5 files changed, 260 insertions, 212 deletions
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 2165bf06b5..cf3a965a64 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.39 2023/12/29 10:17:26 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.40 2023/12/29 10:59:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -62,146 +62,8 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include "asn1_local.h"
 #include "evp_local.h"
-extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
-extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
-extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
-extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
-static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
-        &cmac_asn1_meth,
-        &dh_asn1_meth,
-        &dsa_asn1_meths[0],
-        &dsa_asn1_meths[1],
-        &dsa_asn1_meths[2],
-        &dsa_asn1_meths[3],
-        &dsa_asn1_meths[4],
-        &eckey_asn1_meth,
-        &ed25519_asn1_meth,
-        &gostimit_asn1_meth,
-        &gostr01_asn1_meths[0],
-        &gostr01_asn1_meths[1],
-        &gostr01_asn1_meths[2],
-        &hmac_asn1_meth,
-        &rsa_asn1_meths[0],
-        &rsa_asn1_meths[1],
-        &rsa_pss_asn1_meth,
-        &x25519_asn1_meth,
-};
-#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
-int
-EVP_PKEY_asn1_get_count(void)
-{
-        return N_ASN1_METHODS;
-}
-const EVP_PKEY_ASN1_METHOD *
-EVP_PKEY_asn1_get0(int idx)
-{
-        if (idx < 0 || idx >= N_ASN1_METHODS)
-                return NULL;
-        return asn1_methods[idx];
-}
-static const EVP_PKEY_ASN1_METHOD *
-pkey_asn1_find(int pkey_id)
-{
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        int i;
-        for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
-                ameth = EVP_PKEY_asn1_get0(i);
-                if (ameth->pkey_id == pkey_id)
-                        return ameth;
-        }
-        return NULL;
-}
-/*
- * XXX - fix this. In what looks like an infinite loop, this API only makes two
- * calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method,
- * the second call will find the method it aliases. Codify this in regress and
- * make this explicit in code.
- */
-const EVP_PKEY_ASN1_METHOD *
-EVP_PKEY_asn1_find(ENGINE **pe, int type)
-{
-        const EVP_PKEY_ASN1_METHOD *mp;
-        if (pe != NULL)
-                *pe = NULL;
-        for (;;) {
-                if ((mp = pkey_asn1_find(type)) == NULL)
-                        break;
-                if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0)
-                        break;
-                type = mp->pkey_base_id;
-        }
-        return mp;
-}
-const EVP_PKEY_ASN1_METHOD *
-EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
-{
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        int i;
-        if (len == -1)
-                len = strlen(str);
-        if (pe != NULL)
-                *pe = NULL;
-        for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
-                ameth = EVP_PKEY_asn1_get0(i);
-                if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
-                        continue;
-                if (((int)strlen(ameth->pem_str) == len) &&
-                    !strncasecmp(ameth->pem_str, str, len))
-                        return ameth;
-        }
-        return NULL;
-}
-int
-EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
-    const char **pinfo, const char **ppem_str,
-    const EVP_PKEY_ASN1_METHOD *ameth)
-{
-        if (!ameth)
-                return 0;
-        if (ppkey_id)
-                *ppkey_id = ameth->pkey_id;
-        if (ppkey_base_id)
-                *ppkey_base_id = ameth->pkey_base_id;
-        if (ppkey_flags)
-                *ppkey_flags = ameth->pkey_flags;
-        if (pinfo)
-                *pinfo = ameth->info;
-        if (ppem_str)
-                *ppem_str = ameth->pem_str;
-        return 1;
-}
-const EVP_PKEY_ASN1_METHOD*
-EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
-{
-        return pkey->ameth;
-}
 /*
 * XXX - remove all the API below here in the next major bump.
