import OpenSSL-1.0.0a

author: djm <> 2010-10-01 22:54:18 +0000
committer: djm <> 2010-10-01 22:54:18 +0000
commit: 75291ae343a87368ad49c13ac02f85a88159417f (patch)
tree: a55c90bd6ea9329d2afb5540220340cadd107178 /src/lib/libssl/src/crypto/evp/evp_pkey.c
parent: 40d5d67842948fbf904eb73da8f09a2ebcd2e243 (diff)
download: openbsd-75291ae343a87368ad49c13ac02f85a88159417f.tar.gz
openbsd-75291ae343a87368ad49c13ac02f85a88159417f.tar.bz2
openbsd-75291ae343a87368ad49c13ac02f85a88159417f.zip
1 files changed, 47 insertions, 599 deletions
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c
index 10d9e9e772..ceebf69284 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,287 +61,52 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
+#include "asn1_locl.h"
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
 /* Extract a private key from a PKCS8 structure */
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
 {
        EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_RSA
+        ASN1_OBJECT *algoid;
-        RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
-        DSA *dsa = NULL;
-        ASN1_TYPE *t1, *t2;
-        ASN1_INTEGER *privkey;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
-        EC_KEY *eckey = NULL;
-        const unsigned char *p_tmp;
-#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
-        ASN1_TYPE    *param = NULL;     
-        BN_CTX *ctx = NULL;
-        int plen;
-#endif
-        X509_ALGOR *a;
-        const unsigned char *p;
-        const unsigned char *cp;
-        int pkeylen;
-        int  nid;
        char obj_tmp[80];
-        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
+        if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
-                p8->broken = PKCS8_OK;
+                return NULL;
-                p = p8->pkey->value.octet_string->data;
-                pkeylen = p8->pkey->value.octet_string->length;
-        } else {
-                p8->broken = PKCS8_NO_OCTET;
-                p = p8->pkey->value.sequence->data;
-                pkeylen = p8->pkey->value.sequence->length;
-        }
        if (!(pkey = EVP_PKEY_new())) {
                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
-        a = p8->pkeyalg;
-        nid = OBJ_obj2nid(a->algorithm);
-        switch(nid)
-        {
-#ifndef OPENSSL_NO_RSA
-                case NID_rsaEncryption:
-                cp = p;
-                if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
-                }
-                EVP_PKEY_assign_RSA (pkey, rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-                case NID_dsa:
-                /* PKCS#8 DSA is weird: you just get a private key integer
-                 * and parameters in the AlgorithmIdentifier the pubkey must
-                 * be recalculated.
-                 */
-        
-                /* Check for broken DSA PKCS#8, UGH! */
-                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
-                                                          d2i_ASN1_TYPE,
-                                                          ASN1_TYPE_free))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    /* Handle Two broken types:
-                     * SEQUENCE {parameters, priv_key}
-                     * SEQUENCE {pub_key, priv_key}
-                     */
-                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
-                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
-                    if(t1->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_EMBEDDED_PARAM;
-                        param = t1;
-                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_NS_DB;
-                        param = a->parameter;
-                    } else {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(t2->type != V_ASN1_INTEGER) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    privkey = t2->value.integer;
-                } else {
-                        if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                                goto dsaerr;
-                        }
-                        param = p8->pkeyalg->parameter;
-                }
-                if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                cp = p = param->value.sequence->data;
-                plen = param->value.sequence->length;
-                if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* Calculate public key (ouch!) */
-                if (!(dsa->pub_key = BN_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                if (!(ctx = BN_CTX_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                        
-                if (!BN_mod_exp(dsa->pub_key, dsa->g,
-                                                 dsa->priv_key, dsa->p, ctx)) {
-                        
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        goto dsaerr;
-                }
-                EVP_PKEY_assign_DSA(pkey, dsa);
+        if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
-                BN_CTX_free (ctx);
-                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                else ASN1_INTEGER_free(privkey);
-                break;
-                dsaerr:
-                BN_CTX_free (ctx);
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                DSA_free(dsa);
-                EVP_PKEY_free(pkey);
-                return NULL;
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-                case NID_X9_62_id_ecPublicKey:
-                p_tmp = p;
-                /* extract the ec parameters */
-                param = p8->pkeyalg->parameter;
-                if (!param || ((param->type != V_ASN1_SEQUENCE) &&
-                    (param->type != V_ASN1_OBJECT)))
                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                        goto ecerr;
+                i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
+                ERR_add_error_data(2, "TYPE=", obj_tmp);
+                goto error;
                }
-                if (param->type == V_ASN1_SEQUENCE)
