Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(560)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/crypto/evp/evp_pkey.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/crypto/evp/evp_pbe.c ('k') | openssl/crypto/evp/evp_test.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* evp_pkey.c */ 1 /* evp_pkey.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
5 /* ==================================================================== 5 /* ====================================================================
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
54 * (eay@cryptsoft.com). This product includes software written by Tim 54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com). 55 * Hudson (tjh@cryptsoft.com).
56 * 56 *
57 */ 57 */
58 58
59 #include <stdio.h> 59 #include <stdio.h>
60 #include <stdlib.h> 60 #include <stdlib.h>
61 #include "cryptlib.h" 61 #include "cryptlib.h"
62 #include <openssl/x509.h> 62 #include <openssl/x509.h>
63 #include <openssl/rand.h> 63 #include <openssl/rand.h>
64 #ifndef OPENSSL_NO_RSA 64 #include "asn1_locl.h"
65 #include <openssl/rsa.h>
66 #endif
67 #ifndef OPENSSL_NO_DSA
68 #include <openssl/dsa.h>
69 #endif
70 #include <openssl/bn.h>
71
72 #ifndef OPENSSL_NO_DSA
73 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
74 #endif
75 #ifndef OPENSSL_NO_EC
76 static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
77 #endif
78 65
79 /* Extract a private key from a PKCS8 structure */ 66 /* Extract a private key from a PKCS8 structure */
80 67
81 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) 68 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
82 { 69 {
83 EVP_PKEY *pkey = NULL; 70 EVP_PKEY *pkey = NULL;
84 #ifndef OPENSSL_NO_RSA 71 » ASN1_OBJECT *algoid;
85 » RSA *rsa = NULL;
86 #endif
87 #ifndef OPENSSL_NO_DSA
88 » DSA *dsa = NULL;
89 » ASN1_TYPE *t1, *t2;
90 » ASN1_INTEGER *privkey;
91 » STACK_OF(ASN1_TYPE) *ndsa = NULL;
92 #endif
93 #ifndef OPENSSL_NO_EC
94 » EC_KEY *eckey = NULL;
95 » const unsigned char *p_tmp;
96 #endif
97 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
98 » ASN1_TYPE *param = NULL;»
99 » BN_CTX *ctx = NULL;
100 » int plen;
101 #endif
102 » X509_ALGOR *a;
103 » const unsigned char *p;
104 » const unsigned char *cp;
105 » int pkeylen;
106 » int nid;
107 char obj_tmp[80]; 72 char obj_tmp[80];
108 73
109 » if(p8->pkey->type == V_ASN1_OCTET_STRING) { 74 » if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
110 » » p8->broken = PKCS8_OK; 75 » » return NULL;
111 » » p = p8->pkey->value.octet_string->data; 76
112 » » pkeylen = p8->pkey->value.octet_string->length;
113 » } else {
114 » » p8->broken = PKCS8_NO_OCTET;
115 » » p = p8->pkey->value.sequence->data;
116 » » pkeylen = p8->pkey->value.sequence->length;
117 » }
118 if (!(pkey = EVP_PKEY_new())) { 77 if (!(pkey = EVP_PKEY_new())) {
119 EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); 78 EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
120 return NULL; 79 return NULL;
121 } 80 }
122 a = p8->pkeyalg;
123 nid = OBJ_obj2nid(a->algorithm);
124 switch(nid)
125 {
126 #ifndef OPENSSL_NO_RSA
127 case NID_rsaEncryption:
128 cp = p;
129 if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
130 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
131 return NULL;
132 }
133 EVP_PKEY_assign_RSA (pkey, rsa);
134 break;
135 #endif
136 #ifndef OPENSSL_NO_DSA
137 case NID_dsa:
138 /* PKCS#8 DSA is weird: you just get a private key integer
139 * and parameters in the AlgorithmIdentifier the pubkey must
140 * be recalculated.