 */
diff --git a/src/lib/libcrypto/asn1/asn1_local.h b/src/lib/libcrypto/asn1/asn1_local.h
index 566ace798b..c1dfa6f68c 100644
--- a/src/lib/libcrypto/asn1/asn1_local.h
+++ b/src/lib/libcrypto/asn1/asn1_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_local.h,v 1.4 2023/07/28 10:00:10 tb Exp $ */
+/* $OpenBSD: asn1_local.h,v 1.5 2023/12/29 10:59:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -89,70 +89,6 @@ struct asn1_pctx_st {
        unsigned long str_flags;
 } /* ASN1_PCTX */;
-/* ASN1 public key method structure */
-struct evp_pkey_asn1_method_st {
-        int pkey_id;
-        int pkey_base_id;
-        unsigned long pkey_flags;
-        char *pem_str;
-        char *info;
-        int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
-        int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
-        int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
-        int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-            ASN1_PCTX *pctx);
-        int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
-        int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
-        int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-            ASN1_PCTX *pctx);
-        int (*pkey_size)(const EVP_PKEY *pk);
-        int (*pkey_bits)(const EVP_PKEY *pk);
-        int (*pkey_security_bits)(const EVP_PKEY *pk);
-        int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
-            int derlen);
-        int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
-        int (*param_missing)(const EVP_PKEY *pk);
-        int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
-        int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
-        int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-            ASN1_PCTX *pctx);
-        int (*sig_print)(BIO *out, const X509_ALGOR *sigalg,
-            const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx);
-        void (*pkey_free)(EVP_PKEY *pkey);
-        int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
-        /* Legacy functions for old PEM */
-        int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder,
-            int derlen);
-        int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
-        /* Custom ASN1 signature verification */
-        int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-            X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
-        int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-            X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
-        int (*pkey_check)(const EVP_PKEY *pk);
-        int (*pkey_public_check)(const EVP_PKEY *pk);
-        int (*pkey_param_check)(const EVP_PKEY *pk);
-        int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
-            size_t len);
-        int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
-            size_t len);
-        int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key,
-            size_t *out_len);
-        int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key,
-            size_t *out_len);
-} /* EVP_PKEY_ASN1_METHOD */;
 /* Method to handle CRL access.
 * In general a CRL could be very large (several Mb) and can consume large
 * amounts of resources if stored in memory by multiple processes.
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index cd98997f6a..6f7bdc79fe 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t_x509.c,v 1.43 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: t_x509.c,v 1.44 2023/12/29 10:59:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -77,7 +77,7 @@
 #include <openssl/rsa.h>
 #endif
-#include "asn1_local.h"
+#include "evp_local.h"
 #include "x509_local.h"
 int
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 1034b88a1a..d21919ac9b 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.9 2023/12/22 17:25:47 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.10 2023/12/29 10:59:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -89,6 +89,68 @@ struct ecx_key_st {
        size_t pub_key_len;
 };
+struct evp_pkey_asn1_method_st {
+        int pkey_id;
+        int pkey_base_id;
+        unsigned long pkey_flags;
+        char *pem_str;
+        char *info;
+        int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
+        int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
+        int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
+        int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+            ASN1_PCTX *pctx);
+        int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+        int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+        int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+            ASN1_PCTX *pctx);
+        int (*pkey_size)(const EVP_PKEY *pk);
+        int (*pkey_bits)(const EVP_PKEY *pk);
+        int (*pkey_security_bits)(const EVP_PKEY *pk);
+        int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
+            int derlen);
+        int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
+        int (*param_missing)(const EVP_PKEY *pk);
+        int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
+        int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
+        int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+            ASN1_PCTX *pctx);
+        int (*sig_print)(BIO *out, const X509_ALGOR *sigalg,
+            const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx);
+        void (*pkey_free)(EVP_PKEY *pkey);
+        int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
+        /* Legacy functions for old PEM */
+        int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder,
+            int derlen);
+        int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
+        /* Custom ASN1 signature verification */
+        int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+            X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+        int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+            X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
+        int (*pkey_check)(const EVP_PKEY *pk);
+        int (*pkey_public_check)(const EVP_PKEY *pk);
+        int (*pkey_param_check)(const EVP_PKEY *pk);
+        int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
+            size_t len);
+        int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
+            size_t len);
+        int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key,
+            size_t *out_len);
+        int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key,
+            size_t *out_len);
+} /* EVP_PKEY_ASN1_METHOD */;
 /* Type needs to be a bit field
 * Sub-type needs to be for variations on the method, as in, can it do
 * arbitrary encryption.... */
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index f92684fdd7..24e1dbb14c 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.50 2023/12/25 22:41:50 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.51 2023/12/29 10:59:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -55,13 +55,62 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
 #include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
-#include <openssl/opensslconf.h>
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
-#include <openssl/bn.h>
 #include <openssl/cmac.h>
+#include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -73,13 +122,152 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#include "asn1_local.h"
 #include "evp_local.h"
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
+static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
+        &cmac_asn1_meth,
+        &dh_asn1_meth,
+        &dsa_asn1_meths[0],
+        &dsa_asn1_meths[1],
+        &dsa_asn1_meths[2],
+        &dsa_asn1_meths[3],
+        &dsa_asn1_meths[4],
+        &eckey_asn1_meth,
+        &ed25519_asn1_meth,
+        &gostimit_asn1_meth,
+        &gostr01_asn1_meths[0],
+        &gostr01_asn1_meths[1],
+        &gostr01_asn1_meths[2],
+        &hmac_asn1_meth,
+        &rsa_asn1_meths[0],
+        &rsa_asn1_meths[1],
+        &rsa_pss_asn1_meth,
+        &x25519_asn1_meth,
+};
+#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
+int
+EVP_PKEY_asn1_get_count(void)
+{
+        return N_ASN1_METHODS;
+}
+const EVP_PKEY_ASN1_METHOD *
+EVP_PKEY_asn1_get0(int idx)
+{
+        if (idx < 0 || idx >= N_ASN1_METHODS)
+                return NULL;
+        return asn1_methods[idx];
+}
+static const EVP_PKEY_ASN1_METHOD *
+pkey_asn1_find(int pkey_id)
+{
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int i;
+        for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
+                ameth = EVP_PKEY_asn1_get0(i);
+                if (ameth->pkey_id == pkey_id)
+                        return ameth;
+        }
+        return NULL;
+}
+/*
+ * XXX - fix this. In what looks like an infinite loop, this API only makes two
+ * calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method,
+ * the second call will find the method it aliases. Codify this in regress and
+ * make this explicit in code.
+ */
+const EVP_PKEY_ASN1_METHOD *
+EVP_PKEY_asn1_find(ENGINE **pe, int type)
+{
+        const EVP_PKEY_ASN1_METHOD *mp;
+        if (pe != NULL)
+                *pe = NULL;
+        for (;;) {
+                if ((mp = pkey_asn1_find(type)) == NULL)
+                        break;
+                if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0)
+                        break;
+                type = mp->pkey_base_id;
+        }
+        return mp;
+}
+const EVP_PKEY_ASN1_METHOD *
+EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
+{
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int i;
+        if (len == -1)
+                len = strlen(str);
+        if (pe != NULL)
+                *pe = NULL;
+        for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
+                ameth = EVP_PKEY_asn1_get0(i);
+                if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                        continue;
+                if (((int)strlen(ameth->pem_str) == len) &&
+                    !strncasecmp(ameth->pem_str, str, len))
+                        return ameth;