+        if (pkey->ameth->priv_decode)
                {
-                        cp = p = param->value.sequence->data;
+                if (!pkey->ameth->priv_decode(pkey, p8))
-                        plen = param->value.sequence->length;
-                        if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
+                        EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        EVP_R_DECODE_ERROR);
+                                        EVP_R_PRIVATE_KEY_DECODE_ERROR);
-                                goto ecerr;
+                        goto error;
                        }
                }
-                else
+        else
                {
-                        EC_GROUP *group;
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
-                        cp = p = param->value.object->data;
+                goto error;
-                        plen = param->value.object->length;
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        if ((eckey = EC_KEY_new()) == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        ERR_R_MALLOC_FAILURE);
-                                goto ecerr;
-                        }
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto ecerr;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(eckey, group) == 0)
-                                goto ecerr;
-                        EC_GROUP_free(group);
-                }
-                /* We have parameters now set private key */
-                if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
-                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto ecerr;
-                }
-                /* calculate public key (if necessary) */
-                if (EC_KEY_get0_public_key(eckey) == NULL)
-                {
-                        const BIGNUM *priv_key;
-                        const EC_GROUP *group;
-                        EC_POINT *pub_key;
-                        /* the public key was not included in the SEC1 private
-                         * key => calculate the public key */
-                        group   = EC_KEY_get0_group(eckey);
-                        pub_key = EC_POINT_new(group);
-                        if (pub_key == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        priv_key = EC_KEY_get0_private_key(eckey);
-                        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (EC_KEY_set_public_key(eckey, pub_key) == 0)
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        EC_POINT_free(pub_key);
                }
-                EVP_PKEY_assign_EC_KEY(pkey, eckey);
-                if (ctx)
-                        BN_CTX_free(ctx);
-                break;
-ecerr:
-                if (ctx)
-                        BN_CTX_free(ctx);
-                if (eckey)
-                        EC_KEY_free(eckey);
-                if (pkey)
-                        EVP_PKEY_free(pkey);
-                return NULL;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
-                ERR_add_error_data(2, "TYPE=", obj_tmp);
-                EVP_PKEY_free (pkey);
-                return NULL;
-        }
        return pkey;
+        error:
+        EVP_PKEY_free (pkey);
+        return NULL;
 }
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
@@ -360,59 +125,37 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
                return NULL;
        }
        p8->broken = broken;
-        if (!ASN1_INTEGER_set(p8->version, 0)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
-        switch (EVP_PKEY_type(pkey->type)) {
-#ifndef OPENSSL_NO_RSA
-                case EVP_PKEY_RSA:
-                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
+        if (pkey->ameth)
+                {
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+                if (pkey->ameth->priv_encode)
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                        {
-                if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
+                        if (!pkey->ameth->priv_encode(p8, pkey))
-                                         &p8->pkey->value.octet_string)) {
+                                {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
+                                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                        PKCS8_PRIV_KEY_INFO_free (p8);
+                                        EVP_R_PRIVATE_KEY_ENCODE_ERROR);
-                        return NULL;
+                                goto error;
-                }
+                                }
-                break;
+                        }
-#endif
+                else
-#ifndef OPENSSL_NO_DSA
+                        {
-                case EVP_PKEY_DSA:
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                if(!dsa_pkey2pkcs8(p8, pkey)) {
+                                        EVP_R_METHOD_NOT_SUPPORTED);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
+                        goto error;
-                        return NULL;
+                        }
                }
+        else
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-                case EVP_PKEY_EC:
-                if (!eckey_pkey2pkcs8(p8, pkey))
                {
-                        PKCS8_PRIV_KEY_INFO_free(p8);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                        return(NULL);
+                                EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                goto error;
                }
-                break;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
        RAND_add(p8->pkey->value.octet_string->data,
                 p8->pkey->value.octet_string->length, 0.0);
        return p8;
+        error:
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        return NULL;
 }
 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
@@ -436,301 +179,6 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
        }
 }
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        ASN1_STRING *params = NULL;
-        ASN1_INTEGER *prkey = NULL;
