p_lib.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513
  1. /*
  2. * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/bn.h>
  12. #include <openssl/err.h>
  13. #include <openssl/objects.h>
  14. #include <openssl/evp.h>
  15. #include <openssl/x509.h>
  16. #include <openssl/rsa.h>
  17. #include <openssl/dsa.h>
  18. #include <openssl/dh.h>
  19. #include <openssl/engine.h>
  20. #include "internal/asn1_int.h"
  21. #include "internal/evp_int.h"
  22. static void EVP_PKEY_free_it(EVP_PKEY *x);
  23. int EVP_PKEY_bits(const EVP_PKEY *pkey)
  24. {
  25. if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
  26. return pkey->ameth->pkey_bits(pkey);
  27. return 0;
  28. }
  29. int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
  30. {
  31. if (pkey == NULL)
  32. return 0;
  33. if (!pkey->ameth || !pkey->ameth->pkey_security_bits)
  34. return -2;
  35. return pkey->ameth->pkey_security_bits(pkey);
  36. }
  37. int EVP_PKEY_size(EVP_PKEY *pkey)
  38. {
  39. if (pkey && pkey->ameth && pkey->ameth->pkey_size)
  40. return pkey->ameth->pkey_size(pkey);
  41. return 0;
  42. }
  43. int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
  44. {
  45. #ifndef OPENSSL_NO_DSA
  46. if (pkey->type == EVP_PKEY_DSA) {
  47. int ret = pkey->save_parameters;
  48. if (mode >= 0)
  49. pkey->save_parameters = mode;
  50. return (ret);
  51. }
  52. #endif
  53. #ifndef OPENSSL_NO_EC
  54. if (pkey->type == EVP_PKEY_EC) {
  55. int ret = pkey->save_parameters;
  56. if (mode >= 0)
  57. pkey->save_parameters = mode;
  58. return (ret);
  59. }
  60. #endif
  61. return (0);
  62. }
  63. int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
  64. {
  65. if (to->type == EVP_PKEY_NONE) {
  66. if (EVP_PKEY_set_type(to, from->type) == 0)
  67. return 0;
  68. } else if (to->type != from->type) {
  69. EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
  70. goto err;
  71. }
  72. if (EVP_PKEY_missing_parameters(from)) {
  73. EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
  74. goto err;
  75. }
  76. if (!EVP_PKEY_missing_parameters(to)) {
  77. if (EVP_PKEY_cmp_parameters(to, from) == 1)
  78. return 1;
  79. EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
  80. return 0;
  81. }
  82. if (from->ameth && from->ameth->param_copy)
  83. return from->ameth->param_copy(to, from);
  84. err:
  85. return 0;
  86. }
  87. int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
  88. {
  89. if (pkey->ameth && pkey->ameth->param_missing)
  90. return pkey->ameth->param_missing(pkey);
  91. return 0;
  92. }
  93. int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
  94. {
  95. if (a->type != b->type)
  96. return -1;
  97. if (a->ameth && a->ameth->param_cmp)
  98. return a->ameth->param_cmp(a, b);
  99. return -2;
  100. }
  101. int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
  102. {
  103. if (a->type != b->type)
  104. return -1;
  105. if (a->ameth) {
  106. int ret;
  107. /* Compare parameters if the algorithm has them */
  108. if (a->ameth->param_cmp) {
  109. ret = a->ameth->param_cmp(a, b);
  110. if (ret <= 0)
  111. return ret;
  112. }
  113. if (a->ameth->pub_cmp)
  114. return a->ameth->pub_cmp(a, b);
  115. }
  116. return -2;
  117. }
  118. EVP_PKEY *EVP_PKEY_new(void)
  119. {
  120. EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret));
  121. if (ret == NULL) {
  122. EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
  123. return NULL;
  124. }
  125. ret->type = EVP_PKEY_NONE;
  126. ret->save_type = EVP_PKEY_NONE;
  127. ret->references = 1;
  128. ret->save_parameters = 1;
  129. ret->lock = CRYPTO_THREAD_lock_new();
  130. if (ret->lock == NULL) {
  131. EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
  132. OPENSSL_free(ret);
  133. return NULL;
  134. }
  135. return ret;
  136. }
  137. int EVP_PKEY_up_ref(EVP_PKEY *pkey)
  138. {
  139. int i;
  140. if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0)
  141. return 0;
  142. REF_PRINT_COUNT("EVP_PKEY", pkey);
  143. REF_ASSERT_ISNT(i < 2);
  144. return ((i > 1) ? 1 : 0);
  145. }
  146. /*
  147. * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey
  148. * is NULL just return 1 or 0 if the algorithm exists.
