1 | /* |
2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include "internal/cryptlib.h" |
12 | #include "internal/refcount.h" |
13 | #include <openssl/bn.h> |
14 | #include <openssl/err.h> |
15 | #include <openssl/objects.h> |
16 | #include <openssl/evp.h> |
17 | #include <openssl/x509.h> |
18 | #include <openssl/rsa.h> |
19 | #include <openssl/dsa.h> |
20 | #include <openssl/dh.h> |
21 | #include <openssl/cmac.h> |
22 | #include <openssl/engine.h> |
23 | #include <openssl/params.h> |
24 | #include <openssl/serializer.h> |
25 | #include <openssl/core_names.h> |
26 | |
27 | #include "crypto/asn1.h" |
28 | #include "crypto/evp.h" |
29 | #include "internal/provider.h" |
30 | |
31 | static void EVP_PKEY_free_it(EVP_PKEY *x); |
32 | |
33 | int EVP_PKEY_bits(const EVP_PKEY *pkey) |
34 | { |
35 | if (pkey && pkey->ameth && pkey->ameth->pkey_bits) |
36 | return pkey->ameth->pkey_bits(pkey); |
37 | return 0; |
38 | } |
39 | |
40 | int EVP_PKEY_security_bits(const EVP_PKEY *pkey) |
41 | { |
42 | if (pkey == NULL) |
43 | return 0; |
44 | if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL) |
45 | return -2; |
46 | return pkey->ameth->pkey_security_bits(pkey); |
47 | } |
48 | |
49 | int EVP_PKEY_size(const EVP_PKEY *pkey) |
50 | { |
51 | if (pkey && pkey->ameth && pkey->ameth->pkey_size) |
52 | return pkey->ameth->pkey_size(pkey); |
53 | return 0; |
54 | } |
55 | |
56 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) |
57 | { |
58 | #ifndef OPENSSL_NO_DSA |
59 | if (pkey->type == EVP_PKEY_DSA) { |
60 | int ret = pkey->save_parameters; |
61 | |
62 | if (mode >= 0) |
63 | pkey->save_parameters = mode; |
64 | return ret; |
65 | } |
66 | #endif |
67 | #ifndef OPENSSL_NO_EC |
68 | if (pkey->type == EVP_PKEY_EC) { |
69 | int ret = pkey->save_parameters; |
70 | |
71 | if (mode >= 0) |
72 | pkey->save_parameters = mode; |
73 | return ret; |
74 | } |
75 | #endif |
76 | return 0; |
77 | } |
78 | |
79 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) |
80 | { |
81 | if (to->type == EVP_PKEY_NONE) { |
82 | if (EVP_PKEY_set_type(to, from->type) == 0) |
83 | return 0; |
84 | } else if (to->type != from->type) { |
85 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); |
86 | goto err; |
87 | } |
88 | |
89 | if (EVP_PKEY_missing_parameters(from)) { |
90 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); |
91 | goto err; |
92 | } |
93 | |
94 | if (!EVP_PKEY_missing_parameters(to)) { |
95 | if (EVP_PKEY_cmp_parameters(to, from) == 1) |
96 | return 1; |
97 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS); |
98 | return 0; |
99 | } |
100 | |
101 | if (from->ameth && from->ameth->param_copy) |
102 | return from->ameth->param_copy(to, from); |
103 | err: |
104 | return 0; |
105 | } |
106 | |
107 | int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) |
108 | { |
109 | if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing) |
110 | return pkey->ameth->param_missing(pkey); |
111 | return 0; |
112 | } |
113 | |
114 | int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
115 | { |
116 | if (a->type != b->type) |
117 | return -1; |
118 | if (a->ameth && a->ameth->param_cmp) |
119 | return a->ameth->param_cmp(a, b); |
120 | return -2; |
121 | } |
122 | |
123 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
124 | { |
125 | if (a->type != b->type) |
126 | return -1; |
127 | |
128 | if (a->ameth) { |
129 | int ret; |
130 | /* Compare parameters if the algorithm has them */ |
131 | if (a->ameth->param_cmp) { |
132 | ret = a->ameth->param_cmp(a, b); |
133 | if (ret <= 0) |
134 | return ret; |
135 | } |
136 | |
137 | if (a->ameth->pub_cmp) |
138 | return a->ameth->pub_cmp(a, b); |
139 | } |
140 | |
141 | return -2; |
142 | } |
143 | |
144 | EVP_PKEY *EVP_PKEY_new(void) |
145 | { |
