| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #include <stdio.h> |
| 11 | #include "internal/cryptlib.h" |
| 12 | #include "internal/refcount.h" |
| 13 | #include <openssl/bn.h> |
| 14 | #include <openssl/err.h> |
| 15 | #include <openssl/objects.h> |
| 16 | #include <openssl/evp.h> |
| 17 | #include <openssl/x509.h> |
| 18 | #include <openssl/rsa.h> |
| 19 | #include <openssl/dsa.h> |
| 20 | #include <openssl/dh.h> |
| 21 | #include <openssl/cmac.h> |
| 22 | #include <openssl/engine.h> |
| 23 | |
| 24 | #include "crypto/asn1.h" |
| 25 | #include "crypto/evp.h" |
| 26 | |
| 27 | static void EVP_PKEY_free_it(EVP_PKEY *x); |
| 28 | |
| 29 | int EVP_PKEY_bits(const EVP_PKEY *pkey) |
| 30 | { |
| 31 | if (pkey && pkey->ameth && pkey->ameth->pkey_bits) |
| 32 | return pkey->ameth->pkey_bits(pkey); |
| 33 | return 0; |
| 34 | } |
| 35 | |
| 36 | int EVP_PKEY_security_bits(const EVP_PKEY *pkey) |
| 37 | { |
| 38 | if (pkey == NULL) |
| 39 | return 0; |
| 40 | if (!pkey->ameth || !pkey->ameth->pkey_security_bits) |
| 41 | return -2; |
| 42 | return pkey->ameth->pkey_security_bits(pkey); |
| 43 | } |
| 44 | |
| 45 | int EVP_PKEY_size(const EVP_PKEY *pkey) |
| 46 | { |
| 47 | if (pkey && pkey->ameth && pkey->ameth->pkey_size) |
| 48 | return pkey->ameth->pkey_size(pkey); |
| 49 | return 0; |
| 50 | } |
| 51 | |
| 52 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) |
| 53 | { |
| 54 | #ifndef OPENSSL_NO_DSA |
| 55 | if (pkey->type == EVP_PKEY_DSA) { |
| 56 | int ret = pkey->save_parameters; |
| 57 | |
| 58 | if (mode >= 0) |
| 59 | pkey->save_parameters = mode; |
| 60 | return ret; |
| 61 | } |
| 62 | #endif |
| 63 | #ifndef OPENSSL_NO_EC |
| 64 | if (pkey->type == EVP_PKEY_EC) { |
| 65 | int ret = pkey->save_parameters; |
| 66 | |
| 67 | if (mode >= 0) |
| 68 | pkey->save_parameters = mode; |
| 69 | return ret; |
| 70 | } |
| 71 | #endif |
| 72 | return 0; |
| 73 | } |
| 74 | |
| 75 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) |
| 76 | { |
| 77 | if (to->type == EVP_PKEY_NONE) { |
| 78 | if (EVP_PKEY_set_type(to, from->type) == 0) |
| 79 | return 0; |
| 80 | } else if (to->type != from->type) { |
| 81 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); |
| 82 | goto err; |
| 83 | } |
| 84 | |
| 85 | if (EVP_PKEY_missing_parameters(from)) { |
| 86 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); |
| 87 | goto err; |
| 88 | } |
| 89 | |
| 90 | if (!EVP_PKEY_missing_parameters(to)) { |
| 91 | if (EVP_PKEY_cmp_parameters(to, from) == 1) |
| 92 | return 1; |
| 93 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS); |
| 94 | return 0; |
| 95 | } |
| 96 | |
| 97 | if (from->ameth && from->ameth->param_copy) |
| 98 | return from->ameth->param_copy(to, from); |
| 99 | err: |
| 100 | return 0; |
| 101 | } |
| 102 | |
| 103 | int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) |
| 104 | { |
| 105 | if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing) |
| 106 | return pkey->ameth->param_missing(pkey); |
| 107 | return 0; |
| 108 | } |
| 109 | |
| 110 | int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
| 111 | { |
| 112 | if (a->type != b->type) |
| 113 | return -1; |
| 114 | if (a->ameth && a->ameth->param_cmp) |
| 115 | return a->ameth->param_cmp(a, b); |
| 116 | return -2; |
| 117 | } |
| 118 | |
| 119 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
| 120 | { |
| 121 | if (a->type != b->type) |
| 122 | return -1; |
| 123 | |
| 124 | if (a->ameth) { |
| 125 | int ret; |
| 126 | /* Compare parameters if the algorithm has them */ |
| 127 | if (a->ameth->param_cmp) { |
| 128 | ret = a->ameth->param_cmp(a, b); |
| 129 | if (ret <= 0) |
| 130 | return ret; |
| 131 | } |
| 132 | |
| 133 | if (a->ameth->pub_cmp) |
| 134 | return a->ameth->pub_cmp(a, b); |
| 135 | } |
| 136 | |
| 137 | return -2; |
| 138 | } |
| 139 | |
| 140 | EVP_PKEY *EVP_PKEY_new(void) |
| 141 | { |
| 142 | EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); |
| 143 | |
| 144 | if (ret == NULL) { |
| 145 | EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); |
| 146 | return NULL; |
| 147 | } |
| 148 | ret->type = EVP_PKEY_NONE; |
| 149 | ret->save_type = EVP_PKEY_NONE; |
| 150 | ret->references = 1; |
| 151 | ret->save_parameters = 1; |
| 152 | ret->lock = CRYPTO_THREAD_lock_new(); |
| 153 | if (ret->lock == NULL) { |
| 154 | EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); |
| 155 | OPENSSL_free(ret); |
| 156 | return NULL; |
| 157 | } |
| 158 | return ret; |
| 159 | } |
| 160 | |
| 161 | int EVP_PKEY_up_ref(EVP_PKEY *pkey) |
| 162 | { |
| 163 | int i; |
| 164 | |
| 165 | if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0) |
| 166 | return 0; |
| 167 | |
| 168 | REF_PRINT_COUNT("EVP_PKEY", pkey); |
| 169 | REF_ASSERT_ISNT(i < 2); |
| 170 | return ((i > 1) ? 1 : 0); |
| 171 | } |
| 172 | |
| 173 | /* |
| 174 | * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey |
| 175 | * is NULL just return 1 or 0 if the algorithm exists. |
| 176 | */ |
| 177 | |
| 178 | static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, |
| 179 | int len) |
| 180 | { |
| 181 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 182 | ENGINE **eptr = (e == NULL) ? &e : NULL; |
| 183 | |
| 184 | if (pkey) { |
| 185 | if (pkey->pkey.ptr) |
| 186 | EVP_PKEY_free_it(pkey); |
| 187 | /* |
| 188 | * If key type matches and a method exists then this lookup has |
| 189 | * succeeded once so just indicate success. |
| 190 | */ |
| 191 | if ((type == pkey->save_type) && pkey->ameth) |
| 192 | return 1; |
| 193 | #ifndef OPENSSL_NO_ENGINE |
| 194 | /* If we have ENGINEs release them */ |
| 195 | ENGINE_finish(pkey->engine); |
| 196 | pkey->engine = NULL; |
| 197 | ENGINE_finish(pkey->pmeth_engine); |
| 198 | pkey->pmeth_engine = NULL; |
| 199 | #endif |
| 200 | } |
| 201 | if (str) |
| 202 | ameth = EVP_PKEY_asn1_find_str(eptr, str, len); |
| 203 | else |
| 204 | ameth = EVP_PKEY_asn1_find(eptr, type); |
| 205 | #ifndef OPENSSL_NO_ENGINE |
| 206 | if (pkey == NULL && eptr != NULL) |
| 207 | ENGINE_finish(e); |
| 208 | #endif |
| 209 | if (ameth == NULL) { |
| 210 | EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); |
| 211 | return 0; |
| 212 | } |
| 213 | if (pkey) { |
| 214 | pkey->ameth = ameth; |
| 215 | pkey->type = pkey->ameth->pkey_id; |
| 216 | pkey->save_type = type; |
| 217 | # ifndef OPENSSL_NO_ENGINE |
| 218 | if (eptr == NULL && e != NULL && !ENGINE_init(e)) { |
| 219 | EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_INITIALIZATION_ERROR); |
| 220 | return 0; |
| 221 | } |
| 222 | # endif |
| 223 | pkey->engine = e; |
| 224 | } |
| 225 | return 1; |
| 226 | } |
| 227 | |
| 228 | EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, |
| 229 | const unsigned char *priv, |
| 230 | size_t len) |
| 231 | { |
| 232 | EVP_PKEY *ret = EVP_PKEY_new(); |
| 233 | |
| 234 | if (ret == NULL |
| 235 | || !pkey_set_type(ret, e, type, NULL, -1)) { |
| 236 | /* EVPerr already called */ |
| 237 | goto err; |
| 238 | } |
| 239 | |
