VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/key-openssl.cpp@ 88485

Last change on this file since 88485 was 85121, checked in by vboxsync, 5 years ago

iprt/cdefs.h: Refactored the typedef use of DECLCALLBACK as well as DECLCALLBACKMEMBER to wrap the whole expression, similar to the DECLR?CALLBACKMEMBER macros. This allows adding a throw() at the end when compiling with the VC++ compiler to indicate that the callbacks won't throw anything, so we can stop supressing the C5039 warning about passing functions that can potential throw C++ exceptions to extern C code that can't necessarily cope with such (unwind,++). Introduced a few _EX variations that allows specifying different/no calling convention too, as that's handy when dynamically resolving host APIs. Fixed numerous places missing DECLCALLBACK and such. Left two angry @todos regarding use of CreateThread. bugref:9794

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 8.3 KB
Line 
1/* $Id: key-openssl.cpp 85121 2020-07-08 19:33:26Z vboxsync $ */
2/** @file
3 * IPRT - Crypto - Cryptographic Keys, OpenSSL glue.
4 */
5
6/*
7 * Copyright (C) 2006-2020 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/key.h>
33
34#include <iprt/err.h>
35#include <iprt/string.h>
36#include <iprt/crypto/digest.h>
37
38
39#ifdef IPRT_WITH_OPENSSL
40# include "internal/iprt-openssl.h"
41# include "internal/magics.h"
42# include "internal/openssl-pre.h"
43# include <openssl/evp.h>
44# include "internal/openssl-post.h"
45# ifndef OPENSSL_VERSION_NUMBER
46# error "Missing OPENSSL_VERSION_NUMBER!"
47# endif
48
49# include "key-internal.h"
50
51
52/**
53 * Creates an OpenSSL key for the given IPRT one, returning the message digest
54 * algorithm if desired.
55 *
56 * @returns IRPT status code.
57 * @param hKey The key to convert to an OpenSSL key.
58 * @param fNeedPublic Set if we need the public side of the key.
59 * @param pszAlgoObjId Alogrithm stuff we currently need.
60 * @param ppEvpKey Where to return the pointer to the key structure.
61 * @param ppEvpMdType Where to optionally return the message digest type.
62 * @param pErrInfo Where to optionally return more error details.
63 */
64DECLHIDDEN(int) rtCrKeyToOpenSslKey(RTCRKEY hKey, bool fNeedPublic, void /*EVP_PKEY*/ **ppEvpKey, PRTERRINFO pErrInfo)
65{
66 *ppEvpKey = NULL;
67 AssertReturn(hKey->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
68 AssertReturn(fNeedPublic == !(hKey->fFlags & RTCRKEYINT_F_PRIVATE), VERR_WRONG_TYPE);
69
70 rtCrOpenSslInit();
71
72 /*
73 * Translate the key type from IPRT to EVP speak.
74 */
75 int idKeyType;
76 switch (hKey->enmType)
77 {
78 case RTCRKEYTYPE_RSA_PRIVATE:
79 case RTCRKEYTYPE_RSA_PUBLIC:
80 idKeyType = EVP_PKEY_RSA;
81 break;
82 default:
83 return RTErrInfoSetF(pErrInfo, VERR_NOT_SUPPORTED, "Unsupported key type: %d", hKey->enmType);
84 }
85
86 /*
87 * Allocate a new key structure and set its type.
88 */
89 EVP_PKEY *pEvpNewKey = EVP_PKEY_new();
90 if (!pEvpNewKey)
91 return RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new/%d failed", idKeyType);
92
93 /*
94 * Load the key into the structure.
95 */
96 const unsigned char *puchPublicKey = hKey->pbEncoded;
97 EVP_PKEY *pRet;
98 if (fNeedPublic)
99 *ppEvpKey = pRet = d2i_PublicKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
100 else
101 *ppEvpKey = pRet = d2i_PrivateKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
102 if (pRet)
103 return VINF_SUCCESS;
104
105 /* Bail out: */
106 EVP_PKEY_free(pEvpNewKey);
107 return RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED,
108 fNeedPublic ? "d2i_PublicKey failed" : "d2i_PrivateKey failed");
109}
110
111
112/**
113 * Creates an OpenSSL key for the given IPRT one, returning the message digest
114 * algorithm if desired.
115 *
116 * @returns IRPT status code.
