VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.1f/crypto/x509/x_pubkey.c@ 83531

Last change on this file since 83531 was 83531, checked in by vboxsync, 5 years ago

setting svn:sync-process=export for openssl-1.1.1f, all files except tests
File size: 9.1 KB
Line 
1/*
2 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include <openssl/asn1t.h>
13#include <openssl/x509.h>
14#include "crypto/asn1.h"
15#include "crypto/evp.h"
16#include "crypto/x509.h"
17#include <openssl/rsa.h>
18#include <openssl/dsa.h>
19
20struct X509_pubkey_st {
21 X509_ALGOR *algor;
22 ASN1_BIT_STRING *public_key;
23 EVP_PKEY *pkey;
24};
25
26static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key);
27
28/* Minor tweak to operation: free up EVP_PKEY */
29static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
30 void *exarg)
31{
32 if (operation == ASN1_OP_FREE_POST) {
33 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
34 EVP_PKEY_free(pubkey->pkey);
35 } else if (operation == ASN1_OP_D2I_POST) {
36 /* Attempt to decode public key and cache in pubkey structure. */
37 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
38 EVP_PKEY_free(pubkey->pkey);
39 pubkey->pkey = NULL;
40 /*
41 * Opportunistically decode the key but remove any non fatal errors
42 * from the queue. Subsequent explicit attempts to decode/use the key
43 * will return an appropriate error.
44 */
45 ERR_set_mark();
46 if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1)
47 return 0;
48 ERR_pop_to_mark();
49 }
50 return 1;
51}
52
53ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
54 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
55 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
56} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
57
58IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
59
60int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
61{
62 X509_PUBKEY *pk = NULL;
63
64 if (x == NULL)
65 return 0;
66
67 if ((pk = X509_PUBKEY_new()) == NULL)
68 goto error;
69
70 if (pkey->ameth) {
71 if (pkey->ameth->pub_encode) {
72 if (!pkey->ameth->pub_encode(pk, pkey)) {
73 X509err(X509_F_X509_PUBKEY_SET,
74 X509_R_PUBLIC_KEY_ENCODE_ERROR);
75 goto error;
76 }
77 } else {
78 X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED);
79 goto error;
80 }
81 } else {
82 X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
83 goto error;
84 }
85
86 X509_PUBKEY_free(*x);
87 *x = pk;
88 pk->pkey = pkey;
89 EVP_PKEY_up_ref(pkey);
90 return 1;
91
92 error:
93 X509_PUBKEY_free(pk);
94 return 0;
95}
96
97/*
98 * Attempt to decode a public key.
99 * Returns 1 on success, 0 for a decode failure and -1 for a fatal
100 * error e.g. malloc failure.
101 */
102
103
104static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
105{
106 EVP_PKEY *pkey = EVP_PKEY_new();
107
108 if (pkey == NULL) {
109 X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
110 return -1;
111 }
112
113 if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) {
114 X509err(X509_F_X509_PUBKEY_DECODE, X509_R_UNSUPPORTED_ALGORITHM);
115 goto error;
116 }
117
118 if (pkey->ameth->pub_decode) {
119 /*
120 * Treat any failure of pub_decode as a decode error. In
121 * future we could have different return codes for decode
122 * errors and fatal errors such as malloc failure.
123 */
124 if (!pkey->ameth->pub_decode(pkey, key)) {
125 X509err(X509_F_X509_PUBKEY_DECODE, X509_R_PUBLIC_KEY_DECODE_ERROR);
126 goto error;
127 }
128 } else {
129 X509err(X509_F_X509_PUBKEY_DECODE, X509_R_METHOD_NOT_SUPPORTED);
130 goto error;
131 }
132
133 *ppkey = pkey;
134 return 1;
135
136 error:
137 EVP_PKEY_free(pkey);
138 return 0;
139}
140
141EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
142{
143 EVP_PKEY *ret = NULL;
144
145 if (key == NULL || key->public_key == NULL)
146 return NULL;
147
148 if (key->pkey != NULL)
149 return key->pkey;
150
151 /*
152 * When the key ASN.1 is initially parsed an attempt is made to
153 * decode the public key and cache the EVP_PKEY structure. If this
154 * operation fails the cached value will be NULL. Parsing continues
155 * to allow parsing of unknown key types or unsupported forms.
156 * We repeat the decode operation so the appropriate errors are left
157 * in the queue.
