summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/x_pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1/x_pubkey.c')
-rw-r--r--src/lib/libcrypto/asn1/x_pubkey.c285
1 files changed, 228 insertions, 57 deletions
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 7d6d71af88..91c2756116 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -60,16 +60,23 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/asn1t.h> 61#include <openssl/asn1t.h>
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#ifndef OPENSSL_NO_RSA
64#include <openssl/rsa.h>
65#endif
66#ifndef OPENSSL_NO_DSA
67#include <openssl/dsa.h>
68#endif
63 69
64/* Minor tweak to operation: free up EVP_PKEY */ 70/* Minor tweak to operation: free up EVP_PKEY */
65static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 71static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
66{ 72 {
67 if(operation == ASN1_OP_FREE_POST) { 73 if (operation == ASN1_OP_FREE_POST)
74 {
68 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; 75 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
69 EVP_PKEY_free(pubkey->pkey); 76 EVP_PKEY_free(pubkey->pkey);
70 } 77 }
71 return 1; 78 return 1;
72} 79 }
73 80
74ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { 81ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
75 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), 82 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
@@ -111,13 +118,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
111 a->parameter->type=V_ASN1_NULL; 118 a->parameter->type=V_ASN1_NULL;
112 } 119 }
113 } 120 }
114 else
115#ifndef OPENSSL_NO_DSA 121#ifndef OPENSSL_NO_DSA
116 if (pkey->type == EVP_PKEY_DSA) 122 else if (pkey->type == EVP_PKEY_DSA)
117 { 123 {
118 unsigned char *pp; 124 unsigned char *pp;
119 DSA *dsa; 125 DSA *dsa;
120 126
121 dsa=pkey->pkey.dsa; 127 dsa=pkey->pkey.dsa;
122 dsa->write_params=0; 128 dsa->write_params=0;
123 ASN1_TYPE_free(a->parameter); 129 ASN1_TYPE_free(a->parameter);
@@ -151,8 +157,64 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
151 } 157 }
152 OPENSSL_free(p); 158 OPENSSL_free(p);
153 } 159 }
154 else
155#endif 160#endif
161#ifndef OPENSSL_NO_EC
162 else if (pkey->type == EVP_PKEY_EC)
163 {
164 int nid=0;
165 unsigned char *pp;
166 EC_KEY *ec_key;
167 const EC_GROUP *group;
168
169 ec_key = pkey->pkey.ec;
170 ASN1_TYPE_free(a->parameter);
171
172 if ((a->parameter = ASN1_TYPE_new()) == NULL)
173 {
174 X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
175 goto err;
176 }
177
178 group = EC_KEY_get0_group(ec_key);
179 if (EC_GROUP_get_asn1_flag(group)
180 && (nid = EC_GROUP_get_curve_name(group)))
181 {
182 /* just set the OID */
183 a->parameter->type = V_ASN1_OBJECT;
184 a->parameter->value.object = OBJ_nid2obj(nid);
185 }
186 else /* explicit parameters */
187 {
188 if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
189 {
190 X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
191 goto err;
192 }
193 if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
194 {
195 X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
196 goto err;
197 }
198 pp = p;
199 if (!i2d_ECParameters(ec_key, &pp))
200 {
201 X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
202 OPENSSL_free(p);
203 goto err;
204 }
205 a->parameter->type = V_ASN1_SEQUENCE;
206 if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
207 {
208 X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
209 OPENSSL_free(p);
210 goto err;
211 }
212 ASN1_STRING_set(a->parameter->value.sequence, p, i);
213 OPENSSL_free(p);
214 }
215 }
216#endif
217 else if (1)
156 { 218 {
157 X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); 219 X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
158 goto err; 220 goto err;
@@ -171,7 +233,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
171 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 233 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
172 goto err; 234 goto err;
173 } 235 }
174 /* Set number of unused bits to zero */ 236 /* Set number of unused bits to zero */
175 pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 237 pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
176 pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; 238 pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
177 239
@@ -198,8 +260,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
198 EVP_PKEY *ret=NULL; 260 EVP_PKEY *ret=NULL;
199 long j; 261 long j;
200 int type; 262 int type;
201 unsigned char *p; 263 const unsigned char *p;
202#ifndef OPENSSL_NO_DSA 264#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
203 const unsigned char *cp; 265 const unsigned char *cp;
204 X509_ALGOR *a; 266 X509_ALGOR *a;
205#endif 267#endif
