xref: /openbsd-src/lib/libcrypto/evp/p_lib.c (revision c90a81c56dcebd6a1b73fe4aff9b03385b8e63b3) 
1 /* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <stdio.h>
60 
61 #include <openssl/opensslconf.h>
62 
63 #include <openssl/bn.h>
64 #include <openssl/err.h>
65 #include <openssl/evp.h>
66 #include <openssl/objects.h>
67 #include <openssl/x509.h>
68 
69 #ifndef OPENSSL_NO_DH
70 #include <openssl/dh.h>
71 #endif
72 #ifndef OPENSSL_NO_DSA
73 #include <openssl/dsa.h>
74 #endif
75 #ifndef OPENSSL_NO_RSA
76 #include <openssl/rsa.h>
77 #endif
78 
79 #ifndef OPENSSL_NO_ENGINE
80 #include <openssl/engine.h>
81 #endif
82 
83 #include "asn1_locl.h"
84 
85 static void EVP_PKEY_free_it(EVP_PKEY *x);
86 
87 int
88 EVP_PKEY_bits(const EVP_PKEY *pkey)
89 {
90 	if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
91 		return pkey->ameth->pkey_bits(pkey);
92 	return 0;
93 }
94 
95 int
96 EVP_PKEY_size(const EVP_PKEY *pkey)
97 {
98 	if (pkey && pkey->ameth && pkey->ameth->pkey_size)
99 		return pkey->ameth->pkey_size(pkey);
100 	return 0;
101 }
102 
103 int
104 EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
105 {
106 #ifndef OPENSSL_NO_DSA
107 	if (pkey->type == EVP_PKEY_DSA) {
108 		int ret = pkey->save_parameters;
109 
110 		if (mode >= 0)
111 			pkey->save_parameters = mode;
112 		return (ret);
113 	}
114 #endif
115 #ifndef OPENSSL_NO_EC
116 	if (pkey->type == EVP_PKEY_EC) {
117 		int ret = pkey->save_parameters;
118 
119 		if (mode >= 0)
120 			pkey->save_parameters = mode;
121 		return (ret);
122 	}
123 #endif
124 	return (0);
125 }
126 
127 int
128 EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
129 {
130 	if (to->type != from->type) {
131 		EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
132 		goto err;
133 	}
134 
135 	if (EVP_PKEY_missing_parameters(from)) {
136 		EVPerror(EVP_R_MISSING_PARAMETERS);
137 		goto err;
138 	}
139 	if (from->ameth && from->ameth->param_copy)
140 		return from->ameth->param_copy(to, from);
141 
142 err:
143 	return 0;
144 }
145 
146 int
147 EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
148 {
149 	if (pkey->ameth && pkey->ameth->param_missing)
150 		return pkey->ameth->param_missing(pkey);
151 	return 0;
152 }
153 
154 int
155 EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
156 {
157 	if (a->type != b->type)
158 		return -1;
159 	if (a->ameth && a->ameth->param_cmp)
160 		return a->ameth->param_cmp(a, b);
161 	return -2;
162 }
163 
164 int
165 EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
166 {
167 	if (a->type != b->type)
168 		return -1;
169 
170 	if (a->ameth) {
171 		int ret;
172 		/* Compare parameters if the algorithm has them */
173 		if (a->ameth->param_cmp) {
174 			ret = a->ameth->param_cmp(a, b);
175 			if (ret <= 0)
176 				return ret;
177 		}
178 
179 		if (a->ameth->pub_cmp)
180 			return a->ameth->pub_cmp(a, b);
181 	}
182 
183 	return -2;
184 }
185 
186 EVP_PKEY *
187 EVP_PKEY_new(void)
188 {
189 	EVP_PKEY *ret;
190 
191 	ret = malloc(sizeof(EVP_PKEY));
192 	if (ret == NULL) {
193 		EVPerror(ERR_R_MALLOC_FAILURE);
194 		return (NULL);
195 	}
196 	ret->type = EVP_PKEY_NONE;
197 	ret->save_type = EVP_PKEY_NONE;
198 	ret->references = 1;
199 	ret->ameth = NULL;
200 	ret->engine = NULL;
201 	ret->pkey.ptr = NULL;
202 	ret->attributes = NULL;
203 	ret->save_parameters = 1;
204 	return (ret);
205 }
206 
207 int
208 EVP_PKEY_up_ref(EVP_PKEY *pkey)
209 {
210 	int refs = CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
211 	return ((refs > 1) ? 1 : 0);
212 }
213 
214 /* Setup a public key ASN1 method and ENGINE from a NID or a string.