-        ASN1_TYPE *ttmp = NULL;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-        unsigned char *p = NULL, *q;
-        int len;
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
-        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-        if (!(p = OPENSSL_malloc(len))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        q = p;
-        i2d_DSAparams (pkey->pkey.dsa, &q);
-        if (!(params = ASN1_STRING_new())) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!ASN1_STRING_set(params, p, len)) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        OPENSSL_free(p);
-        p = NULL;
-        /* Get private key into integer */
-        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                goto err;
-        }
-        switch(p8->broken) {
-                case PKCS8_OK:
-                case PKCS8_NO_OCTET:
-                if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                M_ASN1_INTEGER_free (prkey);
-                prkey = NULL;
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                break;
-                case PKCS8_NS_DB:
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp->value.integer =
-                        BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                        goto err;
-                }
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-                case PKCS8_EMBEDDED_PARAM:
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.sequence = params;
-                params = NULL;
-                ttmp->type = V_ASN1_SEQUENCE;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-        }
-        return 1;
-err:
-        if (p != NULL) OPENSSL_free(p);
-        if (params != NULL) ASN1_STRING_free(params);
-        if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
-        if (ttmp != NULL) ASN1_TYPE_free(ttmp);
-        if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-        return 0;
-}
-#endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        EC_KEY          *ec_key;
-        const EC_GROUP  *group;
-        unsigned char   *p, *pp;
-        int             nid, i, ret = 0;
-        unsigned int    tmp_flags, old_flags;
-        ec_key = pkey->pkey.ec;
-        if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
-                return 0;
-        }
-        /* set the ec parameters OID */
-        if (p8->pkeyalg->algorithm)
-                ASN1_OBJECT_free(p8->pkeyalg->algorithm);
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
-        /* set the ec parameters */
-        if (p8->pkeyalg->parameter)
-        {
-                ASN1_TYPE_free(p8->pkeyalg->parameter);
-                p8->pkeyalg->parameter = NULL;
-        }
-        if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        
-        if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-        {
-                /* we have a 'named curve' => just set the OID */
-                p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
-                p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
-        }
-        else    /* explicit parameters */
-        {
-                if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        return 0;
-                }
-                if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }       
-                pp = p;
-                if (!i2d_ECParameters(ec_key, &pp))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if ((p8->pkeyalg->parameter->value.sequence 
-                        = ASN1_STRING_new()) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
-                OPENSSL_free(p);
-        }
-        /* set the private key */
-        /* do not include the parameters in the SEC1 private key
-         * see PKCS#11 12.11 */
-        old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
-        tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-        EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
-        i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
-        if (!i)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                return 0;
-        }
-        p = (unsigned char *) OPENSSL_malloc(i);
-        if (!p)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        pp = p;
-        if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                OPENSSL_free(p);
-                return 0;
-        }
-        /* restore old encoding flags */
-        EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-        switch(p8->broken) {
-                case PKCS8_OK:
-                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
-                if (!p8->pkey->value.octet_string ||
-                    !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
-                    (const void *)p, i))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                }
-                else
-                        ret = 1;
-                break;
-                case PKCS8_NO_OCTET:            /* RSA specific */
-                case PKCS8_NS_DB:               /* DSA specific */
-                case PKCS8_EMBEDDED_PARAM:      /* DSA specific */
-                default:
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-        }
-        OPENSSL_cleanse(p, (size_t)i);
-        OPENSSL_free(p);
-        return ret;
-}
-#endif
 /* EVP_PKEY attribute functions */
 int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
author	djm <>	2010-10-01 22:54:18 +0000
committer	djm <>	2010-10-01 22:54:18 +0000
commit	75291ae343a87368ad49c13ac02f85a88159417f (patch)
tree	a55c90bd6ea9329d2afb5540220340cadd107178 /src/lib/libssl/src/crypto/evp/evp_pkey.c
parent	40d5d67842948fbf904eb73da8f09a2ebcd2e243 (diff)
download	openbsd-75291ae343a87368ad49c13ac02f85a88159417f.tar.gz openbsd-75291ae343a87368ad49c13ac02f85a88159417f.tar.bz2 openbsd-75291ae343a87368ad49c13ac02f85a88159417f.zip

diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c index 10d9e9e772..ceebf69284 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pkey.c +++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
3	* project 1999.	3	* project 1999.
4	*/	4	*/
5	/* ====================================================================	5	/* ====================================================================
6	* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.	6	* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7	*	7	*
8	* Redistribution and use in source and binary forms, with or without	8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions	9	* modification, are permitted provided that the following conditions
@@ -61,287 +61,52 @@
61	#include "cryptlib.h"	61	#include "cryptlib.h"
62	#include <openssl/x509.h>	62	#include <openssl/x509.h>
63	#include <openssl/rand.h>	63	#include <openssl/rand.h>
64	#ifndef OPENSSL_NO_RSA	64	#include "asn1_locl.h"
65	#include <openssl/rsa.h>
66	#endif
67	#ifndef OPENSSL_NO_DSA
68	#include <openssl/dsa.h>
69	#endif
70	#include <openssl/bn.h>
71
72	#ifndef OPENSSL_NO_DSA
73	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8inf, EVP_PKEY pkey);
74	#endif
75	#ifndef OPENSSL_NO_EC
76	static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8inf, EVP_PKEY pkey);
77	#endif
78		65
79	/* Extract a private key from a PKCS8 structure */	66	/* Extract a private key from a PKCS8 structure */
80		67
81	EVP_PKEY EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO p8)	68	EVP_PKEY EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO p8)
82	{	69	{
83	EVP_PKEY *pkey = NULL;	70	EVP_PKEY *pkey = NULL;
84	#ifndef OPENSSL_NO_RSA	71	ASN1_OBJECT *algoid;
85	RSA *rsa = NULL;
86	#endif
87	#ifndef OPENSSL_NO_DSA
88	DSA *dsa = NULL;
89	ASN1_TYPE t1, t2;
90	ASN1_INTEGER *privkey;
91	STACK_OF(ASN1_TYPE) *ndsa = NULL;
92	#endif
93	#ifndef OPENSSL_NO_EC
94	EC_KEY *eckey = NULL;
95	const unsigned char *p_tmp;
96	#endif
97	#if !defined(OPENSSL_NO_DSA) \|\| !defined(OPENSSL_NO_EC)
98	ASN1_TYPE *param = NULL;
99	BN_CTX *ctx = NULL;
100	int plen;
101	#endif
102	X509_ALGOR *a;
103	const unsigned char *p;
104	const unsigned char *cp;
105	int pkeylen;
106	int nid;
107	char obj_tmp[80];	72	char obj_tmp[80];
108		73
109	if(p8->pkey->type == V_ASN1_OCTET_STRING) {	74	if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
110	p8->broken = PKCS8_OK;	75	return NULL;
111	p = p8->pkey->value.octet_string->data;	76
112	pkeylen = p8->pkey->value.octet_string->length;
113	} else {
114	p8->broken = PKCS8_NO_OCTET;
115	p = p8->pkey->value.sequence->data;
116	pkeylen = p8->pkey->value.sequence->length;
117	}
118	if (!(pkey = EVP_PKEY_new())) {	77	if (!(pkey = EVP_PKEY_new())) {
119	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	78	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
120	return NULL;	79	return NULL;
121	}	80	}
122	a = p8->pkeyalg;
123	nid = OBJ_obj2nid(a->algorithm);
124	switch(nid)
125	{
126	#ifndef OPENSSL_NO_RSA
127	case NID_rsaEncryption:
128	cp = p;
129	if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
130	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
131	return NULL;
132	}
133	EVP_PKEY_assign_RSA (pkey, rsa);
134	break;
135	#endif
136	#ifndef OPENSSL_NO_DSA
137	case NID_dsa:
138	/* PKCS#8 DSA is weird: you just get a private key integer
139	* and parameters in the AlgorithmIdentifier the pubkey must
140	* be recalculated.
