evp_pkey.c revision 296465
1196200Sscottl/* evp_pkey.c */ 2196200Sscottl/* 3196200Sscottl * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4196200Sscottl * 1999. 5196200Sscottl */ 6196200Sscottl/* ==================================================================== 7196200Sscottl * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 8196200Sscottl * 9196200Sscottl * Redistribution and use in source and binary forms, with or without 10196200Sscottl * modification, are permitted provided that the following conditions 11196200Sscottl * are met: 12196200Sscottl * 13196200Sscottl * 1. Redistributions of source code must retain the above copyright 14196200Sscottl * notice, this list of conditions and the following disclaimer. 15196200Sscottl * 16196200Sscottl * 2. Redistributions in binary form must reproduce the above copyright 17196200Sscottl * notice, this list of conditions and the following disclaimer in 18196200Sscottl * the documentation and/or other materials provided with the 19196200Sscottl * distribution. 20196200Sscottl * 21196200Sscottl * 3. All advertising materials mentioning features or use of this 22196200Sscottl * software must display the following acknowledgment: 23196200Sscottl * "This product includes software developed by the OpenSSL Project 24196200Sscottl * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25196200Sscottl * 26196200Sscottl * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27196200Sscottl * endorse or promote products derived from this software without 28196200Sscottl * prior written permission. For written permission, please contact 29196200Sscottl * licensing@OpenSSL.org. 30196200Sscottl * 31196200Sscottl * 5. Products derived from this software may not be called "OpenSSL" 32196200Sscottl * nor may "OpenSSL" appear in their names without prior written 33196200Sscottl * permission of the OpenSSL Project. 34196200Sscottl * 35237259Seadler * 6. Redistributions of any form whatsoever must retain the following 36196200Sscottl * acknowledgment: 37196200Sscottl * "This product includes software developed by the OpenSSL Project 38196200Sscottl * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39196200Sscottl * 40196200Sscottl * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41196200Sscottl * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42196200Sscottl * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43196200Sscottl * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44196200Sscottl * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45196200Sscottl * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46196200Sscottl * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47196200Sscottl * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48196200Sscottl * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49196200Sscottl * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50196200Sscottl * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51196200Sscottl * OF THE POSSIBILITY OF SUCH DAMAGE. 52196200Sscottl * ==================================================================== 53196200Sscottl * 54196200Sscottl * This product includes cryptographic software written by Eric Young 55196200Sscottl * (eay@cryptsoft.com). This product includes software written by Tim 56196200Sscottl * Hudson (tjh@cryptsoft.com). 57196200Sscottl * 58196200Sscottl */ 59196200Sscottl 60196200Sscottl#include <stdio.h> 61196200Sscottl#include <stdlib.h> 62196200Sscottl#include "cryptlib.h" 63196200Sscottl#include <openssl/x509.h> 64196200Sscottl#include <openssl/rand.h> 65196200Sscottl#ifndef OPENSSL_NO_RSA 66214396Sjhb# include <openssl/rsa.h> 67196200Sscottl#endif 68196200Sscottl#ifndef OPENSSL_NO_DSA 69196200Sscottl# include <openssl/dsa.h> 70214396Sjhb#endif 71196200Sscottl#include <openssl/bn.h> 72214396Sjhb 73196200Sscottl#ifndef OPENSSL_NO_DSA 74196200Sscottlstatic int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); 75196200Sscottl#endif 76196200Sscottl#ifndef OPENSSL_NO_EC 77196200Sscottlstatic int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); 78237260Seadler#endif 79196200Sscottl 80196200Sscottl/* Extract a private key from a PKCS8 structure */ 81196200Sscottl 82196200SscottlEVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) 83196200Sscottl{ 84223345Sbz EVP_PKEY *pkey = NULL; 85196200Sscottl#ifndef OPENSSL_NO_RSA 86196200Sscottl RSA *rsa = NULL; 87214396Sjhb#endif 88196200Sscottl#ifndef OPENSSL_NO_DSA 89196200Sscottl