summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/Symbols.list4
-rw-r--r--src/lib/libcrypto/asn1/p8_pkey.c75
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c32
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c12
-rw-r--r--src/lib/libcrypto/x509/x509.h21
5 files changed, 46 insertions, 98 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 191e967e34..ea5c93995b 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1350,7 +1350,6 @@ EVP_PBE_cleanup
1350EVP_PBE_find 1350EVP_PBE_find
1351EVP_PKCS82PKEY 1351EVP_PKCS82PKEY
1352EVP_PKEY2PKCS8 1352EVP_PKEY2PKCS8
1353EVP_PKEY2PKCS8_broken
1354EVP_PKEY_CTX_ctrl 1353EVP_PKEY_CTX_ctrl
1355EVP_PKEY_CTX_ctrl_str 1354EVP_PKEY_CTX_ctrl_str
1356EVP_PKEY_CTX_dup 1355EVP_PKEY_CTX_dup
@@ -2193,9 +2192,10 @@ PKCS8_PRIV_KEY_INFO_new
2193PKCS8_add_keyusage 2192PKCS8_add_keyusage
2194PKCS8_decrypt 2193PKCS8_decrypt
2195PKCS8_encrypt 2194PKCS8_encrypt
2195PKCS8_pkey_add1_attr_by_NID
2196PKCS8_pkey_get0 2196PKCS8_pkey_get0
2197PKCS8_pkey_get0_attrs
2197PKCS8_pkey_set0 2198PKCS8_pkey_set0
2198PKCS8_set_broken
2199PKEY_USAGE_PERIOD_free 2199PKEY_USAGE_PERIOD_free
2200PKEY_USAGE_PERIOD_it 2200PKEY_USAGE_PERIOD_it
2201PKEY_USAGE_PERIOD_new 2201PKEY_USAGE_PERIOD_new
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
index 71d579456a..8f5e303e41 100644
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p8_pkey.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: p8_pkey.c,v 1.18 2018/08/24 20:07:41 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -69,11 +69,8 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
69 /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ 69 /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
70 if (operation == ASN1_OP_FREE_PRE) { 70 if (operation == ASN1_OP_FREE_PRE) {
71 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; 71 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
72 if (key->pkey != NULL && 72 if (key->pkey != NULL)
73 key->pkey->type == V_ASN1_OCTET_STRING && 73 explicit_bzero(key->pkey->data, key->pkey->length);
74 key->pkey->value.octet_string != NULL)
75 explicit_bzero(key->pkey->value.octet_string->data,
76 key->pkey->value.octet_string->length);
77 } 74 }
78 return 1; 75 return 1;
79} 76}
@@ -95,7 +92,7 @@ static const ASN1_TEMPLATE PKCS8_PRIV_KEY_INFO_seq_tt[] = {
95 { 92 {
96 .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey), 93 .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey),
97 .field_name = "pkey", 94 .field_name = "pkey",
98 .item = &ASN1_ANY_it, 95 .item = &ASN1_OCTET_STRING_it,
99 }, 96 },
100 { 97 {
101 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 98 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
@@ -145,33 +142,14 @@ int
145PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, 142PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
146 int ptype, void *pval, unsigned char *penc, int penclen) 143 int ptype, void *pval, unsigned char *penc, int penclen)
147{ 144{
148 unsigned char **ppenc = NULL;
149
150 if (version >= 0) { 145 if (version >= 0) {
151 if (!ASN1_INTEGER_set(priv->version, version)) 146 if (!ASN1_INTEGER_set(priv->version, version))
152 return 0; 147 return 0;
153 } 148 }
154 if (penc) { 149 if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
155 int pmtype;
156 ASN1_OCTET_STRING *oct;
157 oct = ASN1_OCTET_STRING_new();
158 if (!oct)
159 return 0;
160 oct->data = penc;
161 ppenc = &oct->data;
162 oct->length = penclen;
163 if (priv->broken == PKCS8_NO_OCTET)
164 pmtype = V_ASN1_SEQUENCE;
165 else
166 pmtype = V_ASN1_OCTET_STRING;
167 ASN1_TYPE_set(priv->pkey, pmtype, oct);
168 }
169 if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
170 /* If call fails do not swallow 'enc' */
171 if (ppenc)
172 *ppenc = NULL;
173 return 0; 150 return 0;
174 } 151 if (penc != NULL)
152 ASN1_STRING_set0(priv->pkey, penc, penclen);
175 return 1; 153 return 1;
176} 154}
177 155
@@ -179,23 +157,30 @@ int
179PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, 157PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen,
180 X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) 158 X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)
181{ 159{
182 if (ppkalg) 160 if (ppkalg != NULL)
183 *ppkalg = p8->pkeyalg->algorithm; 161 *ppkalg = p8->pkeyalg->algorithm;
184 if (p8->pkey->type == V_ASN1_OCTET_STRING) { 162 if (pk != NULL) {
185 p8->broken = PKCS8_OK; 163 *pk = ASN1_STRING_data(p8->pkey);
186 if (pk) { 164 *ppklen = ASN1_STRING_length(p8->pkey);
187 *pk = p8->pkey->value.octet_string->data; 165 }
188 *ppklen = p8->pkey->value.octet_string->length; 166 if (pa != NULL)
189 }
190 } else if (p8->pkey->type == V_ASN1_SEQUENCE) {
191 p8->broken = PKCS8_NO_OCTET;
192 if (pk) {
193 *pk = p8->pkey->value.sequence->data;
194 *ppklen = p8->pkey->value.sequence->length;
195 }
196 } else
197 return 0;
198 if (pa)
199 *pa = p8->pkeyalg; 167 *pa = p8->pkeyalg;
200 return 1; 168 return 1;
201} 169}
170
171const STACK_OF(X509_ATTRIBUTE) *
172PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
173{
174 return p8->attributes;
175}
176
177int
178PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
179 const unsigned char *bytes, int len)
180{
181 if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes,
