1*9bac3682Sbeck /* $OpenBSD: a_pkey.c,v 1.8 2024/04/09 13:52:41 beck Exp $ */
21cb79e47Sjsing /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
31cb79e47Sjsing * All rights reserved.
41cb79e47Sjsing *
51cb79e47Sjsing * This package is an SSL implementation written
61cb79e47Sjsing * by Eric Young (eay@cryptsoft.com).
71cb79e47Sjsing * The implementation was written so as to conform with Netscapes SSL.
81cb79e47Sjsing *
91cb79e47Sjsing * This library is free for commercial and non-commercial use as long as
101cb79e47Sjsing * the following conditions are aheared to. The following conditions
111cb79e47Sjsing * apply to all code found in this distribution, be it the RC4, RSA,
121cb79e47Sjsing * lhash, DES, etc., code; not just the SSL code. The SSL documentation
131cb79e47Sjsing * included with this distribution is covered by the same copyright terms
141cb79e47Sjsing * except that the holder is Tim Hudson (tjh@cryptsoft.com).
151cb79e47Sjsing *
161cb79e47Sjsing * Copyright remains Eric Young's, and as such any Copyright notices in
171cb79e47Sjsing * the code are not to be removed.
181cb79e47Sjsing * If this package is used in a product, Eric Young should be given attribution
191cb79e47Sjsing * as the author of the parts of the library used.
201cb79e47Sjsing * This can be in the form of a textual message at program startup or
211cb79e47Sjsing * in documentation (online or textual) provided with the package.
221cb79e47Sjsing *
231cb79e47Sjsing * Redistribution and use in source and binary forms, with or without
241cb79e47Sjsing * modification, are permitted provided that the following conditions
251cb79e47Sjsing * are met:
261cb79e47Sjsing * 1. Redistributions of source code must retain the copyright
271cb79e47Sjsing * notice, this list of conditions and the following disclaimer.
281cb79e47Sjsing * 2. Redistributions in binary form must reproduce the above copyright
291cb79e47Sjsing * notice, this list of conditions and the following disclaimer in the
301cb79e47Sjsing * documentation and/or other materials provided with the distribution.
311cb79e47Sjsing * 3. All advertising materials mentioning features or use of this software
321cb79e47Sjsing * must display the following acknowledgement:
331cb79e47Sjsing * "This product includes cryptographic software written by
341cb79e47Sjsing * Eric Young (eay@cryptsoft.com)"
351cb79e47Sjsing * The word 'cryptographic' can be left out if the rouines from the library
361cb79e47Sjsing * being used are not cryptographic related :-).
371cb79e47Sjsing * 4. If you include any Windows specific code (or a derivative thereof) from
381cb79e47Sjsing * the apps directory (application code) you must include an acknowledgement:
391cb79e47Sjsing * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
401cb79e47Sjsing *
411cb79e47Sjsing * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
421cb79e47Sjsing * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
431cb79e47Sjsing * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
441cb79e47Sjsing * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
451cb79e47Sjsing * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
461cb79e47Sjsing * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
471cb79e47Sjsing * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
481cb79e47Sjsing * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
491cb79e47Sjsing * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
501cb79e47Sjsing * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
511cb79e47Sjsing * SUCH DAMAGE.
521cb79e47Sjsing *
531cb79e47Sjsing * The licence and distribution terms for any publically available version or
541cb79e47Sjsing * derivative of this code cannot be changed. i.e. this code cannot simply be
551cb79e47Sjsing * copied and put under another distribution licence
561cb79e47Sjsing * [including the GNU Public Licence.]
571cb79e47Sjsing */
581cb79e47Sjsing
591cb79e47Sjsing #include <stdio.h>
601cb79e47Sjsing
611cb79e47Sjsing #include <openssl/opensslconf.h>
621cb79e47Sjsing
631cb79e47Sjsing #include <openssl/asn1.h>
641cb79e47Sjsing #include <openssl/bn.h>
651cb79e47Sjsing #include <openssl/err.h>
661cb79e47Sjsing #include <openssl/evp.h>
671cb79e47Sjsing #include <openssl/objects.h>
681cb79e47Sjsing #include <openssl/x509.h>
691cb79e47Sjsing
70c9675a23Stb #include "asn1_local.h"
71c9675a23Stb #include "evp_local.h"
721cb79e47Sjsing
731cb79e47Sjsing EVP_PKEY *
d2i_PrivateKey(int type,EVP_PKEY ** a,const unsigned char ** pp,long length)741cb79e47Sjsing d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
