]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/x509/x_pubkey.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use the new ASN.1 libctx aware capabilities in CMP
[thirdparty/openssl.git] / crypto / x509 / x_pubkey.c
CommitLineData
b1322259 1/*
4333b89f 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6 3 *
3e4b43b9 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
b1322259
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
d02b48c6
RE		 8 */
9
f41ac0ee
P		 10/*
11 * DSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
d02b48c6 16#include <stdio.h>
b39fc560 17#include "internal/cryptlib.h"
9d6b1ce6 18#include <openssl/asn1t.h>
f0e8ae72 19#include <openssl/x509.h>
25f2138b
DMSP		 20#include "crypto/asn1.h"
21#include "crypto/evp.h"
22#include "crypto/x509.h"
3c27208f
RS		 23#include <openssl/rsa.h>
24#include <openssl/dsa.h>
10315851 25#include <openssl/decoder.h>
ece9304c 26#include <openssl/encoder.h>
97bb8dff 27#include "internal/provider.h"
10315851 28#include "internal/sizes.h"
d02b48c6 29
29fa0a1a
DSH		 30struct X509_pubkey_st {
31 X509_ALGOR *algor;
32 ASN1_BIT_STRING *public_key;
10315851 33
29fa0a1a 34 EVP_PKEY *pkey;
22b81444
RL		 35
36 /* extra data for the callback, used by d2i_PUBKEY_ex */
b4250010 37 OSSL_LIB_CTX *libctx;
637dce3c 38 char *propq;
10315851
RL		 39
40 /* Flag to force legacy keys */
41 unsigned int flag_force_legacy : 1;
29fa0a1a
DSH		 42};
43
7674e923 44static int x509_pubkey_decode(EVP_PKEY **pk, const X509_PUBKEY *key);
fa0a9d71 45
637dce3c
SL		 46static int x509_pubkey_set0_libctx(X509_PUBKEY *x, OSSL_LIB_CTX *libctx,
47 const char *propq)
48{
49 if (x != NULL) {
50 x->libctx = libctx;
51 OPENSSL_free(x->propq);
52 x->propq = NULL;
53 if (propq != NULL) {
54 x->propq = OPENSSL_strdup(propq);
55 if (x->propq == NULL)
56 return 0;
57 }
58 }
59 return 1;
60}
61
10315851
RL		 62ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
63 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
64 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
65} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
66
67static void x509_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
0f113f3e 68{
66066e1b
DDO		 69 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
70
10315851
RL		 71 X509_ALGOR_free(pubkey->algor);
72 ASN1_BIT_STRING_free(pubkey->public_key);
73 EVP_PKEY_free(pubkey->pkey);
c8a9af97 74 OPENSSL_free(pubkey->propq);
10315851
RL		 75 OPENSSL_free(pubkey);
76 *pval = NULL;
77}
78
79static int x509_pubkey_ex_populate(ASN1_VALUE **pval, const ASN1_ITEM *it)
80{
81 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
82
83 return (pubkey->algor != NULL
84 || (pubkey->algor = X509_ALGOR_new()) != NULL)
85 && (pubkey->public_key != NULL
86 || (pubkey->public_key = ASN1_BIT_STRING_new()) != NULL);
87}
88
c8a9af97
MC		 89
90static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it,
91 OSSL_LIB_CTX *libctx, const char *propq)
10315851
RL		 92{
93 X509_PUBKEY *ret;
94
95 if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL
c8a9af97
MC		 96 || !x509_pubkey_ex_populate((ASN1_VALUE **)&ret, NULL)
97 || !x509_pubkey_set0_libctx(ret, libctx, propq)) {
10315851
RL		 98 x509_pubkey_ex_free((ASN1_VALUE **)&ret, NULL);
99 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
100 } else {
101 *pval = (ASN1_VALUE *)ret;
102 }
103
104 return ret != NULL;
105}
106
c6313780
MC		 107static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
108 const unsigned char **in, long len,
109 const ASN1_ITEM *it, int tag, int aclass,
110 char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx,
111 const char *propq)
10315851
RL		 112{
113 const unsigned char *in_saved = *in;
114 X509_PUBKEY *pubkey;
115 int ret;
116 OSSL_DECODER_CTX *dctx = NULL;
117
c6313780 118 if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, libctx, propq))
10315851
RL		 119 return 0;
120 if (!x509_pubkey_ex_populate(pval, NULL)) {
121 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
122 return 0;
123 }
124
125 /* This ensures that |*in| advances properly no matter what */
126 if ((ret = ASN1_item_ex_d2i(pval, in, len,
127 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL),
128 tag, aclass, opt, ctx)) <= 0)
129 return ret;
130
131 pubkey = (X509_PUBKEY *)*pval;
132 EVP_PKEY_free(pubkey->pkey);
133 pubkey->pkey = NULL;
134
135 /*
136 * Opportunistically decode the key but remove any non fatal errors
137 * from the queue. Subsequent explicit attempts to decode/use the key
138 * will return an appropriate error.