182 len) != NULL)
183 return 1;
184 return 0;
185}
186
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 6e0d5cc3a2..aa075d6392 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_pkey.c,v 1.20 2018/05/13 06:48:00 tb Exp $ */ 1/* $OpenBSD: evp_pkey.c,v 1.21 2018/08/24 20:07:41 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -105,16 +105,10 @@ error:
105 return NULL; 105 return NULL;
106} 106}
107 107
108PKCS8_PRIV_KEY_INFO *
109EVP_PKEY2PKCS8(EVP_PKEY *pkey)
110{
111 return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
112}
113
114/* Turn a private key into a PKCS8 structure */ 108/* Turn a private key into a PKCS8 structure */
115 109
116PKCS8_PRIV_KEY_INFO * 110PKCS8_PRIV_KEY_INFO *
117EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) 111EVP_PKEY2PKCS8(EVP_PKEY *pkey)
118{ 112{
119 PKCS8_PRIV_KEY_INFO *p8; 113 PKCS8_PRIV_KEY_INFO *p8;
120 114
@@ -122,7 +116,6 @@ EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
122 EVPerror(ERR_R_MALLOC_FAILURE); 116 EVPerror(ERR_R_MALLOC_FAILURE);
123 return NULL; 117 return NULL;
124 } 118 }
125 p8->broken = broken;
126 119
127 if (pkey->ameth) { 120 if (pkey->ameth) {
128 if (pkey->ameth->priv_encode) { 121 if (pkey->ameth->priv_encode) {
@@ -145,27 +138,6 @@ error:
145 return NULL; 138 return NULL;
146} 139}
147 140
148PKCS8_PRIV_KEY_INFO *
149PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
150{
151 switch (broken) {
152 case PKCS8_OK:
153 p8->broken = PKCS8_OK;
154 return p8;
155 break;
156
157 case PKCS8_NO_OCTET:
158 p8->broken = PKCS8_NO_OCTET;
159 p8->pkey->type = V_ASN1_SEQUENCE;
160 return p8;
161 break;
162
163 default:
164 EVPerror(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
165 return NULL;
166 }
167}
168
169/* EVP_PKEY attribute functions */ 141/* EVP_PKEY attribute functions */
170 142
171int 143int
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
index 78d510b100..65bfaa039e 100644
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ b/src/lib/libcrypto/pkcs12/p12_attr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_attr.c,v 1.11 2018/05/13 14:15:01 tb Exp $ */ 1/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -77,14 +77,10 @@ PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
77int 77int
78PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) 78PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
79{ 79{
80 unsigned char us_val; 80 unsigned char us_val = (unsigned char)usage;
81 81
82 us_val = (unsigned char) usage; 82 return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, V_ASN1_BIT_STRING,
83 if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, 83 &us_val, 1);
84 V_ASN1_BIT_STRING, &us_val, 1))
85 return 1;
86 else
87 return 0;
88} 84}
89 85
90/* Add a friendlyname to a safebag */ 86/* Add a friendlyname to a safebag */
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 25af8314b2..6c1f8eb6e9 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.h,v 1.71 2018/08/24 19:59:32 tb Exp $ */ 1/* $OpenBSD: x509.h,v 1.72 2018/08/24 20:07:42 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -561,19 +561,12 @@ X509_ALGOR *prf;
561 561
562/* PKCS#8 private key info structure */ 562/* PKCS#8 private key info structure */
563 563
564struct pkcs8_priv_key_info_st 564struct pkcs8_priv_key_info_st {
565 {
566 int broken; /* Flag for various broken formats */
567#define PKCS8_OK 0
568#define PKCS8_NO_OCTET 1
569#define PKCS8_EMBEDDED_PARAM 2
570#define PKCS8_NS_DB 3
571#define PKCS8_NEG_PRIVKEY 4
572 ASN1_INTEGER *version; 565 ASN1_INTEGER *version;
573 X509_ALGOR *pkeyalg; 566 X509_ALGOR *pkeyalg;
574 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ 567 ASN1_OCTET_STRING *pkey;
575 STACK_OF(X509_ATTRIBUTE) *attributes; 568 STACK_OF(X509_ATTRIBUTE) *attributes;
576 }; 569};
577 570
578#ifdef __cplusplus 571#ifdef __cplusplus
579} 572}
@@ -1296,8 +1289,6 @@ extern const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it;
1296 1289
1297EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); 1290EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1298PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); 1291PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1299PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
1300PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
1301 1292
1302int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, 1293int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
1303 int version, int ptype, void *pval, 1294 int version, int ptype, void *pval,
@@ -1307,6 +1298,10 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
1307 X509_ALGOR **pa, 1298 X509_ALGOR **pa,
1308 PKCS8_PRIV_KEY_INFO *p8); 1299 PKCS8_PRIV_KEY_INFO *p8);
1309 1300
1301const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
1302int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
1303 const unsigned char *bytes, int len);
1304
1310int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, 1305int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
1311 int ptype, void *pval, 1306 int ptype, void *pval,
1312 unsigned char *penc, int penclen); 1307 unsigned char *penc, int penclen);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 05:24:41 +0000