146 | EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); |
147 | |
148 | if (ret == NULL) { |
149 | EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); |
150 | return NULL; |
151 | } |
152 | ret->type = EVP_PKEY_NONE; |
153 | ret->save_type = EVP_PKEY_NONE; |
154 | ret->references = 1; |
155 | ret->save_parameters = 1; |
156 | ret->lock = CRYPTO_THREAD_lock_new(); |
157 | if (ret->lock == NULL) { |
158 | EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); |
159 | OPENSSL_free(ret); |
160 | return NULL; |
161 | } |
162 | return ret; |
163 | } |
164 | |
165 | int EVP_PKEY_up_ref(EVP_PKEY *pkey) |
166 | { |
167 | int i; |
168 | |
169 | if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0) |
170 | return 0; |
171 | |
172 | REF_PRINT_COUNT("EVP_PKEY" , pkey); |
173 | REF_ASSERT_ISNT(i < 2); |
174 | return ((i > 1) ? 1 : 0); |
175 | } |
176 | |
177 | /* |
178 | * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey |
179 | * is NULL just return 1 or 0 if the algorithm exists. |
180 | */ |
181 | |
182 | static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, |
183 | int len) |
184 | { |
185 | const EVP_PKEY_ASN1_METHOD *ameth; |
186 | ENGINE **eptr = (e == NULL) ? &e : NULL; |
187 | |
188 | if (pkey) { |
189 | if (pkey->pkey.ptr) |
190 | EVP_PKEY_free_it(pkey); |
191 | /* |
192 | * If key type matches and a method exists then this lookup has |
193 | * succeeded once so just indicate success. |
194 | */ |
195 | if ((type == pkey->save_type) && pkey->ameth) |
196 | return 1; |
197 | #ifndef OPENSSL_NO_ENGINE |
198 | /* If we have ENGINEs release them */ |
199 | ENGINE_finish(pkey->engine); |
200 | pkey->engine = NULL; |
201 | ENGINE_finish(pkey->pmeth_engine); |
202 | pkey->pmeth_engine = NULL; |
203 | #endif |
204 | } |
205 | if (str) |
206 | ameth = EVP_PKEY_asn1_find_str(eptr, str, len); |
207 | else |
208 | ameth = EVP_PKEY_asn1_find(eptr, type); |
209 | #ifndef OPENSSL_NO_ENGINE |
210 | if (pkey == NULL && eptr != NULL) |
211 | ENGINE_finish(e); |
212 | #endif |
213 | if (ameth == NULL) { |
214 | EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); |
215 | return 0; |
216 | } |
217 | if (pkey) { |
218 | pkey->ameth = ameth; |
219 | pkey->engine = e; |
220 | |
221 | pkey->type = pkey->ameth->pkey_id; |
222 | pkey->save_type = type; |
223 | } |
224 | return 1; |
225 | } |
226 | |
227 | EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, |
228 | const unsigned char *priv, |
229 | size_t len) |
230 | { |
231 | EVP_PKEY *ret = EVP_PKEY_new(); |
232 | |
233 | if (ret == NULL |
234 | || !pkey_set_type(ret, e, type, NULL, -1)) { |
235 | /* EVPerr already called */ |
236 | goto err; |
237 | } |
238 | |
239 | if (ret->ameth->set_priv_key == NULL) { |
240 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, |
241 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
242 | goto err; |
243 | } |
244 | |
245 | if (!ret->ameth->set_priv_key(ret, priv, len)) { |
246 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED); |
247 | goto err; |
248 | } |
249 | |
250 | return ret; |
251 | |
252 | err: |
253 | EVP_PKEY_free(ret); |
254 | return NULL; |
255 | } |
256 | |
257 | EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, |
258 | const unsigned char *pub, |
259 | size_t len) |
260 | { |
261 | EVP_PKEY *ret = EVP_PKEY_new(); |
262 | |
263 | if (ret == NULL |
264 | || !pkey_set_type(ret, e, type, NULL, -1)) { |
265 | /* EVPerr already called */ |
266 | goto err; |
267 | } |
268 | |
269 | if (ret->ameth->set_pub_key == NULL) { |
270 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, |
271 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
272 | goto err; |
273 | } |
274 | |
275 | if (!ret->ameth->set_pub_key(ret, pub, len)) { |
