summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/crypto/evp/evp_pkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/crypto/evp/evp_pkey.c')
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_pkey.c398
1 files changed, 36 insertions, 362 deletions
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c
index 0147f3e02a..47a69932a5 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -61,24 +61,14 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#ifndef OPENSSL_NO_RSA
65#include <openssl/rsa.h>
66#endif
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
70#include <openssl/bn.h>
71 64
72#ifndef OPENSSL_NO_DSA 65#ifndef OPENSSL_NO_DSA
73static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); 66static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
74#endif 67#endif
75#ifndef OPENSSL_NO_EC
76static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
77#endif
78 68
79/* Extract a private key from a PKCS8 structure */ 69/* Extract a private key from a PKCS8 structure */
80 70
81EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) 71EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
82{ 72{
83 EVP_PKEY *pkey = NULL; 73 EVP_PKEY *pkey = NULL;
84#ifndef OPENSSL_NO_RSA 74#ifndef OPENSSL_NO_RSA
@@ -86,24 +76,16 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
86#endif 76#endif
87#ifndef OPENSSL_NO_DSA 77#ifndef OPENSSL_NO_DSA
88 DSA *dsa = NULL; 78 DSA *dsa = NULL;
89 ASN1_TYPE *t1, *t2;
90 ASN1_INTEGER *privkey; 79 ASN1_INTEGER *privkey;
80 ASN1_TYPE *t1, *t2, *param = NULL;
91 STACK_OF(ASN1_TYPE) *ndsa = NULL; 81 STACK_OF(ASN1_TYPE) *ndsa = NULL;
92#endif
93#ifndef OPENSSL_NO_EC
94 EC_KEY *eckey = NULL;
95 const unsigned char *p_tmp;
96#endif
97#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
98 ASN1_TYPE *param = NULL;
99 BN_CTX *ctx = NULL; 82 BN_CTX *ctx = NULL;
100 int plen; 83 int plen;
101#endif 84#endif
102 X509_ALGOR *a; 85 X509_ALGOR *a;
103 const unsigned char *p; 86 unsigned char *p;
104 const unsigned char *cp; 87 const unsigned char *cp;
105 int pkeylen; 88 int pkeylen;
106 int nid;
107 char obj_tmp[80]; 89 char obj_tmp[80];
108 90
109 if(p8->pkey->type == V_ASN1_OCTET_STRING) { 91 if(p8->pkey->type == V_ASN1_OCTET_STRING) {
@@ -120,8 +102,7 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
120 return NULL; 102 return NULL;
121 } 103 }
122 a = p8->pkeyalg; 104 a = p8->pkeyalg;
123 nid = OBJ_obj2nid(a->algorithm); 105 switch (OBJ_obj2nid(a->algorithm))
124 switch(nid)
125 { 106 {
126#ifndef OPENSSL_NO_RSA 107#ifndef OPENSSL_NO_RSA
127 case NID_rsaEncryption: 108 case NID_rsaEncryption:
@@ -227,112 +208,6 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
227 return NULL; 208 return NULL;
228 break; 209 break;
229#endif 210#endif
230#ifndef OPENSSL_NO_EC
231 case NID_X9_62_id_ecPublicKey:
232 p_tmp = p;
233 /* extract the ec parameters */
234 param = p8->pkeyalg->parameter;
235
236 if (!param || ((param->type != V_ASN1_SEQUENCE) &&
237 (param->type != V_ASN1_OBJECT)))
238 {
239 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
240 goto ecerr;
241 }
242
243 if (param->type == V_ASN1_SEQUENCE)
244 {
245 cp = p = param->value.sequence->data;
246 plen = param->value.sequence->length;
247
248 if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
249 {
250 EVPerr(EVP_F_EVP_PKCS82PKEY,
251 EVP_R_DECODE_ERROR);
252 goto ecerr;
253 }
254 }
255 else
256 {
257 EC_GROUP *group;
258 cp = p = param->value.object->data;
259 plen = param->value.object->length;
260
261 /* type == V_ASN1_OBJECT => the parameters are given
262 * by an asn1 OID
263 */
264 if ((eckey = EC_KEY_new()) == NULL)
265 {
266 EVPerr(EVP_F_EVP_PKCS82PKEY,
267 ERR_R_MALLOC_FAILURE);
268 goto ecerr;
269 }
270 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
271 if (group == NULL)
272 goto ecerr;
273 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274 if (EC_KEY_set_group(eckey, group) == 0)
275 goto ecerr;
276 EC_GROUP_free(group);
277 }
278
279 /* We have parameters now set private key */
280 if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
281 {
282 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
283 goto ecerr;
284 }
285
286 /* calculate public key (if necessary) */
287 if (EC_KEY_get0_public_key(eckey) == NULL)
288 {
289 const BIGNUM *priv_key;
290 const EC_GROUP *group;
291 EC_POINT *pub_key;
292 /* the public key was not included in the SEC1 private
293 * key => calculate the public key */
294 group = EC_KEY_get0_group(eckey);
295 pub_key = EC_POINT_new(group);
296 if (pub_key == NULL)
297 {
298 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
299 goto ecerr;
300 }
301 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
302 {
303 EC_POINT_free(pub_key);
304 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
305 goto ecerr;
306 }
307 priv_key = EC_KEY_get0_private_key(eckey);
308 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
309 {
310 EC_POINT_free(pub_key);
311 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
312 goto ecerr;
313 }
314 if (EC_KEY_set_public_key(eckey, pub_key) == 0)
315 {
316 EC_POINT_free(pub_key);
317 EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
318 goto ecerr;
319 }
320 EC_POINT_free(pub_key);
321 }
322
323 EVP_PKEY_assign_EC_KEY(pkey, eckey);
324 if (ctx)
325 BN_CTX_free(ctx);
326 break;
327ecerr:
328 if (ctx)
329 BN_CTX_free(ctx);
330 if (eckey)
331 EC_KEY_free(eckey);
332 if (pkey)
333 EVP_PKEY_free(pkey);
334 return NULL;
335#endif
336 default: 211 default:
337 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
338 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 213 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
@@ -356,17 +231,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
356 PKCS8_PRIV_KEY_INFO *p8; 231 PKCS8_PRIV_KEY_INFO *p8;
357 232
358 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { 233 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
359 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); 234 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
360 return NULL; 235 return NULL;
361 } 236 }
362 p8->broken = broken; 237 p8->broken = broken;
363 if (!ASN1_INTEGER_set(p8->version, 0)) { 238 if (!ASN1_INTEGER_set(p8->version, 0)) {
364 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); 239 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
365 PKCS8_PRIV_KEY_INFO_free (p8); 240 PKCS8_PRIV_KEY_INFO_free (p8);
366 return NULL; 241 return NULL;
367 } 242 }
368 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { 243 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
369 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); 244 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
370 PKCS8_PRIV_KEY_INFO_free (p8); 245 PKCS8_PRIV_KEY_INFO_free (p8);
371 return NULL; 246 return NULL;
372 } 247 }
@@ -379,9 +254,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
379 254
380 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); 255 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
381 p8->pkeyalg->parameter->type = V_ASN1_NULL; 256 p8->pkeyalg->parameter->type = V_ASN1_NULL;
382 if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, 257 if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
383 &p8->pkey->value.octet_string)) { 258 &p8->pkey->value.octet_string)) {
384 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); 259 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
385 PKCS8_PRIV_KEY_INFO_free (p8); 260 PKCS8_PRIV_KEY_INFO_free (p8);
386 return NULL; 261 return NULL;
387 } 262 }
@@ -396,22 +271,13 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
396 271
397 break; 272 break;
398#endif 273#endif
399#ifndef OPENSSL_NO_EC
400 case EVP_PKEY_EC:
401 if (!eckey_pkey2pkcs8(p8, pkey))
402 {
403 PKCS8_PRIV_KEY_INFO_free(p8);
404 return(NULL);
405 }
406 break;
407#endif
408 default: 274 default:
409 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 275 EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
410 PKCS8_PRIV_KEY_INFO_free (p8); 276 PKCS8_PRIV_KEY_INFO_free (p8);
411 return NULL; 277 return NULL;
412 } 278 }
413 RAND_add(p8->pkey->value.octet_string->data, 279 RAND_add(p8->pkey->value.octet_string->data,
414 p8->pkey->value.octet_string->length, 0.0); 280 p8->pkey->value.octet_string->length, 0);
415 return p8; 281 return p8;
416} 282}
417 283
@@ -431,8 +297,10 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
431 break; 297 break;
432 298
433 default: 299 default:
434 EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); 300 EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
435 return NULL; 301 return NULL;
302 break;
303
436 } 304 }
437} 305}
438 306
@@ -449,24 +317,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
449 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); 317 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
450 len = i2d_DSAparams (pkey->pkey.dsa, NULL); 318 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
451 if (!(p = OPENSSL_malloc(len))) { 319 if (!(p = OPENSSL_malloc(len))) {
452 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 320 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
453 goto err; 321 goto err;
454 } 322 }
455 q = p; 323 q = p;
456 i2d_DSAparams (pkey->pkey.dsa, &q); 324 i2d_DSAparams (pkey->pkey.dsa, &q);
457 if (!(params = ASN1_STRING_new())) { 325 if (!(params = ASN1_STRING_new())) {
458 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 326 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
459 goto err; 327 goto err;
460 } 328 }
461 if (!ASN1_STRING_set(params, p, len)) { 329 if (!ASN1_STRING_set(params, p, len)) {
462 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 330 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
463 goto err; 331 goto err;
464 } 332 }
465 OPENSSL_free(p); 333 OPENSSL_free(p);
466 p = NULL; 334 p = NULL;
467 /* Get private key into integer */ 335 /* Get private key into integer */
468 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { 336 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
469 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 337 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
470 goto err; 338 goto err;
471 } 339 }
472 340
@@ -475,9 +343,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
475 case PKCS8_OK: 343 case PKCS8_OK:
476 case PKCS8_NO_OCTET: 344 case PKCS8_NO_OCTET:
477 345
478 if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, 346 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
479 &p8->pkey->value.octet_string)) { 347 &p8->pkey->value.octet_string)) {
480 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 348 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
481 goto err; 349 goto err;
482 } 350 }
483 351
@@ -495,39 +363,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