117 * @param hKey The key to convert to an OpenSSL key.
118 * @param fNeedPublic Set if we need the public side of the key.
119 * @param pszAlgoObjId Alogrithm stuff we currently need.
120 * @param ppEvpKey Where to return the pointer to the key structure.
121 * @param ppEvpMdType Where to optionally return the message digest type.
122 * @param pErrInfo Where to optionally return more error details.
123 */
124DECLHIDDEN(int) rtCrKeyToOpenSslKeyEx(RTCRKEY hKey, bool fNeedPublic, const char *pszAlgoObjId,
125 void /*EVP_PKEY*/ **ppEvpKey, const void /*EVP_MD*/ **ppEvpMdType, PRTERRINFO pErrInfo)
126{
127 *ppEvpKey = NULL;
128 if (ppEvpMdType)
129 *ppEvpMdType = NULL;
130 AssertReturn(hKey->u32Magic == RTCRKEYINT_MAGIC, VERR_INVALID_HANDLE);
131 AssertReturn(fNeedPublic == !(hKey->fFlags & RTCRKEYINT_F_PRIVATE), VERR_WRONG_TYPE);
132
133 rtCrOpenSslInit();
134
135 /*
136 * Translate algorithm object ID into stuff that OpenSSL wants.
137 */
138 int iAlgoNid = OBJ_txt2nid(pszAlgoObjId);
139 if (iAlgoNid == NID_undef)
140 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN,
141 "Unknown public key algorithm [OpenSSL]: %s", pszAlgoObjId);
142 const char *pszAlgoSn = OBJ_nid2sn(iAlgoNid);
143
144# if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER)
145 int idAlgoPkey = 0;
146 int idAlgoMd = 0;
147 if (!OBJ_find_sigid_algs(iAlgoNid, &idAlgoMd, &idAlgoPkey))
148 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,
149 "OBJ_find_sigid_algs failed on %u (%s, %s)", iAlgoNid, pszAlgoSn, pszAlgoObjId);
150 if (ppEvpMdType)
151 {
152 const EVP_MD *pEvpMdType = EVP_get_digestbynid(idAlgoMd);
153 if (!pEvpMdType)
154 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,
155 "EVP_get_digestbynid failed on %d (%s, %s)", idAlgoMd, pszAlgoSn, pszAlgoObjId);
156 *ppEvpMdType = pEvpMdType;
157 }
158# else
159 const EVP_MD *pEvpMdType = EVP_get_digestbyname(pszAlgoSn);
160 if (!pEvpMdType)
161 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,
162 "EVP_get_digestbyname failed on %s (%s)", pszAlgoSn, pszAlgoObjId);
163 if (ppEvpMdType)
164 *ppEvpMdType = pEvpMdType;
165# endif
166
167 /*
168 * Allocate a new key structure and set its type.
169 */
170 EVP_PKEY *pEvpNewKey = EVP_PKEY_new();
171 if (!pEvpNewKey)
172 return RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new(%d) failed", iAlgoNid);
173
174 int rc;
175# if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER)
176 if (EVP_PKEY_set_type(pEvpNewKey, idAlgoPkey))
177 {
178 int idKeyType = EVP_PKEY_base_id(pEvpNewKey);
179# else
180 int idKeyType = pEvpNewKey->type = EVP_PKEY_type(pEvpMdType->required_pkey_type[0]);
181# endif
182 if (idKeyType != NID_undef)
183
184 {
185 /*
186 * Load the key into the structure.
187 */
188 const unsigned char *puchPublicKey = hKey->pbEncoded;
189 EVP_PKEY *pRet;
190 if (fNeedPublic)
191 *ppEvpKey = pRet = d2i_PublicKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
192 else
193 *ppEvpKey = pRet = d2i_PrivateKey(idKeyType, &pEvpNewKey, &puchPublicKey, hKey->cbEncoded);
194 if (pRet)
195 return VINF_SUCCESS;
196
197 /* Bail out: */
198 rc = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED,
199 fNeedPublic ? "d2i_PublicKey failed" : "d2i_PrivateKey failed");
200 }
201 else
202# if OPENSSL_VERSION_NUMBER < 0x10001000 || defined(LIBRESSL_VERSION_NUMBER)
203 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_type() failed");
204# else
205 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_base_id() failed");
206 }
207 else
208 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR,
209 "EVP_PKEY_set_type(%u) failed (sig algo %s)", idAlgoPkey, pszAlgoSn);
210# endif
211
212 EVP_PKEY_free(pEvpNewKey);
213 return rc;
214}
215
216#endif /* IPRT_WITH_OPENSSL */
217
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette