1/* crypto/asn1/x_pubkey.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/asn1t.h> 62#include <openssl/x509.h> 63 64/* Minor tweak to operation: free up EVP_PKEY */ 65static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 66{ 67 if(operation == ASN1_OP_FREE_POST) { 68 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; 69 EVP_PKEY_free(pubkey->pkey); 70 } 71 return 1; 72} 73 74ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { 75 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), 76 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) 77} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) 78 79IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) 80 81int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) 82 { 83 X509_PUBKEY *pk=NULL; 84 X509_ALGOR *a; 85 ASN1_OBJECT *o; 86 unsigned char *s,*p = NULL; 87 int i; 88 89 if (x == NULL) return(0); 90 91 if ((pk=X509_PUBKEY_new()) == NULL) goto err; 92 a=pk->algor; 93 94 /* set the algorithm id */ 95 if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; 96 ASN1_OBJECT_free(a->algorithm); 97 a->algorithm=o; 98 99 /* Set the parameter list */ 100 if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) 101 { 102 if ((a->parameter == NULL) || 103 (a->parameter->type != V_ASN1_NULL)) 104 { 105 ASN1_TYPE_free(a->parameter); 106 if (!(a->parameter=ASN1_TYPE_new())) 107 { 108 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 109 goto err; 110 } 111 a->parameter->type=V_ASN1_NULL; 112 } 113 } 114 else 115#ifndef OPENSSL_NO_DSA 116 if (pkey->type == EVP_PKEY_DSA) 117 { 118 unsigned char *pp; 119 DSA *dsa; 120 121 dsa=pkey->pkey.dsa; 122 dsa->write_params=0; 123 ASN1_TYPE_free(a->parameter); 124 if ((i=i2d_DSAparams(dsa,NULL)) <= 0) 125 goto err; 126 if (!(p=(unsigned char *)OPENSSL_malloc(i))) 127 { 128 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 129 goto err; 130 } 131 pp=p; 132 i2d_DSAparams(dsa,&pp); 133 if (!(a->parameter=ASN1_TYPE_new())) 134 { 135 OPENSSL_free(p); 136 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 137 goto err; 138 } 139 a->parameter->type=V_ASN1_SEQUENCE; 140 if (!(a->parameter->value.sequence=ASN1_STRING_new())) 141 { 142 OPENSSL_free(p); 143 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 144 goto err; 145 } 146 if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) 147 { 148 OPENSSL_free(p); 149 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 150 goto err; 151 } 152 OPENSSL_free(p); 153 } 154 else 155#endif 156 { 157 X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); 158 goto err; 159 } 160 161 if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; 162 if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) 163 { 164 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 165 goto err; 166 } 167 p=s; 168 i2d_PublicKey(pkey,&p); 169 if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) 170 { 171 X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); 172 goto err; 173 } 174 /* Set number of unused bits to zero */ 175 pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 176 pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; 177 178 OPENSSL_free(s); 179 180#if 0 181 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 182 pk->pkey=pkey; 183#endif 184 185 if (*x != NULL) 186 X509_PUBKEY_free(*x); 187 188 *x=pk; 189 190 return 1; 191err: 192 if (pk != NULL) X509_PUBKEY_free(pk); 193 return 0; 194 } 195 196EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) 197 { 198 EVP_PKEY *ret=NULL; 199 long j; 200 int type; 201 unsigned char *p; 202#ifndef OPENSSL_NO_DSA 203 const unsigned char *cp; 204 X509_ALGOR *a; 205#endif 206 207 if (key == NULL) goto err; 208 209 if (key->pkey != NULL) 210 { 211 CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 212 return(key->pkey); 213 } 214 215 if (key->public_key == NULL) goto err; 216 217 type=OBJ_obj2nid(key->algor->algorithm); 218 p=key->public_key->data; 219 j=key->public_key->length; 220 if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL) 221 { 222 X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB); 223 goto err; 224 } 225 ret->save_parameters=0; 226 227#ifndef OPENSSL_NO_DSA 228 a=key->algor; 229 if (ret->type == EVP_PKEY_DSA) 230 { 231 if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) 232 { 233 ret->pkey.dsa->write_params=0; 234 cp=p=a->parameter->value.sequence->data; 235 j=a->parameter->value.sequence->length; 236 if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j)) 237 goto err; 238 } 239 ret->save_parameters=1; 240 } 241#endif 242 key->pkey=ret; 243 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY); 244 return(ret); 245err: 246 if (ret != NULL) 247 EVP_PKEY_free(ret); 248 return(NULL); 249 } 250 251/* Now two pseudo ASN1 routines that take an EVP_PKEY structure 252 * and encode or decode as X509_PUBKEY 253 */ 254 255EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, 256 long length) 257{ 258 X509_PUBKEY *xpk; 259 EVP_PKEY *pktmp; 260 xpk = d2i_X509_PUBKEY(NULL, pp, length); 261 if(!xpk) return NULL; 262 pktmp = X509_PUBKEY_get(xpk); 263 X509_PUBKEY_free(xpk); 264 if(!pktmp) return NULL; 265 if(a) { 266 EVP_PKEY_free(*a); 267 *a = pktmp; 268 } 269 return pktmp; 270} 271 272int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) 273{ 274 X509_PUBKEY *xpk=NULL; 275 int ret; 276 if(!a) return 0; 277 if(!X509_PUBKEY_set(&xpk, a)) return 0; 278 ret = i2d_X509_PUBKEY(xpk, pp); 279 X509_PUBKEY_free(xpk); 280 return ret; 281} 282 283/* The following are equivalents but which return RSA and DSA 284 * keys 285 */ 286#ifndef OPENSSL_NO_RSA 287RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, 288 long length) 289{ 290 EVP_PKEY *pkey; 291 RSA *key; 292 unsigned char *q; 293 q = *pp; 294 pkey = d2i_PUBKEY(NULL, &q, length); 295 if(!pkey) return NULL; 296 key = EVP_PKEY_get1_RSA(pkey); 297 EVP_PKEY_free(pkey); 298 if(!key) return NULL; 299 *pp = q; 300 if(a) { 301 RSA_free(*a); 302 *a = key; 303 } 304 return key; 305} 306 307int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) 308{ 309 EVP_PKEY *pktmp; 310 int ret; 311 if(!a) return 0; 312 pktmp = EVP_PKEY_new(); 313 if(!pktmp) { 314 ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); 315 return 0; 316 } 317 EVP_PKEY_set1_RSA(pktmp, a); 318 ret = i2d_PUBKEY(pktmp, pp); 319 EVP_PKEY_free(pktmp); 320 return ret; 321} 322#endif 323 324#ifndef OPENSSL_NO_DSA 325DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, 326 long length) 327{ 328 EVP_PKEY *pkey; 329 DSA *key; 330 unsigned char *q; 331 q = *pp; 332 pkey = d2i_PUBKEY(NULL, &q, length); 333 if(!pkey) return NULL; 334 key = EVP_PKEY_get1_DSA(pkey); 335 EVP_PKEY_free(pkey); 336 if(!key) return NULL; 337 *pp = q; 338 if(a) { 339 DSA_free(*a); 340 *a = key; 341 } 342 return key; 343} 344 345int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) 346{ 347 EVP_PKEY *pktmp; 348 int ret; 349 if(!a) return 0; 350 pktmp = EVP_PKEY_new(); 351 if(!pktmp) { 352 ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); 353 return 0; 354 } 355 EVP_PKEY_set1_DSA(pktmp, a); 356 ret = i2d_PUBKEY(pktmp, pp); 357 EVP_PKEY_free(pktmp); 358 return ret; 359} 360#endif 361