139 */
140 ERR_set_mark();
141
142 /*
143 * Try to decode with legacy method first. This ensures that engines
144 * aren't overriden by providers.
145 */
146 if ((ret = x509_pubkey_decode(&pubkey->pkey, pubkey)) == -1) {
147 /* -1 indicates a fatal error, like malloc failure */
148 ERR_clear_last_mark();
149 goto end;
150 }
151
152 /* Try to decode it into an EVP_PKEY with OSSL_DECODER */
153 if (ret <= 0 && !pubkey->flag_force_legacy) {
154 const unsigned char *p = in_saved;
155 char txtoidname[OSSL_MAX_NAME_SIZE];
156
157 if (OBJ_obj2txt(txtoidname, sizeof(txtoidname),
158 pubkey->algor->algorithm, 0) <= 0) {
66066e1b 159 ERR_clear_last_mark();
10315851 160 goto end;
66066e1b 161 }
10315851
RL		 162 if ((dctx =
163 OSSL_DECODER_CTX_new_for_pkey(&pubkey->pkey,
164 "DER", "SubjectPublicKeyInfo",
165 txtoidname, EVP_PKEY_PUBLIC_KEY,
166 pubkey->libctx,
167 pubkey->propq)) != NULL)
168 /*
169 * As said higher up, we're being opportunistic. In other words,
170 * we don't care about what the return value signals.
171 */
172 OSSL_DECODER_from_data(dctx, &p, NULL);
0f113f3e 173 }
10315851
RL		 174
175 ERR_pop_to_mark();
176 ret = 1;
177 end:
178 OSSL_DECODER_CTX_free(dctx);
179 return ret;
0f113f3e 180}
d02b48c6 181
10315851
RL		 182static int x509_pubkey_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
183 const ASN1_ITEM *it, int tag, int aclass)
184{
185 return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL),
186 tag, aclass);
187}
188
189static int x509_pubkey_ex_print(BIO *out, const ASN1_VALUE **pval, int indent,
190 const char *fname, const ASN1_PCTX *pctx)
191{
192 return ASN1_item_print(out, *pval, indent,
193 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), pctx);
194}
195
196static const ASN1_EXTERN_FUNCS x509_pubkey_ff = {
197 NULL,
c8a9af97 198 NULL,
10315851
RL		 199 x509_pubkey_ex_free,
200 0, /* Default clear behaviour is OK */
c6313780 201 NULL,
10315851 202 x509_pubkey_ex_i2d,
c8a9af97
MC		 203 x509_pubkey_ex_print,
204 x509_pubkey_ex_new_ex,
c6313780 205 x509_pubkey_ex_d2i_ex,
10315851 206};
d02b48c6 207
10315851 208IMPLEMENT_EXTERN_ASN1(X509_PUBKEY, V_ASN1_SEQUENCE, x509_pubkey_ff)
9d6b1ce6 209IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
10315851 210
d6ded941
MC		 211X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
212{
213 X509_PUBKEY *pubkey = NULL;
214
c8a9af97 215 pubkey = (X509_PUBKEY *)ASN1_item_new_ex(X509_PUBKEY_it(), libctx, propq);
d6ded941
MC		 216 if (!x509_pubkey_set0_libctx(pubkey, libctx, propq)) {
217 X509_PUBKEY_free(pubkey);
218 pubkey = NULL;
219 }
220 return pubkey;
221}
222
10315851
RL		 223/*
224 * X509_PUBKEY_dup() must be implemented manually, because there is no
225 * support for it in ASN1_EXTERN_FUNCS.
226 */
227X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a)
228{
e7aa284e
P		 229 X509_PUBKEY *pubkey = OPENSSL_zalloc(sizeof(*pubkey));
230
231 if (pubkey == NULL
232 || !x509_pubkey_set0_libctx(pubkey, a->libctx, a->propq)
233 || (pubkey->algor = X509_ALGOR_dup(a->algor)) == NULL
234 || (pubkey->public_key = ASN1_BIT_STRING_new()) == NULL
235 || !ASN1_BIT_STRING_set(pubkey->public_key,
236 a->public_key->data, a->public_key->length)
237 || (a->pkey != NULL && !EVP_PKEY_up_ref(a->pkey))) {
10315851
RL		 238 x509_pubkey_ex_free((ASN1_VALUE **)&pubkey,
239 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL));
240 ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
241 return NULL;
242 }
10315851
RL		 243 pubkey->pkey = a->pkey;
244 return pubkey;
245}
d02b48c6 246
6b691a5c 247int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
0f113f3e
MC		 248{
249 X509_PUBKEY *pk = NULL;
250
7836f949
DDO		 251 if (x == NULL || pkey == NULL) {
252 ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
26a7d938 253 return 0;
7836f949 254 }
0f113f3e 255
e56ba0e1
RL		 256 if (pkey->ameth != NULL) {
257 if ((pk = X509_PUBKEY_new()) == NULL) {
9311d0c4 258 ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
e56ba0e1
RL		 259 goto error;
260 }
261 if (pkey->ameth->pub_encode != NULL) {
0f113f3e 262 if (!pkey->ameth->pub_encode(pk, pkey)) {
9311d0c4 263 ERR_raise(ERR_LIB_X509, X509_R_PUBLIC_KEY_ENCODE_ERROR);
0f113f3e
MC		 264 goto error;
265 }
266 } else {
9311d0c4 267 ERR_raise(ERR_LIB_X509, X509_R_METHOD_NOT_SUPPORTED);
0f113f3e
MC		 268 goto error;
269 }
113adc1f 270 } else if (evp_pkey_is_provided(pkey)) {
113adc1f
RL		 271 unsigned char *der = NULL;
272 size_t derlen = 0;
ece9304c 273 OSSL_ENCODER_CTX *ectx =
fe75766c
TM		 274 OSSL_ENCODER_CTX_new_for_pkey(pkey, EVP_PKEY_PUBLIC_KEY,
275 "DER", "SubjectPublicKeyInfo",
276 NULL);
e56ba0e1 277
113adc1f
RL		 278 if (OSSL_ENCODER_to_data(ectx, &der, &derlen)) {
279 const unsigned char *pder = der;
e56ba0e1 280
113adc1f 281 pk = d2i_X509_PUBKEY(NULL, &pder, (long)derlen);
e56ba0e1
RL		 282 }
283
ece9304c 284 OSSL_ENCODER_CTX_free(ectx);
113adc1f 285 OPENSSL_free(der);
0f113f3e
MC		 286 }
287
7836f949
DDO		 288 if (pk == NULL) {
289 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
290 goto error;
291 }
e56ba0e1 292
222561fe 293 X509_PUBKEY_free(*x);
e56ba0e1 294 if (!EVP_PKEY_up_ref(pkey)) {
9311d0c4 295 ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
e56ba0e1
RL		 296 goto error;
297 }
0f113f3e 298 *x = pk;
a076951b
RL		 299
300 /*
301 * pk->pkey is NULL when using the legacy routine, but is non-NULL when
ece9304c 302 * going through the encoder, and for all intents and purposes, it's
0d5bbaaa
MC		 303 * a perfect copy of the public key portions of |pkey|, just not the same
304 * instance. If that's all there was to pkey then we could simply return
305 * early, right here. However, some application might very well depend on
306 * the passed |pkey| being used and none other, so we spend a few more
307 * cycles throwing away the newly created |pk->pkey| and replace it with
308 * |pkey|.
a076951b
RL		 309 */
310 if (pk->pkey != NULL)
311 EVP_PKEY_free(pk->pkey);
312
fa0a9d71 313 pk->pkey = pkey;
e56ba0e1
RL		 314 return 1;
315
0f113f3e 316 error:
222561fe 317 X509_PUBKEY_free(pk);
0f113f3e
MC		 318 return 0;
319}
d02b48c6 320
fa0a9d71
DSH		 321/*
322 * Attempt to decode a public key.
323 * Returns 1 on success, 0 for a decode failure and -1 for a fatal
324 * error e.g. malloc failure.
10315851
RL		 325 *
326 * This function is #legacy.
fa0a9d71 327 */
7674e923 328static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key)
7fcdbd83 329{
fa0a9d71 330 EVP_PKEY *pkey = EVP_PKEY_new();
0f113f3e 331
fa0a9d71 332 if (pkey == NULL) {
9311d0c4 333 ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
fa0a9d71 334 return -1;
0f113f3e
MC		 335 }
336
fa0a9d71 337 if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) {
9311d0c4 338 ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
0f113f3e
MC		 339 goto error;
340 }
341
fa0a9d71
DSH		 342 if (pkey->ameth->pub_decode) {
343 /*
344 * Treat any failure of pub_decode as a decode error. In
345 * future we could have different return codes for decode
346 * errors and fatal errors such as malloc failure.
347 */
66066e1b 348 if (!pkey->ameth->pub_decode(pkey, key))
0f113f3e 349 goto error;
0f113f3e 350 } else {
9311d0c4 351 ERR_raise(ERR_LIB_X509, X509_R_METHOD_NOT_SUPPORTED);
0f113f3e
MC		 352 goto error;
353 }
354
fa0a9d71
DSH		 355 *ppkey = pkey;
356 return 1;
0f113f3e
MC		 357
358 error:
fa0a9d71
DSH		 359 EVP_PKEY_free(pkey);
360 return 0;
361}
362
7674e923 363EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key)
fa0a9d71
DSH		 364{
365 EVP_PKEY *ret = NULL;
366
367 if (key == NULL || key->public_key == NULL)
368 return NULL;
369
370 if (key->pkey != NULL)
371 return key->pkey;
372
373 /*
374 * When the key ASN.1 is initially parsed an attempt is made to
375 * decode the public key and cache the EVP_PKEY structure. If this
376 * operation fails the cached value will be NULL. Parsing continues
377 * to allow parsing of unknown key types or unsupported forms.
378 * We repeat the decode operation so the appropriate errors are left
379 * in the queue.
380 */
381 x509_pubkey_decode(&ret, key);
382 /* If decode doesn't fail something bad happened */
383 if (ret != NULL) {
9311d0c4 384 ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
fa0a9d71
DSH		 385 EVP_PKEY_free(ret);
386 }
387
388 return NULL;
0f113f3e
MC		 389}
390
7674e923 391EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key)
c01ff880
DSH		 392{
393 EVP_PKEY *ret = X509_PUBKEY_get0(key);
e9e7b5df
BE		 394
395 if (ret != NULL && !EVP_PKEY_up_ref(ret)) {
9311d0c4 396 ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
e9e7b5df
BE		 397 ret = NULL;
398 }
c01ff880
DSH		 399 return ret;
400}
401
0f113f3e 402/*
22b81444
RL		 403 * Now three pseudo ASN1 routines that take an EVP_PKEY structure and encode
404 * or decode as X509_PUBKEY
52664f50 405 */
10315851
RL		 406static EVP_PKEY *d2i_PUBKEY_int(EVP_PKEY **a,
407 const unsigned char **pp, long length,
408 OSSL_LIB_CTX *libctx, const char *propq,
409 unsigned int force_legacy,
410 X509_PUBKEY *
411 (*d2i_x509_pubkey)(X509_PUBKEY **a,
412 const unsigned char **in,
413 long len))
0f113f3e 414{
22b81444
RL		 415 X509_PUBKEY *xpk, *xpk2 = NULL, **pxpk = NULL;
416 EVP_PKEY *pktmp = NULL;
a46c9789 417 const unsigned char *q;
12a765a5 418
a46c9789 419 q = *pp;
22b81444
RL		 420
421 /*
422 * If libctx or propq are non-NULL, we take advantage of the reuse
423 * feature. It's not generally recommended, but is safe enough for
424 * newly created structures.
425 */
10315851 426 if (libctx != NULL || propq != NULL || force_legacy) {
22b81444
RL		 427 xpk2 = OPENSSL_zalloc(sizeof(*xpk2));
428 if (xpk2 == NULL) {
429 ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
430 return NULL;
431 }
637dce3c
SL		 432 if (!x509_pubkey_set0_libctx(xpk2, libctx, propq))
433 goto end;
10315851 434 xpk2->flag_force_legacy = !!force_legacy;
22b81444
RL		 435 pxpk = &xpk2;
436 }
10315851 437 xpk = d2i_x509_pubkey(pxpk, &q, length);
12a765a5 438 if (xpk == NULL)
22b81444 439 goto end;
0f113f3e
MC		 440 pktmp = X509_PUBKEY_get(xpk);
441 X509_PUBKEY_free(xpk);
22b81444 442 xpk2 = NULL; /* We know that xpk == xpk2 */
12a765a5 443 if (pktmp == NULL)
22b81444 444 goto end;
a46c9789 445 *pp = q;
12a765a5 446 if (a != NULL) {
0f113f3e
MC		 447 EVP_PKEY_free(*a);
448 *a = pktmp;
449 }
22b81444
RL		 450 end:
451 X509_PUBKEY_free(xpk2);
0f113f3e
MC		 452 return pktmp;
453}
52664f50 454
10315851 455/* For the algorithm specific d2i functions further down */
aff442dc
RL		 456static EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
457 const unsigned char **pp, long length)
10315851
RL		 458{
459 return d2i_PUBKEY_int(a, pp, length, NULL, NULL, 1, d2i_X509_PUBKEY);
460}
461
462EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length,
463 OSSL_LIB_CTX *libctx, const char *propq)
464{
465 return d2i_PUBKEY_int(a, pp, length, libctx, propq, 0, d2i_X509_PUBKEY);
466}
467
22b81444
RL		 468EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
469{
470 return d2i_PUBKEY_ex(a, pp, length, NULL, NULL);
471}
472
9fdcc21f 473int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp)
0f113f3e 474{
9fdcc21f
DO		 475 int ret = -1;
476
477 if (a == NULL)