+        }
+        return NULL;
+}
+int
+EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
+    const char **pinfo, const char **ppem_str,
+    const EVP_PKEY_ASN1_METHOD *ameth)
+{
+        if (!ameth)
+                return 0;
+        if (ppkey_id)
+                *ppkey_id = ameth->pkey_id;
+        if (ppkey_base_id)
+                *ppkey_base_id = ameth->pkey_base_id;
+        if (ppkey_flags)
+                *ppkey_flags = ameth->pkey_flags;
+        if (pinfo)
+                *pinfo = ameth->info;
+        if (ppem_str)
+                *ppem_str = ameth->pem_str;
+        return 1;
+}
+const EVP_PKEY_ASN1_METHOD*
+EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
+{
+        return pkey->ameth;
+}
 int
 EVP_PKEY_bits(const EVP_PKEY *pkey)
 {

diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c index 2165bf06b5..cf3a965a64 100644 --- a/src/lib/libcrypto/asn1/ameth_lib.c +++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ameth_lib.c,v 1.39 2023/12/29 10:17:26 tb Exp $ */	1	/* $OpenBSD: ameth_lib.c,v 1.40 2023/12/29 10:59:00 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -62,146 +62,8 @@
62	#include <openssl/err.h>	62	#include <openssl/err.h>
63	#include <openssl/evp.h>	63	#include <openssl/evp.h>
64		64
65	#include "asn1_local.h"
66	#include "evp_local.h"	65	#include "evp_local.h"
67		66
68	extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
69	extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
70	extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
71	extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
72	extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
73	extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
74	extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
75	extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
76	extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
77	extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
78	extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
79
80	static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
81	&cmac_asn1_meth,
82	&dh_asn1_meth,
83	&dsa_asn1_meths[0],
84	&dsa_asn1_meths[1],
85	&dsa_asn1_meths[2],
86	&dsa_asn1_meths[3],
87	&dsa_asn1_meths[4],
88	&eckey_asn1_meth,
89	&ed25519_asn1_meth,
90	&gostimit_asn1_meth,
91	&gostr01_asn1_meths[0],
92	&gostr01_asn1_meths[1],
93	&gostr01_asn1_meths[2],
94	&hmac_asn1_meth,
95	&rsa_asn1_meths[0],
96	&rsa_asn1_meths[1],
97	&rsa_pss_asn1_meth,
98	&x25519_asn1_meth,
99	};
100
101	#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
102
103	int
104	EVP_PKEY_asn1_get_count(void)
105	{
106	return N_ASN1_METHODS;
107	}
108
109	const EVP_PKEY_ASN1_METHOD *
110	EVP_PKEY_asn1_get0(int idx)
111	{
112	if (idx < 0 \|\| idx >= N_ASN1_METHODS)
113	return NULL;
114
115	return asn1_methods[idx];
116	}
117
118	static const EVP_PKEY_ASN1_METHOD *
119	pkey_asn1_find(int pkey_id)
120	{
121	const EVP_PKEY_ASN1_METHOD *ameth;
122	int i;
123
124	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
125	ameth = EVP_PKEY_asn1_get0(i);
126	if (ameth->pkey_id == pkey_id)
127	return ameth;
128	}
129
130	return NULL;
131	}
132
133	/*
134	* XXX - fix this. In what looks like an infinite loop, this API only makes two
135	* calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method,
136	* the second call will find the method it aliases. Codify this in regress and
137	* make this explicit in code.
138	*/
139	const EVP_PKEY_ASN1_METHOD *
140	EVP_PKEY_asn1_find(ENGINE **pe, int type)
141	{
142	const EVP_PKEY_ASN1_METHOD *mp;
143
144	if (pe != NULL)
145	*pe = NULL;
146
147	for (;;) {
148	if ((mp = pkey_asn1_find(type)) == NULL)
149	break;
150	if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0)
151	break;
152	type = mp->pkey_base_id;
153	}
154
155	return mp;
156	}
157
158	const EVP_PKEY_ASN1_METHOD *
159	EVP_PKEY_asn1_find_str(ENGINE *pe, const char str, int len)
160	{
161	const EVP_PKEY_ASN1_METHOD *ameth;
162	int i;
163
164	if (len == -1)
165	len = strlen(str);
166	if (pe != NULL)
167	*pe = NULL;
168	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
169	ameth = EVP_PKEY_asn1_get0(i);
170	if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
171	continue;
172	if (((int)strlen(ameth->pem_str) == len) &&
173	!strncasecmp(ameth->pem_str, str, len))
174	return ameth;
175	}
176	return NULL;
177	}
178
179	int
180	EVP_PKEY_asn1_get0_info(int ppkey_id, int ppkey_base_id, int *ppkey_flags,
181	const char pinfo, const char ppem_str,
182	const EVP_PKEY_ASN1_METHOD *ameth)
183	{
184	if (!ameth)
185	return 0;
186	if (ppkey_id)
187	*ppkey_id = ameth->pkey_id;
188	if (ppkey_base_id)
189	*ppkey_base_id = ameth->pkey_base_id;
190	if (ppkey_flags)
191	*ppkey_flags = ameth->pkey_flags;
192	if (pinfo)
193	*pinfo = ameth->info;
194	if (ppem_str)
195	*ppem_str = ameth->pem_str;
196	return 1;
197	}
198
199	const EVP_PKEY_ASN1_METHOD*
200	EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
201	{
202	return pkey->ameth;
203	}
204
205	/*	67	/*
206	* XXX - remove all the API below here in the next major bump.	68	* XXX - remove all the API below here in the next major bump.
