1 files changed, 193 insertions, 5 deletions
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index f92684fdd7..24e1dbb14c 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.50 2023/12/25 22:41:50 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.51 2023/12/29 10:59:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -55,13 +55,62 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
 #include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
-#include <openssl/opensslconf.h>
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
-#include <openssl/bn.h>
 #include <openssl/cmac.h>
+#include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -73,13 +122,152 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
-#include "asn1_local.h"
 #include "evp_local.h"
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
+static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
+        &cmac_asn1_meth,
+        &dh_asn1_meth,
+        &dsa_asn1_meths[0],
+        &dsa_asn1_meths[1],
+        &dsa_asn1_meths[2],
+        &dsa_asn1_meths[3],
+        &dsa_asn1_meths[4],
+        &eckey_asn1_meth,
+        &ed25519_asn1_meth,
+        &gostimit_asn1_meth,
+        &gostr01_asn1_meths[0],
+        &gostr01_asn1_meths[1],
+        &gostr01_asn1_meths[2],
+        &hmac_asn1_meth,
+        &rsa_asn1_meths[0],
+        &rsa_asn1_meths[1],
+        &rsa_pss_asn1_meth,
+        &x25519_asn1_meth,
+};
+#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
+int
+EVP_PKEY_asn1_get_count(void)
+{
+        return N_ASN1_METHODS;
+}
+const EVP_PKEY_ASN1_METHOD *
+EVP_PKEY_asn1_get0(int idx)
+{
+        if (idx < 0 || idx >= N_ASN1_METHODS)
+                return NULL;
+        return asn1_methods[idx];
+}
+static const EVP_PKEY_ASN1_METHOD *
+pkey_asn1_find(int pkey_id)
+{
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int i;
+        for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
+                ameth = EVP_PKEY_asn1_get0(i);
+                if (ameth->pkey_id == pkey_id)
+                        return ameth;
+        }
+        return NULL;
+}
+/*
+ * XXX - fix this. In what looks like an infinite loop, this API only makes two
+ * calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method,
+ * the second call will find the method it aliases. Codify this in regress and
+ * make this explicit in code.
+ */
+const EVP_PKEY_ASN1_METHOD *
+EVP_PKEY_asn1_find(ENGINE **pe, int type)
+{
+        const EVP_PKEY_ASN1_METHOD *mp;
+        if (pe != NULL)
+                *pe = NULL;
+        for (;;) {
+                if ((mp = pkey_asn1_find(type)) == NULL)
+                        break;
+                if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0)
+                        break;
+                type = mp->pkey_base_id;
+        }
+        return mp;
+}
+const EVP_PKEY_ASN1_METHOD *
+EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
+{
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int i;
+        if (len == -1)
+                len = strlen(str);
+        if (pe != NULL)
+                *pe = NULL;
+        for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
+                ameth = EVP_PKEY_asn1_get0(i);
+                if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                        continue;
+                if (((int)strlen(ameth->pem_str) == len) &&
+                    !strncasecmp(ameth->pem_str, str, len))
+                        return ameth;
+        }
+        return NULL;
+}
+int
+EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
+    const char **pinfo, const char **ppem_str,
+    const EVP_PKEY_ASN1_METHOD *ameth)
+{
+        if (!ameth)
+                return 0;
+        if (ppkey_id)
+                *ppkey_id = ameth->pkey_id;
+        if (ppkey_base_id)
+                *ppkey_base_id = ameth->pkey_base_id;
+        if (ppkey_flags)
+                *ppkey_flags = ameth->pkey_flags;
+        if (pinfo)
+                *pinfo = ameth->info;
+        if (ppem_str)
+                *ppem_str = ameth->pem_str;
+        return 1;
+}
+const EVP_PKEY_ASN1_METHOD*
+EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
+{
+        return pkey->ameth;
+}
 int
 EVP_PKEY_bits(const EVP_PKEY *pkey)
 {

diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index f92684fdd7..24e1dbb14c 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p_lib.c,v 1.50 2023/12/25 22:41:50 tb Exp $ */	1	/* $OpenBSD: p_lib.c,v 1.51 2023/12/29 10:59:00 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -55,13 +55,62 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
		60	*
		61	* Redistribution and use in source and binary forms, with or without
		62	* modification, are permitted provided that the following conditions
		63	* are met:
		64	*
		65	* 1. Redistributions of source code must retain the above copyright
		66	* notice, this list of conditions and the following disclaimer.
		67	*
		68	* 2. Redistributions in binary form must reproduce the above copyright
		69	* notice, this list of conditions and the following disclaimer in
		70	* the documentation and/or other materials provided with the
		71	* distribution.
		72	*
		73	* 3. All advertising materials mentioning features or use of this
		74	* software must display the following acknowledgment:
		75	* "This product includes software developed by the OpenSSL Project
		76	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
		77	*
		78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		79	* endorse or promote products derived from this software without
		80	* prior written permission. For written permission, please contact
		81	* licensing@OpenSSL.org.
		82	*
		83	* 5. Products derived from this software may not be called "OpenSSL"
		84	* nor may "OpenSSL" appear in their names without prior written
		85	* permission of the OpenSSL Project.
		86	*
		87	* 6. Redistributions of any form whatsoever must retain the following
		88	* acknowledgment:
		89	* "This product includes software developed by the OpenSSL Project
		90	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
		91	*
		92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		103	* OF THE POSSIBILITY OF SUCH DAMAGE.
		104	*/
58		105
59	#include <stdio.h>	106	#include <stdio.h>
		107	#include <stdlib.h>
		108	#include <string.h>
60		109
61	#include <openssl/opensslconf.h>	110	#include <openssl/asn1.h>
62		111	#include <openssl/bio.h>
63	#include <openssl/bn.h>
64	#include <openssl/cmac.h>	112	#include <openssl/cmac.h>
		113	#include <openssl/crypto.h>
65	#include <openssl/err.h>	114	#include <openssl/err.h>
66	#include <openssl/evp.h>	115	#include <openssl/evp.h>
67	#include <openssl/objects.h>	116	#include <openssl/objects.h>
@@ -73,13 +122,152 @@
73	#ifndef OPENSSL_NO_DSA	122	#ifndef OPENSSL_NO_DSA
74	#include <openssl/dsa.h>	123	#include <openssl/dsa.h>
75	#endif	124	#endif
		125	#ifndef OPENSSL_NO_EC
		126	#include <openssl/ec.h>
		127	#endif
76	#ifndef OPENSSL_NO_RSA	128	#ifndef OPENSSL_NO_RSA
77	#include <openssl/rsa.h>	129	#include <openssl/rsa.h>
78	#endif	130	#endif
79		131
80	#include "asn1_local.h"
81	#include "evp_local.h"	132	#include "evp_local.h"
82		133
		134	extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
		135	extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
		136	extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
		137	extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
		138	extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
		139	extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
		140	extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
		141	extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
		142	extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
		143	extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
		144	extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
		145
		146	static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
		147	&cmac_asn1_meth,
		148	&dh_asn1_meth,
		149	&dsa_asn1_meths[0],
		150	&dsa_asn1_meths[1],
		151	&dsa_asn1_meths[2],
		152	&dsa_asn1_meths[3],
		153	&dsa_asn1_meths[4],
		154	&eckey_asn1_meth,
		155	&ed25519_asn1_meth,
		156	&gostimit_asn1_meth,
		157	&gostr01_asn1_meths[0],
		158	&gostr01_asn1_meths[1],
		159	&gostr01_asn1_meths[2],
		160	&hmac_asn1_meth,
		161	&rsa_asn1_meths[0],
		162	&rsa_asn1_meths[1],
		163	&rsa_pss_asn1_meth,
		164	&x25519_asn1_meth,
		165	};
		166
		167	#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
		168
		169	int
		170	EVP_PKEY_asn1_get_count(void)
		171	{
		172	return N_ASN1_METHODS;
		173	}
		174
		175	const EVP_PKEY_ASN1_METHOD *
		176	EVP_PKEY_asn1_get0(int idx)
		177	{
		178	if (idx < 0 \|\| idx >= N_ASN1_METHODS)
		179	return NULL;
		180
		181	return asn1_methods[idx];
		182	}
		183
		184	static const EVP_PKEY_ASN1_METHOD *
		185	pkey_asn1_find(int pkey_id)
		186	{
		187	const EVP_PKEY_ASN1_METHOD *ameth;
		188	int i;
		189
		190	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
		191	ameth = EVP_PKEY_asn1_get0(i);
		192	if (ameth->pkey_id == pkey_id)
		193	return ameth;
		194	}
		195
		196	return NULL;
		197	}
		198
		199	/*
		200	* XXX - fix this. In what looks like an infinite loop, this API only makes two
		201	* calls to pkey_asn1_find(): If the type resolves to an aliased ASN.1 method,
		202	* the second call will find the method it aliases. Codify this in regress and
		203	* make this explicit in code.
		204	*/
		205	const EVP_PKEY_ASN1_METHOD *
		206	EVP_PKEY_asn1_find(ENGINE **pe, int type)
		207	{
		208	const EVP_PKEY_ASN1_METHOD *mp;
		209
		210	if (pe != NULL)
		211	*pe = NULL;
		212
		213	for (;;) {
		214	if ((mp = pkey_asn1_find(type)) == NULL)
		215	break;
		216	if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0)
		217	break;
		218	type = mp->pkey_base_id;
		219	}
		220
		221	return mp;
		222	}
		223
		224	const EVP_PKEY_ASN1_METHOD *
		225	EVP_PKEY_asn1_find_str(ENGINE *pe, const char str, int len)
		226	{
		227	const EVP_PKEY_ASN1_METHOD *ameth;
		228	int i;
		229
		230	if (len == -1)
		231	len = strlen(str);
		232	if (pe != NULL)
		233	*pe = NULL;
		234	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
		235	ameth = EVP_PKEY_asn1_get0(i);
		236	if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
		237	continue;
		238	if (((int)strlen(ameth->pem_str) == len) &&
		239	!strncasecmp(ameth->pem_str, str, len))
		240	return ameth;
		241	}
		242	return NULL;
		243	}
		244
		245	int
		246	EVP_PKEY_asn1_get0_info(int ppkey_id, int ppkey_base_id, int *ppkey_flags,
		247	const char pinfo, const char ppem_str,
		248	const EVP_PKEY_ASN1_METHOD *ameth)
		249	{
		250	if (!ameth)
		251	return 0;
		252	if (ppkey_id)
		253	*ppkey_id = ameth->pkey_id;
		254	if (ppkey_base_id)
		255	*ppkey_base_id = ameth->pkey_base_id;
		256	if (ppkey_flags)
		257	*ppkey_flags = ameth->pkey_flags;
		258	if (pinfo)
		259	*pinfo = ameth->info;
		260	if (ppem_str)
		261	*ppem_str = ameth->pem_str;
		262	return 1;
		263	}
		264
		265	const EVP_PKEY_ASN1_METHOD*
		266	EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
		267	{
		268	return pkey->ameth;
		269	}
		270
83	int	271	int
84	EVP_PKEY_bits(const EVP_PKEY *pkey)	272	EVP_PKEY_bits(const EVP_PKEY *pkey)
85	{	273	{