276 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED); |
277 | goto err; |
278 | } |
279 | |
280 | return ret; |
281 | |
282 | err: |
283 | EVP_PKEY_free(ret); |
284 | return NULL; |
285 | } |
286 | |
287 | int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, |
288 | size_t *len) |
289 | { |
290 | if (pkey->ameth->get_priv_key == NULL) { |
291 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, |
292 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
293 | return 0; |
294 | } |
295 | |
296 | if (!pkey->ameth->get_priv_key(pkey, priv, len)) { |
297 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED); |
298 | return 0; |
299 | } |
300 | |
301 | return 1; |
302 | } |
303 | |
304 | int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, |
305 | size_t *len) |
306 | { |
307 | if (pkey->ameth->get_pub_key == NULL) { |
308 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, |
309 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
310 | return 0; |
311 | } |
312 | |
313 | if (!pkey->ameth->get_pub_key(pkey, pub, len)) { |
314 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED); |
315 | return 0; |
316 | } |
317 | |
318 | return 1; |
319 | } |
320 | |
321 | EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, |
322 | size_t len, const EVP_CIPHER *cipher) |
323 | { |
324 | #ifndef OPENSSL_NO_CMAC |
325 | # ifndef OPENSSL_NO_ENGINE |
326 | const char *engine_id = e != NULL ? ENGINE_get_id(e) : NULL; |
327 | # endif |
328 | const char *cipher_name = EVP_CIPHER_name(cipher); |
329 | const OSSL_PROVIDER *prov = EVP_CIPHER_provider(cipher); |
330 | OPENSSL_CTX *libctx = |
331 | prov == NULL ? NULL : ossl_provider_library_context(prov); |
332 | EVP_PKEY *ret = EVP_PKEY_new(); |
333 | EVP_MAC *cmac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, NULL); |
334 | EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_CTX_new(cmac) : NULL; |
335 | OSSL_PARAM params[4]; |
336 | size_t paramsn = 0; |
337 | |
338 | if (ret == NULL |
339 | || cmctx == NULL |
340 | || !pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) { |
341 | /* EVPerr already called */ |
342 | goto err; |
343 | } |
344 | |
345 | # ifndef OPENSSL_NO_ENGINE |
346 | if (engine_id != NULL) |
347 | params[paramsn++] = |
348 | OSSL_PARAM_construct_utf8_string("engine" , (char *)engine_id, 0); |
349 | # endif |
350 | |
351 | params[paramsn++] = |
352 | OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, |
353 | (char *)cipher_name, 0); |
354 | params[paramsn++] = |
355 | OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, |
356 | (char *)priv, len); |
357 | params[paramsn] = OSSL_PARAM_construct_end(); |
358 | |
359 | if (!EVP_MAC_CTX_set_params(cmctx, params)) { |
360 | EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED); |
361 | goto err; |
362 | } |
363 | |
364 | ret->pkey.ptr = cmctx; |
365 | return ret; |
366 | |
367 | err: |
368 | EVP_PKEY_free(ret); |
369 | EVP_MAC_CTX_free(cmctx); |
370 | EVP_MAC_free(cmac); |
371 | return NULL; |
372 | #else |
373 | EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, |
374 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
375 | return NULL; |
376 | #endif |
377 | } |
378 | |
379 | int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) |
380 | { |
381 | return pkey_set_type(pkey, NULL, type, NULL, -1); |
382 | } |
383 | |
384 | int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) |
385 | { |
386 | return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len); |
387 | } |
388 | |
389 | int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) |
390 | { |
391 | if (pkey->type == type) { |
392 | return 1; /* it already is that type */ |
393 | } |
394 | |
395 | /* |
396 | * The application is requesting to alias this to a different pkey type, |
397 | * but not one that resolves to the base type. |
398 | */ |
399 | if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) { |
400 | EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); |
401 | return 0; |
402 | } |
403 | |
404 | pkey->type = type; |
405 | return 1; |
406 | } |
407 | |
408 | #ifndef OPENSSL_NO_ENGINE |
409 | int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) |
410 | { |
411 | if (e != NULL) { |
412 | if (!ENGINE_init(e)) { |
413 | EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, ERR_R_ENGINE_LIB); |
414 | return 0; |
415 | } |
416 | if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) { |
417 | ENGINE_finish(e); |
418 | EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, EVP_R_UNSUPPORTED_ALGORITHM); |
419 | return 0; |
420 | } |
421 | } |
422 | ENGINE_finish(pkey->pmeth_engine); |
423 | pkey->pmeth_engine = e; |
424 | return 1; |
425 | } |
426 | |
427 | ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) |
428 | { |
429 | return pkey->engine; |
430 | } |
431 | #endif |
432 | int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) |
433 | { |
434 | if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) |
435 | return 0; |
436 | pkey->pkey.ptr = key; |
437 | return (key != NULL); |
438 | } |
439 | |
440 | void *EVP_PKEY_get0(const EVP_PKEY *pkey) |
441 | { |
442 | return pkey->pkey.ptr; |
443 | } |
444 | |
445 | const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) |
446 | { |
447 | ASN1_OCTET_STRING *os = NULL; |
448 | if (pkey->type != EVP_PKEY_HMAC) { |
449 | EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY); |
450 | return NULL; |
451 | } |
452 | os = EVP_PKEY_get0(pkey); |
453 | *len = os->length; |
454 | return os->data; |
455 | } |
456 | |
457 | #ifndef OPENSSL_NO_POLY1305 |
458 | const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) |
459 | { |
460 | ASN1_OCTET_STRING *os = NULL; |
461 | if (pkey->type != EVP_PKEY_POLY1305) { |
462 | EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY); |
463 | return NULL; |
464 | } |
465 | os = EVP_PKEY_get0(pkey); |
466 | *len = os->length; |
467 | return os->data; |
468 | } |
469 | #endif |
470 | |
471 | #ifndef OPENSSL_NO_SIPHASH |
472 | const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) |
473 | { |
474 | ASN1_OCTET_STRING *os = NULL; |
475 | |
476 | if (pkey->type != EVP_PKEY_SIPHASH) { |
477 | EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY); |
478 | return NULL; |
479 | } |
480 | os = EVP_PKEY_get0(pkey); |
481 | *len = os->length; |
482 | return os->data; |
483 | } |
484 | #endif |
485 | |
486 | #ifndef OPENSSL_NO_RSA |
487 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) |
488 | { |
489 | int ret = EVP_PKEY_assign_RSA(pkey, key); |
490 | if (ret) |
491 | RSA_up_ref(key); |
492 | return ret; |
493 | } |
494 | |
495 | RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) |
496 | { |
497 | if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { |
498 | EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); |
499 | return NULL; |
500 | } |
501 | return pkey->pkey.rsa; |
502 | } |
503 | |
504 | RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) |
505 | { |
506 | RSA *ret = EVP_PKEY_get0_RSA(pkey); |
507 | if (ret != NULL) |
508 | RSA_up_ref(ret); |
509 | return ret; |
510 | } |
511 | #endif |
512 | |
513 | #ifndef OPENSSL_NO_DSA |
514 | int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) |
515 | { |
516 | int ret = EVP_PKEY_assign_DSA(pkey, key); |
517 | if (ret) |
518 | DSA_up_ref(key); |
519 | return ret; |
520 | } |
521 | |
522 | DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) |
523 | { |
524 | if (pkey->type != EVP_PKEY_DSA) { |
525 | EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY); |
526 | return NULL; |
527 | } |