DSA *dsa = NULL; 90237259Seadler ASN1_TYPE *t1, *t2; 91196200Sscottl ASN1_INTEGER *privkey; 92214396Sjhb STACK_OF(ASN1_TYPE) *ndsa = NULL; 93196200Sscottl#endif 94214396Sjhb#ifndef OPENSSL_NO_EC 95196200Sscottl EC_KEY *eckey = NULL; 96196200Sscottl const unsigned char *p_tmp; 97196200Sscottl#endif 98196200Sscottl#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 99214396Sjhb ASN1_TYPE *param = NULL; 100222899Sbz BN_CTX *ctx = NULL; 101222899Sbz int plen; 102214396Sjhb#endif 103222899Sbz X509_ALGOR *a; 104196200Sscottl const unsigned char *p; 105196200Sscottl const unsigned char *cp; 106196200Sscottl int pkeylen; 107196200Sscottl int nid; 108196200Sscottl char obj_tmp[80]; 109196200Sscottl 110196200Sscottl if (p8->pkey->type == V_ASN1_OCTET_STRING) { 111196200Sscottl p8->broken = PKCS8_OK; 112196200Sscottl p = p8->pkey->value.octet_string->data; 113196200Sscottl pkeylen = p8->pkey->value.octet_string->length; 114196200Sscottl } else { 115196200Sscottl p8->broken = PKCS8_NO_OCTET; 116196200Sscottl p = p8->pkey->value.sequence->data; 117196200Sscottl pkeylen = p8->pkey->value.sequence->length; 118196200Sscottl } 119196200Sscottl if (!(pkey = EVP_PKEY_new())) { 120196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); 121196200Sscottl return NULL; 122196200Sscottl } 123196200Sscottl a = p8->pkeyalg; 124196200Sscottl nid = OBJ_obj2nid(a->algorithm); 125196200Sscottl switch (nid) { 126196200Sscottl#ifndef OPENSSL_NO_RSA 127196200Sscottl case NID_rsaEncryption: 128196200Sscottl cp = p; 129196200Sscottl if (!(rsa = d2i_RSAPrivateKey(NULL, &cp, pkeylen))) { 130196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 131196200Sscottl return NULL; 132214396Sjhb } 133196200Sscottl EVP_PKEY_assign_RSA(pkey, rsa); 134222899Sbz break; 135214396Sjhb#endif 136196200Sscottl#ifndef OPENSSL_NO_DSA 137196200Sscottl case NID_dsa: 138196200Sscottl /* 139196200Sscottl * PKCS#8 DSA is weird: you just get a private key integer and 140196200Sscottl * parameters in the AlgorithmIdentifier the pubkey must be 141196200Sscottl * recalculated. 142196200Sscottl */ 143196200Sscottl 144196200Sscottl /* Check for broken DSA PKCS#8, UGH! */ 145196200Sscottl if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { 146196200Sscottl if (!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 147196200Sscottl d2i_ASN1_TYPE, 148196200Sscottl ASN1_TYPE_free))) { 149196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 150196200Sscottl goto dsaerr; 151196200Sscottl } 152196200Sscottl if (sk_ASN1_TYPE_num(ndsa) != 2) { 153196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 154196200Sscottl goto dsaerr; 155196200Sscottl } 156196200Sscottl /* 157196200Sscottl * Handle Two broken types: SEQUENCE {parameters, priv_key} 158214396Sjhb * SEQUENCE {pub_key, priv_key} 159196200Sscottl */ 160222899Sbz 161214396Sjhb t1 = sk_ASN1_TYPE_value(ndsa, 0); 162196200Sscottl t2 = sk_ASN1_TYPE_value(ndsa, 1); 163196200Sscottl if (t1->type == V_ASN1_SEQUENCE) { 164196200Sscottl p8->broken = PKCS8_EMBEDDED_PARAM; 165196200Sscottl param = t1; 166196200Sscottl } else if (a->parameter->type == V_ASN1_SEQUENCE) { 167196200Sscottl p8->broken = PKCS8_NS_DB; 168196200Sscottl param = a->parameter; 169196200Sscottl } else { 170214396Sjhb EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 171196200Sscottl goto dsaerr; 172196200Sscottl } 173222899Sbz 174222899Sbz if (t2->type != V_ASN1_INTEGER) { 175214396Sjhb EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 176196200Sscottl goto dsaerr; 177196200Sscottl } 178223345Sbz privkey = t2->value.integer; 179223345Sbz } else { 180223345Sbz if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pkeylen))) { 181223345Sbz EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 182196200Sscottl goto dsaerr; 183196200Sscottl } 184196200Sscottl param = p8->pkeyalg->parameter; 185196200Sscottl } 186222899Sbz if (!param || (param->type != V_ASN1_SEQUENCE)) { 187196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 188196200Sscottl goto dsaerr; 189196200Sscottl } 190196200Sscottl cp = p = param->value.sequence->data; 191196200Sscottl plen = param->value.sequence->length; 192196200Sscottl if (!(dsa = d2i_DSAparams(NULL, &cp, plen))) { 193196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 194196200Sscottl goto dsaerr; 195196200Sscottl } 196237260Seadler /* We have parameters now set private key */ 197196200Sscottl if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { 198214396Sjhb EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); 199196200Sscottl goto dsaerr; 200237259Seadler } 201196200Sscottl /* Calculate public key (ouch!) */ 202214396Sjhb if (!(dsa->pub_key = BN_new())) { 203196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); 204214396Sjhb goto dsaerr; 205196200Sscottl } 206196200Sscottl if (!(ctx = BN_CTX_new())) { 207196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); 208196200Sscottl goto dsaerr; 209214396Sjhb } 210196200Sscottl 211222899Sbz if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { 212214396Sjhb 213196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_PUBKEY_ERROR); 214196200Sscottl goto dsaerr; 215196200Sscottl } 216196200Sscottl 217196200Sscottl EVP_PKEY_assign_DSA(pkey, dsa); 218196200Sscottl BN_CTX_free(ctx); 219196200Sscottl if (ndsa) 220196200Sscottl sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 221196200Sscottl else 222237260Seadler ASN1_INTEGER_free(privkey); 223196200Sscottl break; 224214396Sjhb dsaerr: 225196200Sscottl BN_CTX_free(ctx); 226237259Seadler sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 227196200Sscottl DSA_free(dsa); 228214396Sjhb EVP_PKEY_free(pkey); 229196200Sscottl return NULL; 230214396Sjhb break; 231196200Sscottl#endif 232196200Sscottl#ifndef OPENSSL_NO_EC 233196200Sscottl case NID_X9_62_id_ecPublicKey: 234196200Sscottl p_tmp = p; 235214396Sjhb /* extract the ec parameters */ 236196200Sscottl param = p8->pkeyalg->parameter; 237222899Sbz 238214396Sjhb if (!param || ((param->type != V_ASN1_SEQUENCE) && 239196200Sscottl (param->type != V_ASN1_OBJECT))) { 240196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 241196200Sscottl goto ecerr; 242196200Sscottl } 243196200Sscottl 244196200Sscottl if (param->type == V_ASN1_SEQUENCE) { 245196200Sscottl cp = p = param->value.sequence->data; 246196200Sscottl plen = param->value.sequence->length; 247196200Sscottl 248196200Sscottl if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { 249196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 250196200Sscottl goto ecerr; 251196200Sscottl } 252196200Sscottl } else { 253214396Sjhb EC_GROUP *group; 254196200Sscottl cp = p = param->value.object->data; 255196200Sscottl plen = param->value.object->length; 256196200Sscottl 257196200Sscottl /* 258196200Sscottl * type == V_ASN1_OBJECT => the parameters are given by an asn1 259196200Sscottl * OID 260196200Sscottl */ 261196200Sscottl if ((eckey = EC_KEY_new()) == NULL) { 262196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); 263196200Sscottl goto ecerr; 264196200Sscottl } 265196200Sscottl group = 266196200Sscottl EC_GROUP_new_by_curve_name(OBJ_obj2nid 267221119Spluknet (a->parameter->value.object)); 268196200Sscottl if (group == NULL) 269196200Sscottl goto ecerr; 270196200Sscottl EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); 271196200Sscottl if (EC_KEY_set_group(eckey, group) == 0) 272196200Sscottl goto ecerr; 273196200Sscottl EC_GROUP_free(group); 274196200Sscottl } 275196200Sscottl 276196200Sscottl /* We have parameters now set private key */ 277196200Sscottl if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { 278196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); 279196200Sscottl goto ecerr; 280196200Sscottl } 281196200Sscottl 282196200Sscottl /* calculate public key (if necessary) */ 283196200Sscottl if (EC_KEY_get0_public_key(eckey) == NULL) { 284196200Sscottl const BIGNUM *priv_key; 285196200Sscottl const EC_GROUP *group; 286196200Sscottl EC_POINT *pub_key; 287196200Sscottl /* 288196200Sscottl * the public key was not included in the SEC1 private key => 289196200Sscottl * calculate the public key 290196200Sscottl */ 291196200Sscottl group = EC_KEY_get0_group(eckey); 292196200Sscottl pub_key = EC_POINT_new(group); 293196200Sscottl if (pub_key == NULL) { 294196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); 295196200Sscottl goto ecerr; 296237259Seadler } 297196200Sscottl if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { 298214396Sjhb EC_POINT_free(pub_key); 299196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); 300214396Sjhb goto ecerr; 301196200Sscottl } 302196200Sscottl priv_key = EC_KEY_get0_private_key(eckey); 303214396Sjhb if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { 304222899Sbz EC_POINT_free(pub_key); 305222899Sbz EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); 306214396Sjhb goto ecerr; 307222899Sbz } 308196200Sscottl if (EC_KEY_set_public_key(eckey, pub_key) == 0) { 309196200Sscottl EC_POINT_free(pub_key); 310196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); 311196200Sscottl goto ecerr; 312196200Sscottl } 313196200Sscottl EC_POINT_free(pub_key); 314196200Sscottl } 315222899Sbz 316222899Sbz EVP_PKEY_assign_EC_KEY(pkey, eckey); 317196200Sscottl if (ctx) 318222899Sbz BN_CTX_free(ctx); 319196200Sscottl break; 320196200Sscottl ecerr: 321196200Sscottl if (ctx) 322196200Sscottl BN_CTX_free(ctx); 323196200Sscottl if (eckey) 324196200Sscottl EC_KEY_free(eckey); 325196200Sscottl if (pkey) 326214396Sjhb EVP_PKEY_free(pkey); 327196200Sscottl return NULL; 328222899Sbz#endif 329214396Sjhb default: 330196200Sscottl EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 331196200Sscottl if (!a->algorithm) 332196200Sscottl BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); 333196200Sscottl else 334196200Sscottl i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); 335196200Sscottl ERR_add_error_data(2, "TYPE=", obj_tmp); 336196200Sscottl EVP_PKEY_free(pkey); 337 return NULL; 338 } 339 return pkey; 340} 341 342PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) 343{ 344 return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); 345} 346 347/* Turn a private key into a PKCS8 structure */ 348 349PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) 350{ 351 PKCS8_PRIV_KEY_INFO *p8; 352 353 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { 354 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); 355 return NULL; 356 } 357 p8->broken = broken; 358 if (!ASN1_INTEGER_set(p8->version, 0)) { 359 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); 360 PKCS8_PRIV_KEY_INFO_free(p8); 361 return NULL; 362 } 363 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new())) { 364 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); 365 PKCS8_PRIV_KEY_INFO_free(p8); 366 return NULL; 367 } 368 p8->pkey->type = V_ASN1_OCTET_STRING; 369 switch (EVP_PKEY_type(pkey->type)) { 370#ifndef OPENSSL_NO_RSA 371 case EVP_PKEY_RSA: 372 373 if (p8->broken == PKCS8_NO_OCTET) 374 p8->pkey->type = V_ASN1_SEQUENCE; 375 376 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); 377 p8->pkeyalg->parameter->type = V_ASN1_NULL; 378 if (!ASN1_pack_string_of(EVP_PKEY, pkey, i2d_PrivateKey, 379 &p8->pkey->value.octet_string)) { 380 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); 381 PKCS8_PRIV_KEY_INFO_free(p8); 382 return NULL; 383 } 384 break; 385#endif 386#ifndef OPENSSL_NO_DSA 387 case EVP_PKEY_DSA: 388 if (!dsa_pkey2pkcs8(p8, pkey)) { 389 PKCS8_PRIV_KEY_INFO_free(p8); 390 return NULL; 391 } 392 393 break; 394#endif 395#ifndef OPENSSL_NO_EC 396 case EVP_PKEY_EC: 397 if (!eckey_pkey2pkcs8(p8, pkey)) { 398 PKCS8_PRIV_KEY_INFO_free(p8); 399 return (NULL); 400 } 401 break; 402#endif 403 default: 404 EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, 405 EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 406 PKCS8_PRIV_KEY_INFO_free(p8); 407 return NULL; 408 } 409 RAND_add(p8->pkey->value.octet_string->data, 410 p8->pkey->value.octet_string->length, 0.0); 411 return p8; 412} 413 414PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) 415{ 416 switch (broken) { 417 418 case PKCS8_OK: 419 p8->broken = PKCS8_OK; 420 return p8; 421 break; 422 423 case PKCS8_NO_OCTET: 424 p8->broken = PKCS8_NO_OCTET; 425 p8->pkey->type = V_ASN1_SEQUENCE; 426 return p8; 427 break; 428 429 default: 430 EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); 431 return NULL; 432 } 433} 434 435#ifndef OPENSSL_NO_DSA 436static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) 437{ 438 ASN1_STRING *params = NULL; 439 ASN1_INTEGER *prkey = NULL; 440 ASN1_TYPE *ttmp = NULL; 441 STACK_OF(ASN1_TYPE) *ndsa = NULL; 442 unsigned char *p = NULL, *q; 443 int len; 444 445 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); 446 len = i2d_DSAparams(pkey->pkey.dsa, NULL); 447 if (!(p = OPENSSL_malloc(len))) { 448 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 449 goto err; 450 } 451 q = p; 452 i2d_DSAparams(pkey->pkey.dsa, &q); 453 if (!(params = ASN1_STRING_new())) { 454 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 455 goto err; 456 } 457 if (!ASN1_STRING_set(params, p, len)) { 458 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 459 goto err; 460 } 461 OPENSSL_free(p); 462 p = NULL; 463 /* Get private key into integer */ 464 if (!(prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL))) { 465 EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); 466 goto err; 467 } 468 469 switch (p8->broken) { 470 471 case PKCS8_OK: 472 case PKCS8_NO_OCTET: 473 474 if (!ASN1_pack_string_of(ASN1_INTEGER, prkey, i2d_ASN1_INTEGER, 475 &p8->pkey->value.octet_string)) { 476 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 477 goto err; 478 } 479 480 M_ASN1_INTEGER_free(prkey); 481 prkey = NULL; 482 p8->pkeyalg->parameter->value.sequence = params; 483 params = NULL; 484 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 485 486 break; 487 488 case PKCS8_NS_DB: 489 490 p8->pkeyalg->parameter->value.sequence = params; 491 params = NULL; 492 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 493 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 494 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 495 goto err; 496 } 497 if (!(ttmp = ASN1_TYPE_new())) { 498 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 499 goto err; 500 } 501 if (!(ttmp->value.integer = 502 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { 503 EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); 504 goto err; 505 } 506 ttmp->type = V_ASN1_INTEGER; 507 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 508 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 509 goto err; 510 } 511 512 if (!(ttmp = ASN1_TYPE_new())) { 513 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 514 goto err; 515 } 516 ttmp->value.integer = prkey; 517 prkey = NULL; 518 ttmp->type = V_ASN1_INTEGER; 519 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 520 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 521 goto err; 522 } 523 ttmp = NULL; 524 525 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 526 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 527 goto err; 528 } 529 530 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, 531 &p8->pkey->value.octet_string->data, 532 &p8->pkey->value.octet_string->length)) { 533 534 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 535 goto err; 536 } 537 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 538 break; 539 540 case PKCS8_EMBEDDED_PARAM: 541 542 p8->pkeyalg->parameter->type = V_ASN1_NULL; 543 if (!(ndsa = sk_ASN1_TYPE_new_null())) { 544 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 545 goto err; 546 } 547 if (!(ttmp = ASN1_TYPE_new())) { 548 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 549 goto err; 550 } 551 ttmp->value.sequence = params; 552 params = NULL; 553 ttmp->type = V_ASN1_SEQUENCE; 554 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 555 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 556 goto err; 557 } 558 559 if (!(ttmp = ASN1_TYPE_new())) { 560 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 561 goto err; 562 } 563 ttmp->value.integer = prkey; 564 prkey = NULL; 565 ttmp->type = V_ASN1_INTEGER; 566 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { 567 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 568 goto err; 569 } 570 ttmp = NULL; 571 572 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { 573 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 574 goto err; 575 } 576 577 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, 578 &p8->pkey->value.octet_string->data, 579 &p8->pkey->value.octet_string->length)) { 580 581 EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 582 goto err; 583 } 584 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 585 break; 586 } 587 return 1; 588 err: 589 if (p != NULL) 590 OPENSSL_free(p); 591 if (params != NULL) 592 ASN1_STRING_free(params); 593 if (prkey != NULL) 594 M_ASN1_INTEGER_free(prkey); 595 if (ttmp != NULL) 596 ASN1_TYPE_free(ttmp); 597 if (ndsa != NULL) 598 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 599 return 0; 600} 601#endif 602 603#ifndef OPENSSL_NO_EC 604static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) 605{ 606 EC_KEY *ec_key; 607 const EC_GROUP *group; 608 unsigned char *p, *pp; 609 int nid, i, ret = 0; 610 unsigned int tmp_flags, old_flags; 611 612 ec_key = pkey->pkey.ec; 613 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { 614 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); 615 return 0; 616 } 617 618 /* set the ec parameters OID */ 619 if (p8->pkeyalg->algorithm) 620 ASN1_OBJECT_free(p8->pkeyalg->algorithm); 621 622 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); 623 624 /* set the ec parameters */ 625 626 if (p8->pkeyalg->parameter) { 627 ASN1_TYPE_free(p8->pkeyalg->parameter); 628 p8->pkeyalg->parameter = NULL; 629 } 630 631 if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) { 