207	*/	69	*/


diff --git a/src/lib/libcrypto/asn1/asn1_local.h b/src/lib/libcrypto/asn1/asn1_local.h index 566ace798b..c1dfa6f68c 100644 --- a/src/lib/libcrypto/asn1/asn1_local.h +++ b/src/lib/libcrypto/asn1/asn1_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1_local.h,v 1.4 2023/07/28 10:00:10 tb Exp $ */	1	/* $OpenBSD: asn1_local.h,v 1.5 2023/12/29 10:59:00 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -89,70 +89,6 @@ struct asn1_pctx_st {
89	unsigned long str_flags;	89	unsigned long str_flags;
90	} /* ASN1_PCTX */;	90	} /* ASN1_PCTX */;
91		91
92	/* ASN1 public key method structure */
93
94	struct evp_pkey_asn1_method_st {
95	int pkey_id;
96	int pkey_base_id;
97	unsigned long pkey_flags;
98
99	char *pem_str;
100	char *info;
101
102	int (pub_decode)(EVP_PKEY pk, X509_PUBKEY *pub);
103	int (pub_encode)(X509_PUBKEY pub, const EVP_PKEY *pk);
104	int (pub_cmp)(const EVP_PKEY a, const EVP_PKEY *b);
105	int (pub_print)(BIO out, const EVP_PKEY *pkey, int indent,
106	ASN1_PCTX *pctx);
107
108	int (priv_decode)(EVP_PKEY pk, const PKCS8_PRIV_KEY_INFO *p8inf);
109	int (priv_encode)(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY *pk);
110	int (priv_print)(BIO out, const EVP_PKEY *pkey, int indent,
111	ASN1_PCTX *pctx);
112
113	int (pkey_size)(const EVP_PKEY pk);
114	int (pkey_bits)(const EVP_PKEY pk);
115	int (pkey_security_bits)(const EVP_PKEY pk);
116
117	int (param_decode)(EVP_PKEY pkey, const unsigned char **pder,
118	int derlen);
119	int (param_encode)(const EVP_PKEY pkey, unsigned char **pder);
120	int (param_missing)(const EVP_PKEY pk);
121	int (param_copy)(EVP_PKEY to, const EVP_PKEY *from);
122	int (param_cmp)(const EVP_PKEY a, const EVP_PKEY *b);
123	int (param_print)(BIO out, const EVP_PKEY *pkey, int indent,
124	ASN1_PCTX *pctx);
125	int (sig_print)(BIO out, const X509_ALGOR *sigalg,
126	const ASN1_STRING sig, int indent, ASN1_PCTX pctx);
127
128	void (pkey_free)(EVP_PKEY pkey);
129	int (pkey_ctrl)(EVP_PKEY pkey, int op, long arg1, void *arg2);
130
131	/* Legacy functions for old PEM */
132
133	int (old_priv_decode)(EVP_PKEY pkey, const unsigned char **pder,
134	int derlen);
135	int (old_priv_encode)(const EVP_PKEY pkey, unsigned char **pder);
136	/* Custom ASN1 signature verification */
137	int (item_verify)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,
138	X509_ALGOR a, ASN1_BIT_STRING sig, EVP_PKEY *pkey);
139	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,
140	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);
141
142	int (pkey_check)(const EVP_PKEY pk);
143	int (pkey_public_check)(const EVP_PKEY pk);
144	int (pkey_param_check)(const EVP_PKEY pk);
145
146	int (set_priv_key)(EVP_PKEY pk, const unsigned char *private_key,
147	size_t len);
148	int (set_pub_key)(EVP_PKEY pk, const unsigned char *public_key,
149	size_t len);
150	int (get_priv_key)(const EVP_PKEY pk, unsigned char *out_private_key,
151	size_t *out_len);
152	int (get_pub_key)(const EVP_PKEY pk, unsigned char *out_public_key,
153	size_t *out_len);
154	} /* EVP_PKEY_ASN1_METHOD */;
155
156	/* Method to handle CRL access.	92	/* Method to handle CRL access.
