OLD | NEW |
1 /* crypto/asn1/x_pubkey.c */ | 1 /* crypto/asn1/x_pubkey.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 | 58 |
59 #include <stdio.h> | 59 #include <stdio.h> |
60 #include "cryptlib.h" | 60 #include "cryptlib.h" |
61 #include <openssl/asn1t.h> | 61 #include <openssl/asn1t.h> |
62 #include <openssl/x509.h> | 62 #include <openssl/x509.h> |
| 63 #include "asn1_locl.h" |
63 #ifndef OPENSSL_NO_RSA | 64 #ifndef OPENSSL_NO_RSA |
64 #include <openssl/rsa.h> | 65 #include <openssl/rsa.h> |
65 #endif | 66 #endif |
66 #ifndef OPENSSL_NO_DSA | 67 #ifndef OPENSSL_NO_DSA |
67 #include <openssl/dsa.h> | 68 #include <openssl/dsa.h> |
68 #endif | 69 #endif |
69 | 70 |
70 /* Minor tweak to operation: free up EVP_PKEY */ | 71 /* Minor tweak to operation: free up EVP_PKEY */ |
71 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | 72 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, |
| 73 » » » void *exarg) |
72 { | 74 { |
73 if (operation == ASN1_OP_FREE_POST) | 75 if (operation == ASN1_OP_FREE_POST) |
74 { | 76 { |
75 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; | 77 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; |
76 EVP_PKEY_free(pubkey->pkey); | 78 EVP_PKEY_free(pubkey->pkey); |
77 } | 79 } |
78 return 1; | 80 return 1; |
79 } | 81 } |
80 | 82 |
81 ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { | 83 ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { |
82 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), | 84 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), |
83 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) | 85 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) |
84 } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) | 86 } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) |
85 | 87 |
86 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) | 88 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) |
87 | 89 |
88 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | 90 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) |
89 { | 91 { |
90 X509_PUBKEY *pk=NULL; | 92 X509_PUBKEY *pk=NULL; |
91 X509_ALGOR *a; | |
92 ASN1_OBJECT *o; | |
93 unsigned char *s,*p = NULL; | |
94 int i; | |
95 | 93 |
96 if (x == NULL) return(0); | 94 if (x == NULL) return(0); |
97 | 95 |
98 » if ((pk=X509_PUBKEY_new()) == NULL) goto err; | 96 » if ((pk=X509_PUBKEY_new()) == NULL) goto error; |
99 » a=pk->algor; | |
100 | 97 |
101 » /* set the algorithm id */ | 98 » if (pkey->ameth) |
102 » if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; | |
103 » ASN1_OBJECT_free(a->algorithm); | |
104 » a->algorithm=o; | |
105 | |
106 » /* Set the parameter list */ | |
107 » if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) | |
108 { | 99 { |
109 » » if ((a->parameter == NULL) || | 100 » » if (pkey->ameth->pub_encode) |
110 » » » (a->parameter->type != V_ASN1_NULL)) | |
111 { | 101 { |
112 » » » ASN1_TYPE_free(a->parameter); | 102 » » » if (!pkey->ameth->pub_encode(pk, pkey)) |
113 » » » if (!(a->parameter=ASN1_TYPE_new())) | |
114 { | 103 { |
115 » » » » X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAIL
URE); | 104 » » » » X509err(X509_F_X509_PUBKEY_SET, |
116 » » » » goto err; | 105 » » » » » X509_R_PUBLIC_KEY_ENCODE_ERROR); |
| 106 » » » » goto error; |
117 } | 107 } |
118 » » » a->parameter->type=V_ASN1_NULL; | 108 » » » } |
| 109 » » else |
| 110 » » » { |
| 111 » » » X509err(X509_F_X509_PUBKEY_SET, |
| 112 » » » » X509_R_METHOD_NOT_SUPPORTED); |
| 113 » » » goto error; |
119 } | 114 } |
120 } | 115 } |
121 #ifndef OPENSSL_NO_DSA | 116 » else |
122 » else if (pkey->type == EVP_PKEY_DSA) | |
123 » » { | |
124 » » unsigned char *pp; | |
125 » » DSA *dsa; | |
126 » » | |
127 » » dsa=pkey->pkey.dsa; | |
128 » » dsa->write_params=0; | |
129 » » ASN1_TYPE_free(a->parameter); | |
130 » » if ((i=i2d_DSAparams(dsa,NULL)) <= 0) | |
131 » » » goto err; | |
132 » » if (!(p=(unsigned char *)OPENSSL_malloc(i))) | |
133 » » » { | |
134 » » » X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | |
135 » » » goto err; | |
136 » » » } | |
137 » » pp=p; | |
138 » » i2d_DSAparams(dsa,&pp); | |
139 » » if (!(a->parameter=ASN1_TYPE_new())) | |
140 » » » { | |
141 » » » OPENSSL_free(p); | |
142 » » » X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | |
143 » » » goto err; | |
144 » » » } | |
145 » » a->parameter->type=V_ASN1_SEQUENCE; | |
146 » » if (!(a->parameter->value.sequence=ASN1_STRING_new())) | |
147 » » » { | |
148 » » » OPENSSL_free(p); | |
149 » » » X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | |
150 » » » goto err; | |
151 » » » } | |
152 » » if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) | |
153 » » » { | |
154 » » » OPENSSL_free(p); | |
155 » » » X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | |
156 » » » goto err; | |
157 » » » } | |
158 » » OPENSSL_free(p); | |
159 » » } | |
160 #endif | |
161 #ifndef OPENSSL_NO_EC | |
162 » else if (pkey->type == EVP_PKEY_EC) | |
163 » » { | |
164 » » int nid=0; | |
165 » » unsigned char *pp; | |
166 » » EC_KEY *ec_key; | |
167 » » const EC_GROUP *group; | |
168 » » | |
169 » » ec_key = pkey->pkey.ec; | |
170 » » ASN1_TYPE_free(a->parameter); | |
171 | |
172 » » if ((a->parameter = ASN1_TYPE_new()) == NULL) | |
173 » » » { | |
174 » » » X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); | |
175 » » » goto err; | |
176 » » » } | |
177 | |
178 » » group = EC_KEY_get0_group(ec_key); | |
179 » » if (EC_GROUP_get_asn1_flag(group) | |
180 && (nid = EC_GROUP_get_curve_name(group))) | |
181 » » » { | |
182 » » » /* just set the OID */ | |
183 » » » a->parameter->type = V_ASN1_OBJECT; | |
184 » » » a->parameter->value.object = OBJ_nid2obj(nid); | |
185 » » » } | |
186 » » else /* explicit parameters */ | |
187 » » » { | |
188 » » » if ((i = i2d_ECParameters(ec_key, NULL)) == 0) | |
189 » » » » { | |
190 » » » » X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); | |
191 » » » » goto err; | |
192 » » » » } | |
193 » » » if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) | |
194 » » » » { | |
195 » » » » X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAI
LURE); | |
196 » » » » goto err; | |
197 » » » » }» | |
198 » » » pp = p; | |
199 » » » if (!i2d_ECParameters(ec_key, &pp)) | |
200 » » » » { | |
201 » » » » X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); | |
202 » » » » OPENSSL_free(p); | |
203 » » » » goto err; | |
204 » » » » } | |
205 » » » a->parameter->type = V_ASN1_SEQUENCE; | |
206 » » » if ((a->parameter->value.sequence = ASN1_STRING_new()) =
= NULL) | |
207 » » » » { | |
208 » » » » X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); | |
209 » » » » OPENSSL_free(p); | |
210 » » » » goto err; | |
211 » » » » } | |
212 » » » ASN1_STRING_set(a->parameter->value.sequence, p, i); | |
213 » » » OPENSSL_free(p); | |
214 » » » } | |
215 » » } | |
216 #endif | |
217 » else if (1) | |
218 { | 117 { |
219 X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); | 118 X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); |
220 » » goto err; | 119 » » goto error; |
221 } | 120 } |
222 | 121 |
223 if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; | |
224 if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) | |
225 { | |
226 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | |
227 goto err; | |
228 } | |
229 p=s; | |
230 i2d_PublicKey(pkey,&p); | |
231 if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) | |
232 { | |
233 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | |
234 goto err; | |
235 } | |
236 /* Set number of unused bits to zero */ | |
237 pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | |
238 pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; | |
239 | |
240 OPENSSL_free(s); | |
241 | |
242 #if 0 | |
243 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | |
244 pk->pkey=pkey; | |
245 #endif | |
246 | |
247 if (*x != NULL) | 122 if (*x != NULL) |
248 X509_PUBKEY_free(*x); | 123 X509_PUBKEY_free(*x); |
249 | 124 |
250 *x=pk; | 125 *x=pk; |
251 | 126 |
252 return 1; | 127 return 1; |
253 err: | 128 error: |
254 if (pk != NULL) X509_PUBKEY_free(pk); | 129 if (pk != NULL) X509_PUBKEY_free(pk); |
255 return 0; | 130 return 0; |
256 } | 131 } |
257 | 132 |
258 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) | 133 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) |
259 { | 134 { |
260 EVP_PKEY *ret=NULL; | 135 EVP_PKEY *ret=NULL; |
261 long j; | |
262 int type; | |
263 const unsigned char *p; | |
264 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) | |
265 const unsigned char *cp; | |
266 X509_ALGOR *a; | |
267 #endif | |
268 | 136 |
269 » if (key == NULL) goto err; | 137 » if (key == NULL) goto error; |
270 | 138 |
271 if (key->pkey != NULL) | 139 if (key->pkey != NULL) |
272 { | 140 { |
273 CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); | 141 CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
274 » » return(key->pkey); | 142 » » return key->pkey; |
275 } | 143 } |
276 | 144 |
277 » if (key->public_key == NULL) goto err; | 145 » if (key->public_key == NULL) goto error; |
278 | 146 |
279 type=OBJ_obj2nid(key->algor->algorithm); | |
280 if ((ret = EVP_PKEY_new()) == NULL) | 147 if ((ret = EVP_PKEY_new()) == NULL) |
281 { | 148 { |
282 X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); | 149 X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); |
283 » » goto err; | 150 » » goto error; |
284 } | 151 } |
285 ret->type = EVP_PKEY_type(type); | |
286 | 152 |
287 » /* the parameters must be extracted before the public key (ECDSA!) */ | 153 » if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) |
288 » | 154 » » { |
289 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) | 155 » » X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM); |
290 » a=key->algor; | 156 » » goto error; |
291 #endif | 157 » » } |
292 | 158 |
293 » if (0) | 159 » if (ret->ameth->pub_decode) |
294 » » ; | |
295 #ifndef OPENSSL_NO_DSA | |
296 » else if (ret->type == EVP_PKEY_DSA) | |
297 { | 160 { |
298 » » if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) | 161 » » if (!ret->ameth->pub_decode(ret, key)) |
299 { | 162 { |
300 » » » if ((ret->pkey.dsa = DSA_new()) == NULL) | 163 » » » X509err(X509_F_X509_PUBKEY_GET, |
301 » » » » { | 164 » » » » » » X509_R_PUBLIC_KEY_DECODE_ERROR); |
302 » » » » X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAI
LURE); | 165 » » » goto error; |
303 » » » » goto err; | |
304 » » » » } | |
305 » » » ret->pkey.dsa->write_params=0; | |
306 » » » cp=p=a->parameter->value.sequence->data; | |
307 » » » j=a->parameter->value.sequence->length; | |
308 » » » if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) | |
309 » » » » goto err; | |
310 } | 166 } |
311 ret->save_parameters=1; | |
312 } | 167 } |
313 #endif | 168 » else |
314 #ifndef OPENSSL_NO_EC | |
315 » else if (ret->type == EVP_PKEY_EC) | |
316 { | 169 { |
317 » » if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) | 170 » » X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED); |
318 » » » { | 171 » » goto error; |
319 » » » /* type == V_ASN1_SEQUENCE => we have explicit parameter
s | |
320 * (e.g. parameters in the X9_62_EC_PARAMETERS-structure
) | |
321 » » » */ | |
322 » » » if ((ret->pkey.ec= EC_KEY_new()) == NULL) | |
323 » » » » { | |
324 » » » » X509err(X509_F_X509_PUBKEY_GET, | |
325 » » » » » ERR_R_MALLOC_FAILURE); | |
326 » » » » goto err; | |
327 » » » » } | |
328 » » » cp = p = a->parameter->value.sequence->data; | |