528 | return pkey->pkey.dsa; |
529 | } |
530 | |
531 | DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) |
532 | { |
533 | DSA *ret = EVP_PKEY_get0_DSA(pkey); |
534 | if (ret != NULL) |
535 | DSA_up_ref(ret); |
536 | return ret; |
537 | } |
538 | #endif |
539 | |
540 | #ifndef OPENSSL_NO_EC |
541 | |
542 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) |
543 | { |
544 | int ret = EVP_PKEY_assign_EC_KEY(pkey, key); |
545 | if (ret) |
546 | EC_KEY_up_ref(key); |
547 | return ret; |
548 | } |
549 | |
550 | EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) |
551 | { |
552 | if (pkey->type != EVP_PKEY_EC) { |
553 | EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); |
554 | return NULL; |
555 | } |
556 | return pkey->pkey.ec; |
557 | } |
558 | |
559 | EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) |
560 | { |
561 | EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); |
562 | if (ret != NULL) |
563 | EC_KEY_up_ref(ret); |
564 | return ret; |
565 | } |
566 | #endif |
567 | |
568 | #ifndef OPENSSL_NO_DH |
569 | |
570 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) |
571 | { |
572 | int ret = EVP_PKEY_assign_DH(pkey, key); |
573 | if (ret) |
574 | DH_up_ref(key); |
575 | return ret; |
576 | } |
577 | |
578 | DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) |
579 | { |
580 | if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { |
581 | EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY); |
582 | return NULL; |
583 | } |
584 | return pkey->pkey.dh; |
585 | } |
586 | |
587 | DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) |
588 | { |
589 | DH *ret = EVP_PKEY_get0_DH(pkey); |
590 | if (ret != NULL) |
591 | DH_up_ref(ret); |
592 | return ret; |
593 | } |
594 | #endif |
595 | |
596 | int EVP_PKEY_type(int type) |
597 | { |
598 | int ret; |
599 | const EVP_PKEY_ASN1_METHOD *ameth; |
600 | ENGINE *e; |
601 | ameth = EVP_PKEY_asn1_find(&e, type); |
602 | if (ameth) |
603 | ret = ameth->pkey_id; |
604 | else |
605 | ret = NID_undef; |
606 | #ifndef OPENSSL_NO_ENGINE |
607 | ENGINE_finish(e); |
608 | #endif |
609 | return ret; |
610 | } |
611 | |
612 | int EVP_PKEY_id(const EVP_PKEY *pkey) |
613 | { |
614 | return pkey->type; |
615 | } |
616 | |
617 | int EVP_PKEY_base_id(const EVP_PKEY *pkey) |
618 | { |
619 | return EVP_PKEY_type(pkey->type); |
620 | } |
621 | |
622 | void EVP_PKEY_free(EVP_PKEY *x) |
623 | { |
624 | int i; |
625 | |
626 | if (x == NULL) |
627 | return; |
628 | |
629 | CRYPTO_DOWN_REF(&x->references, &i, x->lock); |
630 | REF_PRINT_COUNT("EVP_PKEY" , x); |
631 | if (i > 0) |
632 | return; |
633 | REF_ASSERT_ISNT(i < 0); |
634 | EVP_PKEY_free_it(x); |
635 | CRYPTO_THREAD_lock_free(x->lock); |
636 | sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); |
637 | OPENSSL_free(x); |
638 | } |
639 | |
640 | static void EVP_PKEY_free_it(EVP_PKEY *x) |
641 | { |
642 | /* internal function; x is never NULL */ |
643 | |
644 | evp_keymgmt_clear_pkey_cache(x); |
645 | |
646 | if (x->ameth && x->ameth->pkey_free) { |
647 | x->ameth->pkey_free(x); |
648 | x->pkey.ptr = NULL; |
649 | } |
650 | #ifndef OPENSSL_NO_ENGINE |
651 | ENGINE_finish(x->engine); |
652 | x->engine = NULL; |
653 | ENGINE_finish(x->pmeth_engine); |
654 | x->pmeth_engine = NULL; |
655 | #endif |
656 | } |
657 | |
658 | static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, |
659 | const char *kstr) |
660 | { |
661 | BIO_indent(out, indent, 128); |
662 | BIO_printf(out, "%s algorithm \"%s\" unsupported\n" , |
663 | kstr, OBJ_nid2ln(pkey->type)); |
664 | return 1; |
665 | } |
666 | |
667 | int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, |
668 | int indent, ASN1_PCTX *pctx) |
669 | { |
670 | const char *pq = OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ; |