157	* In general a CRL could be very large (several Mb) and can consume large	93	* In general a CRL could be very large (several Mb) and can consume large
158	* amounts of resources if stored in memory by multiple processes.	94	* amounts of resources if stored in memory by multiple processes.


diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c index cd98997f6a..6f7bdc79fe 100644 --- a/src/lib/libcrypto/asn1/t_x509.c +++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t_x509.c,v 1.43 2023/07/07 19:37:52 beck Exp $ */	1	/* $OpenBSD: t_x509.c,v 1.44 2023/12/29 10:59:00 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -77,7 +77,7 @@
77	#include <openssl/rsa.h>	77	#include <openssl/rsa.h>
78	#endif	78	#endif
79		79
80	#include "asn1_local.h"	80	#include "evp_local.h"
81	#include "x509_local.h"	81	#include "x509_local.h"
82		82
83	int	83	int


diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h index 1034b88a1a..d21919ac9b 100644 --- a/src/lib/libcrypto/evp/evp_local.h +++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_local.h,v 1.9 2023/12/22 17:25:47 tb Exp $ */	1	/* $OpenBSD: evp_local.h,v 1.10 2023/12/29 10:59:00 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -89,6 +89,68 @@ struct ecx_key_st {
89	size_t pub_key_len;	89	size_t pub_key_len;
90	};	90	};
91		91
		92	struct evp_pkey_asn1_method_st {
		93	int pkey_id;
		94	int pkey_base_id;
		95	unsigned long pkey_flags;
		96
		97	char *pem_str;
		98	char *info;
		99
		100	int (pub_decode)(EVP_PKEY pk, X509_PUBKEY *pub);
		101	int (pub_encode)(X509_PUBKEY pub, const EVP_PKEY *pk);
		102	int (pub_cmp)(const EVP_PKEY a, const EVP_PKEY *b);
		103	int (pub_print)(BIO out, const EVP_PKEY *pkey, int indent,
		104	ASN1_PCTX *pctx);
		105
		106	int (priv_decode)(EVP_PKEY pk, const PKCS8_PRIV_KEY_INFO *p8inf);
		107	int (priv_encode)(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY *pk);
		108	int (priv_print)(BIO out, const EVP_PKEY *pkey, int indent,
		109	ASN1_PCTX *pctx);
		110
		111	int (pkey_size)(const EVP_PKEY pk);
		112	int (pkey_bits)(const EVP_PKEY pk);
		113	int (pkey_security_bits)(const EVP_PKEY pk);
		114
		115	int (param_decode)(EVP_PKEY pkey, const unsigned char **pder,
		116	int derlen);
		117	int (param_encode)(const EVP_PKEY pkey, unsigned char **pder);
		118	int (param_missing)(const EVP_PKEY pk);
		119	int (param_copy)(EVP_PKEY to, const EVP_PKEY *from);
		120	int (param_cmp)(const EVP_PKEY a, const EVP_PKEY *b);
		121	int (param_print)(BIO out, const EVP_PKEY *pkey, int indent,
		122	ASN1_PCTX *pctx);
		123	int (sig_print)(BIO out, const X509_ALGOR *sigalg,
		124	const ASN1_STRING sig, int indent, ASN1_PCTX pctx);
		125
		126	void (pkey_free)(EVP_PKEY pkey);
		127	int (pkey_ctrl)(EVP_PKEY pkey, int op, long arg1, void *arg2);
		128
		129	/* Legacy functions for old PEM */
		130
		131	int (old_priv_decode)(EVP_PKEY pkey, const unsigned char **pder,
		132	int derlen);
		133	int (old_priv_encode)(const EVP_PKEY pkey, unsigned char **pder);
		134	/* Custom ASN1 signature verification */
		135	int (item_verify)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,
		136	X509_ALGOR a, ASN1_BIT_STRING sig, EVP_PKEY *pkey);
		137	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,
		138	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);
		139
		140	int (pkey_check)(const EVP_PKEY pk);
		141	int (pkey_public_check)(const EVP_PKEY pk);
		142	int (pkey_param_check)(const EVP_PKEY pk);
		143
		144	int (set_priv_key)(EVP_PKEY pk, const unsigned char *private_key,
		145	size_t len);
		146	int (set_pub_key)(EVP_PKEY pk, const unsigned char *public_key,
		147	size_t len);
		148	int (get_priv_key)(const EVP_PKEY pk, unsigned char *out_private_key,