@@ -207,40 +269,106 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
207 if (key == NULL) goto err; 269 if (key == NULL) goto err;
208 270
209 if (key->pkey != NULL) 271 if (key->pkey != NULL)
210 { 272 {
211 CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 273 CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
212 return(key->pkey); 274 return(key->pkey);
213 } 275 }
214 276
215 if (key->public_key == NULL) goto err; 277 if (key->public_key == NULL) goto err;
216 278
217 type=OBJ_obj2nid(key->algor->algorithm); 279 type=OBJ_obj2nid(key->algor->algorithm);
218 p=key->public_key->data; 280 if ((ret = EVP_PKEY_new()) == NULL)
219 j=key->public_key->length;
220 if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
221 { 281 {
222 X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB); 282 X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
223 goto err; 283 goto err;
224 } 284 }
225 ret->save_parameters=0; 285 ret->type = EVP_PKEY_type(type);
226 286
227#ifndef OPENSSL_NO_DSA 287 /* the parameters must be extracted before the public key (ECDSA!) */
288
289#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
228 a=key->algor; 290 a=key->algor;
229 if (ret->type == EVP_PKEY_DSA) 291#endif
292
293 if (0)
294 ;
295#ifndef OPENSSL_NO_DSA
296 else if (ret->type == EVP_PKEY_DSA)
230 { 297 {
231 if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) 298 if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
232 { 299 {
300 if ((ret->pkey.dsa = DSA_new()) == NULL)
301 {
302 X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
303 goto err;
304 }
233 ret->pkey.dsa->write_params=0; 305 ret->pkey.dsa->write_params=0;
234 cp=p=a->parameter->value.sequence->data; 306 cp=p=a->parameter->value.sequence->data;
235 j=a->parameter->value.sequence->length; 307 j=a->parameter->value.sequence->length;
236 if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j)) 308 if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
237 goto err; 309 goto err;
238 } 310 }
239 ret->save_parameters=1; 311 ret->save_parameters=1;
240 } 312 }
241#endif 313#endif
242 key->pkey=ret; 314#ifndef OPENSSL_NO_EC
243 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY); 315 else if (ret->type == EVP_PKEY_EC)
316 {
317 if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
318 {
319 /* type == V_ASN1_SEQUENCE => we have explicit parameters
320 * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
321 */
322 if ((ret->pkey.ec= EC_KEY_new()) == NULL)
323 {
324 X509err(X509_F_X509_PUBKEY_GET,
325 ERR_R_MALLOC_FAILURE);
326 goto err;
327 }
328 cp = p = a->parameter->value.sequence->data;
329 j = a->parameter->value.sequence->length;
330 if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
331 {
332 X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
333 goto err;
334 }
335 }
336 else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
337 {
338 /* type == V_ASN1_OBJECT => the parameters are given
339 * by an asn1 OID
340 */
341 EC_KEY *ec_key;
342 EC_GROUP *group;
343
344 if (ret->pkey.ec == NULL)
345 ret->pkey.ec = EC_KEY_new();
346 ec_key = ret->pkey.ec;
347 if (ec_key == NULL)
348 goto err;
349 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
350 if (group == NULL)
351 goto err;
352 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
353 if (EC_KEY_set_group(ec_key, group) == 0)
354 goto err;
355 EC_GROUP_free(group);
356 }
357 /* the case implicitlyCA is currently not implemented */
358 ret->save_parameters = 1;
359 }
360#endif
361
362 p=key->public_key->data;
363 j=key->public_key->length;
364 if (!d2i_PublicKey(type, &ret, &p, (long)j))
365 {
366 X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
367 goto err;
368 }
369
370 key->pkey = ret;
371 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
244 return(ret); 372 return(ret);
245err: 373err:
246 if (ret != NULL) 374 if (ret != NULL)
@@ -252,9 +380,9 @@ err:
252 * and encode or decode as X509_PUBKEY 380 * and encode or decode as X509_PUBKEY
253 */ 381 */
254 382
255EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, 383EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
256 long length) 384 long length)
257{ 385 {
258 X509_PUBKEY *xpk; 386 X509_PUBKEY *xpk;
259 EVP_PKEY *pktmp; 387 EVP_PKEY *pktmp;
260 xpk = d2i_X509_PUBKEY(NULL, pp, length); 388 xpk = d2i_X509_PUBKEY(NULL, pp, length);
@@ -262,15 +390,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
262 pktmp = X509_PUBKEY_get(xpk); 390 pktmp = X509_PUBKEY_get(xpk);
263 X509_PUBKEY_free(xpk); 391 X509_PUBKEY_free(xpk);
264 if(!pktmp) return NULL; 392 if(!pktmp) return NULL;
265 if(a) { 393 if(a)
394 {
266 EVP_PKEY_free(*a); 395 EVP_PKEY_free(*a);
267 *a = pktmp; 396 *a = pktmp;
268 } 397 }
269 return pktmp; 398 return pktmp;
270} 399 }
271 400