495 params = NULL; 363 params = NULL;
496 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 364 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
497 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 365 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
498 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 366 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
499 goto err; 367 goto err;
500 } 368 }
501 if (!(ttmp = ASN1_TYPE_new())) { 369 if (!(ttmp = ASN1_TYPE_new())) {
502 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 370 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
503 goto err; 371 goto err;
504 } 372 }
505 if (!(ttmp->value.integer = 373 if (!(ttmp->value.integer =
506 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { 374 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
507 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 375 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
508 goto err; 376 goto err;
509 } 377 }
510 ttmp->type = V_ASN1_INTEGER; 378 ttmp->type = V_ASN1_INTEGER;
511 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 379 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
512 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 380 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
513 goto err; 381 goto err;
514 } 382 }
515 383
516 if (!(ttmp = ASN1_TYPE_new())) { 384 if (!(ttmp = ASN1_TYPE_new())) {
517 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 385 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
518 goto err; 386 goto err;
519 } 387 }
520 ttmp->value.integer = prkey; 388 ttmp->value.integer = prkey;
521 prkey = NULL; 389 prkey = NULL;
522 ttmp->type = V_ASN1_INTEGER; 390 ttmp->type = V_ASN1_INTEGER;
523 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 391 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
524 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 392 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
525 goto err; 393 goto err;
526 } 394 }
527 ttmp = NULL; 395 ttmp = NULL;
528 396
529 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 397 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
530 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 398 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
531 goto err; 399 goto err;
532 } 400 }
533 401
@@ -535,7 +403,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
535 &p8->pkey->value.octet_string->data, 403 &p8->pkey->value.octet_string->data,
536 &p8->pkey->value.octet_string->length)) { 404 &p8->pkey->value.octet_string->length)) {
537 405
538 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 406 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
539 goto err; 407 goto err;
540 } 408 }
541 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 409 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -545,36 +413,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
545 413
546 p8->pkeyalg->parameter->type = V_ASN1_NULL; 414 p8->pkeyalg->parameter->type = V_ASN1_NULL;
547 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 415 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
548 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 416 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
549 goto err; 417 goto err;
550 } 418 }
551 if (!(ttmp = ASN1_TYPE_new())) { 419 if (!(ttmp = ASN1_TYPE_new())) {
552 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 420 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
553 goto err; 421 goto err;
554 } 422 }
555 ttmp->value.sequence = params; 423 ttmp->value.sequence = params;
556 params = NULL; 424 params = NULL;
557 ttmp->type = V_ASN1_SEQUENCE; 425 ttmp->type = V_ASN1_SEQUENCE;
558 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 426 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
559 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 427 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
560 goto err; 428 goto err;
561 } 429 }
562 430
563 if (!(ttmp = ASN1_TYPE_new())) { 431 if (!(ttmp = ASN1_TYPE_new())) {
564 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 432 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
565 goto err; 433 goto err;
566 } 434 }
567 ttmp->value.integer = prkey; 435 ttmp->value.integer = prkey;
568 prkey = NULL; 436 prkey = NULL;
569 ttmp->type = V_ASN1_INTEGER; 437 ttmp->type = V_ASN1_INTEGER;
570 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 438 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
571 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 439 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
572 goto err; 440 goto err;
573 } 441 }
574 ttmp = NULL; 442 ttmp = NULL;
575 443
576 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 444 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
577 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 445 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
578 goto err; 446 goto err;
579 } 447 }
580 448
@@ -582,7 +450,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
582 &p8->pkey->value.octet_string->data, 450 &p8->pkey->value.octet_string->data,
583 &p8->pkey->value.octet_string->length)) { 451 &p8->pkey->value.octet_string->length)) {
584 452
585 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 453 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
586 goto err; 454 goto err;