		149	size_t *out_len);
		150	int (get_pub_key)(const EVP_PKEY pk, unsigned char *out_public_key,
		151	size_t *out_len);
		152	} /* EVP_PKEY_ASN1_METHOD */;
		153
92	/* Type needs to be a bit field	154	/* Type needs to be a bit field
93	* Sub-type needs to be for variations on the method, as in, can it do	155	* Sub-type needs to be for variations on the method, as in, can it do
94	* arbitrary encryption.... */	156	* arbitrary encryption.... */


diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index f92684fdd7..24e1dbb14c 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p_lib.c,v 1.50 2023/12/25 22:41:50 tb Exp $ */	1	/* $OpenBSD: p_lib.c,v 1.51 2023/12/29 10:59:00 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -55,13 +55,62 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
		60	*
		61	* Redistribution and use in source and binary forms, with or without
		62	* modification, are permitted provided that the following conditions
		63	* are met:
		64	*
		65	* 1. Redistributions of source code must retain the above copyright
		66	* notice, this list of conditions and the following disclaimer.
		67	*
		68	* 2. Redistributions in binary form must reproduce the above copyright
		69	* notice, this list of conditions and the following disclaimer in
		70	* the documentation and/or other materials provided with the
		71	* distribution.
		72	*
		73	* 3. All advertising materials mentioning features or use of this
		74	* software must display the following acknowledgment:
		75	* "This product includes software developed by the OpenSSL Project
		76	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
		77	*
		78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		79	* endorse or promote products derived from this software without
		80	* prior written permission. For written permission, please contact
		81	* licensing@OpenSSL.org.
		82	*
		83	* 5. Products derived from this software may not be called "OpenSSL"
		84	* nor may "OpenSSL" appear in their names without prior written
		85	* permission of the OpenSSL Project.
		86	*
		87	* 6. Redistributions of any form whatsoever must retain the following
		88	* acknowledgment:
		89	* "This product includes software developed by the OpenSSL Project
		90	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
		91	*
		92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		103	* OF THE POSSIBILITY OF SUCH DAMAGE.
		104	*/
58		105
59	#include <stdio.h>	106	#include <stdio.h>
		107	#include <stdlib.h>
		108	#include <string.h>
60		109
61	#include <openssl/opensslconf.h>	110	#include <openssl/asn1.h>
62		111	#include <openssl/bio.h>
63	#include <openssl/bn.h>
64	#include <openssl/cmac.h>	112	#include <openssl/cmac.h>
		113	#include <openssl/crypto.h>
65	#include <openssl/err.h>	114	#include <openssl/err.h>
66	#include <openssl/evp.h>	115	#include <openssl/evp.h>
67	#include <openssl/objects.h>	116	#include <openssl/objects.h>
@@ -73,13 +122,152 @@
73	#ifndef OPENSSL_NO_DSA	122	#ifndef OPENSSL_NO_DSA
74	#include <openssl/dsa.h>	123	#include <openssl/dsa.h>
75	#endif	124	#endif
		125	#ifndef OPENSSL_NO_EC
		126	#include <openssl/ec.h>
		127	#endif
76	#ifndef OPENSSL_NO_RSA	128	#ifndef OPENSSL_NO_RSA
77	#include <openssl/rsa.h>	129	#include <openssl/rsa.h>
78	#endif	130	#endif
79		131
80	#include "asn1_local.h"
81	#include "evp_local.h"	132	#include "evp_local.h"
82		133
		134	extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
		135	extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
		136	extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
		137	extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
		138	extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
