diff options
| author | tb <> | 2023-12-29 10:59:00 +0000 |
|---|---|---|
| committer | tb <> | 2023-12-29 10:59:00 +0000 |
| commit | 74f37a921dec4d88238715b69fdd65f00d225fda (patch) | |
| tree | 75f4dda3052f834420459527c235e1bb9b3f059c | |
| parent | c84e468c4aa089677e98a7754e5fc8cb0cd62e54 (diff) | |
| download | openbsd-74f37a921dec4d88238715b69fdd65f00d225fda.tar.gz openbsd-74f37a921dec4d88238715b69fdd65f00d225fda.tar.bz2 openbsd-74f37a921dec4d88238715b69fdd65f00d225fda.zip | |
Move the EVP_PKEY_asn1_* API that will stay to evp/p_lib.c
Most of these functions are only called from this file internally apart
from the pem_str lookups from pem/. In the next major bump we can then
remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h.
While this is used to dispatch to various ASN.1 decoding routines, it
doesn't fit into asn1/ at all.
| -rw-r--r-- | src/lib/libcrypto/asn1/ameth_lib.c | 140 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_local.h | 66 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/t_x509.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp_local.h | 64 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/p_lib.c | 198 |
5 files changed, 260 insertions, 212 deletions
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c index 2165bf06b5..cf3a965a64 100644 --- a/src/lib/libcrypto/asn1/ameth_lib.c +++ b/src/lib/libcrypto/asn1/ameth_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ameth_lib.c,v 1.39 2023/12/29 10:17:26 tb Exp $ */ | 1 | /* $OpenBSD: ameth_lib.c,v 1.40 2023/12/29 10:59:00 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -62,146 +62,8 @@ | |||
| 62 | #include <openssl/err.h> | 62 | #include <openssl/err.h> |
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | 64 | ||
| 65 | #include "asn1_local.h" | ||
| 66 | #include "evp_local.h" | 65 | #include "evp_local.h" |
| 67 | 66 | ||
| 68 | extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; | ||
| 69 | extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; | ||
| 70 | extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; | ||
| 71 | extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; | ||
| 72 | extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; | ||
| 73 | extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth; | ||
| 74 | extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[]; | ||
| 75 | extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; | ||
| 76 | extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; | ||
| 77 | extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; | ||
| 78 | extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth; | ||
| 79 | |||
| 80 | static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = { | ||
| 81 | &cmac_asn1_meth, | ||
| 82 | &dh_asn1_meth, | ||
| 83 | &dsa_asn1_meths[0], | ||
| 84 | &dsa_asn1_meths[1], | ||
| 85 | &dsa_asn1_meths[2], | ||
| 86 | &dsa_asn1_meths[3], | ||
| 87 | &dsa_asn1_meths[4], | ||
| 88 | &eckey_asn1_meth, | ||
| 89 | &ed25519_asn1_meth, | ||
| 90 | &gostimit_asn1_meth, | ||
| 91 | &gostr01_asn1_meths[0], | ||
| 92 | &gostr01_asn1_meths[1], | ||
| 93 | &gostr01_asn1_meths[2], | ||
| 94 | &hmac_asn1_meth, | ||
| 95 | &rsa_asn1_meths[0], | ||
| 96 | &rsa_asn1_meths[1], | ||
| 97 | &rsa_pss_asn1_meth, | ||
| 98 | &x25519_asn1_meth, | ||
| 99 | }; | ||
| 100 | |||
| 101 | #define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0])) | ||
| 102 | |||
| 103 | int | ||
| 104 | EVP_PKEY_asn1_get_count(void) | ||
| 105 | { | ||
| 106 | return N_ASN1_METHODS; | ||
| 107 | } | ||
| 108 | |||
| 109 | const EVP_PKEY_ASN1_METHOD * | ||
| 110 | EVP_PKEY_asn1_get0(int idx) | ||
| 111 | { | ||