141 */
142
143 /* Check for broken DSA PKCS#8, UGH! */
144 if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
145 if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
146 d2i_ASN1_TYPE,
147 ASN1_TYPE_free))) {
148 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
149 goto dsaerr;
150 }
151 if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
152 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
153 goto dsaerr;
154 }
155 /* Handle Two broken types:
156 * SEQUENCE {parameters, priv_key}
157 * SEQUENCE {pub_key, priv_key}
158 */
159 81
160 » » t1 = sk_ASN1_TYPE_value(ndsa, 0); 82 » if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
161 » » t2 = sk_ASN1_TYPE_value(ndsa, 1); 83 » » {
162 » » if(t1->type == V_ASN1_SEQUENCE) { 84 » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGOR ITHM);
163 » » » p8->broken = PKCS8_EMBEDDED_PARAM; 85 » » i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
164 » » » param = t1; 86 » » ERR_add_error_data(2, "TYPE=", obj_tmp);
165 » » } else if(a->parameter->type == V_ASN1_SEQUENCE) { 87 » » goto error;
166 » » » p8->broken = PKCS8_NS_DB;
167 » » » param = a->parameter;
168 » » } else {
169 » » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
170 » » » goto dsaerr;
171 » » }
172
173 » » if(t2->type != V_ASN1_INTEGER) {
174 » » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
175 » » » goto dsaerr;
176 » » }
177 » » privkey = t2->value.integer;
178 » » } else {
179 » » » if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
180 » » » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR) ;
181 » » » » goto dsaerr;
182 » » » }
183 » » » param = p8->pkeyalg->parameter;
184 » » }
185 » » if (!param || (param->type != V_ASN1_SEQUENCE)) {
186 » » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
187 » » » goto dsaerr;
188 » » }
189 » » cp = p = param->value.sequence->data;
190 » » plen = param->value.sequence->length;
191 » » if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
192 » » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
193 » » » goto dsaerr;
194 » » }
195 » » /* We have parameters now set private key */
196 » » if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
197 » » » EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
198 » » » goto dsaerr;
199 » » }
200 » » /* Calculate public key (ouch!) */
201 » » if (!(dsa->pub_key = BN_new())) {
202 » » » EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
203 » » » goto dsaerr;
204 » » }
205 » » if (!(ctx = BN_CTX_new())) {
206 » » » EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
207 » » » goto dsaerr;
208 » » }
209 » » »
210 » » if (!BN_mod_exp(dsa->pub_key, dsa->g,
211 » » » » » » dsa->priv_key, dsa->p, ctx)) {
212 » » »
213 » » » EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
214 » » » goto dsaerr;
215 } 88 }
216 89
217 » » EVP_PKEY_assign_DSA(pkey, dsa); 90 » if (pkey->ameth->priv_decode)
218 » » BN_CTX_free (ctx);
219 » » if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
220 » » else ASN1_INTEGER_free(privkey);
221 » » break;
222 » » dsaerr:
223 » » BN_CTX_free (ctx);
224 » » sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
225 » » DSA_free(dsa);
226 » » EVP_PKEY_free(pkey);
227 » » return NULL;
228 » » break;
229 #endif
230 #ifndef OPENSSL_NO_EC
231 » » case NID_X9_62_id_ecPublicKey:
232 » » p_tmp = p;
233 » » /* extract the ec parameters */
234 » » param = p8->pkeyalg->parameter;
235
236 » » if (!param || ((param->type != V_ASN1_SEQUENCE) &&
237 » » (param->type != V_ASN1_OBJECT)))
238 { 91 {
239 » » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 92 » » if (!pkey->ameth->priv_decode(pkey, p8))
240 » » » goto ecerr; 93 » » » {
94 » » » EVPerr(EVP_F_EVP_PKCS82PKEY,
95 » » » » » EVP_R_PRIVATE_KEY_DECODE_ERROR);
96 » » » goto error;
97 » » » }
98 » » }
99 » else
100 » » {
101 » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
102 » » goto error;
241 } 103 }
242 104
243 » » if (param->type == V_ASN1_SEQUENCE) 105 » return pkey;
244 » » {
245 » » » cp = p = param->value.sequence->data;
246 » » » plen = param->value.sequence->length;
247 106
248 » » » if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) 107 » error:
249 » » » { 108 » EVP_PKEY_free (pkey);