141	*/
142
143	/* Check for broken DSA PKCS#8, UGH! */
144	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {
145	if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
146	d2i_ASN1_TYPE,
147	ASN1_TYPE_free))) {
148	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
149	goto dsaerr;
150	}
151	if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
152	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
153	goto dsaerr;
154	}
155	/* Handle Two broken types:
156	* SEQUENCE {parameters, priv_key}
157	* SEQUENCE {pub_key, priv_key}
158	*/
159
160	t1 = sk_ASN1_TYPE_value(ndsa, 0);
161	t2 = sk_ASN1_TYPE_value(ndsa, 1);
162	if(t1->type == V_ASN1_SEQUENCE) {
163	p8->broken = PKCS8_EMBEDDED_PARAM;
164	param = t1;
165	} else if(a->parameter->type == V_ASN1_SEQUENCE) {
166	p8->broken = PKCS8_NS_DB;
167	param = a->parameter;
168	} else {
169	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
170	goto dsaerr;
171	}
172
173	if(t2->type != V_ASN1_INTEGER) {
174	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
175	goto dsaerr;
176	}
177	privkey = t2->value.integer;
178	} else {
179	if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
180	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
181	goto dsaerr;
182	}
183	param = p8->pkeyalg->parameter;
184	}
185	if (!param \|\| (param->type != V_ASN1_SEQUENCE)) {
186	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
187	goto dsaerr;
188	}
189	cp = p = param->value.sequence->data;
190	plen = param->value.sequence->length;
191	if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
192	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
193	goto dsaerr;
194	}
195	/* We have parameters now set private key */
196	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
197	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
198	goto dsaerr;
199	}
200	/* Calculate public key (ouch!) */
201	if (!(dsa->pub_key = BN_new())) {
202	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
203	goto dsaerr;
204	}
205	if (!(ctx = BN_CTX_new())) {
206	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
207	goto dsaerr;
208	}
209
210	if (!BN_mod_exp(dsa->pub_key, dsa->g,
211	dsa->priv_key, dsa->p, ctx)) {
212
213	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
214	goto dsaerr;
215	}
216		81
217	EVP_PKEY_assign_DSA(pkey, dsa);	82	if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
218	BN_CTX_free (ctx);
219	if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
220	else ASN1_INTEGER_free(privkey);
221	break;
222	dsaerr:
223	BN_CTX_free (ctx);
224	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
225	DSA_free(dsa);
226	EVP_PKEY_free(pkey);
227	return NULL;
228	break;
229	#endif
230	#ifndef OPENSSL_NO_EC
231	case NID_X9_62_id_ecPublicKey:
232	p_tmp = p;
233	/* extract the ec parameters */
234	param = p8->pkeyalg->parameter;
235
236	if (!param \|\| ((param->type != V_ASN1_SEQUENCE) &&
237	(param->type != V_ASN1_OBJECT)))
238	{	83	{
239	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	84	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
240	goto ecerr;	85	i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
		86	ERR_add_error_data(2, "TYPE=", obj_tmp);
		87	goto error;
241	}	88	}
242		89
243	if (param->type == V_ASN1_SEQUENCE)	90	if (pkey->ameth->priv_decode)
244	{	91	{
245	cp = p = param->value.sequence->data;	92	if (!pkey->ameth->priv_decode(pkey, p8))
246	plen = param->value.sequence->length;
247
248	if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
249	{	93	{
250	EVPerr(EVP_F_EVP_PKCS82PKEY,	94	EVPerr(EVP_F_EVP_PKCS82PKEY,
251	EVP_R_DECODE_ERROR);	95	EVP_R_PRIVATE_KEY_DECODE_ERROR);
252	goto ecerr;	96	goto error;
253	}	97	}
254	}	98	}
255	else	99	else
256	{	100	{
257	EC_GROUP *group;	101	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
258	cp = p = param->value.object->data;	102	goto error;
259	plen = param->value.object->length;
260
261	/* type == V_ASN1_OBJECT => the parameters are given
262	* by an asn1 OID
263	*/
264	if ((eckey = EC_KEY_new()) == NULL)
265	{
266	EVPerr(EVP_F_EVP_PKCS82PKEY,
267	ERR_R_MALLOC_FAILURE);
268	goto ecerr;
269	}
270	group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
271	if (group == NULL)
272	goto ecerr;
273	EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274	if (EC_KEY_set_group(eckey, group) == 0)
275	goto ecerr;
276	EC_GROUP_free(group);
277	}
278
