1 /* $OpenBSD: pmeth_lib.c,v 1.42 2025/01/20 12:57:28 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <limits.h> 60 #include <stdio.h> 61 #include <stdlib.h> 62 #include <string.h> 63 64 #include <openssl/opensslconf.h> 65 66 #include <openssl/err.h> 67 #include <openssl/evp.h> 68 #include <openssl/objects.h> 69 #include <openssl/x509v3.h> 70 71 #include "asn1_local.h" 72 #include "evp_local.h" 73 74 extern const EVP_PKEY_METHOD cmac_pkey_meth; 75 extern const EVP_PKEY_METHOD dh_pkey_meth; 76 extern const EVP_PKEY_METHOD dsa_pkey_meth; 77 extern const EVP_PKEY_METHOD ec_pkey_meth; 78 extern const EVP_PKEY_METHOD ed25519_pkey_meth; 79 extern const EVP_PKEY_METHOD hkdf_pkey_meth; 80 extern const EVP_PKEY_METHOD hmac_pkey_meth; 81 extern const EVP_PKEY_METHOD rsa_pkey_meth; 82 extern const EVP_PKEY_METHOD rsa_pss_pkey_meth; 83 extern const EVP_PKEY_METHOD tls1_prf_pkey_meth; 84 extern const EVP_PKEY_METHOD x25519_pkey_meth; 85 86 static const EVP_PKEY_METHOD *pkey_methods[] = { 87 &cmac_pkey_meth, 88 &dh_pkey_meth, 89 &dsa_pkey_meth, 90 &ec_pkey_meth, 91 &ed25519_pkey_meth, 92 &hkdf_pkey_meth, 93 &hmac_pkey_meth, 94 &rsa_pkey_meth, 95 &rsa_pss_pkey_meth, 96 &tls1_prf_pkey_meth, 97 &x25519_pkey_meth, 98 }; 99 100 #define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0])) 101 102 static const EVP_PKEY_METHOD * 103 evp_pkey_method_find(int nid) 104 { 105 size_t i; 106 107 for (i = 0; i < N_PKEY_METHODS; i++) { 108 const EVP_PKEY_METHOD *pmeth = pkey_methods[i]; 109 if (pmeth->pkey_id == nid) 110 return pmeth; 111 } 112 113 return NULL; 114 } 115 116 static EVP_PKEY_CTX * 117 evp_pkey_ctx_new(EVP_PKEY *pkey, int nid) 118 { 119 EVP_PKEY_CTX *pkey_ctx = NULL; 120 const EVP_PKEY_METHOD *pmeth; 121 122 if (nid == -1) { 123 if (pkey == NULL || pkey->ameth == NULL) 124 return NULL; 125 nid = pkey->ameth->pkey_id; 126 } 127 128 if ((pmeth = evp_pkey_method_find(nid)) == NULL) { 129 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); 130 goto err; 131 } 132 133 if ((pkey_ctx = calloc(1, sizeof(*pkey_ctx))) == NULL) { 134 EVPerror(ERR_R_MALLOC_FAILURE); 135 goto err; 136 } 137 pkey_ctx->pmeth = pmeth; 138 pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED; 139 if ((pkey_ctx->pkey = pkey) != NULL) 140 EVP_PKEY_up_ref(pkey_ctx->pkey); 141 142 if (pmeth->init != NULL) { 143 if (pmeth->init(pkey_ctx) <= 0) 144 goto err; 145 } 146 147 return pkey_ctx; 148 149 err: 150 EVP_PKEY_CTX_free(pkey_ctx); 151 152 return NULL; 153 } 154 155 EVP_PKEY_CTX * 156 EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *engine) 157 { 158 return evp_pkey_ctx_new(pkey, -1); 159 } 160 LCRYPTO_ALIAS(EVP_PKEY_CTX_new); 161 162 EVP_PKEY_CTX * 163 EVP_PKEY_CTX_new_id(int nid, ENGINE *engine) 164 { 165 return evp_pkey_ctx_new(NULL, nid); 166 } 167 LCRYPTO_ALIAS(EVP_PKEY_CTX_new_id); 168 169 EVP_PKEY_CTX * 170 EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) 171 { 172 EVP_PKEY_CTX *rctx = NULL; 173 174 if (pctx->pmeth == NULL || pctx->pmeth->copy == NULL) 175 goto err; 176 if ((rctx = calloc(1, sizeof(*rctx))) == NULL) { 177 EVPerror(ERR_R_MALLOC_FAILURE); 178 goto err; 179 } 180 181 rctx->pmeth = pctx->pmeth; 182 183 if ((rctx->pkey = pctx->pkey) != NULL) 184 EVP_PKEY_up_ref(rctx->pkey); 185 if ((rctx->peerkey = pctx->peerkey) != NULL) 186 EVP_PKEY_up_ref(rctx->peerkey); 187 188 rctx->operation = pctx->operation; 189 190 if (pctx->pmeth->copy(rctx, pctx) <= 0) 191 goto err; 192 193 return rctx; 194 195 err: 196 EVP_PKEY_CTX_free(rctx); 197 return NULL; 198 } 199 LCRYPTO_ALIAS(EVP_PKEY_CTX_dup); 200 201 void 202 EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) 203 { 204 if (ctx == NULL) 205 return; 206 if (ctx->pmeth && ctx->pmeth->cleanup) 207 ctx->pmeth->cleanup(ctx); 208 EVP_PKEY_free(ctx->pkey); 