Port EVP raw key API from OpenSSL.

This will be needed to deal with Curve25519 based keys. ok beck@ tb@
author: jsing <> 2022-11-10 14:46:44 +0000
committer: jsing <> 2022-11-10 14:46:44 +0000
commit: 6623faac9f3d27790e325c99444e616c01b31c0e (patch)
tree: ef48aeb73c5571d76798a66112018ab93ba7bed2 /src
parent: 6cfcf5c709af8f66b8747a256f9649e7e1f2c614 (diff)
download: openbsd-6623faac9f3d27790e325c99444e616c01b31c0e.tar.gz
openbsd-6623faac9f3d27790e325c99444e616c01b31c0e.tar.bz2
openbsd-6623faac9f3d27790e325c99444e616c01b31c0e.zip
4 files changed, 116 insertions, 5 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index e15b98b7c3..8180e9b0fc 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.40 2022/11/08 12:56:00 beck Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.41 2022/11/10 14:46:44 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -142,6 +142,15 @@ struct evp_pkey_asn1_method_st {
        int (*pkey_check)(const EVP_PKEY *pk);
        int (*pkey_public_check)(const EVP_PKEY *pk);
        int (*pkey_param_check)(const EVP_PKEY *pk);
+        int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
+            size_t len);
+        int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
+            size_t len);
+        int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key,
+            size_t *out_len);
+        int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key,
+            size_t *out_len);
 } /* EVP_PKEY_ASN1_METHOD */;
 /* Method to handle CRL access.
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index ec6141e39e..31c26b4444 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.108 2022/11/09 19:18:08 jsing Exp $ */
+/* $OpenBSD: evp.h,v 1.109 2022/11/10 14:46:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -399,6 +399,17 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
 unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
 #define EVP_CIPHER_CTX_mode(e)          (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
+#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
+    const unsigned char *private_key, size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
+    const unsigned char *public_key, size_t len);
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
+    unsigned char *out_private_key, size_t *out_len);
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
+    unsigned char *out_public_key, size_t *out_len);
+#endif
 #define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
@@ -1414,6 +1425,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
 #define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
+#define EVP_R_GET_RAW_KEY_FAILED                         182
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
 #define EVP_R_INVALID_DIGEST                             152
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 4feea1aabf..109d2d4b2e 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_err.c,v 1.28 2022/07/12 14:42:49 kn Exp $ */
+/* $OpenBSD: evp_err.c,v 1.29 2022/11/10 14:46:44 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -101,6 +101,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
        {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"},
        {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    , "expecting a ec key"},
        {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
+        {ERR_REASON(EVP_R_GET_RAW_KEY_FAILED)    , "get raw key failed"},
        {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  , "initialization error"},
        {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"},
        {ERR_REASON(EVP_R_INVALID_DIGEST)        , "invalid digest"},
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index b6cef5a14c..2e0830b96e 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.29 2022/06/27 12:36:05 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.30 2022/11/10 14:46:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -279,6 +279,96 @@ EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
 }
 EVP_PKEY *
+EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
+    const unsigned char *private_key, size_t len)
+{
+        EVP_PKEY *ret;
+        if ((ret = EVP_PKEY_new()) == NULL)
+                goto err;
+        if (!pkey_set_type(ret, engine, type, NULL, -1))
+                goto err;
+        if (ret->ameth->set_priv_key == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                goto err;
+        }
+        if (!ret->ameth->set_priv_key(ret, private_key, len)) {
+                EVPerror(EVP_R_KEY_SETUP_FAILED);
+                goto err;
+        }
+        return ret;
+ err:
+        EVP_PKEY_free(ret);
+        return NULL;
+}
+EVP_PKEY *
+EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
+    const unsigned char *public_key, size_t len)
+{
+        EVP_PKEY *ret;
+        if ((ret = EVP_PKEY_new()) == NULL)
+                goto err;
+        if (!pkey_set_type(ret, engine, type, NULL, -1))
+                goto err;
+        if (ret->ameth->set_pub_key == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                goto err;
+        }
+        if (!ret->ameth->set_pub_key(ret, public_key, len)) {
+                EVPerror(EVP_R_KEY_SETUP_FAILED);
+                goto err;
+        }
+        return ret;
+ err:
+        EVP_PKEY_free(ret);
+        return NULL;
+}
+int
+EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
+    unsigned char *out_private_key, size_t *out_len)
+{
+        if (pkey->ameth->get_priv_key == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return 0;
+        }
+        if (!pkey->ameth->get_priv_key(pkey, out_private_key, out_len)) {
+                EVPerror(EVP_R_GET_RAW_KEY_FAILED);
+                return 0;
+        }
+        return 1;
+}
+int
+EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
+    unsigned char *out_public_key, size_t *out_len)
+{
+        if (pkey->ameth->get_pub_key == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return 0;
+        }
+        if (!pkey->ameth->get_pub_key(pkey, out_public_key, out_len)) {
+                EVPerror(EVP_R_GET_RAW_KEY_FAILED);
+                return 0;
+        }
+        return 1;
+}
+EVP_PKEY *
 EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
    const EVP_CIPHER *cipher)
 {
@@ -581,4 +671,3 @@ EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
        return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
            0, pnid);
 }
author	jsing <>	2022-11-10 14:46:44 +0000
committer	jsing <>	2022-11-10 14:46:44 +0000
commit	6623faac9f3d27790e325c99444e616c01b31c0e (patch)
tree	ef48aeb73c5571d76798a66112018ab93ba7bed2 /src
parent	6cfcf5c709af8f66b8747a256f9649e7e1f2c614 (diff)
download	openbsd-6623faac9f3d27790e325c99444e616c01b31c0e.tar.gz openbsd-6623faac9f3d27790e325c99444e616c01b31c0e.tar.bz2 openbsd-6623faac9f3d27790e325c99444e616c01b31c0e.zip

diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h index e15b98b7c3..8180e9b0fc 100644 --- a/src/lib/libcrypto/asn1/asn1_locl.h +++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1_locl.h,v 1.40 2022/11/08 12:56:00 beck Exp $ */	1	/* $OpenBSD: asn1_locl.h,v 1.41 2022/11/10 14:46:44 jsing Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -142,6 +142,15 @@ struct evp_pkey_asn1_method_st {
142	int (pkey_check)(const EVP_PKEY pk);	142	int (pkey_check)(const EVP_PKEY pk);
143	int (pkey_public_check)(const EVP_PKEY pk);	143	int (pkey_public_check)(const EVP_PKEY pk);
144	int (pkey_param_check)(const EVP_PKEY pk);	144	int (pkey_param_check)(const EVP_PKEY pk);
		145
		146	int (set_priv_key)(EVP_PKEY pk, const unsigned char *private_key,
		147	size_t len);
		148	int (set_pub_key)(EVP_PKEY pk, const unsigned char *public_key,
		149	size_t len);
		150	int (get_priv_key)(const EVP_PKEY pk, unsigned char *out_private_key,
		151	size_t *out_len);
		152	int (get_pub_key)(const EVP_PKEY pk, unsigned char *out_public_key,
		153	size_t *out_len);
145	} /* EVP_PKEY_ASN1_METHOD */;	154	} /* EVP_PKEY_ASN1_METHOD */;
146		155
147	/* Method to handle CRL access.	156	/* Method to handle CRL access.


diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index ec6141e39e..31c26b4444 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.108 2022/11/09 19:18:08 jsing Exp $ */	1	/* $OpenBSD: evp.h,v 1.109 2022/11/10 14:46:44 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -399,6 +399,17 @@ unsigned char EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX ctx);
399	unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);	399	unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
400	#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)	400	#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
401		401
		402	#if defined(LIBRESSL_NEXT_API) \|\| defined(LIBRESSL_INTERNAL)
		403	EVP_PKEY EVP_PKEY_new_raw_private_key(int type, ENGINE engine,
		404	const unsigned char *private_key, size_t len);
		405	EVP_PKEY EVP_PKEY_new_raw_public_key(int type, ENGINE engine,
		406	const unsigned char *public_key, size_t len);
		407	int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
		408	unsigned char out_private_key, size_t out_len);
		409	int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
		410	unsigned char out_public_key, size_t out_len);
		411	#endif
		412
402	#define EVP_ENCODE_LENGTH(l) (((l+2)/34)+(l/48+1)2+80)	413	#define EVP_ENCODE_LENGTH(l) (((l+2)/34)+(l/48+1)2+80)
403	#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)	414	#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
404		415
@@ -1414,6 +1425,7 @@ void ERR_load_EVP_strings(void);
1414	#define EVP_R_EXPECTING_A_ECDSA_KEY 141	1425	#define EVP_R_EXPECTING_A_ECDSA_KEY 141
1415	#define EVP_R_EXPECTING_A_EC_KEY 142	1426	#define EVP_R_EXPECTING_A_EC_KEY 142
1416	#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167	1427	#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
		1428	#define EVP_R_GET_RAW_KEY_FAILED 182
1417	#define EVP_R_INITIALIZATION_ERROR 134	1429	#define EVP_R_INITIALIZATION_ERROR 134
1418	#define EVP_R_INPUT_NOT_INITIALIZED 111	1430	#define EVP_R_INPUT_NOT_INITIALIZED 111
1419	#define EVP_R_INVALID_DIGEST 152	1431	#define EVP_R_INVALID_DIGEST 152


diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 4feea1aabf..109d2d4b2e 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_err.c,v 1.28 2022/07/12 14:42:49 kn Exp $ */	1	/* $OpenBSD: evp_err.c,v 1.29 2022/11/10 14:46:44 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -101,6 +101,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
101	{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"},	101	{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"},
102	{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) , "expecting a ec key"},	102	{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) , "expecting a ec key"},
103	{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},	103	{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
		104	{ERR_REASON(EVP_R_GET_RAW_KEY_FAILED) , "get raw key failed"},
104	{ERR_REASON(EVP_R_INITIALIZATION_ERROR) , "initialization error"},	105	{ERR_REASON(EVP_R_INITIALIZATION_ERROR) , "initialization error"},
105	{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"},	106	{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"},
106	{ERR_REASON(EVP_R_INVALID_DIGEST) , "invalid digest"},	107	{ERR_REASON(EVP_R_INVALID_DIGEST) , "invalid digest"},


diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index b6cef5a14c..2e0830b96e 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p_lib.c,v 1.29 2022/06/27 12:36:05 tb Exp $ */	1	/* $OpenBSD: p_lib.c,v 1.30 2022/11/10 14:46:44 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -279,6 +279,96 @@ EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
279	}	279	}
280		280
281	EVP_PKEY *	281	EVP_PKEY *
		282	EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
		283	const unsigned char *private_key, size_t len)
		284	{
		285	EVP_PKEY *ret;
		286
		287	if ((ret = EVP_PKEY_new()) == NULL)
		288	goto err;
		289
		290	if (!pkey_set_type(ret, engine, type, NULL, -1))
		291	goto err;
		292
		293	if (ret->ameth->set_priv_key == NULL) {
		294	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		295	goto err;
		296	}
		297	if (!ret->ameth->set_priv_key(ret, private_key, len)) {
		298	EVPerror(EVP_R_KEY_SETUP_FAILED);
		299	goto err;
		300	}
		301
		302	return ret;
		303
		304	err:
		305	EVP_PKEY_free(ret);
		306
		307	return NULL;
		308	}
		309
		310	EVP_PKEY *
		311	EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
		312	const unsigned char *public_key, size_t len)
		313	{
		314	EVP_PKEY *ret;
		315
		316	if ((ret = EVP_PKEY_new()) == NULL)
		317	goto err;
		318
		319	if (!pkey_set_type(ret, engine, type, NULL, -1))
		320	goto err;
		321
		322	if (ret->ameth->set_pub_key == NULL) {
		323	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		324	goto err;
		325	}
		326	if (!ret->ameth->set_pub_key(ret, public_key, len)) {
		327	EVPerror(EVP_R_KEY_SETUP_FAILED);
		328	goto err;
		329	}
		330
		331	return ret;
		332
		333	err:
		334	EVP_PKEY_free(ret);
		335
		336	return NULL;
		337	}
		338
		339	int
		340	EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
		341	unsigned char out_private_key, size_t out_len)
		342	{
		343	if (pkey->ameth->get_priv_key == NULL) {
		344	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		345	return 0;
		346	}
		347	if (!pkey->ameth->get_priv_key(pkey, out_private_key, out_len)) {
		348	EVPerror(EVP_R_GET_RAW_KEY_FAILED);
		349	return 0;
		350	}
		351
		352	return 1;
		353	}
		354
		355	int
		356	EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
		357	unsigned char out_public_key, size_t out_len)
		358	{
		359	if (pkey->ameth->get_pub_key == NULL) {
		360	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		361	return 0;
		362	}
		363	if (!pkey->ameth->get_pub_key(pkey, out_public_key, out_len)) {
		364	EVPerror(EVP_R_GET_RAW_KEY_FAILED);
		365	return 0;
		366	}
		367
		368	return 1;
		369	}
		370
		371	EVP_PKEY *
282	EVP_PKEY_new_CMAC_key(ENGINE e, const unsigned char priv, size_t len,	372	EVP_PKEY_new_CMAC_key(ENGINE e, const unsigned char priv, size_t len,
283	const EVP_CIPHER *cipher)	373	const EVP_CIPHER *cipher)
284	{	374	{
@@ -581,4 +671,3 @@ EVP_PKEY_get_default_digest_nid(EVP_PKEY pkey, int pnid)
581	return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,	671	return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
582	0, pnid);	672	0, pnid);
583	}	673	}
584