632 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 633 return 0; 634 } 635 636 if (EC_GROUP_get_asn1_flag(group) 637 && (nid = EC_GROUP_get_curve_name(group))) { 638 /* we have a 'named curve' => just set the OID */ 639 p8->pkeyalg->parameter->type = V_ASN1_OBJECT; 640 p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); 641 } else { /* explicit parameters */ 642 643 if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { 644 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); 645 return 0; 646 } 647 if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) { 648 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 649 return 0; 650 } 651 pp = p; 652 if (!i2d_ECParameters(ec_key, &pp)) { 653 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); 654 OPENSSL_free(p); 655 return 0; 656 } 657 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 658 if ((p8->pkeyalg->parameter->value.sequence 659 = ASN1_STRING_new()) == NULL) { 660 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); 661 OPENSSL_free(p); 662 return 0; 663 } 664 ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); 665 OPENSSL_free(p); 666 } 667 668 /* set the private key */ 669 670 /* 671 * do not include the parameters in the SEC1 private key see PKCS#11 672 * 12.11 673 */ 674 old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); 675 tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; 676 EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); 677 i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); 678 if (!i) { 679 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); 680 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); 681 return 0; 682 } 683 p = (unsigned char *)OPENSSL_malloc(i); 684 if (!p) { 685 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); 686 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 687 return 0; 688 } 689 pp = p; 690 if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) { 691 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); 692 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); 693 OPENSSL_free(p); 694 return 0; 695 } 696 /* restore old encoding flags */ 697 EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); 698 699 switch (p8->broken) { 700 701 case PKCS8_OK: 702 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); 703 if (!p8->pkey->value.octet_string || 704 !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, 705 (const void *)p, i)) { 706 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); 707 } else 708 ret = 1; 709 break; 710 case PKCS8_NO_OCTET: /* RSA specific */ 711 case PKCS8_NS_DB: /* DSA specific */ 712 case PKCS8_EMBEDDED_PARAM: /* DSA specific */ 713 default: 714 EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_ENCODE_ERROR); 715 } 716 OPENSSL_cleanse(p, (size_t)i); 717 OPENSSL_free(p); 718 return ret; 719} 720#endif 721 722/* EVP_PKEY attribute functions */ 723 724int EVP_PKEY_get_attr_count(const EVP_PKEY *key) 725{ 726 return X509at_get_attr_count(key->attributes); 727} 728 729int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) 730{ 731 return X509at_get_attr_by_NID(key->attributes, nid, lastpos); 732} 733 734int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, 735 int lastpos) 736{ 737 return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); 738} 739 740X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) 741{ 742 return X509at_get_attr(key->attributes, loc); 743} 744 745X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) 746{ 747 return X509at_delete_attr(key->attributes, loc); 748} 749 750int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) 751{ 752 if (X509at_add1_attr(&key->attributes, attr)) 753 return 1; 754 return 0; 755} 756 757int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, 758 const ASN1_OBJECT *obj, int type, 759 const unsigned char *bytes, int len) 760{ 761 if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len)) 762 return 1; 763 return 0; 764} 765 766int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, 767 int nid, int type, 768 const unsigned char *bytes, int len) 769{ 770 if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len)) 771 return 1; 772 return 0; 773} 774 775int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, 776 const char *attrname, int type, 777 const unsigned char *bytes, int len) 778{ 779 if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len)) 780 return 1; 781 return 0; 782} 783