329 » » » j = a->parameter->value.sequence->length; | |
330 » » » if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) | |
331 » » » » { | |
332 » » » » X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); | |
333 » » » » goto err; | |
334 » » » » } | |
335 » » » } | |
336 » » else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) | |
337 » » » { | |
338 » » » /* type == V_ASN1_OBJECT => the parameters are given | |
339 » » » * by an asn1 OID | |
340 » » » */ | |
341 » » » EC_KEY *ec_key; | |
342 » » » EC_GROUP *group; | |
343 | |
344 » » » if (ret->pkey.ec == NULL) | |
345 » » » » ret->pkey.ec = EC_KEY_new(); | |
346 » » » ec_key = ret->pkey.ec; | |
347 » » » if (ec_key == NULL) | |
348 » » » » goto err; | |
349 » » » group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parame
ter->value.object)); | |
350 » » » if (group == NULL) | |
351 » » » » goto err; | |
352 » » » EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); | |
353 » » » if (EC_KEY_set_group(ec_key, group) == 0) | |
354 » » » » goto err; | |
355 » » » EC_GROUP_free(group); | |
356 » » » } | |
357 » » » /* the case implicitlyCA is currently not implemented */ | |
358 » » ret->save_parameters = 1; | |
359 » » } | |
360 #endif | |
361 | |
362 » p=key->public_key->data; | |
363 j=key->public_key->length; | |
364 if (!d2i_PublicKey(type, &ret, &p, (long)j)) | |
365 » » { | |
366 » » X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); | |
367 » » goto err; | |
368 } | 172 } |
369 | 173 |
370 key->pkey = ret; | 174 key->pkey = ret; |
371 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); | 175 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); |
372 » return(ret); | 176 |
373 err: | 177 » return ret; |
| 178 |
| 179 » error: |
374 if (ret != NULL) | 180 if (ret != NULL) |
375 EVP_PKEY_free(ret); | 181 EVP_PKEY_free(ret); |
376 return(NULL); | 182 return(NULL); |
377 } | 183 } |
378 | 184 |
379 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure | 185 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure |
380 * and encode or decode as X509_PUBKEY | 186 * and encode or decode as X509_PUBKEY |
381 */ | 187 */ |
382 | 188 |
383 EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, | 189 EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
522 { | 328 { |
523 ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); | 329 ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); |
524 return(0); | 330 return(0); |
525 } | 331 } |
526 EVP_PKEY_set1_EC_KEY(pktmp, a); | 332 EVP_PKEY_set1_EC_KEY(pktmp, a); |
527 ret = i2d_PUBKEY(pktmp, pp); | 333 ret = i2d_PUBKEY(pktmp, pp); |
528 EVP_PKEY_free(pktmp); | 334 EVP_PKEY_free(pktmp); |
529 return(ret); | 335 return(ret); |
530 } | 336 } |
531 #endif | 337 #endif |
| 338 |
| 339 int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, |
| 340 int ptype, void *pval, |
| 341 unsigned char *penc, int penclen) |
| 342 { |
| 343 if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) |
| 344 return 0; |
| 345 if (penc) |
| 346 { |
| 347 if (pub->public_key->data) |
| 348 OPENSSL_free(pub->public_key->data); |
| 349 pub->public_key->data = penc; |
| 350 pub->public_key->length = penclen; |
| 351 /* Set number of unused bits to zero */ |
| 352 pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); |
| 353 pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; |
| 354 } |
| 355 return 1; |
| 356 } |
| 357 |
| 358 int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, |
| 359 const unsigned char **pk, int *ppklen, |
| 360 X509_ALGOR **pa, |
| 361 X509_PUBKEY *pub) |
| 362 { |
| 363 if (ppkalg) |
| 364 *ppkalg = pub->algor->algorithm; |
| 365 if (pk) |
| 366 { |
| 367 *pk = pub->public_key->data; |
| 368 *ppklen = pub->public_key->length; |
| 369 } |
| 370 if (pa) |
| 371 *pa = pub->algor; |
| 372 return 1; |
| 373 } |
OLD | NEW |