250 » » » » EVPerr(EVP_F_EVP_PKCS82PKEY, 109 » return NULL;
251 » » » » » EVP_R_DECODE_ERROR);
252 » » » » goto ecerr;
253 » » » }
254 » » }
255 » » else
256 » » {
257 » » » EC_GROUP *group;
258 » » » cp = p = param->value.object->data;
259 » » » plen = param->value.object->length;
260
261 » » » /* type == V_ASN1_OBJECT => the parameters are given
262 » » » * by an asn1 OID
263 » » » */
264 » » » if ((eckey = EC_KEY_new()) == NULL)
265 » » » {
266 » » » » EVPerr(EVP_F_EVP_PKCS82PKEY,
267 » » » » » ERR_R_MALLOC_FAILURE);
268 » » » » goto ecerr;
269 » » » }
270 » » » group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parame ter->value.object));
271 » » » if (group == NULL)
272 » » » » goto ecerr;
273 » » » EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
274 » » » if (EC_KEY_set_group(eckey, group) == 0)
275 » » » » goto ecerr;
276 » » » EC_GROUP_free(group);
277 » » }
278
279 » » /* We have parameters now set private key */
280 » » if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
281 » » {
282 » » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
283 » » » goto ecerr;
284 » » }
285
286 » » /* calculate public key (if necessary) */
287 » » if (EC_KEY_get0_public_key(eckey) == NULL)
288 » » {
289 » » » const BIGNUM *priv_key;
290 » » » const EC_GROUP *group;
291 » » » EC_POINT *pub_key;
292 » » » /* the public key was not included in the SEC1 private
293 » » » * key => calculate the public key */
294 » » » group = EC_KEY_get0_group(eckey);
295 » » » pub_key = EC_POINT_new(group);
296 » » » if (pub_key == NULL)
297 » » » {
298 » » » » EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
299 » » » » goto ecerr;
300 » » » }
301 » » » if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(grou p)))
302 » » » {
303 » » » » EC_POINT_free(pub_key);
304 » » » » EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
305 » » » » goto ecerr;
306 » » » }
307 » » » priv_key = EC_KEY_get0_private_key(eckey);
308 » » » if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
309 » » » {
310 » » » » EC_POINT_free(pub_key);
311 » » » » EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
312 » » » » goto ecerr;
313 » » » }
314 » » » if (EC_KEY_set_public_key(eckey, pub_key) == 0)
315 » » » {
316 » » » » EC_POINT_free(pub_key);
317 » » » » EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
318 » » » » goto ecerr;
319 » » » }
320 » » » EC_POINT_free(pub_key);
321 » » }
322
323 » » EVP_PKEY_assign_EC_KEY(pkey, eckey);
324 » » if (ctx)
325 » » » BN_CTX_free(ctx);
326 » » break;
327 ecerr:
328 » » if (ctx)
329 » » » BN_CTX_free(ctx);
330 » » if (eckey)
331 » » » EC_KEY_free(eckey);
332 » » if (pkey)
333 » » » EVP_PKEY_free(pkey);
334 » » return NULL;
335 #endif
336 » » default:
337 » » EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGOR ITHM);
338 » » if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp) ;
339 » » else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
340 » » ERR_add_error_data(2, "TYPE=", obj_tmp);
341 » » EVP_PKEY_free (pkey);
342 » » return NULL;
343 » }
344 » return pkey;
345 } 110 }
346 111
347 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) 112 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
348 { 113 {
349 return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); 114 return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
350 } 115 }
351 116
352 /* Turn a private key into a PKCS8 structure */ 117 /* Turn a private key into a PKCS8 structure */
353 118
354 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) 119 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
355 { 120 {
356 PKCS8_PRIV_KEY_INFO *p8; 121 PKCS8_PRIV_KEY_INFO *p8;
357 122
358 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { 123 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
359 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); 124 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
360 return NULL; 125 return NULL;
361 } 126 }
362 p8->broken = broken; 127 p8->broken = broken;
363 if (!ASN1_INTEGER_set(p8->version, 0)) {
364 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
365 PKCS8_PRIV_KEY_INFO_free (p8);
366 return NULL;
367 }
368 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