209 EVP_PKEY_free(ctx->peerkey); 210 free(ctx); 211 } 212 LCRYPTO_ALIAS(EVP_PKEY_CTX_free); 213 214 int 215 EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, 216 int p1, void *p2) 217 { 218 int ret; 219 220 if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { 221 EVPerror(EVP_R_COMMAND_NOT_SUPPORTED); 222 return -2; 223 } 224 if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) 225 return -1; 226 227 if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { 228 EVPerror(EVP_R_NO_OPERATION_SET); 229 return -1; 230 } 231 232 if ((optype != -1) && !(ctx->operation & optype)) { 233 EVPerror(EVP_R_INVALID_OPERATION); 234 return -1; 235 } 236 237 ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); 238 239 if (ret == -2) 240 EVPerror(EVP_R_COMMAND_NOT_SUPPORTED); 241 242 return ret; 243 244 } 245 LCRYPTO_ALIAS(EVP_PKEY_CTX_ctrl); 246 247 /* 248 * This is practically unused and would best be a part of the openssl(1) code, 249 * but, unfortunately, openssl-ruby exposes this directly in an interface and 250 * it's currently the only way to do RSA-PSS in Ruby. 251 */ 252 int 253 EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value) 254 { 255 if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { 256 EVPerror(EVP_R_COMMAND_NOT_SUPPORTED); 257 return -2; 258 } 259 if (!strcmp(name, "digest")) { 260 return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, 261 EVP_PKEY_CTRL_MD, value); 262 } 263 return ctx->pmeth->ctrl_str(ctx, name, value); 264 } 265 LCRYPTO_ALIAS(EVP_PKEY_CTX_ctrl_str); 266 267 int 268 EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) 269 { 270 size_t len; 271 272 if ((len = strlen(str)) > INT_MAX) 273 return -1; 274 275 return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); 276 } 277 278 int 279 EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hexstr) 280 { 281 unsigned char *hex = NULL; 282 long length; 283 int ret = 0; 284 285 if ((hex = string_to_hex(hexstr, &length)) == NULL) 286 goto err; 287 if (length < 0 || length > INT_MAX) { 288 ret = -1; 289 goto err; 290 } 291 292 ret = ctx->pmeth->ctrl(ctx, cmd, length, hex); 293 294 err: 295 free(hex); 296 return ret; 297 } 298 299 int 300 EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name) 301 { 302 const EVP_MD *md; 303 304 if ((md = EVP_get_digestbyname(md_name)) == NULL) { 305 EVPerror(EVP_R_INVALID_DIGEST); 306 return 0; 307 } 308 return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)md); 309 } 310 311 int 312 EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) 313 { 314 return ctx->operation; 315 } 316 LCRYPTO_ALIAS(EVP_PKEY_CTX_get_operation); 317 318 void 319 EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) 320 { 321 ctx->keygen_info = dat; 322 ctx->keygen_info_count = datlen; 323 } 324 LCRYPTO_ALIAS(EVP_PKEY_CTX_set0_keygen_info); 325 326 void 327 EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) 328 { 329 ctx->data = data; 330 } 331 LCRYPTO_ALIAS(EVP_PKEY_CTX_set_data); 332 333 void * 334 EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx) 335 { 336 return ctx->data; 337 } 338 LCRYPTO_ALIAS(EVP_PKEY_CTX_get_data); 339 340 EVP_PKEY * 341 EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) 342 { 343 return ctx->pkey; 344 } 345 LCRYPTO_ALIAS(EVP_PKEY_CTX_get0_pkey); 346 347 EVP_PKEY * 348 EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) 349 { 350 return ctx->peerkey; 351 } 352 LCRYPTO_ALIAS(EVP_PKEY_CTX_get0_peerkey); 353 354 void 355 EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) 356 { 357 ctx->app_data = data; 358 } 359 LCRYPTO_ALIAS(EVP_PKEY_CTX_set_app_data); 360 361 void * 362 EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) 363 { 364 return ctx->app_data; 365 } 366 LCRYPTO_ALIAS(EVP_PKEY_CTX_get_app_data); 367