| 112 | if (idx < 0 || idx >= N_ASN1_METHODS) | ||
| 113 | return NULL; | ||
| 114 | |||
| 115 | return asn1_methods[idx]; | ||
| 116 | } | ||
| 117 | |||
| 118 | static const EVP_PKEY_ASN1_METHOD * | ||
| 119 | pkey_asn1_find(int pkey_id) | ||
| 120 | { | ||
| 121 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
| 122 | int i; | ||
| 123 | |||
| 124 | for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) { | ||
| 125 | ameth = EVP_PKEY_asn1_get0(i); | ||
| 126 | if (ameth->pkey_id == pkey_id) | ||
| 127 | return ameth; | ||
| 128 | } | ||
| 129 | |||
| 130 | return NULL; | ||
| 131 | } | ||
| 132 | |||
| 133 | /* | ||
| 134 | * XXX - fix this. In what looks like an infinite loop, this API only makes two | ||
| 135 | * calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method, | ||
| 136 | * the second call will find the method it aliases. Codify this in regress and | ||
| 137 | * make this explicit in code. | ||
| 138 | */ | ||
| 139 | const EVP_PKEY_ASN1_METHOD * | ||
| 140 | EVP_PKEY_asn1_find(ENGINE **pe, int type) | ||
| 141 | { | ||
| 142 | const EVP_PKEY_ASN1_METHOD *mp; | ||
| 143 | |||
| 144 | if (pe != NULL) | ||
| 145 | *pe = NULL; | ||
| 146 | |||
| 147 | for (;;) { | ||
| 148 | if ((mp = pkey_asn1_find(type)) == NULL) | ||
| 149 | break; | ||
| 150 | if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0) | ||
| 151 | break; | ||
| 152 | type = mp->pkey_base_id; | ||
| 153 | } | ||
| 154 | |||
| 155 | return mp; | ||
| 156 | } | ||
| 157 | |||
| 158 | const EVP_PKEY_ASN1_METHOD * | ||
| 159 | EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) | ||
| 160 | { | ||
| 161 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
| 162 | int i; | ||
| 163 | |||
| 164 | if (len == -1) | ||
| 165 | len = strlen(str); | ||
| 166 | if (pe != NULL) | ||
| 167 | *pe = NULL; | ||
| 168 | for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) { | ||
| 169 | ameth = EVP_PKEY_asn1_get0(i); | ||
| 170 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) | ||
| 171 | continue; | ||
| 172 | if (((int)strlen(ameth->pem_str) == len) && | ||
| 173 | !strncasecmp(ameth->pem_str, str, len)) | ||
| 174 | return ameth; | ||
| 175 | } | ||
| 176 | return NULL; | ||
| 177 | } | ||
| 178 | |||
| 179 | int | ||
| 180 | EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, | ||
| 181 | const char **pinfo, const char **ppem_str, | ||
| 182 | const EVP_PKEY_ASN1_METHOD *ameth) | ||
| 183 | { | ||
| 184 | if (!ameth) | ||
| 185 | return 0; | ||
| 186 | if (ppkey_id) | ||
| 187 | *ppkey_id = ameth->pkey_id; | ||
| 188 | if (ppkey_base_id) | ||
| 189 | *ppkey_base_id = ameth->pkey_base_id; | ||
| 190 | if (ppkey_flags) | ||
| 191 | *ppkey_flags = ameth->pkey_flags; | ||
| 192 | if (pinfo) | ||
| 193 | *pinfo = ameth->info; | ||
| 194 | if (ppem_str) | ||
| 195 | *ppem_str = ameth->pem_str; | ||
| 196 | return 1; | ||
| 197 | } | ||
| 198 | |||
| 199 | const EVP_PKEY_ASN1_METHOD* | ||
| 200 | EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) | ||
| 201 | { | ||
| 202 | return pkey->ameth; | ||
| 203 | } | ||
| 204 | |||
| 205 | /* | 67 | /* |
| 206 | * XXX - remove all the API below here in the next major bump. | 68 | * XXX - remove all the API below here in the next major bump. |
| 207 | */ | 69 | */ |
diff --git a/src/lib/libcrypto/asn1/asn1_local.h b/src/lib/libcrypto/asn1/asn1_local.h index 566ace798b..c1dfa6f68c 100644 --- a/src/lib/libcrypto/asn1/asn1_local.h +++ b/src/lib/libcrypto/asn1/asn1_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn1_local.h,v 1.4 2023/07/28 10:00:10 tb Exp $ */ | 1 | /* $OpenBSD: asn1_local.h,v 1.5 2023/12/29 10:59:00 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -89,70 +89,6 @@ struct asn1_pctx_st { | |||
| 89 | unsigned long str_flags; | 89 | unsigned long str_flags; |
| 90 | } /* ASN1_PCTX */; | 90 | } /* ASN1_PCTX */; |
| 91 | 91 | ||
| 92 | /* ASN1 public key method structure */ | ||
| 93 | |||
| 94 | struct evp_pkey_asn1_method_st { | ||
| 95 | int pkey_id; | ||
| 96 | int pkey_base_id; | ||
| 97 | unsigned long pkey_flags; | ||
| 98 | |||
| 99 | char *pem_str; | ||
| 100 | char *info; | ||
| 101 | |||
| 102 | int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub); | ||
| 103 | int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk); | ||
| 104 | int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); | ||
| 105 | int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, | ||
| 106 | ASN1_PCTX *pctx); | ||
| 107 | |||
| 108 | int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); | ||
| 109 | int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); | ||
| 110 | int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, | ||
| 111 | ASN1_PCTX *pctx); | ||
| 112 | |||
| 113 | int (*pkey_size)(const EVP_PKEY *pk); | ||
| 114 | int (*pkey_bits)(const EVP_PKEY *pk); | ||
| 115 | int (*pkey_security_bits)(const EVP_PKEY *pk); | ||
| 116 | |||
| 117 | int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, | ||
| 118 | int derlen); | ||
| 119 | int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder); | ||
| 120 | int (*param_missing)(const EVP_PKEY *pk); | ||
| 121 | int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); | ||
| 122 | int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); | ||
| 123 | int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, | ||
| 124 | ASN1_PCTX *pctx); | ||
| 125 | int (*sig_print)(BIO *out, const X509_ALGOR *sigalg, | ||
| 126 | const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx); | ||
| 127 | |||
| 128 | void (*pkey_free)(EVP_PKEY *pkey); | ||
| 129 | int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2); | ||
| 130 | |||
| 131 | /* Legacy functions for old PEM */ | ||
| 132 | |||
| 133 | int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder, | ||
| 134 | int derlen); | ||
| 135 | int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); | ||
| 136 | /* Custom ASN1 signature verification */ | ||
| 137 | int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, | ||
| 138 | X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); | ||
| 139 | int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, | ||
| 140 | X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); | ||
| 141 | |||
| 142 | int (*pkey_check)(const EVP_PKEY *pk); | ||
| 143 | int (*pkey_public_check)(const EVP_PKEY *pk); | ||
| 144 | int (*pkey_param_check)(const EVP_PKEY *pk); | ||
| 145 | |||
| 146 | int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key, | ||
| 147 | size_t len); | ||
| 148 | int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key, | ||
| 149 | size_t len); | ||
| 150 | int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key, | ||
| 151 | size_t *out_len); | ||
| 152 | int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key, | ||
| 153 | size_t *out_len); | ||
| 154 | } /* EVP_PKEY_ASN1_METHOD */; | ||
| 155 | |||
| 156 | /* Method to handle CRL access. | 92 | /* Method to handle CRL access. |
| 157 | * In general a CRL could be very large (several Mb) and can consume large | 93 | * In general a CRL could be very large (several Mb) and can consume large |
| 158 | * amounts of resources if stored in memory by multiple processes. | 94 | * amounts of resources if stored in memory by multiple processes. |
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c index cd98997f6a..6f7bdc79fe 100644 --- a/src/lib/libcrypto/asn1/t_x509.c +++ b/src/lib/libcrypto/asn1/t_x509.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t_x509.c,v 1.43 2023/07/07 19:37:52 beck Exp $ */ | 1 | /* $OpenBSD: t_x509.c,v 1.44 2023/12/29 10:59:00 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -77,7 +77,7 @@ | |||
| 77 | #include <openssl/rsa.h> | 77 | #include <openssl/rsa.h> |
| 78 | #endif | 78 | #endif |
| 79 | 79 | ||
| 80 | #include "asn1_local.h" | 80 | #include "evp_local.h" |
| 81 | #include "x509_local.h" | 81 | #include "x509_local.h" |
| 82 | 82 | ||
| 83 | int | 83 | int |
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h index 1034b88a1a..d21919ac9b 100644 --- a/src/lib/libcrypto/evp/evp_local.h +++ b/src/lib/libcrypto/evp/evp_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_local.h,v 1.9 2023/12/22 17:25:47 tb Exp $ */ | 1 | /* $OpenBSD: evp_local.h,v 1.10 2023/12/29 10:59:00 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -89,6 +89,68 @@ struct ecx_key_st { | |||
| 89 | size_t pub_key_len; | 89 | size_t pub_key_len; |
| 90 | }; | 90 | }; |
| 91 | 91 | ||
| 92 | struct evp_pkey_asn1_method_st { | ||
| 93 | int pkey_id; | ||
| 94 | int pkey_base_id; | ||
| 95 | unsigned long pkey_flags; | ||
| 96 | |||
| 97 | char *pem_str; | ||
| 98 | char *info; | ||
| 99 | |||
| 100 | int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub); | ||
| 101 | int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk); | ||
| 102 | int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); | ||
| 103 | int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, | ||
| 104 | ASN1_PCTX *pctx); | ||
| 105 | |||
| 106 | int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); | ||
| 107 | int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); | ||
| 108 | int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, | ||
| 109 | ASN1_PCTX *pctx); | ||
| 110 | |||
| 111 | int (*pkey_size)(const EVP_PKEY *pk); | ||
| 112 | int (*pkey_bits)(const EVP_PKEY *pk); | ||
| 113 | int (*pkey_security_bits)(const EVP_PKEY *pk); | ||
| 114 | |||
| 115 | int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, | ||
| 116 | int derlen); | ||
| 117 | int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder); | ||
| 118 | int (*param_missing)(const EVP_PKEY *pk); | ||
| 119 | int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); | ||
| 120 | int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); | ||
| 121 | int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, | ||
| 122 | ASN1_PCTX *pctx); | ||
| 123 | int (*sig_print)(BIO *out, const X509_ALGOR *sigalg, | ||
| 124 | const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx); | ||
| 125 | |||
| 126 | void (*pkey_free)(EVP_PKEY *pkey); | ||
| 127 | int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2); | ||
| 128 | |||
| 129 | /* Legacy functions for old PEM */ | ||
| 130 | |||
| 131 | int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder, | ||
| 132 | int derlen); | ||
| 133 | int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); | ||
| 134 | /* Custom ASN1 signature verification */ | ||
| 135 | int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, | ||
| 136 | X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); | ||
| 137 | int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, | ||
| 138 | X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); | ||
| 139 | |||
| 140 | int (*pkey_check)(const EVP_PKEY *pk); | ||
| 141 | int (*pkey_public_check)(const EVP_PKEY *pk); | ||
| 142 | int (*pkey_param_check)(const EVP_PKEY *pk); | ||
| 143 | |||
| 144 | int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key, | ||
| 145 | size_t len); | ||