369 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
370 PKCS8_PRIV_KEY_INFO_free (p8);
371 return NULL;
372 }
373 p8->pkey->type = V_ASN1_OCTET_STRING;
374 switch (EVP_PKEY_type(pkey->type)) {
375 #ifndef OPENSSL_NO_RSA
376 case EVP_PKEY_RSA:
377 128
378 » » if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENC E; 129 » if (pkey->ameth)
379 130 » » {
380 » » p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); 131 » » if (pkey->ameth->priv_encode)
381 » » p8->pkeyalg->parameter->type = V_ASN1_NULL; 132 » » » {
382 » » if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, 133 » » » if (!pkey->ameth->priv_encode(p8, pkey))
383 » » » » » &p8->pkey->value.octet_string)) { 134 » » » » {
384 » » » EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE) ; 135 » » » » EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
385 » » » PKCS8_PRIV_KEY_INFO_free (p8); 136 » » » » » EVP_R_PRIVATE_KEY_ENCODE_ERROR);
386 » » » return NULL; 137 » » » » goto error;
138 » » » » }
139 » » » }
140 » » else
141 » » » {
142 » » » EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
143 » » » » » EVP_R_METHOD_NOT_SUPPORTED);
144 » » » goto error;
145 » » » }
387 } 146 }
388 » » break; 147 » else
389 #endif 148 » » {
390 #ifndef OPENSSL_NO_DSA 149 » » EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
391 » » case EVP_PKEY_DSA: 150 » » » » EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
392 » » if(!dsa_pkey2pkcs8(p8, pkey)) { 151 » » goto error;
393 » » » PKCS8_PRIV_KEY_INFO_free (p8);
394 » » » return NULL;
395 } 152 }
396
397 break;
398 #endif
399 #ifndef OPENSSL_NO_EC
400 case EVP_PKEY_EC:
401 if (!eckey_pkey2pkcs8(p8, pkey))
402 {
403 PKCS8_PRIV_KEY_INFO_free(p8);
404 return(NULL);
405 }
406 break;
407 #endif
408 default:
409 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KE Y_ALGORITHM);
410 PKCS8_PRIV_KEY_INFO_free (p8);
411 return NULL;
412 }
413 RAND_add(p8->pkey->value.octet_string->data, 153 RAND_add(p8->pkey->value.octet_string->data,
414 p8->pkey->value.octet_string->length, 0.0); 154 p8->pkey->value.octet_string->length, 0.0);
415 return p8; 155 return p8;
156 error:
157 PKCS8_PRIV_KEY_INFO_free(p8);
158 return NULL;
416 } 159 }
417 160
418 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) 161 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
419 { 162 {
420 switch (broken) { 163 switch (broken) {
421 164
422 case PKCS8_OK: 165 case PKCS8_OK:
423 p8->broken = PKCS8_OK; 166 p8->broken = PKCS8_OK;
424 return p8; 167 return p8;
425 break; 168 break;
426 169
427 case PKCS8_NO_OCTET: 170 case PKCS8_NO_OCTET:
428 p8->broken = PKCS8_NO_OCTET; 171 p8->broken = PKCS8_NO_OCTET;
429 p8->pkey->type = V_ASN1_SEQUENCE; 172 p8->pkey->type = V_ASN1_SEQUENCE;
430 return p8; 173 return p8;
431 break; 174 break;
432 175
433 default: 176 default:
434 EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); 177 EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
435 return NULL; 178 return NULL;
436 } 179 }
437 } 180 }
438 181
439 #ifndef OPENSSL_NO_DSA
440 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
441 {
442 ASN1_STRING *params = NULL;
443 ASN1_INTEGER *prkey = NULL;
444 ASN1_TYPE *ttmp = NULL;
445 STACK_OF(ASN1_TYPE) *ndsa = NULL;
446 unsigned char *p = NULL, *q;
447 int len;
448
449 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
450 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
451 if (!(p = OPENSSL_malloc(len))) {
452 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
453 goto err;
454 }
455 q = p;
456 i2d_DSAparams (pkey->pkey.dsa, &q);
457 if (!(params = ASN1_STRING_new())) {
458 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
459 goto err;
460 }
461 if (!ASN1_STRING_set(params, p, len)) {
462 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
463 goto err;
464 }
465 OPENSSL_free(p);
466 p = NULL;
467 /* Get private key into integer */
468 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
469 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
470 goto err;
471 }
472
473 switch(p8->broken) {
474
475 case PKCS8_OK:
476 case PKCS8_NO_OCTET:
477
478 if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
479 &p8->pkey->value.octet_string)) {
480 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
481 goto err;
482 }
483
484 M_ASN1_INTEGER_free (prkey);
485 prkey = NULL;
486 p8->pkeyalg->parameter->value.sequence = params;
487 params = NULL;
488 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
489
490 break;
491
492 case PKCS8_NS_DB:
493
494 p8->pkeyalg->parameter->value.sequence = params;
495 params = NULL;
496 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
497 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
498 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
499 goto err;
500 }
501 if (!(ttmp = ASN1_TYPE_new())) {
502 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
503 goto err;
504 }
505 if (!(ttmp->value.integer =
506 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
507 EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
508 goto err;
509 }
510 ttmp->type = V_ASN1_INTEGER;
511 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
512 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
513 goto err;
514 }
515
516 if (!(ttmp = ASN1_TYPE_new())) {
517 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
518 goto err;
519 }
520 ttmp->value.integer = prkey;
521 prkey = NULL;
522 ttmp->type = V_ASN1_INTEGER;
523 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
524 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
525 goto err;
526 }
527 ttmp = NULL;
528
529 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
530 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
531 goto err;
532 }
533
534 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
535 &p8->pkey->value.octet_string->data,
536 &p8->pkey->value.octet_string->length)) {
537
538 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
539 goto err;
540 }
541 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
542 break;
543
544 case PKCS8_EMBEDDED_PARAM:
545
546 p8->pkeyalg->parameter->type = V_ASN1_NULL;
547 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
548 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
549 goto err;
550 }
551 if (!(ttmp = ASN1_TYPE_new())) {
552 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
553 goto err;
554 }
555 ttmp->value.sequence = params;
556 params = NULL;
557 ttmp->type = V_ASN1_SEQUENCE;
558 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
559 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
560 goto err;
561 }
562
563 if (!(ttmp = ASN1_TYPE_new())) {
564 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
565 goto err;
566 }
567 ttmp->value.integer = prkey;
568 prkey = NULL;
569 ttmp->type = V_ASN1_INTEGER;
570 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
571 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
572 goto err;
573 }
574 ttmp = NULL;
575
576 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
577 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
578 goto err;
579 }
580
581 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
582 &p8->pkey->value.octet_string->data,
583 &p8->pkey->value.octet_string->length)) {
584
585 EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
586 goto err;
587 }
588 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
589 break;
590 }
591 return 1;
592 err:
593 if (p != NULL) OPENSSL_free(p);
594 if (params != NULL) ASN1_STRING_free(params);
595 if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
596 if (ttmp != NULL) ASN1_TYPE_free(ttmp);
597 if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
598 return 0;
599 }
600 #endif
601
602 #ifndef OPENSSL_NO_EC
603 static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
604 {
605 EC_KEY *ec_key;
606 const EC_GROUP *group;
607 unsigned char *p, *pp;
608 int nid, i, ret = 0;
609 unsigned int tmp_flags, old_flags;
610
611 ec_key = pkey->pkey.ec;
612 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
613 {
614 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
615 return 0;
616 }
617
618 /* set the ec parameters OID */
619 if (p8->pkeyalg->algorithm)
620 ASN1_OBJECT_free(p8->pkeyalg->algorithm);
621
622 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
623
624 /* set the ec parameters */
625
626 if (p8->pkeyalg->parameter)
627 {
628 ASN1_TYPE_free(p8->pkeyalg->parameter);
629 p8->pkeyalg->parameter = NULL;
630 }
631
632 if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
633 {
634 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
635 return 0;
636 }
637
638 if (EC_GROUP_get_asn1_flag(group)
639 && (nid = EC_GROUP_get_curve_name(group)))
640 {
641 /* we have a 'named curve' => just set the OID */
642 p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
643 p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
644 }
645 else /* explicit parameters */
646 {
647 if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
648 {
649 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
650 return 0;
651 }
652 if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
653 {
654 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
655 return 0;
656 }
657 pp = p;
658 if (!i2d_ECParameters(ec_key, &pp))
659 {
660 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
661 OPENSSL_free(p);
662 return 0;
663 }
664 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
665 if ((p8->pkeyalg->parameter->value.sequence
666 = ASN1_STRING_new()) == NULL)
667 {
668 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
669 OPENSSL_free(p);
670 return 0;
671 }
672 ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
673 OPENSSL_free(p);
674 }
675
676 /* set the private key */
677
678 /* do not include the parameters in the SEC1 private key
679 * see PKCS#11 12.11 */
680 old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
681 tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
682 EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
683 i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
684 if (!i)
685 {
686 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
687 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
688 return 0;
689 }
690 p = (unsigned char *) OPENSSL_malloc(i);
691 if (!p)
692 {
693 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
694 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 pp = p;
698 if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
699 {
700 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
701 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
702 OPENSSL_free(p);
703 return 0;
704 }
705 /* restore old encoding flags */
706 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
707
708 switch(p8->broken) {
709
710 case PKCS8_OK:
711 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
712 if (!p8->pkey->value.octet_string ||
713 !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
714 (const void *)p, i))
715
716 {
717 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
718 }
719 else
720 ret = 1;
721 break;
722 case PKCS8_NO_OCTET: /* RSA specific */
723 case PKCS8_NS_DB: /* DSA specific */
724 case PKCS8_EMBEDDED_PARAM: /* DSA specific */
725 default:
726 EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
727 }
728 OPENSSL_cleanse(p, (size_t)i);
729 OPENSSL_free(p);
730 return ret;
731 }
732 #endif
733
734 /* EVP_PKEY attribute functions */ 182 /* EVP_PKEY attribute functions */
735 183
736 int EVP_PKEY_get_attr_count(const EVP_PKEY *key) 184 int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
737 { 185 {
738 return X509at_get_attr_count(key->attributes); 186 return X509at_get_attr_count(key->attributes);
739 } 187 }
740 188
741 int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, 189 int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
742 int lastpos) 190 int lastpos)
743 { 191 {
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
785 } 233 }
786 234
787 int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, 235 int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
788 const char *attrname, int type, 236 const char *attrname, int type,
789 const unsigned char *bytes, int len) 237 const unsigned char *bytes, int len)
790 { 238 {
791 if(X509at_add1_attr_by_txt(&key->attributes, attrname, 239 if(X509at_add1_attr_by_txt(&key->attributes, attrname,
792 type, bytes, len)) return 1; 240 type, bytes, len)) return 1;
793 return 0; 241 return 0;
794 } 242 }
OLDNEW
« no previous file with comments | « openssl/crypto/evp/evp_pbe.c ('k') | openssl/crypto/evp/evp_test.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698