158 */
159 x509_pubkey_decode(&ret, key);
160 /* If decode doesn't fail something bad happened */
161 if (ret != NULL) {
162 X509err(X509_F_X509_PUBKEY_GET0, ERR_R_INTERNAL_ERROR);
163 EVP_PKEY_free(ret);
164 }
165
166 return NULL;
167}
168
169EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
170{
171 EVP_PKEY *ret = X509_PUBKEY_get0(key);
172 if (ret != NULL)
173 EVP_PKEY_up_ref(ret);
174 return ret;
175}
176
177/*
178 * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or
179 * decode as X509_PUBKEY
180 */
181
182EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
183{
184 X509_PUBKEY *xpk;
185 EVP_PKEY *pktmp;
186 const unsigned char *q;
187 q = *pp;
188 xpk = d2i_X509_PUBKEY(NULL, &q, length);
189 if (!xpk)
190 return NULL;
191 pktmp = X509_PUBKEY_get(xpk);
192 X509_PUBKEY_free(xpk);
193 if (!pktmp)
194 return NULL;
195 *pp = q;
196 if (a) {
197 EVP_PKEY_free(*a);
198 *a = pktmp;
199 }
200 return pktmp;
201}
202
203int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
204{
205 X509_PUBKEY *xpk = NULL;
206 int ret;
207 if (!a)
208 return 0;
209 if (!X509_PUBKEY_set(&xpk, a))
210 return -1;
211 ret = i2d_X509_PUBKEY(xpk, pp);
212 X509_PUBKEY_free(xpk);
213 return ret;
214}
215
216/*
217 * The following are equivalents but which return RSA and DSA keys
218 */
219#ifndef OPENSSL_NO_RSA
220RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
221{
222 EVP_PKEY *pkey;
223 RSA *key;
224 const unsigned char *q;
225 q = *pp;
226 pkey = d2i_PUBKEY(NULL, &q, length);
227 if (!pkey)
228 return NULL;
229 key = EVP_PKEY_get1_RSA(pkey);
230 EVP_PKEY_free(pkey);
231 if (!key)
232 return NULL;
233 *pp = q;
234 if (a) {
235 RSA_free(*a);
236 *a = key;
237 }
238 return key;
239}
240
241int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
242{
243 EVP_PKEY *pktmp;
244 int ret;
245 if (!a)
246 return 0;
247 pktmp = EVP_PKEY_new();
248 if (pktmp == NULL) {
249 ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
250 return -1;
251 }
252 EVP_PKEY_set1_RSA(pktmp, a);
253 ret = i2d_PUBKEY(pktmp, pp);
254 EVP_PKEY_free(pktmp);
255 return ret;
256}
257#endif
258
259#ifndef OPENSSL_NO_DSA
260DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
261{
262 EVP_PKEY *pkey;
263 DSA *key;
264 const unsigned char *q;
265 q = *pp;
266 pkey = d2i_PUBKEY(NULL, &q, length);
267 if (!pkey)
268 return NULL;
269 key = EVP_PKEY_get1_DSA(pkey);
270 EVP_PKEY_free(pkey);
271 if (!key)
272 return NULL;
273 *pp = q;
274 if (a) {
275 DSA_free(*a);
276 *a = key;
277 }
278 return key;
279}
280
281int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
282{
283 EVP_PKEY *pktmp;
284 int ret;
285 if (!a)
286 return 0;
287 pktmp = EVP_PKEY_new();
288 if (pktmp == NULL) {
289 ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
290 return -1;
291 }
292 EVP_PKEY_set1_DSA(pktmp, a);
293 ret = i2d_PUBKEY(pktmp, pp);
294 EVP_PKEY_free(pktmp);
295 return ret;
296}
297#endif
298
299#ifndef OPENSSL_NO_EC
300EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
301{
302 EVP_PKEY *pkey;
303 EC_KEY *key;
304 const unsigned char *q;
305 q = *pp;
306 pkey = d2i_PUBKEY(NULL, &q, length);
307 if (!pkey)
308 return NULL;
309 key = EVP_PKEY_get1_EC_KEY(pkey);
310 EVP_PKEY_free(pkey);
311 if (!key)
312 return NULL;
313 *pp = q;
314 if (a) {
315 EC_KEY_free(*a);
316 *a = key;
317 }
318 return key;
319}
320
321int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
322{
323 EVP_PKEY *pktmp;
324 int ret;
325 if (!a)
326 return 0;
327 if ((pktmp = EVP_PKEY_new()) == NULL) {
328 ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
329 return -1;
330 }
331 EVP_PKEY_set1_EC_KEY(pktmp, a);
332 ret = i2d_PUBKEY(pktmp, pp);
333 EVP_PKEY_free(pktmp);
334 return ret;
335}
336#endif
337
338int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
339 int ptype, void *pval,
340 unsigned char *penc, int penclen)
341{
342 if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
343 return 0;
344 if (penc) {
345 OPENSSL_free(pub->public_key->data);
346 pub->public_key->data = penc;
347 pub->public_key->length = penclen;
348 /* Set number of unused bits to zero */
349 pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
350 pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
351 }
352 return 1;
353}
354
355int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
356 const unsigned char **pk, int *ppklen,
357 X509_ALGOR **pa, X509_PUBKEY *pub)
358{
359 if (ppkalg)
360 *ppkalg = pub->algor->algorithm;
361 if (pk) {
362 *pk = pub->public_key->data;
363 *ppklen = pub->public_key->length;
364 }
365 if (pa)
366 *pa = pub->algor;
367 return 1;
368}
369
370ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
371{
372 if (x == NULL)
373 return NULL;
374 return x->cert_info.key->public_key;
375}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette