x_pubkey.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531
  1. /* crypto/asn1/x_pubkey.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include "cryptlib.h"
  60. #include <openssl/asn1t.h>
  61. #include <openssl/x509.h>
  62. #ifndef OPENSSL_NO_RSA
  63. #include <openssl/rsa.h>
  64. #endif
  65. #ifndef OPENSSL_NO_DSA
  66. #include <openssl/dsa.h>
  67. #endif
  68. /* Minor tweak to operation: free up EVP_PKEY */
  69. static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
  70. {
  71. if (operation == ASN1_OP_FREE_POST)
  72. {
  73. X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
  74. EVP_PKEY_free(pubkey->pkey);
  75. }
  76. return 1;
  77. }
  78. ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
  79. ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
  80. ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
  81. } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
  82. IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
  83. int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
  84. {
  85. X509_PUBKEY *pk=NULL;
  86. X509_ALGOR *a;
  87. ASN1_OBJECT *o;
  88. unsigned char *s,*p = NULL;
  89. int i;
  90. if (x == NULL) return(0);
  91. if ((pk=X509_PUBKEY_new()) == NULL) goto err;
  92. a=pk->algor;
  93. /* set the algorithm id */
  94. if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
  95. ASN1_OBJECT_free(a->algorithm);
  96. a->algorithm=o;
  97. /* Set the parameter list */
  98. if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
  99. {
  100. if ((a->parameter == NULL) ||
  101. (a->parameter->type != V_ASN1_NULL))
  102. {
  103. ASN1_TYPE_free(a->parameter);
  104. if (!(a->parameter=ASN1_TYPE_new()))
  105. {
  106. X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
  107. goto err;
  108. }
  109. a->parameter->type=V_ASN1_NULL;
  110. }
  111. }
  112. #ifndef OPENSSL_NO_DSA
  113. else if (pkey->type == EVP_PKEY_DSA)
  114. {
  115. unsigned char *pp;
  116. DSA *dsa;
  117. dsa=pkey->pkey.dsa;
  118. dsa->write_params=0;
  119. ASN1_TYPE_free(a->parameter);
  120. if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
  121. goto err;
  122. if (!(p=(unsigned char *)OPENSSL_malloc(i)))
  123. {
  124. X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
  125. goto err;
  126. }
  127. pp=p;
  128. i2d_DSAparams(dsa,&pp);
  129. if (!(a->parameter=ASN1_TYPE_new()))
  130. {
  131. OPENSSL_free(p);
  132. X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
  133. goto err;
  134. }
  135. a->parameter->type=V_ASN1_SEQUENCE;
  136. if (!(a->parameter->value.sequence=ASN1_STRING_new()))
  137. {
  138. OPENSSL_free(p);
  139. X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
  140. goto err;
  141. }
  142. if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
  143. {
  144. OPENSSL_free(p);
  145. X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
  146. goto err;
  147. }
  148. OPENSSL_free(p);
  149. }
  150. #endif
  151. #ifndef OPENSSL_NO_EC
  152. else if (pkey->type == EVP_PKEY_EC)
  153. {
  154. int nid=0;
  155. unsigned char *pp;
  156. EC_KEY *ec_key;
  157. const EC_GROUP *group;
  158. ec_key = pkey->pkey.ec;
  159. ASN1_TYPE_free(a->parameter);
  160. if ((a->parameter = ASN1_TYPE_new()) == NULL)
  161. {
  162. X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
  163. goto err;
  164. }
  165. group = EC_KEY_get0_group(ec_key);
  166. if (EC_GROUP_get_asn1_flag(group)
  167. && (nid = EC_GROUP_get_curve_name(group)))
  168. {
  169. /* just set the OID */
  170. a->parameter->type = V_ASN1_OBJECT;
  171. a->parameter->value.object = OBJ_nid2obj(nid);
  172. }
  173. else /* explicit parameters */
  174. {
  175. if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
  176. {
  177. X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
  178. goto err;
  179. }
  180. if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
  181. {
  182. X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
  183. goto err;
  184. }
  185. pp = p;
  186. if (!i2d_ECParameters(ec_key, &pp))
  187. {
  188. X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
  189. OPENSSL_free(p);
  190. goto err;
  191. }
  192. a->parameter->type = V_ASN1_SEQUENCE;
  193. if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
  194. {
  195. X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
  196. OPENSSL_free(p);
  197. goto err;
  198. }
  199. ASN1_STRING_set(a->parameter->value.sequence, p, i);
  200. OPENSSL_free(p);
  201. }
  202. }
  203. #endif
  204. else if (1)
  205. {
  206. X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
  207. goto err;
  208. }
  209. if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
  210. if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
  211. {
  212. X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
  213. goto err;
  214. }
  215. p=s;
  216. i2d_PublicKey(pkey,&p);
  217. if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
  218. {
  219. X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
  220. goto err;
  221. }
  222. /* Set number of unused bits to zero */
  223. pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
  224. pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
  225. OPENSSL_free(s);
  226. #if 0
  227. CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
  228. pk->pkey=pkey;
  229. #endif
  230. if (*x != NULL)
  231. X509_PUBKEY_free(*x);
  232. *x=pk;
  233. return 1;
  234. err:
  235. if (pk != NULL) X509_PUBKEY_free(pk);
  236. return 0;
  237. }
  238. EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
  239. {
  240. EVP_PKEY *ret=NULL;
  241. long j;
  242. int type;
  243. const unsigned char *p;
  244. #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
  245. const unsigned char *cp;
  246. X509_ALGOR *a;
  247. #endif
  248. if (key == NULL) goto err;
  249. if (key->pkey != NULL)
  250. {
  251. CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
  252. return(key->pkey);
  253. }
  254. if (key->public_key == NULL) goto err;
  255. type=OBJ_obj2nid(key->algor->algorithm);
  256. if ((ret = EVP_PKEY_new()) == NULL)
  257. {
  258. X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
  259. goto err;
  260. }
  261. ret->type = EVP_PKEY_type(type);
  262. /* the parameters must be extracted before the public key (ECDSA!) */
  263. #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
  264. a=key->algor;
  265. #endif
  266. if (0)
  267. ;
  268. #ifndef OPENSSL_NO_DSA
  269. else if (ret->type == EVP_PKEY_DSA)
  270. {
  271. if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
  272. {
  273. if ((ret->pkey.dsa = DSA_new()) == NULL)
  274. {
  275. X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
  276. goto err;
  277. }
  278. ret->pkey.dsa->write_params=0;
  279. cp=p=a->parameter->value.sequence->data;
  280. j=a->parameter->value.sequence->length;
  281. if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
  282. goto err;
  283. }
  284. ret->save_parameters=1;
  285. }
  286. #endif
  287. #ifndef OPENSSL_NO_EC
  288. else if (ret->type == EVP_PKEY_EC)
  289. {
  290. if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
  291. {
  292. /* type == V_ASN1_SEQUENCE => we have explicit parameters
  293. * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
  294. */
  295. if ((ret->pkey.ec= EC_KEY_new()) == NULL)
  296. {
  297. X509err(X509_F_X509_PUBKEY_GET,
  298. ERR_R_MALLOC_FAILURE);
  299. goto err;
  300. }
  301. cp = p = a->parameter->value.sequence->data;
  302. j = a->parameter->value.sequence->length;
  303. if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
  304. {
  305. X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
  306. goto err;
  307. }
  308. }
  309. else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
  310. {
  311. /* type == V_ASN1_OBJECT => the parameters are given
  312. * by an asn1 OID
  313. */
  314. EC_KEY *ec_key;
  315. EC_GROUP *group;
  316. if (ret->pkey.ec == NULL)
  317. ret->pkey.ec = EC_KEY_new();
  318. ec_key = ret->pkey.ec;
  319. if (ec_key == NULL)
  320. goto err;
  321. group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
  322. if (group == NULL)
  323. goto err;
  324. EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
  325. if (EC_KEY_set_group(ec_key, group) == 0)
  326. goto err;
  327. EC_GROUP_free(group);
  328. }
  329. /* the case implicitlyCA is currently not implemented */
  330. ret->save_parameters = 1;
  331. }
  332. #endif
  333. p=key->public_key->data;
  334. j=key->public_key->length;
  335. if (!d2i_PublicKey(type, &ret, &p, (long)j))
  336. {
  337. X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
  338. goto err;
  339. }
  340. key->pkey = ret;
  341. CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
  342. return(ret);
  343. err:
  344. if (ret != NULL)
  345. EVP_PKEY_free(ret);
  346. return(NULL);
  347. }
  348. /* Now two pseudo ASN1 routines that take an EVP_PKEY structure
  349. * and encode or decode as X509_PUBKEY
  350. */
  351. EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
  352. long length)
  353. {
  354. X509_PUBKEY *xpk;
  355. EVP_PKEY *pktmp;
  356. xpk = d2i_X509_PUBKEY(NULL, pp, length);
  357. if(!xpk) return NULL;
  358. pktmp = X509_PUBKEY_get(xpk);
  359. X509_PUBKEY_free(xpk);
  360. if(!pktmp) return NULL;
  361. if(a)
  362. {
  363. EVP_PKEY_free(*a);
  364. *a = pktmp;
  365. }
  366. return pktmp;
  367. }
  368. int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
  369. {
  370. X509_PUBKEY *xpk=NULL;
  371. int ret;
  372. if(!a) return 0;
  373. if(!X509_PUBKEY_set(&xpk, a)) return 0;
  374. ret = i2d_X509_PUBKEY(xpk, pp);
  375. X509_PUBKEY_free(xpk);
  376. return ret;
  377. }
  378. /* The following are equivalents but which return RSA and DSA
  379. * keys
  380. */
  381. #ifndef OPENSSL_NO_RSA
  382. RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
  383. long length)
  384. {
  385. EVP_PKEY *pkey;
  386. RSA *key;
  387. const unsigned char *q;
  388. q = *pp;
  389. pkey = d2i_PUBKEY(NULL, &q, length);
  390. if (!pkey) return NULL;
  391. key = EVP_PKEY_get1_RSA(pkey);
  392. EVP_PKEY_free(pkey);
  393. if (!key) return NULL;
  394. *pp = q;
  395. if (a)
  396. {
  397. RSA_free(*a);
  398. *a = key;
  399. }
  400. return key;
  401. }
  402. int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
  403. {
  404. EVP_PKEY *pktmp;
  405. int ret;
  406. if (!a) return 0;
  407. pktmp = EVP_PKEY_new();
  408. if (!pktmp)
  409. {
  410. ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
  411. return 0;
  412. }
  413. EVP_PKEY_set1_RSA(pktmp, a);
  414. ret = i2d_PUBKEY(pktmp, pp);
  415. EVP_PKEY_free(pktmp);
  416. return ret;
  417. }
  418. #endif
  419. #ifndef OPENSSL_NO_DSA
  420. DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
  421. long length)
  422. {
  423. EVP_PKEY *pkey;
  424. DSA *key;
  425. const unsigned char *q;
  426. q = *pp;
  427. pkey = d2i_PUBKEY(NULL, &q, length);
  428. if (!pkey) return NULL;
  429. key = EVP_PKEY_get1_DSA(pkey);
  430. EVP_PKEY_free(pkey);
  431. if (!key) return NULL;
  432. *pp = q;
  433. if (a)
  434. {
  435. DSA_free(*a);
  436. *a = key;
  437. }
  438. return key;
  439. }
  440. int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
  441. {
  442. EVP_PKEY *pktmp;
  443. int ret;
  444. if(!a) return 0;
  445. pktmp = EVP_PKEY_new();
  446. if(!pktmp)
  447. {
  448. ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
  449. return 0;
  450. }
  451. EVP_PKEY_set1_DSA(pktmp, a);
  452. ret = i2d_PUBKEY(pktmp, pp);
  453. EVP_PKEY_free(pktmp);
  454. return ret;
  455. }
  456. #endif
  457. #ifndef OPENSSL_NO_EC
  458. EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
  459. {
  460. EVP_PKEY *pkey;
  461. EC_KEY *key;
  462. const unsigned char *q;
  463. q = *pp;
  464. pkey = d2i_PUBKEY(NULL, &q, length);
  465. if (!pkey) return(NULL);
  466. key = EVP_PKEY_get1_EC_KEY(pkey);
  467. EVP_PKEY_free(pkey);
  468. if (!key) return(NULL);
  469. *pp = q;
  470. if (a)
  471. {
  472. EC_KEY_free(*a);
  473. *a = key;
  474. }
  475. return(key);
  476. }
  477. int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
  478. {
  479. EVP_PKEY *pktmp;
  480. int ret;
  481. if (!a) return(0);
  482. if ((pktmp = EVP_PKEY_new()) == NULL)
  483. {
  484. ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
  485. return(0);
  486. }
  487. EVP_PKEY_set1_EC_KEY(pktmp, a);
  488. ret = i2d_PUBKEY(pktmp, pp);
  489. EVP_PKEY_free(pktmp);
  490. return(ret);
  491. }
  492. #endif