| 240 | if (ret->ameth->set_priv_key == NULL) { |
| 241 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, |
| 242 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
| 243 | goto err; |
| 244 | } |
| 245 | |
| 246 | if (!ret->ameth->set_priv_key(ret, priv, len)) { |
| 247 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED); |
| 248 | goto err; |
| 249 | } |
| 250 | |
| 251 | return ret; |
| 252 | |
| 253 | err: |
| 254 | EVP_PKEY_free(ret); |
| 255 | return NULL; |
| 256 | } |
| 257 | |
| 258 | EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, |
| 259 | const unsigned char *pub, |
| 260 | size_t len) |
| 261 | { |
| 262 | EVP_PKEY *ret = EVP_PKEY_new(); |
| 263 | |
| 264 | if (ret == NULL |
| 265 | || !pkey_set_type(ret, e, type, NULL, -1)) { |
| 266 | /* EVPerr already called */ |
| 267 | goto err; |
| 268 | } |
| 269 | |
| 270 | if (ret->ameth->set_pub_key == NULL) { |
| 271 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, |
| 272 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
| 273 | goto err; |
| 274 | } |
| 275 | |
| 276 | if (!ret->ameth->set_pub_key(ret, pub, len)) { |
| 277 | EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED); |
| 278 | goto err; |
| 279 | } |
| 280 | |
| 281 | return ret; |
| 282 | |
| 283 | err: |
| 284 | EVP_PKEY_free(ret); |
| 285 | return NULL; |
| 286 | } |
| 287 | |
| 288 | int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, |
| 289 | size_t *len) |
| 290 | { |
| 291 | if (pkey->ameth->get_priv_key == NULL) { |
| 292 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, |
| 293 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
| 294 | return 0; |
| 295 | } |
| 296 | |
| 297 | if (!pkey->ameth->get_priv_key(pkey, priv, len)) { |
| 298 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED); |
| 299 | return 0; |
| 300 | } |
| 301 | |
| 302 | return 1; |
| 303 | } |
| 304 | |
| 305 | int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, |
| 306 | size_t *len) |
| 307 | { |
| 308 | if (pkey->ameth->get_pub_key == NULL) { |
| 309 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, |
| 310 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
| 311 | return 0; |
| 312 | } |
| 313 | |
| 314 | if (!pkey->ameth->get_pub_key(pkey, pub, len)) { |
| 315 | EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED); |
| 316 | return 0; |
| 317 | } |
| 318 | |
| 319 | return 1; |
| 320 | } |
| 321 | |
| 322 | EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, |
| 323 | size_t len, const EVP_CIPHER *cipher) |
| 324 | { |
| 325 | #ifndef OPENSSL_NO_CMAC |
| 326 | EVP_PKEY *ret = EVP_PKEY_new(); |
| 327 | CMAC_CTX *cmctx = CMAC_CTX_new(); |
| 328 | |
| 329 | if (ret == NULL |
| 330 | || cmctx == NULL |
| 331 | || !pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) { |
| 332 | /* EVPerr already called */ |
| 333 | goto err; |
| 334 | } |
| 335 | |
| 336 | if (!CMAC_Init(cmctx, priv, len, cipher, e)) { |
| 337 | EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED); |
| 338 | goto err; |
| 339 | } |
| 340 | |
| 341 | ret->pkey.ptr = cmctx; |
| 342 | return ret; |
| 343 | |
| 344 | err: |
| 345 | EVP_PKEY_free(ret); |
| 346 | CMAC_CTX_free(cmctx); |
| 347 | return NULL; |
| 348 | #else |
| 349 | EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, |
| 350 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
| 351 | return NULL; |
| 352 | #endif |
| 353 | } |
| 354 | |
| 355 | int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) |
| 356 | { |
| 357 | return pkey_set_type(pkey, NULL, type, NULL, -1); |
| 358 | } |
| 359 | |
| 360 | int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) |
| 361 | { |
| 362 | return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len); |
| 363 | } |
| 364 | |
| 365 | int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) |
| 366 | { |
| 367 | if (pkey->type == type) { |
| 368 | return 1; /* it already is that type */ |
| 369 | } |
| 370 | |
| 371 | /* |
| 372 | * The application is requesting to alias this to a different pkey type, |
| 373 | * but not one that resolves to the base type. |
| 374 | */ |
| 375 | if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) { |
| 376 | EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); |
| 377 | return 0; |
| 378 | } |
| 379 | |
| 380 | pkey->type = type; |
| 381 | return 1; |
| 382 | } |
| 383 | |
| 384 | #ifndef OPENSSL_NO_ENGINE |
| 385 | int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) |
| 386 | { |
| 387 | if (e != NULL) { |
| 388 | if (!ENGINE_init(e)) { |
| 389 | EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, ERR_R_ENGINE_LIB); |
| 390 | return 0; |
| 391 | } |
| 392 | if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) { |
| 393 | ENGINE_finish(e); |
| 394 | EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, EVP_R_UNSUPPORTED_ALGORITHM); |
| 395 | return 0; |
| 396 | } |
| 397 | } |
| 398 | ENGINE_finish(pkey->pmeth_engine); |
| 399 | pkey->pmeth_engine = e; |
| 400 | return 1; |
| 401 | } |
| 402 | |
| 403 | ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) |
| 404 | { |
| 405 | return pkey->engine; |
| 406 | } |
| 407 | #endif |
| 408 | int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) |
| 409 | { |
| 410 | if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) |
| 411 | return 0; |
| 412 | pkey->pkey.ptr = key; |
| 413 | return (key != NULL); |
| 414 | } |
| 415 | |
| 416 | void *EVP_PKEY_get0(const EVP_PKEY *pkey) |
| 417 | { |
| 418 | return pkey->pkey.ptr; |
| 419 | } |
| 420 | |
| 421 | const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) |
| 422 | { |
| 423 | ASN1_OCTET_STRING *os = NULL; |
| 424 | if (pkey->type != EVP_PKEY_HMAC) { |
| 425 | EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY); |
| 426 | return NULL; |
| 427 | } |
| 428 | os = EVP_PKEY_get0(pkey); |
| 429 | *len = os->length; |
| 430 | return os->data; |
| 431 | } |
| 432 | |
| 433 | #ifndef OPENSSL_NO_POLY1305 |
| 434 | const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) |
| 435 | { |
| 436 | ASN1_OCTET_STRING *os = NULL; |
| 437 | if (pkey->type != EVP_PKEY_POLY1305) { |
| 438 | EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY); |
| 439 | return NULL; |
| 440 | } |
| 441 | os = EVP_PKEY_get0(pkey); |
| 442 | *len = os->length; |
| 443 | return os->data; |
| 444 | } |
| 445 | #endif |
| 446 | |
| 447 | #ifndef OPENSSL_NO_SIPHASH |
| 448 | const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) |
| 449 | { |
| 450 | ASN1_OCTET_STRING *os = NULL; |
| 451 | |
| 452 | if (pkey->type != EVP_PKEY_SIPHASH) { |
| 453 | EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY); |
| 454 | return NULL; |
| 455 | } |
| 456 | os = EVP_PKEY_get0(pkey); |
| 457 | *len = os->length; |
| 458 | return os->data; |
| 459 | } |
| 460 | #endif |
| 461 | |
| 462 | #ifndef OPENSSL_NO_RSA |
| 463 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) |
| 464 | { |
| 465 | int ret = EVP_PKEY_assign_RSA(pkey, key); |
| 466 | if (ret) |
| 467 | RSA_up_ref(key); |