587 } 455 }
588 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 456 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -598,197 +466,3 @@ err:
598 return 0; 466 return 0;
599} 467}
600#endif 468#endif
601
602#ifndef OPENSSL_NO_EC
603static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
604{
605 EC_KEY *ec_key;
606 const EC_GROUP *group;
607 unsigned char *p, *pp;
608 int nid, i, ret = 0;
609 unsigned int tmp_flags, old_flags;
610
611 ec_key = pkey->pkey.ec;
612 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
613 {
614 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
615 return 0;
616 }
617
618 /* set the ec parameters OID */
619 if (p8->pkeyalg->algorithm)
620 ASN1_OBJECT_free(p8->pkeyalg->algorithm);
621
622 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
623
624 /* set the ec parameters */
625
626 if (p8->pkeyalg->parameter)
627 {
628 ASN1_TYPE_free(p8->pkeyalg->parameter);
629 p8->pkeyalg->parameter = NULL;
630 }
631
632 if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
633 {
634 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
635 return 0;
636 }
637
638 if (EC_GROUP_get_asn1_flag(group)
639 && (nid = EC_GROUP_get_curve_name(group)))
640 {
641 /* we have a 'named curve' => just set the OID */
642 p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643 p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
644 }
645 else /* explicit parameters */
646 {
647 if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
648 {
649 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
650 return 0;
651 }
652 if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
653 {
654 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
655 return 0;
656 }
657 pp = p;
658 if (!i2d_ECParameters(ec_key, &pp))
659 {
660 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
661 OPENSSL_free(p);
662 return 0;
663 }
664 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665 if ((p8->pkeyalg->parameter->value.sequence
666 = ASN1_STRING_new()) == NULL)
667 {
668 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
669 OPENSSL_free(p);
670 return 0;
671 }
672 ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
673 OPENSSL_free(p);
674 }
675
676 /* set the private key */
677
678 /* do not include the parameters in the SEC1 private key
679 * see PKCS#11 12.11 */
680 old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681 tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
682 EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683 i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
684 if (!i)
685 {
686 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
688 return 0;
689 }
690 p = (unsigned char *) OPENSSL_malloc(i);
691 if (!p)
692 {
693 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 pp = p;
698 if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
699 {
700 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
702 OPENSSL_free(p);
703 return 0;
704 }
705 /* restore old encoding flags */
706 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
707
708 switch(p8->broken) {
709
710 case PKCS8_OK:
711 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712 if (!p8->pkey->value.octet_string ||
713 !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
714 (const void *)p, i))
715
716 {
717 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
718 }
719 else
720 ret = 1;
721 break;
722 case PKCS8_NO_OCTET: /* RSA specific */
723 case PKCS8_NS_DB: /* DSA specific */
724 case PKCS8_EMBEDDED_PARAM: /* DSA specific */
725 default:
726 EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
727 }
728 OPENSSL_cleanse(p, (size_t)i);
729 OPENSSL_free(p);
730 return ret;
731}
732#endif
733
734/* EVP_PKEY attribute functions */
735
736int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
737{
738 return X509at_get_attr_count(key->attributes);
739}
740
741int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
742 int lastpos)
743{
744 return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
745}
746
747int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
748 int lastpos)
749{
750 return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
751}
752
753X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
754{
755 return X509at_get_attr(key->attributes, loc);
756}
757
758X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
759{
760 return X509at_delete_attr(key->attributes, loc);
761}
762
763int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
764{
765 if(X509at_add1_attr(&key->attributes, attr)) return 1;
766 return 0;
767}
768
769int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
770 const ASN1_OBJECT *obj, int type,
771 const unsigned char *bytes, int len)
772{
773 if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
774 type, bytes, len)) return 1;
775 return 0;
776}
777
778int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
779 int nid, int type,
780 const unsigned char *bytes, int len)
781{
782 if(X509at_add1_attr_by_NID(&key->attributes, nid,
783 type, bytes, len)) return 1;
784 return 0;
785}
786
787int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
788 const char *attrname, int type,
789 const unsigned char *bytes, int len)
790{
791 if(X509at_add1_attr_by_txt(&key->attributes, attrname,
792 type, bytes, len)) return 1;
793 return 0;
794}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 00:57:30 +0000