751cb79e47Sjsing {
761cb79e47Sjsing const unsigned char *p = *pp;
771cb79e47Sjsing EVP_PKEY *ret;
781cb79e47Sjsing
791cb79e47Sjsing if ((a == NULL) || (*a == NULL)) {
801cb79e47Sjsing if ((ret = EVP_PKEY_new()) == NULL) {
811cb79e47Sjsing ASN1error(ERR_R_EVP_LIB);
821cb79e47Sjsing return (NULL);
831cb79e47Sjsing }
841cb79e47Sjsing } else {
851cb79e47Sjsing ret = *a;
861cb79e47Sjsing }
871cb79e47Sjsing
881cb79e47Sjsing if (!EVP_PKEY_set_type(ret, type)) {
891cb79e47Sjsing ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
901cb79e47Sjsing goto err;
911cb79e47Sjsing }
921cb79e47Sjsing
931cb79e47Sjsing if (!ret->ameth->old_priv_decode ||
941cb79e47Sjsing !ret->ameth->old_priv_decode(ret, pp, length)) {
951cb79e47Sjsing if (ret->ameth->priv_decode) {
961cb79e47Sjsing PKCS8_PRIV_KEY_INFO *p8 = NULL;
971cb79e47Sjsing *pp = p; /* XXX */
981cb79e47Sjsing p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
991cb79e47Sjsing if (!p8)
1001cb79e47Sjsing goto err;
1011cb79e47Sjsing EVP_PKEY_free(ret);
1021cb79e47Sjsing ret = EVP_PKCS82PKEY(p8);
1031cb79e47Sjsing PKCS8_PRIV_KEY_INFO_free(p8);
1041cb79e47Sjsing } else {
1051cb79e47Sjsing ASN1error(ERR_R_ASN1_LIB);
1061cb79e47Sjsing goto err;
1071cb79e47Sjsing }
1081cb79e47Sjsing }
1091cb79e47Sjsing if (a != NULL)
1101cb79e47Sjsing (*a) = ret;
1111cb79e47Sjsing return (ret);
1121cb79e47Sjsing
1131cb79e47Sjsing err:
1141cb79e47Sjsing if (a == NULL || *a != ret)
1151cb79e47Sjsing EVP_PKEY_free(ret);
1161cb79e47Sjsing return (NULL);
1171cb79e47Sjsing }
118*9bac3682Sbeck LCRYPTO_ALIAS(d2i_PrivateKey);
1191cb79e47Sjsing
1201cb79e47Sjsing int
i2d_PrivateKey(EVP_PKEY * a,unsigned char ** pp)1211cb79e47Sjsing i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
1221cb79e47Sjsing {
1231cb79e47Sjsing if (a->ameth && a->ameth->old_priv_encode) {
1241cb79e47Sjsing return a->ameth->old_priv_encode(a, pp);
1251cb79e47Sjsing }
1261cb79e47Sjsing if (a->ameth && a->ameth->priv_encode) {
1271cb79e47Sjsing PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
1281cb79e47Sjsing int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
1291cb79e47Sjsing PKCS8_PRIV_KEY_INFO_free(p8);
1301cb79e47Sjsing return ret;
1311cb79e47Sjsing }
1321cb79e47Sjsing ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
1331cb79e47Sjsing return (-1);
1341cb79e47Sjsing }
135*9bac3682Sbeck LCRYPTO_ALIAS(i2d_PrivateKey);
1361cb79e47Sjsing
1371cb79e47Sjsing /* This works like d2i_PrivateKey() except it automatically works out the type */
1381cb79e47Sjsing
1391cb79e47Sjsing EVP_PKEY *
d2i_AutoPrivateKey(EVP_PKEY ** a,const unsigned char ** pp,long length)1401cb79e47Sjsing d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length)
1411cb79e47Sjsing {
1421cb79e47Sjsing STACK_OF(ASN1_TYPE) *inkey;
1431cb79e47Sjsing const unsigned char *p;
1441cb79e47Sjsing int keytype;
1451cb79e47Sjsing
1461cb79e47Sjsing p = *pp;
1471cb79e47Sjsing /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
1481cb79e47Sjsing * by analyzing it we can determine the passed structure: this
1491cb79e47Sjsing * assumes the input is surrounded by an ASN1 SEQUENCE.
1501cb79e47Sjsing */
1511cb79e47Sjsing inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
1521cb79e47Sjsing /* Since we only need to discern "traditional format" RSA and DSA
1531cb79e47Sjsing * keys we can just count the elements.
1541cb79e47Sjsing */
1551cb79e47Sjsing if (sk_ASN1_TYPE_num(inkey) == 6)
1561cb79e47Sjsing keytype = EVP_PKEY_DSA;
1571cb79e47Sjsing else if (sk_ASN1_TYPE_num(inkey) == 4)
1581cb79e47Sjsing keytype = EVP_PKEY_EC;
1591cb79e47Sjsing else if (sk_ASN1_TYPE_num(inkey) == 3) {
1601cb79e47Sjsing /* This seems to be PKCS8, not traditional format */
1611cb79e47Sjsing PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(
1621cb79e47Sjsing NULL, pp, length);
1631cb79e47Sjsing EVP_PKEY *ret;
1641cb79e47Sjsing
1651cb79e47Sjsing sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
1661cb79e47Sjsing if (!p8) {
1671cb79e47Sjsing ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
1681cb79e47Sjsing return NULL;
1691cb79e47Sjsing }
1701cb79e47Sjsing ret = EVP_PKCS82PKEY(p8);
1711cb79e47Sjsing PKCS8_PRIV_KEY_INFO_free(p8);
1721cb79e47Sjsing if (a) {
1731cb79e47Sjsing *a = ret;
1741cb79e47Sjsing }
1751cb79e47Sjsing return ret;
1761cb79e47Sjsing } else
1771cb79e47Sjsing keytype = EVP_PKEY_RSA;
1781cb79e47Sjsing sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
1791cb79e47Sjsing return d2i_PrivateKey(keytype, a, pp, length);
1801cb79e47Sjsing }
181*9bac3682Sbeck LCRYPTO_ALIAS(d2i_AutoPrivateKey);
182