671 | OSSL_SERIALIZER_CTX *ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pkey, pq); |
672 | int ret = -2; /* mark as unsupported */ |
673 | |
674 | if (OSSL_SERIALIZER_CTX_get_serializer(ctx) != NULL) |
675 | ret = OSSL_SERIALIZER_to_bio(ctx, out); |
676 | OSSL_SERIALIZER_CTX_free(ctx); |
677 | |
678 | if (ret != -2) |
679 | return ret; |
680 | |
681 | /* legacy fallback */ |
682 | if (pkey->ameth && pkey->ameth->pub_print) |
683 | return pkey->ameth->pub_print(out, pkey, indent, pctx); |
684 | |
685 | return unsup_alg(out, pkey, indent, "Public Key" ); |
686 | } |
687 | |
688 | int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, |
689 | int indent, ASN1_PCTX *pctx) |
690 | { |
691 | const char *pq = OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ; |
692 | OSSL_SERIALIZER_CTX *ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pkey, pq); |
693 | int ret = -2; /* mark as unsupported */ |
694 | |
695 | if (OSSL_SERIALIZER_CTX_get_serializer(ctx) != NULL) |
696 | ret = OSSL_SERIALIZER_to_bio(ctx, out); |
697 | OSSL_SERIALIZER_CTX_free(ctx); |
698 | |
699 | if (ret != -2) |
700 | return ret; |
701 | |
702 | /* legacy fallback */ |
703 | if (pkey->ameth && pkey->ameth->priv_print) |
704 | return pkey->ameth->priv_print(out, pkey, indent, pctx); |
705 | |
706 | return unsup_alg(out, pkey, indent, "Private Key" ); |
707 | } |
708 | |
709 | int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, |
710 | int indent, ASN1_PCTX *pctx) |
711 | { |
712 | const char *pq = OSSL_SERIALIZER_Parameters_TO_TEXT_PQ; |
713 | OSSL_SERIALIZER_CTX *ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pkey, pq); |
714 | int ret = -2; /* mark as unsupported */ |
715 | |
716 | if (OSSL_SERIALIZER_CTX_get_serializer(ctx) != NULL) |
717 | ret = OSSL_SERIALIZER_to_bio(ctx, out); |
718 | OSSL_SERIALIZER_CTX_free(ctx); |
719 | |
720 | if (ret != -2) |
721 | return ret; |
722 | |
723 | /* legacy fallback */ |
724 | if (pkey->ameth && pkey->ameth->param_print) |
725 | return pkey->ameth->param_print(out, pkey, indent, pctx); |
726 | |
727 | return unsup_alg(out, pkey, indent, "Parameters" ); |
728 | } |
729 | |
730 | static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2) |
731 | { |
732 | if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) |
733 | return -2; |
734 | return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2); |
735 | } |
736 | |
737 | int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) |
738 | { |
739 | return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid); |
740 | } |
741 | |
742 | int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid) |
743 | { |
744 | int rv, default_nid; |
745 | |
746 | rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SUPPORTS_MD_NID, nid, NULL); |
747 | if (rv == -2) { |
748 | /* |
749 | * If there is a mandatory default digest and this isn't it, then |
750 | * the answer is 'no'. |
751 | */ |
752 | rv = EVP_PKEY_get_default_digest_nid(pkey, &default_nid); |
753 | if (rv == 2) |
754 | return (nid == default_nid); |
755 | /* zero is an error from EVP_PKEY_get_default_digest_nid() */ |
756 | if (rv == 0) |
757 | return -1; |
758 | } |
759 | return rv; |
760 | } |
761 | |
762 | int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, |
763 | const unsigned char *pt, size_t ptlen) |
764 | { |
765 | if (ptlen > INT_MAX) |
766 | return 0; |
767 | if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen, |
768 | (void *)pt) <= 0) |
769 | return 0; |
770 | return 1; |
771 | } |
772 | |
773 | size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) |
774 | { |
775 | int rv; |
776 | rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); |
777 | if (rv <= 0) |
778 | return 0; |
779 | return rv; |
780 | } |
781 | |