| 146 | int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key, | ||
| 147 | size_t len); | ||
| 148 | int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key, | ||
| 149 | size_t *out_len); | ||
| 150 | int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key, | ||
| 151 | size_t *out_len); | ||
| 152 | } /* EVP_PKEY_ASN1_METHOD */; | ||
| 153 | |||
| 92 | /* Type needs to be a bit field | 154 | /* Type needs to be a bit field |
| 93 | * Sub-type needs to be for variations on the method, as in, can it do | 155 | * Sub-type needs to be for variations on the method, as in, can it do |
| 94 | * arbitrary encryption.... */ | 156 | * arbitrary encryption.... */ |
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index f92684fdd7..24e1dbb14c 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p_lib.c,v 1.50 2023/12/25 22:41:50 tb Exp $ */ | 1 | /* $OpenBSD: p_lib.c,v 1.51 2023/12/29 10:59:00 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -55,13 +55,62 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * licensing@OpenSSL.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | */ | ||
| 58 | 105 | ||
| 59 | #include <stdio.h> | 106 | #include <stdio.h> |
| 107 | #include <stdlib.h> | ||
| 108 | #include <string.h> | ||
| 60 | 109 | ||
| 61 | #include <openssl/opensslconf.h> | 110 | #include <openssl/asn1.h> |
| 62 | 111 | #include <openssl/bio.h> | |
| 63 | #include <openssl/bn.h> | ||
| 64 | #include <openssl/cmac.h> | 112 | #include <openssl/cmac.h> |
| 113 | #include <openssl/crypto.h> | ||
| 65 | #include <openssl/err.h> | 114 | #include <openssl/err.h> |
| 66 | #include <openssl/evp.h> | 115 | #include <openssl/evp.h> |
| 67 | #include <openssl/objects.h> | 116 | #include <openssl/objects.h> |
| @@ -73,13 +122,152 @@ | |||
| 73 | #ifndef OPENSSL_NO_DSA | 122 | #ifndef OPENSSL_NO_DSA |
| 74 | #include <openssl/dsa.h> | 123 | #include <openssl/dsa.h> |
| 75 | #endif | 124 | #endif |
| 125 | #ifndef OPENSSL_NO_EC | ||
| 126 | #include <openssl/ec.h> | ||
| 127 | #endif | ||
| 76 | #ifndef OPENSSL_NO_RSA | 128 | #ifndef OPENSSL_NO_RSA |
| 77 | #include <openssl/rsa.h> | 129 | #include <openssl/rsa.h> |
| 78 | #endif | 130 | #endif |
| 79 | 131 | ||
| 80 | #include "asn1_local.h" | ||
| 81 | #include "evp_local.h" | 132 | #include "evp_local.h" |
| 82 | 133 | ||
| 134 | extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; | ||
| 135 | extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; | ||
| 136 | extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; | ||
| 137 | extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; | ||
| 138 | extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; | ||
| 139 | extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth; | ||
| 140 | extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[]; | ||
| 141 | extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; | ||
| 142 | extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; | ||
| 143 | extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; | ||
| 144 | extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth; | ||
| 145 | |||
| 146 | static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = { | ||
| 147 | &cmac_asn1_meth, | ||
| 148 | &dh_asn1_meth, | ||
| 149 | &dsa_asn1_meths[0], | ||
| 150 | &dsa_asn1_meths[1], | ||
| 151 | &dsa_asn1_meths[2], | ||
| 152 | &dsa_asn1_meths[3], | ||
| 153 | &dsa_asn1_meths[4], | ||
| 154 | &eckey_asn1_meth, | ||
| 155 | &ed25519_asn1_meth, | ||
| 156 | &gostimit_asn1_meth, | ||
| 157 | &gostr01_asn1_meths[0], | ||
| 158 | &gostr01_asn1_meths[1], | ||
| 159 | &gostr01_asn1_meths[2], | ||
| 160 | &hmac_asn1_meth, | ||
| 161 | &rsa_asn1_meths[0], | ||