| 468 | return ret; |
| 469 | } |
| 470 | |
| 471 | RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) |
| 472 | { |
| 473 | if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { |
| 474 | EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); |
| 475 | return NULL; |
| 476 | } |
| 477 | return pkey->pkey.rsa; |
| 478 | } |
| 479 | |
| 480 | RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) |
| 481 | { |
| 482 | RSA *ret = EVP_PKEY_get0_RSA(pkey); |
| 483 | if (ret != NULL) |
| 484 | RSA_up_ref(ret); |
| 485 | return ret; |
| 486 | } |
| 487 | #endif |
| 488 | |
| 489 | #ifndef OPENSSL_NO_DSA |
| 490 | int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) |
| 491 | { |
| 492 | int ret = EVP_PKEY_assign_DSA(pkey, key); |
| 493 | if (ret) |
| 494 | DSA_up_ref(key); |
| 495 | return ret; |
| 496 | } |
| 497 | |
| 498 | DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) |
| 499 | { |
| 500 | if (pkey->type != EVP_PKEY_DSA) { |
| 501 | EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY); |
| 502 | return NULL; |
| 503 | } |
| 504 | return pkey->pkey.dsa; |
| 505 | } |
| 506 | |
| 507 | DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) |
| 508 | { |
| 509 | DSA *ret = EVP_PKEY_get0_DSA(pkey); |
| 510 | if (ret != NULL) |
| 511 | DSA_up_ref(ret); |
| 512 | return ret; |
| 513 | } |
| 514 | #endif |
| 515 | |
| 516 | #ifndef OPENSSL_NO_EC |
| 517 | |
| 518 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) |
| 519 | { |
| 520 | int ret = EVP_PKEY_assign_EC_KEY(pkey, key); |
| 521 | if (ret) |
| 522 | EC_KEY_up_ref(key); |
| 523 | return ret; |
| 524 | } |
| 525 | |
| 526 | EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) |
| 527 | { |
| 528 | if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { |
| 529 | EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); |
| 530 | return NULL; |
| 531 | } |
| 532 | return pkey->pkey.ec; |
| 533 | } |
| 534 | |
| 535 | EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) |
| 536 | { |
| 537 | EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); |
| 538 | if (ret != NULL) |
| 539 | EC_KEY_up_ref(ret); |
| 540 | return ret; |
| 541 | } |
| 542 | #endif |
| 543 | |
| 544 | #ifndef OPENSSL_NO_DH |
| 545 | |
| 546 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) |
| 547 | { |
| 548 | int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; |
| 549 | int ret = EVP_PKEY_assign(pkey, type, key); |
| 550 | |
| 551 | if (ret) |
| 552 | DH_up_ref(key); |
| 553 | return ret; |
| 554 | } |
| 555 | |
| 556 | DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) |
| 557 | { |
| 558 | if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { |
| 559 | EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY); |
| 560 | return NULL; |
| 561 | } |
| 562 | return pkey->pkey.dh; |
| 563 | } |
| 564 | |
| 565 | DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) |
| 566 | { |
| 567 | DH *ret = EVP_PKEY_get0_DH(pkey); |
| 568 | if (ret != NULL) |
| 569 | DH_up_ref(ret); |
| 570 | return ret; |
| 571 | } |
| 572 | #endif |
| 573 | |
| 574 | int EVP_PKEY_type(int type) |
| 575 | { |
| 576 | int ret; |
| 577 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 578 | ENGINE *e; |
| 579 | ameth = EVP_PKEY_asn1_find(&e, type); |
| 580 | if (ameth) |
| 581 | ret = ameth->pkey_id; |
| 582 | else |
| 583 | ret = NID_undef; |
| 584 | #ifndef OPENSSL_NO_ENGINE |
| 585 | ENGINE_finish(e); |
| 586 | #endif |
| 587 | return ret; |
| 588 | } |
| 589 | |
