summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/evp_pkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp/evp_pkey.c')
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c398
1 files changed, 362 insertions, 36 deletions
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 47a69932a5..0147f3e02a 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -61,14 +61,24 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#ifndef OPENSSL_NO_RSA
65#include <openssl/rsa.h>
66#endif
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
70#include <openssl/bn.h>
64 71
65#ifndef OPENSSL_NO_DSA 72#ifndef OPENSSL_NO_DSA
66static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); 73static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
67#endif 74#endif
75#ifndef OPENSSL_NO_EC
76static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
77#endif
68 78
69/* Extract a private key from a PKCS8 structure */ 79/* Extract a private key from a PKCS8 structure */
70 80
71EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) 81EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
72{ 82{
73 EVP_PKEY *pkey = NULL; 83 EVP_PKEY *pkey = NULL;
74#ifndef OPENSSL_NO_RSA 84#ifndef OPENSSL_NO_RSA
@@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
76#endif 86#endif
77#ifndef OPENSSL_NO_DSA 87#ifndef OPENSSL_NO_DSA
78 DSA *dsa = NULL; 88 DSA *dsa = NULL;
89 ASN1_TYPE *t1, *t2;
79 ASN1_INTEGER *privkey; 90 ASN1_INTEGER *privkey;
80 ASN1_TYPE *t1, *t2, *param = NULL;
81 STACK_OF(ASN1_TYPE) *ndsa = NULL; 91 STACK_OF(ASN1_TYPE) *ndsa = NULL;
92#endif
93#ifndef OPENSSL_NO_EC
94 EC_KEY *eckey = NULL;
95 const unsigned char *p_tmp;
96#endif
97#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
98 ASN1_TYPE *param = NULL;
82 BN_CTX *ctx = NULL; 99 BN_CTX *ctx = NULL;
83 int plen; 100 int plen;
84#endif 101#endif
85 X509_ALGOR *a; 102 X509_ALGOR *a;
86 unsigned char *p; 103 const unsigned char *p;
87 const unsigned char *cp; 104 const unsigned char *cp;
88 int pkeylen; 105 int pkeylen;
106 int nid;
89 char obj_tmp[80]; 107 char obj_tmp[80];
90 108
91 if(p8->pkey->type == V_ASN1_OCTET_STRING) { 109 if(p8->pkey->type == V_ASN1_OCTET_STRING) {
@@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
102 return NULL; 120 return NULL;
103 } 121 }
104 a = p8->pkeyalg; 122 a = p8->pkeyalg;
105 switch (OBJ_obj2nid(a->algorithm)) 123 nid = OBJ_obj2nid(a->algorithm);
124 switch(nid)
106 { 125 {
107#ifndef OPENSSL_NO_RSA 126#ifndef OPENSSL_NO_RSA
108 case NID_rsaEncryption: 127 case NID_rsaEncryption:
@@ -208,6 +227,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
208 return NULL; 227 return NULL;
209 break; 228 break;
210#endif 229#endif
230#ifndef OPENSSL_NO_EC
231 case NID_X9_62_id_ecPublicKey:
232 p_tmp = p;
233 /* extract the ec parameters */
234 param = p8->pkeyalg->parameter;
235
236 if (!param || ((param->type != V_ASN1_SEQUENCE) &&
237 (param->type != V_ASN1_OBJECT)))
238 {
239 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
240 goto ecerr;
241 }
242
243 if (param->type == V_ASN1_SEQUENCE)
244 {
245 cp = p = param->value.sequence->data;
246 plen = param->value.sequence->length;
247
248 if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
249 {
250 EVPerr(EVP_F_EVP_PKCS82PKEY,
251 EVP_R_DECODE_ERROR);
252 goto ecerr;
253 }
254 }
255 else
256 {
257 EC_GROUP *group;
258 cp = p = param->value.object->data;
259 plen = param->value.object->length;
260
261 /* type == V_ASN1_OBJECT => the parameters are given
262 * by an asn1 OID
263 */
264 if ((eckey = EC_KEY_new()) == NULL)
265 {
266 EVPerr(EVP_F_EVP_PKCS82PKEY,
267 ERR_R_MALLOC_FAILURE);
268 goto ecerr;
269 }
270 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
271 if (group == NULL)
272 goto ecerr;
273 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274 if (EC_KEY_set_group(eckey, group) == 0)
275 goto ecerr;
276 EC_GROUP_free(group);
277 }
278
279 /* We have parameters now set private key */
280 if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
281 {
282 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
283 goto ecerr;
284 }
285
286 /* calculate public key (if necessary) */
287 if (EC_KEY_get0_public_key(eckey) == NULL)
288 {
289 const BIGNUM *priv_key;
290 const EC_GROUP *group;
291 EC_POINT *pub_key;
292 /* the public key was not included in the SEC1 private
293 * key => calculate the public key */
294 group = EC_KEY_get0_group(eckey);
295 pub_key = EC_POINT_new(group);
296 if (pub_key == NULL)
297 {
298 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
299 goto ecerr;
300 }
301 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
302 {
303 EC_POINT_free(pub_key);
304 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
305 goto ecerr;
306 }
307 priv_key = EC_KEY_get0_private_key(eckey);
308 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
309 {
310 EC_POINT_free(pub_key);
311 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
312 goto ecerr;
313 }
314 if (EC_KEY_set_public_key(eckey, pub_key) == 0)
315 {
316 EC_POINT_free(pub_key);
317 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
318 goto ecerr;
319 }
320 EC_POINT_free(pub_key);
321 }
322
323 EVP_PKEY_assign_EC_KEY(pkey, eckey);
324 if (ctx)
325 BN_CTX_free(ctx);
326 break;
327ecerr:
328 if (ctx)
329 BN_CTX_free(ctx);
330 if (eckey)
331 EC_KEY_free(eckey);
332 if (pkey)
333 EVP_PKEY_free(pkey);
334 return NULL;
335#endif