215  * If pkey is NULL just return 1 or 0 if the algorithm exists.
216  */
217 
218 static int
219 pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
220 {
221 	const EVP_PKEY_ASN1_METHOD *ameth;
222 	ENGINE *e = NULL;
223 	if (pkey) {
224 		if (pkey->pkey.ptr)
225 			EVP_PKEY_free_it(pkey);
226 		/* If key type matches and a method exists then this
227 		 * lookup has succeeded once so just indicate success.
228 		 */
229 		if ((type == pkey->save_type) && pkey->ameth)
230 			return 1;
231 #ifndef OPENSSL_NO_ENGINE
232 		ENGINE_finish(pkey->engine);
233 		pkey->engine = NULL;
234 #endif
235 	}
236 	if (str)
237 		ameth = EVP_PKEY_asn1_find_str(&e, str, len);
238 	else
239 		ameth = EVP_PKEY_asn1_find(&e, type);
240 #ifndef OPENSSL_NO_ENGINE
241 	if (pkey == NULL)
242 		ENGINE_finish(e);
243 #endif
244 	if (!ameth) {
245 		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
246 		return 0;
247 	}
248 	if (pkey) {
249 		pkey->ameth = ameth;
250 		pkey->engine = e;
251 
252 		pkey->type = pkey->ameth->pkey_id;
253 		pkey->save_type = type;
254 	}
255 	return 1;
256 }
257 
258 int
259 EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
260 {
261 	return pkey_set_type(pkey, type, NULL, -1);
262 }
263 
264 int
265 EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
266 {
267 	return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
268 }
269 
270 int
271 EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
272 {
273 	if (!EVP_PKEY_set_type(pkey, type))
274 		return 0;
275 	pkey->pkey.ptr = key;
276 	return (key != NULL);
277 }
278 
279 void *
280 EVP_PKEY_get0(const EVP_PKEY *pkey)
281 {
282 	return pkey->pkey.ptr;
283 }
284 
285 #ifndef OPENSSL_NO_RSA
286 RSA *
287 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
288 {
289 	if (pkey->type != EVP_PKEY_RSA) {
290 		EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
291 		return NULL;
292 	}
293 	return pkey->pkey.rsa;
294 }
295 
296 RSA *
297 EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
298 {
299 	if (pkey->type != EVP_PKEY_RSA) {
300 		EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
301 		return NULL;
302 	}
303 	RSA_up_ref(pkey->pkey.rsa);
304 	return pkey->pkey.rsa;
305 }
306 
307 int
308 EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
309 {
310 	int ret = EVP_PKEY_assign_RSA(pkey, key);
311 	if (ret != 0)
312 		RSA_up_ref(key);
313 	return ret;
314 }
315 #endif
316 
317 #ifndef OPENSSL_NO_DSA
318 DSA *
319 EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
320 {
321 	if (pkey->type != EVP_PKEY_DSA) {
322 		EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
323 		return NULL;
324 	}
325 	return pkey->pkey.dsa;
326 }
327 
328 DSA *
329 EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
330 {
331 	if (pkey->type != EVP_PKEY_DSA) {
332 		EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
333 		return NULL;
334 	}
335 	DSA_up_ref(pkey->pkey.dsa);
336 	return pkey->pkey.dsa;
337 }
338 
339 int
340 EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
341 {
342 	int ret = EVP_PKEY_assign_DSA(pkey, key);
343 	if (ret != 0)
344 		DSA_up_ref(key);
345 	return ret;
346 }
347 #endif
348 
349 #ifndef OPENSSL_NO_EC
350 EC_KEY *
351 EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
352 {
353 	if (pkey->type != EVP_PKEY_EC) {
354 		EVPerror(EVP_R_EXPECTING_A_EC_KEY);
355 		return NULL;
356 	}
357 	return pkey->pkey.ec;
358 }
359 
360 EC_KEY *
361 EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
362 {