279	/* We have parameters now set private key */
280	if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
281	{
282	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
283	goto ecerr;
284	}
285
286	/* calculate public key (if necessary) */
287	if (EC_KEY_get0_public_key(eckey) == NULL)
288	{
289	const BIGNUM *priv_key;
290	const EC_GROUP *group;
291	EC_POINT *pub_key;
292	/* the public key was not included in the SEC1 private
293	* key => calculate the public key */
294	group = EC_KEY_get0_group(eckey);
295	pub_key = EC_POINT_new(group);
296	if (pub_key == NULL)
297	{
298	EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
299	goto ecerr;
300	}
301	if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
302	{
303	EC_POINT_free(pub_key);
304	EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
305	goto ecerr;
306	}
307	priv_key = EC_KEY_get0_private_key(eckey);
308	if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
309	{
310	EC_POINT_free(pub_key);
311	EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
312	goto ecerr;
313	}
314	if (EC_KEY_set_public_key(eckey, pub_key) == 0)
315	{
316	EC_POINT_free(pub_key);
317	EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
318	goto ecerr;
319	}
320	EC_POINT_free(pub_key);
321	}	103	}
322		104
323	EVP_PKEY_assign_EC_KEY(pkey, eckey);
324	if (ctx)
325	BN_CTX_free(ctx);
326	break;
327	ecerr:
328	if (ctx)
329	BN_CTX_free(ctx);
330	if (eckey)
331	EC_KEY_free(eckey);
332	if (pkey)
333	EVP_PKEY_free(pkey);
334	return NULL;
335	#endif
336	default:
337	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
338	if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
339	else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
340	ERR_add_error_data(2, "TYPE=", obj_tmp);
341	EVP_PKEY_free (pkey);
342	return NULL;
343	}
344	return pkey;	105	return pkey;
		106
		107	error:
		108	EVP_PKEY_free (pkey);
		109	return NULL;
345	}	110	}
346		111
347	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)	112	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
@@ -360,59 +125,37 @@ PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8_broken(EVP_PKEY pkey, int broken)
360	return NULL;	125	return NULL;
361	}	126	}
362	p8->broken = broken;	127	p8->broken = broken;
363	if (!ASN1_INTEGER_set(p8->version, 0)) {
364	EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
365	PKCS8_PRIV_KEY_INFO_free (p8);
366	return NULL;
367	}
368	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
369	EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
370	PKCS8_PRIV_KEY_INFO_free (p8);
371	return NULL;
372	}
373	p8->pkey->type = V_ASN1_OCTET_STRING;
374	switch (EVP_PKEY_type(pkey->type)) {
375	#ifndef OPENSSL_NO_RSA
376	case EVP_PKEY_RSA:
377		128
378	if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;	129	if (pkey->ameth)
379		130	{
380	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);	131	if (pkey->ameth->priv_encode)
381	p8->pkeyalg->parameter->type = V_ASN1_NULL;	132	{
382	if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,	133	if (!pkey->ameth->priv_encode(p8, pkey))
383	&p8->pkey->value.octet_string)) {	134	{
384	EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);	135	EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
385	PKCS8_PRIV_KEY_INFO_free (p8);	136	EVP_R_PRIVATE_KEY_ENCODE_ERROR);
386	return NULL;	137	goto error;
387	}	138	}
388	break;	139	}
389	#endif	140	else
390	#ifndef OPENSSL_NO_DSA	141	{
391	case EVP_PKEY_DSA:	142	EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
392	if(!dsa_pkey2pkcs8(p8, pkey)) {	143	EVP_R_METHOD_NOT_SUPPORTED);
393	PKCS8_PRIV_KEY_INFO_free (p8);	144	goto error;
394	return NULL;	145	}
395	}	146	}
396		147	else
397	break;
398	#endif
399	#ifndef OPENSSL_NO_EC
400	case EVP_PKEY_EC:
401	if (!eckey_pkey2pkcs8(p8, pkey))
402	{	148	{
403	PKCS8_PRIV_KEY_INFO_free(p8);	149	EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
404	return(NULL);	150	EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
		151	goto error;
405	}	152	}
406	break;
407	#endif
408	default:
409	EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
410	PKCS8_PRIV_KEY_INFO_free (p8);
411	return NULL;
412	}
413	RAND_add(p8->pkey->value.octet_string->data,	153	RAND_add(p8->pkey->value.octet_string->data,
414	p8->pkey->value.octet_string->length, 0.0);	154	p8->pkey->value.octet_string->length, 0.0);
415	return p8;	155	return p8;
		156	error:
