL; 181 182 if (key == NULL) 183 goto error; 184 185 if (key->pkey != NULL) 186 return key->pkey; 187 188 if (key->public_key == NULL) 189 goto error; 190 191 if ((ret = EVP_PKEY_new()) == NULL) { 192 X509error(ERR_R_MALLOC_FAILURE); 193 goto error; 194 } 195 196 if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { 197 X509error(X509_R_UNSUPPORTED_ALGORITHM); 198 goto error; 199 } 200 201 if (ret->ameth->pub_decode) { 202 if (!ret->ameth->pub_decode(ret, key)) { 203 X509error(X509_R_PUBLIC_KEY_DECODE_ERROR); 204 goto error; 205 } 206 } else { 207 X509error(X509_R_METHOD_NOT_SUPPORTED); 208 goto error; 209 } 210 211 /* Check to see if another thread set key->pkey first */ 212 CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); 213 if (key->pkey) { 214 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); 215 EVP_PKEY_free(ret); 216 ret = key->pkey; 217 } else { 218 key->pkey = ret; 219 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); 220 } 221 222 return ret; 223 224 error: 225 EVP_PKEY_free(ret); 226 return (NULL); 227 } 228 229 EVP_PKEY * 230 X509_PUBKEY_get(X509_PUBKEY *key) 231 { 232 EVP_PKEY *pkey; 233 234 if ((pkey = X509_PUBKEY_get0(key)) == NULL) 235 return (NULL); 236 237 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); 238 239 return pkey; 240 } 241 242 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure 243 * and encode or decode as X509_PUBKEY 244 */ 245 246 EVP_PKEY * 247 d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) 248 { 249 X509_PUBKEY *xpk; 250 EVP_PKEY *pktmp; 251 xpk = d2i_X509_PUBKEY(NULL, pp, length); 252 if (!xpk) 253 return NULL; 254 pktmp = X509_PUBKEY_get(xpk); 255 X509_PUBKEY_free(xpk); 256 if (!pktmp) 257 return NULL; 258 if (a) { 259 EVP_PKEY_free(*a); 260 *a = pktmp; 261 } 262 return pktmp; 263 } 264 265 int 266 i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) 267 { 268 X509_PUBKEY *xpk = NULL; 269 int ret; 270 if (!a) 271 return 0; 272 if (!X509_PUBKEY_set(&xpk, a)) 273 return 0; 274 ret = i2d_X509_PUBKEY(xpk, pp); 275 X509_PUBKEY_free(xpk); 276 return ret; 277 } 278 279 /* The following are equivalents but which return RSA and DSA 280 * keys 281 */ 282 #ifndef OPENSSL_NO_RSA 283 RSA * 284 d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) 285 { 286 EVP_PKEY *pkey; 287 RSA *key; 288 const unsigned char *q; 289 q = *pp; 290 pkey = d2i_PUBKEY(NULL, &q, length); 291 if (!pkey) 292 return NULL; 293 key = EVP_PKEY_get1_RSA(pkey); 294 EVP_PKEY_free(pkey); 295 if (!key) 296 return NULL; 297 *pp = q; 298 if (a) { 299 RSA_free(*a); 300 *a = key; 301 } 302 return key; 303 } 304 305 int 306 i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) 307 { 308 EVP_PKEY *pktmp; 309 int ret; 310 if (!a) 311 return 0; 312 pktmp = EVP_PKEY_new(); 313 if (!pktmp) { 314 ASN1error(ERR_R_MALLOC_FAILURE); 315 return 0; 316 } 317 EVP_PKEY_set1_RSA(pktmp, a); 318 ret = i2d_PUBKEY(pktmp, pp); 319 EVP_PKEY_free(pktmp); 320 return ret; 321 } 322 #endif 323 324 #ifndef OPENSSL_NO_DSA 325 DSA * 326 d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) 327 { 328 EVP_PKEY *pkey; 329 DSA *key; 330 const unsigned char *q; 331 q = *pp; 332 pkey = d2i_PUBKEY(NULL, &q, length); 333 if (!pkey) 334 return NULL; 335 key = EVP_PKEY_get1_DSA(pkey); 336 EVP_PKEY_free(pkey); 337 if (!key) 338 return NULL; 339 *pp = q; 340 if (a) { 341 DSA_free(*a); 342 *a = key; 343 } 344 return key; 345 } 346 347 int 348 i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) 349 { 350 EVP_PKEY *pktmp; 351 int ret; 352 if (!a) 353 return 0; 354 pktmp = EVP_PKEY_new(); 355 if (!pktmp) { 356 ASN1error(ERR_R_MALLOC_FAILURE); 357 return 0; 358 } 359 EVP_PKEY_set1_DSA(pktmp, a); 360 ret = i2d_PUBKEY(pktmp, pp); 361 EVP_PKEY_free(pktmp); 362 return ret; 363 } 364 #endif 365 366 #ifndef OPENSSL_NO_EC 367 EC_KEY * 368 d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) 369 { 370 EVP_PKEY *pkey; 371 EC_KEY *key; 372 const unsigned char *q; 373 q = *pp; 374 pkey = d2i_PUBKEY(NULL, &q, length); 375 if (!pkey) 376 return (NULL); 377 key = EVP_PKEY_get1_EC_KEY(pkey); 378 EVP_PKEY_free(pkey); 379 if (!key) 380 return (NULL); 381 *pp = q; 382 if (a) { 383 EC_KEY_free(*a); 384 *a = key; 385 } 386 return (key); 387 } 388 389 int 390 i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) 391 { 392 EVP_PKEY *pktmp; 393 int ret; 394 if (!a) 395 return (0); 396 if ((pktmp = EVP_PKEY_new()) == NULL) { 397 ASN1error(ERR_R_MALLOC_FAILURE); 398 return (0); 399 } 400 EVP_PKEY_set1_EC_KEY(pktmp, a); 401 ret = i2d_PUBKEY(pktmp, pp); 402 EVP_PKEY_free(pktmp); 403 return (ret); 404 } 405 #endif 406 407 int 408 X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, 409 void *pval, unsigned char *penc, int penclen) 410 { 411 if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) 412 return 0; 413 if (penc) { 414 free(pub->public_key->data); 415 pub->public_key->data = penc; 416 pub->public_key->length = penclen; 417 /* Set number of unused bits to zero */ 418 pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 419 pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; 420 } 421 return 1; 422 } 423 424 int 425 X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, 426 int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub) 427 { 428 if (ppkalg) 429 *ppkalg = pub->algor->algorithm; 430 if (pk) { 431 *pk = pub->public_key->data; 432 *ppklen = pub->public_key->length; 433 } 434 if (pa) 435 *pa = pub->algor; 436 return 1; 437 } 438