| 162 | &rsa_asn1_meths[1], | ||
| 163 | &rsa_pss_asn1_meth, | ||
| 164 | &x25519_asn1_meth, | ||
| 165 | }; | ||
| 166 | |||
| 167 | #define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0])) | ||
| 168 | |||
| 169 | int | ||
| 170 | EVP_PKEY_asn1_get_count(void) | ||
| 171 | { | ||
| 172 | return N_ASN1_METHODS; | ||
| 173 | } | ||
| 174 | |||
| 175 | const EVP_PKEY_ASN1_METHOD * | ||
| 176 | EVP_PKEY_asn1_get0(int idx) | ||
| 177 | { | ||
| 178 | if (idx < 0 || idx >= N_ASN1_METHODS) | ||
| 179 | return NULL; | ||
| 180 | |||
| 181 | return asn1_methods[idx]; | ||
| 182 | } | ||
| 183 | |||
| 184 | static const EVP_PKEY_ASN1_METHOD * | ||
| 185 | pkey_asn1_find(int pkey_id) | ||
| 186 | { | ||
| 187 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
| 188 | int i; | ||
| 189 | |||
| 190 | for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) { | ||
| 191 | ameth = EVP_PKEY_asn1_get0(i); | ||
| 192 | if (ameth->pkey_id == pkey_id) | ||
| 193 | return ameth; | ||
| 194 | } | ||
| 195 | |||
| 196 | return NULL; | ||
| 197 | } | ||
| 198 | |||
| 199 | /* | ||
| 200 | * XXX - fix this. In what looks like an infinite loop, this API only makes two | ||
| 201 | * calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method, | ||
| 202 | * the second call will find the method it aliases. Codify this in regress and | ||
| 203 | * make this explicit in code. | ||
| 204 | */ | ||
| 205 | const EVP_PKEY_ASN1_METHOD * | ||
| 206 | EVP_PKEY_asn1_find(ENGINE **pe, int type) | ||
| 207 | { | ||
| 208 | const EVP_PKEY_ASN1_METHOD *mp; | ||
| 209 | |||
| 210 | if (pe != NULL) | ||
| 211 | *pe = NULL; | ||
| 212 | |||
| 213 | for (;;) { | ||
| 214 | if ((mp = pkey_asn1_find(type)) == NULL) | ||
| 215 | break; | ||
| 216 | if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0) | ||
| 217 | break; | ||
| 218 | type = mp->pkey_base_id; | ||
| 219 | } | ||
| 220 | |||
| 221 | return mp; | ||
| 222 | } | ||
| 223 | |||
| 224 | const EVP_PKEY_ASN1_METHOD * | ||
| 225 | EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) | ||
| 226 | { | ||
| 227 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
| 228 | int i; | ||
| 229 | |||
| 230 | if (len == -1) | ||
| 231 | len = strlen(str); | ||
| 232 | if (pe != NULL) | ||
| 233 | *pe = NULL; | ||
| 234 | for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) { | ||
| 235 | ameth = EVP_PKEY_asn1_get0(i); | ||
| 236 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) | ||
| 237 | continue; | ||
| 238 | if (((int)strlen(ameth->pem_str) == len) && | ||
| 239 | !strncasecmp(ameth->pem_str, str, len)) | ||
| 240 | return ameth; | ||
| 241 | } | ||
| 242 | return NULL; | ||
| 243 | } | ||
| 244 | |||
| 245 | int | ||
| 246 | EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, | ||
| 247 | const char **pinfo, const char **ppem_str, | ||
| 248 | const EVP_PKEY_ASN1_METHOD *ameth) | ||
| 249 | { | ||
| 250 | if (!ameth) | ||
| 251 | return 0; | ||
| 252 | if (ppkey_id) | ||
| 253 | *ppkey_id = ameth->pkey_id; | ||
| 254 | if (ppkey_base_id) | ||
| 255 | *ppkey_base_id = ameth->pkey_base_id; | ||
| 256 | if (ppkey_flags) | ||
| 257 | *ppkey_flags = ameth->pkey_flags; | ||
| 258 | if (pinfo) | ||
| 259 | *pinfo = ameth->info; | ||
| 260 | if (ppem_str) | ||
| 261 | *ppem_str = ameth->pem_str; | ||
| 262 | return 1; | ||
| 263 | } | ||
| 264 | |||
| 265 | const EVP_PKEY_ASN1_METHOD* | ||
| 266 | EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) | ||
| 267 | { | ||
| 268 | return pkey->ameth; | ||
| 269 | } | ||
| 270 | |||
| 83 | int | 271 | int |
| 84 | EVP_PKEY_bits(const EVP_PKEY *pkey) | 272 | EVP_PKEY_bits(const EVP_PKEY *pkey) |
| 85 | { | 273 | { |