  149. */
  150. static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
  151. {
  152. const EVP_PKEY_ASN1_METHOD *ameth;
  153. ENGINE *e = NULL;
  154. if (pkey) {
  155. if (pkey->pkey.ptr)
  156. EVP_PKEY_free_it(pkey);
  157. /*
  158. * If key type matches and a method exists then this lookup has
  159. * succeeded once so just indicate success.
  160. */
  161. if ((type == pkey->save_type) && pkey->ameth)
  162. return 1;
  163. #ifndef OPENSSL_NO_ENGINE
  164. /* If we have an ENGINE release it */
  165. ENGINE_finish(pkey->engine);
  166. pkey->engine = NULL;
  167. #endif
  168. }
  169. if (str)
  170. ameth = EVP_PKEY_asn1_find_str(&e, str, len);
  171. else
  172. ameth = EVP_PKEY_asn1_find(&e, type);
  173. #ifndef OPENSSL_NO_ENGINE
  174. if (pkey == NULL)
  175. ENGINE_finish(e);
  176. #endif
  177. if (ameth == NULL) {
  178. EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
  179. return 0;
  180. }
  181. if (pkey) {
  182. pkey->ameth = ameth;
  183. pkey->engine = e;
  184. pkey->type = pkey->ameth->pkey_id;
  185. pkey->save_type = type;
  186. }
  187. return 1;
  188. }
  189. int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
  190. {
  191. return pkey_set_type(pkey, type, NULL, -1);
  192. }
  193. int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
  194. {
  195. return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
  196. }
  197. int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
  198. {
  199. if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
  200. return 0;
  201. pkey->pkey.ptr = key;
  202. return (key != NULL);
  203. }
  204. void *EVP_PKEY_get0(const EVP_PKEY *pkey)
  205. {
  206. return pkey->pkey.ptr;
  207. }
  208. const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
  209. {
  210. ASN1_OCTET_STRING *os = NULL;
  211. if (pkey->type != EVP_PKEY_HMAC) {
  212. EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
  213. return NULL;
  214. }
  215. os = EVP_PKEY_get0(pkey);
  216. *len = os->length;
  217. return os->data;
  218. }
  219. #ifndef OPENSSL_NO_POLY1305
  220. const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
  221. {
  222. ASN1_OCTET_STRING *os = NULL;
  223. if (pkey->type != EVP_PKEY_POLY1305) {
  224. EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY);
  225. return NULL;
  226. }
  227. os = EVP_PKEY_get0(pkey);
  228. *len = os->length;
  229. return os->data;
  230. }
  231. #endif
  232. #ifndef OPENSSL_NO_SIPHASH
  233. const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
  234. {
  235. ASN1_OCTET_STRING *os = NULL;
  236. if (pkey->type != EVP_PKEY_SIPHASH) {
  237. EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY);
  238. return NULL;
  239. }
  240. os = EVP_PKEY_get0(pkey);
  241. *len = os->length;
  242. return os->data;
  243. }
  244. #endif
  245. #ifndef OPENSSL_NO_RSA
  246. int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
  247. {
  248. int ret = EVP_PKEY_assign_RSA(pkey, key);
  249. if (ret)
  250. RSA_up_ref(key);
  251. return ret;
  252. }
  253. RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
  254. {
  255. if (pkey->type != EVP_PKEY_RSA) {
  256. EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
  257. return NULL;
  258. }
  259. return pkey->pkey.rsa;
  260. }
  261. RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
  262. {
  263. RSA *ret = EVP_PKEY_get0_RSA(pkey);
  264. if (ret != NULL)
  265. RSA_up_ref(ret);
  266. return ret;
  267. }
  268. #endif
  269. #ifndef OPENSSL_NO_DSA
  270. int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
  271. {
  272. int ret = EVP_PKEY_assign_DSA(pkey, key);
  273. if (ret)
  274. DSA_up_ref(key);
  275. return ret;
  276. }
  277. DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
  278. {
  279. if (pkey->type != EVP_PKEY_DSA) {
  280. EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY);
  281. return NULL;
  282. }
  283. return pkey->pkey.dsa;
  284. }
  285. DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
  286. {
  287. DSA *ret = EVP_PKEY_get0_DSA(pkey);
  288. if (ret != NULL)
  289. DSA_up_ref(ret);
  290. return ret;
  291. }
  292. #endif
  293. #ifndef OPENSSL_NO_EC
  294. int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
  295. {
  296. int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
  297. if (ret)
  298. EC_KEY_up_ref(key);
  299. return ret;
  300. }
  301. EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
  302. {
  303. if (pkey->type != EVP_PKEY_EC) {
  304. EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
  305. return NULL;
  306. }
  307. return pkey->pkey.ec;
  308. }
  309. EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
  310. {
  311. EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
  312. if (ret != NULL)
  313. EC_KEY_up_ref(ret);
  314. return ret;
  315. }
  316. #endif
  317. #ifndef OPENSSL_NO_DH
  318. int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
  319. {
  320. int ret = EVP_PKEY_assign_DH(pkey, key);
  321. if (ret)
  322. DH_up_ref(key);
  323. return ret;
  324. }
  325. DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey)
  326. {
  327. if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
  328. EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY);
  329. return NULL;
  330. }
  331. return pkey->pkey.dh;
  332. }
  333. DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
  334. {
  335. DH *ret = EVP_PKEY_get0_DH(pkey);
  336. if (ret != NULL)
  337. DH_up_ref(ret);
  338. return ret;
  339. }
  340. #endif
  341. int EVP_PKEY_type(int type)
  342. {
  343. int ret;
  344. const EVP_PKEY_ASN1_METHOD *ameth;
  345. ENGINE *e;
  346. ameth = EVP_PKEY_asn1_find(&e, type);
  347. if (ameth)
  348. ret = ameth->pkey_id;
  349. else
  350. ret = NID_undef;
  351. #ifndef OPENSSL_NO_ENGINE
  352. ENGINE_finish(e);
  353. #endif
  354. return ret;
  355. }
  356. int EVP_PKEY_id(const EVP_PKEY *pkey)
  357. {
  358. return pkey->type;
  359. }
  360. int EVP_PKEY_base_id(const EVP_PKEY *pkey)
  361. {
  362. return EVP_PKEY_type(pkey->type);
  363. }
  364. void EVP_PKEY_free(EVP_PKEY *x)
  365. {
  366. int i;
  367. if (x == NULL)
  368. return;
  369. CRYPTO_DOWN_REF(&x->references, &i, x->lock);
  370. REF_PRINT_COUNT("EVP_PKEY", x);
  371. if (i > 0)
  372. return;
  373. REF_ASSERT_ISNT(i < 0);
  374. EVP_PKEY_free_it(x);
  375. CRYPTO_THREAD_lock_free(x->lock);
  376. sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
  377. OPENSSL_free(x);
  378. }
  379. static void EVP_PKEY_free_it(EVP_PKEY *x)
  380. {
  381. /* internal function; x is never NULL */
  382. if (x->ameth && x->ameth->pkey_free) {
  383. x->ameth->pkey_free(x);
  384. x->pkey.ptr = NULL;
  385. }
  386. #ifndef OPENSSL_NO_ENGINE
  387. ENGINE_finish(x->engine);
  388. x->engine = NULL;
  389. #endif
  390. }
  391. static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
  392. const char *kstr)
  393. {
  394. BIO_indent(out, indent, 128);
  395. BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
  396. kstr, OBJ_nid2ln(pkey->type));
  397. return 1;
  398. }
  399. int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
  400. int indent, ASN1_PCTX *pctx)
  401. {
  402. if (pkey->ameth && pkey->ameth->pub_print)
  403. return pkey->ameth->pub_print(out, pkey, indent, pctx);
  404. return unsup_alg(out, pkey, indent, "Public Key");
  405. }
  406. int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
  407. int indent, ASN1_PCTX *pctx)
  408. {
  409. if (pkey->ameth && pkey->ameth->priv_print)
  410. return pkey->ameth->priv_print(out, pkey, indent, pctx);
  411. return unsup_alg(out, pkey, indent, "Private Key");
  412. }
  413. int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
  414. int indent, ASN1_PCTX *pctx)
  415. {
  416. if (pkey->ameth && pkey->ameth->param_print)
  417. return pkey->ameth->param_print(out, pkey, indent, pctx);
  418. return unsup_alg(out, pkey, indent, "Parameters");
  419. }
  420. static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
  421. {
  422. if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
  423. return -2;
  424. return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2);
  425. }
  426. int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
  427. {
  428. return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
  429. }
  430. int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
  431. const unsigned char *pt, size_t ptlen)
  432. {
  433. if (ptlen > INT_MAX)
  434. return 0;
  435. if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen,
  436. (void *)pt) <= 0)
  437. return 0;
  438. return 1;
  439. }
  440. size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt)
  441. {
  442. int rv;
  443. rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt);
  444. if (rv <= 0)
  445. return 0;
  446. return rv;
  447. }