272int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) 401int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
273{ 402 {
274 X509_PUBKEY *xpk=NULL; 403 X509_PUBKEY *xpk=NULL;
275 int ret; 404 int ret;
276 if(!a) return 0; 405 if(!a) return 0;
@@ -278,83 +407,125 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
278 ret = i2d_X509_PUBKEY(xpk, pp); 407 ret = i2d_X509_PUBKEY(xpk, pp);
279 X509_PUBKEY_free(xpk); 408 X509_PUBKEY_free(xpk);
280 return ret; 409 return ret;
281} 410 }
282 411
283/* The following are equivalents but which return RSA and DSA 412/* The following are equivalents but which return RSA and DSA
284 * keys 413 * keys
285 */ 414 */
286#ifndef OPENSSL_NO_RSA 415#ifndef OPENSSL_NO_RSA
287RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, 416RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
288 long length) 417 long length)
289{ 418 {
290 EVP_PKEY *pkey; 419 EVP_PKEY *pkey;
291 RSA *key; 420 RSA *key;
292 unsigned char *q; 421 const unsigned char *q;
293 q = *pp; 422 q = *pp;
294 pkey = d2i_PUBKEY(NULL, &q, length); 423 pkey = d2i_PUBKEY(NULL, &q, length);
295 if(!pkey) return NULL; 424 if (!pkey) return NULL;
296 key = EVP_PKEY_get1_RSA(pkey); 425 key = EVP_PKEY_get1_RSA(pkey);
297 EVP_PKEY_free(pkey); 426 EVP_PKEY_free(pkey);
298 if(!key) return NULL; 427 if (!key) return NULL;
299 *pp = q; 428 *pp = q;
300 if(a) { 429 if (a)
430 {
301 RSA_free(*a); 431 RSA_free(*a);
302 *a = key; 432 *a = key;
303 } 433 }
304 return key; 434 return key;
305} 435 }
306 436
307int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) 437int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
308{ 438 {
309 EVP_PKEY *pktmp; 439 EVP_PKEY *pktmp;
310 int ret; 440 int ret;
311 if(!a) return 0; 441 if (!a) return 0;
312 pktmp = EVP_PKEY_new(); 442 pktmp = EVP_PKEY_new();
313 if(!pktmp) { 443 if (!pktmp)
444 {
314 ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); 445 ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
315 return 0; 446 return 0;
316 } 447 }
317 EVP_PKEY_set1_RSA(pktmp, a); 448 EVP_PKEY_set1_RSA(pktmp, a);
318 ret = i2d_PUBKEY(pktmp, pp); 449 ret = i2d_PUBKEY(pktmp, pp);
319 EVP_PKEY_free(pktmp); 450 EVP_PKEY_free(pktmp);
320 return ret; 451 return ret;
321} 452 }
322#endif 453#endif
323 454
324#ifndef OPENSSL_NO_DSA 455#ifndef OPENSSL_NO_DSA
325DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, 456DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
326 long length) 457 long length)
327{ 458 {
328 EVP_PKEY *pkey; 459 EVP_PKEY *pkey;
329 DSA *key; 460 DSA *key;
330 unsigned char *q; 461 const unsigned char *q;
331 q = *pp; 462 q = *pp;
332 pkey = d2i_PUBKEY(NULL, &q, length); 463 pkey = d2i_PUBKEY(NULL, &q, length);
333 if(!pkey) return NULL; 464 if (!pkey) return NULL;
334 key = EVP_PKEY_get1_DSA(pkey); 465 key = EVP_PKEY_get1_DSA(pkey);
335 EVP_PKEY_free(pkey); 466 EVP_PKEY_free(pkey);
336 if(!key) return NULL; 467 if (!key) return NULL;
337 *pp = q; 468 *pp = q;
338 if(a) { 469 if (a)
470 {
339 DSA_free(*a); 471 DSA_free(*a);
340 *a = key; 472 *a = key;
341 } 473 }
342 return key; 474 return key;
343} 475 }
344 476
345int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) 477int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
346{ 478 {
347 EVP_PKEY *pktmp; 479 EVP_PKEY *pktmp;
348 int ret; 480 int ret;
349 if(!a) return 0; 481 if(!a) return 0;
350 pktmp = EVP_PKEY_new(); 482 pktmp = EVP_PKEY_new();
351 if(!pktmp) { 483 if(!pktmp)
484 {
352 ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); 485 ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
353 return 0; 486 return 0;
354 } 487 }
355 EVP_PKEY_set1_DSA(pktmp, a); 488 EVP_PKEY_set1_DSA(pktmp, a);
356 ret = i2d_PUBKEY(pktmp, pp); 489 ret = i2d_PUBKEY(pktmp, pp);
357 EVP_PKEY_free(pktmp); 490 EVP_PKEY_free(pktmp);
358 return ret; 491 return ret;
359} 492 }
493#endif
494
495#ifndef OPENSSL_NO_EC
496EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
497 {
498 EVP_PKEY *pkey;
499 EC_KEY *key;
500 const unsigned char *q;
501 q = *pp;
502 pkey = d2i_PUBKEY(NULL, &q, length);
503 if (!pkey) return(NULL);
504 key = EVP_PKEY_get1_EC_KEY(pkey);
505 EVP_PKEY_free(pkey);
506 if (!key) return(NULL);
507 *pp = q;
508 if (a)
509 {
510 EC_KEY_free(*a);
511 *a = key;
512 }
513 return(key);
514 }
515
516int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
517 {
518 EVP_PKEY *pktmp;
519 int ret;
520 if (!a) return(0);
521 if ((pktmp = EVP_PKEY_new()) == NULL)
522 {
523 ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
524 return(0);
525 }
526 EVP_PKEY_set1_EC_KEY(pktmp, a);
527 ret = i2d_PUBKEY(pktmp, pp);
528 EVP_PKEY_free(pktmp);
529 return(ret);
530 }
360#endif 531#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-10 00:45:33 +0000