211 default: 336 default:
212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 337 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
213 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 338 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
@@ -231,17 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
231 PKCS8_PRIV_KEY_INFO *p8; 356 PKCS8_PRIV_KEY_INFO *p8;
232 357
233 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { 358 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
234 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 359 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
235 return NULL; 360 return NULL;
236 } 361 }
237 p8->broken = broken; 362 p8->broken = broken;
238 if (!ASN1_INTEGER_set(p8->version, 0)) { 363 if (!ASN1_INTEGER_set(p8->version, 0)) {
239 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 364 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
240 PKCS8_PRIV_KEY_INFO_free (p8); 365 PKCS8_PRIV_KEY_INFO_free (p8);
241 return NULL; 366 return NULL;
242 } 367 }
243 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { 368 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
244 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 369 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
245 PKCS8_PRIV_KEY_INFO_free (p8); 370 PKCS8_PRIV_KEY_INFO_free (p8);
246 return NULL; 371 return NULL;
247 } 372 }
@@ -254,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
254 379
255 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); 380 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
256 p8->pkeyalg->parameter->type = V_ASN1_NULL; 381 p8->pkeyalg->parameter->type = V_ASN1_NULL;
257 if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, 382 if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
258 &p8->pkey->value.octet_string)) { 383 &p8->pkey->value.octet_string)) {
259 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 384 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
260 PKCS8_PRIV_KEY_INFO_free (p8); 385 PKCS8_PRIV_KEY_INFO_free (p8);
261 return NULL; 386 return NULL;
262 } 387 }
@@ -271,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
271 396
272 break; 397 break;
273#endif 398#endif
399#ifndef OPENSSL_NO_EC
400 case EVP_PKEY_EC:
401 if (!eckey_pkey2pkcs8(p8, pkey))
402 {
403 PKCS8_PRIV_KEY_INFO_free(p8);
404 return(NULL);
405 }
406 break;
407#endif
274 default: 408 default:
275 EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 409 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
276 PKCS8_PRIV_KEY_INFO_free (p8); 410 PKCS8_PRIV_KEY_INFO_free (p8);
277 return NULL; 411 return NULL;
278 } 412 }
279 RAND_add(p8->pkey->value.octet_string->data, 413 RAND_add(p8->pkey->value.octet_string->data,
280 p8->pkey->value.octet_string->length, 0); 414 p8->pkey->value.octet_string->length, 0.0);
281 return p8; 415 return p8;
282} 416}
283 417
@@ -297,10 +431,8 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
297 break; 431 break;
298 432
299 default: 433 default:
300 EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); 434 EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
301 return NULL; 435 return NULL;
302 break;
303
304 } 436 }
305} 437}
306 438
@@ -317,24 +449,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
317 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); 449 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
318 len = i2d_DSAparams (pkey->pkey.dsa, NULL); 450 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
319 if (!(p = OPENSSL_malloc(len))) { 451 if (!(p = OPENSSL_malloc(len))) {
320 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 452 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
321 goto err; 453 goto err;
322 } 454 }
323 q = p; 455 q = p;
324 i2d_DSAparams (pkey->pkey.dsa, &q); 456 i2d_DSAparams (pkey->pkey.dsa, &q);
325 if (!(params = ASN1_STRING_new())) { 457 if (!(params = ASN1_STRING_new())) {
326 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 458 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
327 goto err; 459 goto err;
328 } 460 }
329 if (!ASN1_STRING_set(params, p, len)) { 461 if (!ASN1_STRING_set(params, p, len)) {
330 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 462 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
331 goto err; 463 goto err;
332 } 464 }
333 OPENSSL_free(p); 465 OPENSSL_free(p);
334 p = NULL; 466 p = NULL;
335 /* Get private key into integer */ 467 /* Get private key into integer */
336 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { 468 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
337 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 469 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
338 goto err; 470 goto err;
339 } 471 }
340 472
@@ -343,9 +475,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
343 case PKCS8_OK: 475 case PKCS8_OK:
344 case PKCS8_NO_OCTET: 476 case PKCS8_NO_OCTET:
345 477
346 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, 478 if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
347 &p8->pkey->value.octet_string)) { 479 &p8->pkey->value.octet_string)) {
348 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 480 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
349 goto err; 481 goto err;
350 } 482 }
351 483
@@ -363,39 +495,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
363 params = NULL; 495 params = NULL;
364 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 496 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
365 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 497 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
366 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 498 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
367 goto err; 499 goto err;
368 } 500 }
369 if (!(ttmp = ASN1_TYPE_new())) { 501 if (!(ttmp = ASN1_TYPE_new())) {
370 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 502 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
371 goto err; 503 goto err;
372 } 504 }
373 if (!(ttmp->value.integer = 505 if (!(ttmp->value.integer =
374 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { 506 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
375 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 507 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
376 goto err; 508 goto err;
377 } 509 }
378 ttmp->type = V_ASN1_INTEGER; 510 ttmp->type = V_ASN1_INTEGER;
379 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 511 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
380 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 512 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
381 goto err; 513 goto err;
382 } 514 }
383 515
384 if (!(ttmp = ASN1_TYPE_new())) { 516 if (!(ttmp = ASN1_TYPE_new())) {
385 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 517 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
386 goto err; 518 goto err;
387 } 519 }
388 ttmp->value.integer = prkey; 520 ttmp->value.integer = prkey;
389 prkey = NULL; 521 prkey = NULL;
390 ttmp->type = V_ASN1_INTEGER; 522 ttmp->type = V_ASN1_INTEGER;
391 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 523 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
392 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 524 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
393 goto err; 525 goto err;
394 } 526 }
395 ttmp = NULL; 527 ttmp = NULL;
396 528
397 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 529 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
398 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 530 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
399 goto err; 531 goto err;
400 } 532 }
401 533
@@ -403,7 +535,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
403 &p8->pkey->value.octet_string->data, 535 &p8->pkey->value.octet_string->data,
404 &p8->pkey->value.octet_string->length)) { 536 &p8->pkey->value.octet_string->length)) {
405 537
406 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 538 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
407 goto err; 539 goto err;
408 } 540 }
409 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 541 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -413,36 +545,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
413 545
414 p8->pkeyalg->parameter->type = V_ASN1_NULL; 546 p8->pkeyalg->parameter->type = V_ASN1_NULL;
415 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 547 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
416 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 548 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
417 goto err; 549 goto err;
418 } 550 }
419 if (!(ttmp = ASN1_TYPE_new())) { 551 if (!(ttmp = ASN1_TYPE_new())) {
420 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 552 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
421 goto err; 553 goto err;
422 } 554 }
423 ttmp->value.sequence = params; 555 ttmp->value.sequence = params;
424 params = NULL; 556 params = NULL;
425 ttmp->type = V_ASN1_SEQUENCE; 557 ttmp->type = V_ASN1_SEQUENCE;
426 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 558 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
427 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 559 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
428 goto err; 560 goto err;
429 } 561 }
430 562
431 if (!(ttmp = ASN1_TYPE_new())) { 563 if (!(ttmp = ASN1_TYPE_new())) {
432 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 564 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
433 goto err; 565 goto err;
434 } 566 }
435 ttmp->value.integer = prkey; 567 ttmp->value.integer = prkey;
436 prkey = NULL; 568 prkey = NULL;
437 ttmp->type = V_ASN1_INTEGER; 569 ttmp->type = V_ASN1_INTEGER;
438 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 570 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
439 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 571 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
440 goto err; 572 goto err;
441 } 573 }
442 ttmp = NULL; 574 ttmp = NULL;
443 575
444 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 576 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
445 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 577 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
446 goto err; 578 goto err;
447 } 579 }
448 580
@@ -450,7 +582,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
450 &p8->pkey->value.octet_string->data, 582 &p8->pkey->value.octet_string->data,
451 &p8->pkey->value.octet_string->length)) { 583 &p8->pkey->value.octet_string->length)) {
452 584
453 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 585 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
454 goto err; 586 goto err;
455 } 587 }
456 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 588 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -466,3 +598,197 @@ err:
466 return 0; 598 return 0;
467} 599}
468#endif 600#endif
601
602#ifndef OPENSSL_NO_EC
603static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
604{
605 EC_KEY *ec_key;
606 const EC_GROUP *group;
607 unsigned char *p, *pp;
608 int nid, i, ret = 0;
609 unsigned int tmp_flags, old_flags;
610
611 ec_key = pkey->pkey.ec;
612 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
613 {
614 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
615 return 0;
616 }
617
618 /* set the ec parameters OID */
619 if (p8->pkeyalg->algorithm)
620 ASN1_OBJECT_free(p8->pkeyalg->algorithm);
621
622 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
623
624 /* set the ec parameters */
625
626 if (p8->pkeyalg->parameter)
627 {
628 ASN1_TYPE_free(p8->pkeyalg->parameter);
629 p8->pkeyalg->parameter = NULL;
630 }
631
632 if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
633 {
634 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
635 return 0;
636 }
637
638 if (EC_GROUP_get_asn1_flag(group)
639 && (nid = EC_GROUP_get_curve_name(group)))
640 {
641 /* we have a 'named curve' => just set the OID */
642 p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643 p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
644 }
645 else /* explicit parameters */
646 {
647 if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
648 {
649 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
650 return 0;
651 }
652 if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
653 {
654 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
655 return 0;
656 }
657 pp = p;
658 if (!i2d_ECParameters(ec_key, &pp))
659 {
660 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
661 OPENSSL_free(p);
662 return 0;
663 }
664 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665 if ((p8->pkeyalg->parameter->value.sequence
666 = ASN1_STRING_new()) == NULL)
667 {
668 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
669 OPENSSL_free(p);
670 return 0;
671 }
672 ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
673 OPENSSL_free(p);
674 }
675
676 /* set the private key */
677
678 /* do not include the parameters in the SEC1 private key
679 * see PKCS#11 12.11 */
680 old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681 tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
682 EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683 i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
684 if (!i)
685 {
686 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
688 return 0;
689 }
690 p = (unsigned char *) OPENSSL_malloc(i);
691 if (!p)
692 {
693 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 pp = p;
698 if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
699 {
700 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
702 OPENSSL_free(p);
703 return 0;
704 }
705 /* restore old encoding flags */
706 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
707
708 switch(p8->broken) {
709
710 case PKCS8_OK:
711 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712 if (!p8->pkey->value.octet_string ||
713 !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
714 (const void *)p, i))
715
716 {
717 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
718 }
719 else
720 ret = 1;
721 break;
722 case PKCS8_NO_OCTET: /* RSA specific */
723 case PKCS8_NS_DB: /* DSA specific */
724 case PKCS8_EMBEDDED_PARAM: /* DSA specific */
725 default:
726 EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
727 }
728 OPENSSL_cleanse(p, (size_t)i);
729 OPENSSL_free(p);
730 return ret;
731}
732#endif
733
734/* EVP_PKEY attribute functions */
735
736int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
737{
738 return X509at_get_attr_count(key->attributes);
739}
740
741int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
742 int lastpos)
743{
744 return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
745}
746
747int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
748 int lastpos)
749{
750 return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
751}
752
753X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
754{
755 return X509at_get_attr(key->attributes, loc);
756}
757
758X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
759{
760 return X509at_delete_attr(key->attributes, loc);
761}
762
763int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
764{
765 if(X509at_add1_attr(&key->attributes, attr)) return 1;
766 return 0;
767}
768
769int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
770 const ASN1_OBJECT *obj, int type,
771 const unsigned char *bytes, int len)
772{
773 if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
774 type, bytes, len)) return 1;
775 return 0;
776}
777
778int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
779 int nid, int type,
780 const unsigned char *bytes, int len)
781{
782 if(X509at_add1_attr_by_NID(&key->attributes, nid,
783 type, bytes, len)) return 1;
784 return 0;
785}
786
787int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
788 const char *attrname, int type,
789 const unsigned char *bytes, int len)
790{
791 if(X509at_add1_attr_by_txt(&key->attributes, attrname,
792 type, bytes, len)) return 1;
793 return 0;
794}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-03 13:53:43 +0000