		157	PKCS8_PRIV_KEY_INFO_free(p8);
		158	return NULL;
416	}	159	}
417		160
418	PKCS8_PRIV_KEY_INFO PKCS8_set_broken(PKCS8_PRIV_KEY_INFO p8, int broken)	161	PKCS8_PRIV_KEY_INFO PKCS8_set_broken(PKCS8_PRIV_KEY_INFO p8, int broken)
@@ -436,301 +179,6 @@ PKCS8_PRIV_KEY_INFO PKCS8_set_broken(PKCS8_PRIV_KEY_INFO p8, int broken)
436	}	179	}
437	}	180	}
438		181
439	#ifndef OPENSSL_NO_DSA
440	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8, EVP_PKEY pkey)
441	{
442	ASN1_STRING *params = NULL;
443	ASN1_INTEGER *prkey = NULL;
444	ASN1_TYPE *ttmp = NULL;
445	STACK_OF(ASN1_TYPE) *ndsa = NULL;
446	unsigned char p = NULL, q;
447	int len;
448
449	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
450	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
451	if (!(p = OPENSSL_malloc(len))) {
452	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
453	goto err;
454	}
455	q = p;
456	i2d_DSAparams (pkey->pkey.dsa, &q);
457	if (!(params = ASN1_STRING_new())) {
458	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
459	goto err;
460	}
461	if (!ASN1_STRING_set(params, p, len)) {
462	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
463	goto err;
464	}
465	OPENSSL_free(p);
466	p = NULL;
467	/* Get private key into integer */
468	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
469	EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
470	goto err;
471	}
472
473	switch(p8->broken) {
474
475	case PKCS8_OK:
476	case PKCS8_NO_OCTET:
477
478	if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
479	&p8->pkey->value.octet_string)) {
480	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
481	goto err;
482	}
483
484	M_ASN1_INTEGER_free (prkey);
485	prkey = NULL;
486	p8->pkeyalg->parameter->value.sequence = params;
487	params = NULL;
488	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
489
490	break;
491
492	case PKCS8_NS_DB:
493
494	p8->pkeyalg->parameter->value.sequence = params;
495	params = NULL;
496	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
497	if (!(ndsa = sk_ASN1_TYPE_new_null())) {
498	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
499	goto err;
500	}
501	if (!(ttmp = ASN1_TYPE_new())) {
502	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
503	goto err;
504	}
505	if (!(ttmp->value.integer =
506	BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
507	EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
508	goto err;
509	}
510	ttmp->type = V_ASN1_INTEGER;
511	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
512	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
513	goto err;
514	}
515
516	if (!(ttmp = ASN1_TYPE_new())) {
517	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
518	goto err;
519	}
520	ttmp->value.integer = prkey;
521	prkey = NULL;
522	ttmp->type = V_ASN1_INTEGER;
523	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
524	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
525	goto err;
526	}
527	ttmp = NULL;
528
529	if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
530	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
531	goto err;
532	}
533
534	if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
535	&p8->pkey->value.octet_string->data,
536	&p8->pkey->value.octet_string->length)) {
537
538	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
539	goto err;
540	}
541	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
542	break;
543
544	case PKCS8_EMBEDDED_PARAM:
545
546	p8->pkeyalg->parameter->type = V_ASN1_NULL;
547	if (!(ndsa = sk_ASN1_TYPE_new_null())) {
548	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
549	goto err;
550	}
551	if (!(ttmp = ASN1_TYPE_new())) {
552	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
553	goto err;
554	}
555	ttmp->value.sequence = params;
556	params = NULL;
557	ttmp->type = V_ASN1_SEQUENCE;
558	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
559	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
560	goto err;
561	}
562
563	if (!(ttmp = ASN1_TYPE_new())) {
564	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
565	goto err;
566	}
567	ttmp->value.integer = prkey;
568	prkey = NULL;
569	ttmp->type = V_ASN1_INTEGER;
570	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
571	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
572	goto err;
573	}
574	ttmp = NULL;
575
576	if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
577	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