| 590 | int EVP_PKEY_id(const EVP_PKEY *pkey) |
| 591 | { |
| 592 | return pkey->type; |
| 593 | } |
| 594 | |
| 595 | int EVP_PKEY_base_id(const EVP_PKEY *pkey) |
| 596 | { |
| 597 | return EVP_PKEY_type(pkey->type); |
| 598 | } |
| 599 | |
| 600 | void EVP_PKEY_free(EVP_PKEY *x) |
| 601 | { |
| 602 | int i; |
| 603 | |
| 604 | if (x == NULL) |
| 605 | return; |
| 606 | |
| 607 | CRYPTO_DOWN_REF(&x->references, &i, x->lock); |
| 608 | REF_PRINT_COUNT("EVP_PKEY", x); |
| 609 | if (i > 0) |
| 610 | return; |
| 611 | REF_ASSERT_ISNT(i < 0); |
| 612 | EVP_PKEY_free_it(x); |
| 613 | CRYPTO_THREAD_lock_free(x->lock); |
| 614 | sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); |
| 615 | OPENSSL_free(x); |
| 616 | } |
| 617 | |
| 618 | static void EVP_PKEY_free_it(EVP_PKEY *x) |
| 619 | { |
| 620 | /* internal function; x is never NULL */ |
| 621 | if (x->ameth && x->ameth->pkey_free) { |
| 622 | x->ameth->pkey_free(x); |
| 623 | x->pkey.ptr = NULL; |
| 624 | } |
| 625 | #ifndef OPENSSL_NO_ENGINE |
| 626 | ENGINE_finish(x->engine); |
| 627 | x->engine = NULL; |
| 628 | ENGINE_finish(x->pmeth_engine); |
| 629 | x->pmeth_engine = NULL; |
| 630 | #endif |
| 631 | } |
| 632 | |
| 633 | static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, |
| 634 | const char *kstr) |
| 635 | { |
| 636 | BIO_indent(out, indent, 128); |
| 637 | BIO_printf(out, "%s algorithm \"%s\" unsupported\n", |
| 638 | kstr, OBJ_nid2ln(pkey->type)); |
| 639 | return 1; |
| 640 | } |
| 641 | |
| 642 | int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, |
| 643 | int indent, ASN1_PCTX *pctx) |
| 644 | { |
| 645 | if (pkey->ameth && pkey->ameth->pub_print) |
| 646 | return pkey->ameth->pub_print(out, pkey, indent, pctx); |
| 647 | |
| 648 | return unsup_alg(out, pkey, indent, "Public Key"); |
| 649 | } |
| 650 | |
| 651 | int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, |
| 652 | int indent, ASN1_PCTX *pctx) |
| 653 | { |
| 654 | if (pkey->ameth && pkey->ameth->priv_print) |
| 655 | return pkey->ameth->priv_print(out, pkey, indent, pctx); |
| 656 | |
| 657 | return unsup_alg(out, pkey, indent, "Private Key"); |
| 658 | } |
| 659 | |
| 660 | int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, |
| 661 | int indent, ASN1_PCTX *pctx) |
| 662 | { |
| 663 | if (pkey->ameth && pkey->ameth->param_print) |
| 664 | return pkey->ameth->param_print(out, pkey, indent, pctx); |
| 665 | return unsup_alg(out, pkey, indent, "Parameters"); |
| 666 | } |
| 667 | |
| 668 | static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2) |
| 669 | { |
| 670 | if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) |
| 671 | return -2; |
| 672 | return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2); |
| 673 | } |
| 674 | |
| 675 | int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) |
| 676 | { |
| 677 | return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid); |
| 678 | } |
| 679 | |
| 680 | int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, |
| 681 | const unsigned char *pt, size_t ptlen) |
| 682 | { |
| 683 | if (ptlen > INT_MAX) |
| 684 | return 0; |
| 685 | if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen, |
| 686 | (void *)pt) <= 0) |
| 687 | return 0; |
| 688 | return 1; |
| 689 | } |
| 690 | |
| 691 | size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) |
| 692 | { |
| 693 | int rv; |
| 694 | rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); |
| 695 | if (rv <= 0) |
| 696 | return 0; |
| 697 | return rv; |
| 698 | } |