		139	extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
		140	extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
		141	extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
		142	extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
		143	extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
		144	extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
		145
		146	static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
		147	&cmac_asn1_meth,
		148	&dh_asn1_meth,
		149	&dsa_asn1_meths[0],
		150	&dsa_asn1_meths[1],
		151	&dsa_asn1_meths[2],
		152	&dsa_asn1_meths[3],
		153	&dsa_asn1_meths[4],
		154	&eckey_asn1_meth,
		155	&ed25519_asn1_meth,
		156	&gostimit_asn1_meth,
		157	&gostr01_asn1_meths[0],
		158	&gostr01_asn1_meths[1],
		159	&gostr01_asn1_meths[2],
		160	&hmac_asn1_meth,
		161	&rsa_asn1_meths[0],
		162	&rsa_asn1_meths[1],
		163	&rsa_pss_asn1_meth,
		164	&x25519_asn1_meth,
		165	};
		166
		167	#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
		168
		169	int
		170	EVP_PKEY_asn1_get_count(void)
		171	{
		172	return N_ASN1_METHODS;
		173	}
		174
		175	const EVP_PKEY_ASN1_METHOD *
		176	EVP_PKEY_asn1_get0(int idx)
		177	{
		178	if (idx < 0 \|\| idx >= N_ASN1_METHODS)
		179	return NULL;
		180
		181	return asn1_methods[idx];
		182	}
		183
		184	static const EVP_PKEY_ASN1_METHOD *
		185	pkey_asn1_find(int pkey_id)
		186	{
		187	const EVP_PKEY_ASN1_METHOD *ameth;
		188	int i;
		189
		190	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
		191	ameth = EVP_PKEY_asn1_get0(i);
		192	if (ameth->pkey_id == pkey_id)
		193	return ameth;
		194	}
		195
		196	return NULL;
		197	}
		198
		199	/*
		200	* XXX - fix this. In what looks like an infinite loop, this API only makes two
		201	* calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method,
		202	* the second call will find the method it aliases. Codify this in regress and
		203	* make this explicit in code.
		204	*/
		205	const EVP_PKEY_ASN1_METHOD *
		206	EVP_PKEY_asn1_find(ENGINE **pe, int type)
		207	{
		208	const EVP_PKEY_ASN1_METHOD *mp;
		209
		210	if (pe != NULL)
		211	*pe = NULL;
		212
		213	for (;;) {
		214	if ((mp = pkey_asn1_find(type)) == NULL)
		215	break;
		216	if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0)
		217	break;
		218	type = mp->pkey_base_id;
		219	}
		220
		221	return mp;
		222	}
		223
		224	const EVP_PKEY_ASN1_METHOD *
		225	EVP_PKEY_asn1_find_str(ENGINE *pe, const char str, int len)
		226	{
		227	const EVP_PKEY_ASN1_METHOD *ameth;
		228	int i;
		229
		230	if (len == -1)
		231	len = strlen(str);
		232	if (pe != NULL)
		233	*pe = NULL;
		234	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
		235	ameth = EVP_PKEY_asn1_get0(i);
		236	if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
		237	continue;
		238	if (((int)strlen(ameth->pem_str) == len) &&
		239	!strncasecmp(ameth->pem_str, str, len))
		240	return ameth;
		241	}
		242	return NULL;
		243	}
		244
		245	int
		246	EVP_PKEY_asn1_get0_info(int ppkey_id, int ppkey_base_id, int *ppkey_flags,
		247	const char pinfo, const char ppem_str,
		248	const EVP_PKEY_ASN1_METHOD *ameth)
		249	{
		250	if (!ameth)
		251	return 0;
		252	if (ppkey_id)
		253	*ppkey_id = ameth->pkey_id;
		254	if (ppkey_base_id)
		255	*ppkey_base_id = ameth->pkey_base_id;
		256	if (ppkey_flags)
		257	*ppkey_flags = ameth->pkey_flags;
		258	if (pinfo)
		259	*pinfo = ameth->info;
		260	if (ppem_str)
		261	*ppem_str = ameth->pem_str;
		262	return 1;
		263	}
		264
		265	const EVP_PKEY_ASN1_METHOD*
		266	EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
		267	{
		268	return pkey->ameth;
		269	}
		270
83	int	271	int
84	EVP_PKEY_bits(const EVP_PKEY *pkey)	272	EVP_PKEY_bits(const EVP_PKEY *pkey)
85	{	273	{