578	goto err;
579	}
580
581	if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
582	&p8->pkey->value.octet_string->data,
583	&p8->pkey->value.octet_string->length)) {
584
585	EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
586	goto err;
587	}
588	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
589	break;
590	}
591	return 1;
592	err:
593	if (p != NULL) OPENSSL_free(p);
594	if (params != NULL) ASN1_STRING_free(params);
595	if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
596	if (ttmp != NULL) ASN1_TYPE_free(ttmp);
597	if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
598	return 0;
599	}
600	#endif
601
602	#ifndef OPENSSL_NO_EC
603	static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8, EVP_PKEY pkey)
604	{
605	EC_KEY *ec_key;
606	const EC_GROUP *group;
607	unsigned char p, pp;
608	int nid, i, ret = 0;
609	unsigned int tmp_flags, old_flags;
610
611	ec_key = pkey->pkey.ec;
612	if (ec_key == NULL \|\| (group = EC_KEY_get0_group(ec_key)) == NULL)
613	{
614	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
615	return 0;
616	}
617
618	/* set the ec parameters OID */
619	if (p8->pkeyalg->algorithm)
620	ASN1_OBJECT_free(p8->pkeyalg->algorithm);
621
622	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
623
624	/* set the ec parameters */
625
626	if (p8->pkeyalg->parameter)
627	{
628	ASN1_TYPE_free(p8->pkeyalg->parameter);
629	p8->pkeyalg->parameter = NULL;
630	}
631
632	if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
633	{
634	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
635	return 0;
636	}
637
638	if (EC_GROUP_get_asn1_flag(group)
639	&& (nid = EC_GROUP_get_curve_name(group)))
640	{
641	/* we have a 'named curve' => just set the OID */
642	p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643	p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
644	}
645	else /* explicit parameters */
646	{
647	if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
648	{
649	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
650	return 0;
651	}
652	if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
653	{
654	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
655	return 0;
656	}
657	pp = p;
658	if (!i2d_ECParameters(ec_key, &pp))
659	{
660	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
661	OPENSSL_free(p);
662	return 0;
663	}
664	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665	if ((p8->pkeyalg->parameter->value.sequence
666	= ASN1_STRING_new()) == NULL)
667	{
668	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
669	OPENSSL_free(p);
670	return 0;
671	}
672	ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
673	OPENSSL_free(p);
674	}
675
676	/* set the private key */
677
678	/* do not include the parameters in the SEC1 private key
679	* see PKCS#11 12.11 */
680	old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681	tmp_flags = old_flags \| EC_PKEY_NO_PARAMETERS;
682	EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683	i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
684	if (!i)
685	{
686	EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
688	return 0;
689	}
690	p = (unsigned char *) OPENSSL_malloc(i);
691	if (!p)
692	{
693	EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
695	return 0;
696	}
697	pp = p;
698	if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
699	{
700	EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
702	OPENSSL_free(p);
703	return 0;
704	}
705	/* restore old encoding flags */
706	EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
707
708	switch(p8->broken) {
709
710	case PKCS8_OK:
711	p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712	if (!p8->pkey->value.octet_string \|\|
713	!M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
714	(const void *)p, i))
715
716	{
717	EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
718	}
719	else
720	ret = 1;
721	break;
722	case PKCS8_NO_OCTET: /* RSA specific */
723	case PKCS8_NS_DB: /* DSA specific */
724	case PKCS8_EMBEDDED_PARAM: /* DSA specific */
725	default:
726	EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
727	}
728	OPENSSL_cleanse(p, (size_t)i);
729	OPENSSL_free(p);
730	return ret;
731	}
732	#endif
733
734	/* EVP_PKEY attribute functions */	182	/* EVP_PKEY attribute functions */
735		183
736	int EVP_PKEY_get_attr_count(const EVP_PKEY *key)	184	int EVP_PKEY_get_attr_count(const EVP_PKEY *key)