363 	if (pkey->type != EVP_PKEY_EC) {
364 		EVPerror(EVP_R_EXPECTING_A_EC_KEY);
365 		return NULL;
366 	}
367 	EC_KEY_up_ref(pkey->pkey.ec);
368 	return pkey->pkey.ec;
369 }
370 
371 int
372 EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
373 {
374 	int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
375 	if (ret != 0)
376 		EC_KEY_up_ref(key);
377 	return ret;
378 }
379 #endif
380 
381 
382 #ifndef OPENSSL_NO_DH
383 DH *
384 EVP_PKEY_get0_DH(EVP_PKEY *pkey)
385 {
386 	if (pkey->type != EVP_PKEY_DH) {
387 		EVPerror(EVP_R_EXPECTING_A_DH_KEY);
388 		return NULL;
389 	}
390 	return pkey->pkey.dh;
391 }
392 
393 DH *
394 EVP_PKEY_get1_DH(EVP_PKEY *pkey)
395 {
396 	if (pkey->type != EVP_PKEY_DH) {
397 		EVPerror(EVP_R_EXPECTING_A_DH_KEY);
398 		return NULL;
399 	}
400 	DH_up_ref(pkey->pkey.dh);
401 	return pkey->pkey.dh;
402 }
403 
404 int
405 EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
406 {
407 	int ret = EVP_PKEY_assign_DH(pkey, key);
408 	if (ret != 0)
409 		DH_up_ref(key);
410 	return ret;
411 }
412 #endif
413 
414 int
415 EVP_PKEY_type(int type)
416 {
417 	int ret;
418 	const EVP_PKEY_ASN1_METHOD *ameth;
419 	ENGINE *e;
420 	ameth = EVP_PKEY_asn1_find(&e, type);
421 	if (ameth)
422 		ret = ameth->pkey_id;
423 	else
424 		ret = NID_undef;
425 #ifndef OPENSSL_NO_ENGINE
426 	ENGINE_finish(e);
427 #endif
428 	return ret;
429 }
430 
431 int
432 EVP_PKEY_id(const EVP_PKEY *pkey)
433 {
434 	return pkey->type;
435 }
436 
437 int
438 EVP_PKEY_base_id(const EVP_PKEY *pkey)
439 {
440 	return EVP_PKEY_type(pkey->type);
441 }
442 
443 void
444 EVP_PKEY_free(EVP_PKEY *x)
445 {
446 	int i;
447 
448 	if (x == NULL)
449 		return;
450 
451 	i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
452 	if (i > 0)
453 		return;
454 
455 	EVP_PKEY_free_it(x);
456 	if (x->attributes)
457 		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
458 	free(x);
459 }
460 
461 static void
462 EVP_PKEY_free_it(EVP_PKEY *x)
463 {
464 	if (x->ameth && x->ameth->pkey_free) {
465 		x->ameth->pkey_free(x);
466 		x->pkey.ptr = NULL;
467 	}
468 #ifndef OPENSSL_NO_ENGINE
469 	ENGINE_finish(x->engine);
470 	x->engine = NULL;
471 #endif
472 }
473 
474 static int
475 unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr)
476 {
477 	BIO_indent(out, indent, 128);
478 	BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
479 	    kstr, OBJ_nid2ln(pkey->type));
480 	return 1;
481 }
482 
483 int
484 EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
485     ASN1_PCTX *pctx)
486 {
487 	if (pkey->ameth && pkey->ameth->pub_print)
488 		return pkey->ameth->pub_print(out, pkey, indent, pctx);
489 
490 	return unsup_alg(out, pkey, indent, "Public Key");
491 }
492 
493 int
494 EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
495     ASN1_PCTX *pctx)
496 {
497 	if (pkey->ameth && pkey->ameth->priv_print)
498 		return pkey->ameth->priv_print(out, pkey, indent, pctx);
499 
500 	return unsup_alg(out, pkey, indent, "Private Key");
501 }
502 
503 int
504 EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
505     ASN1_PCTX *pctx)
506 {
507 	if (pkey->ameth && pkey->ameth->param_print)
508 		return pkey->ameth->param_print(out, pkey, indent, pctx);
509 	return unsup_alg(out, pkey, indent, "Parameters");
510 }
511 
512 int
513 EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
514 {
515 	if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
516 		return -2;
517 	return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
518 	    0, pnid);
519 }
520 
521