0f113f3e 478 return 0;
cdb16632
RL		 479 if (a->ameth != NULL) {
480 X509_PUBKEY *xpk = NULL;
481
482 if ((xpk = X509_PUBKEY_new()) == NULL)
483 return -1;
484
485 /* pub_encode() only encode parameters, not the key itself */
486 if (a->ameth->pub_encode != NULL && a->ameth->pub_encode(xpk, a)) {
487 xpk->pkey = (EVP_PKEY *)a;
488 ret = i2d_X509_PUBKEY(xpk, pp);
489 xpk->pkey = NULL;
490 }
491 X509_PUBKEY_free(xpk);
3c6ed955 492 } else if (a->keymgmt != NULL) {
ece9304c 493 OSSL_ENCODER_CTX *ctx =
fe75766c
TM		 494 OSSL_ENCODER_CTX_new_for_pkey(a, EVP_PKEY_PUBLIC_KEY,
495 "DER", "SubjectPublicKeyInfo",
496 NULL);
cdb16632
RL		 497 BIO *out = BIO_new(BIO_s_mem());
498 BUF_MEM *buf = NULL;
499
97bb8dff 500 if (OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0
cdb16632 501 && out != NULL
ece9304c 502 && OSSL_ENCODER_to_bio(ctx, out)
cdb16632
RL		 503 && BIO_get_mem_ptr(out, &buf) > 0) {
504 ret = buf->length;
505
506 if (pp != NULL) {
507 if (*pp == NULL) {
508 *pp = (unsigned char *)buf->data;
509 buf->length = 0;
510 buf->data = NULL;
511 } else {
512 memcpy(*pp, buf->data, ret);
513 *pp += ret;
514 }
515 }
516 }
517 BIO_free(out);
ece9304c 518 OSSL_ENCODER_CTX_free(ctx);
cdb16632
RL		 519 }
520
0f113f3e
MC		 521 return ret;
522}
523
524/*
525 * The following are equivalents but which return RSA and DSA keys
52664f50 526 */
0f113f3e
MC		 527RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
528{
529 EVP_PKEY *pkey;
06f67612 530 RSA *key = NULL;
0f113f3e 531 const unsigned char *q;
12a765a5 532
0f113f3e 533 q = *pp;
aff442dc 534 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
12a765a5 535 if (pkey == NULL)
0f113f3e
MC		 536 return NULL;
537 key = EVP_PKEY_get1_RSA(pkey);
538 EVP_PKEY_free(pkey);
12a765a5 539 if (key == NULL)
0f113f3e
MC		 540 return NULL;
541 *pp = q;
12a765a5 542 if (a != NULL) {
0f113f3e
MC		 543 RSA_free(*a);
544 *a = key;
545 }
546 return key;
547}
52664f50 548
9fdcc21f 549int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp)
0f113f3e
MC		 550{
551 EVP_PKEY *pktmp;
552 int ret;
553 if (!a)
554 return 0;
555 pktmp = EVP_PKEY_new();
90945fa3 556 if (pktmp == NULL) {
9311d0c4 557 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
157997f0 558 return -1;
0f113f3e 559 }
9fdcc21f 560 (void)EVP_PKEY_assign_RSA(pktmp, (RSA *)a);
0f113f3e 561 ret = i2d_PUBKEY(pktmp, pp);
9fdcc21f 562 pktmp->pkey.ptr = NULL;
0f113f3e
MC		 563 EVP_PKEY_free(pktmp);
564 return ret;
565}
52664f50 566
06f67612
RL		 567#ifndef OPENSSL_NO_DH
568DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length)
569{
570 EVP_PKEY *pkey;
571 DH *key = NULL;
572 const unsigned char *q;
573
574 q = *pp;
aff442dc 575 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
06f67612
RL		 576 if (pkey == NULL)
577 return NULL;
ed576acd 578 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DH)
06f67612
RL		 579 key = EVP_PKEY_get1_DH(pkey);
580 EVP_PKEY_free(pkey);
581 if (key == NULL)
582 return NULL;
583 *pp = q;
584 if (a != NULL) {
585 DH_free(*a);
586 *a = key;
587 }
588 return key;
589}
590
591int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp)
592{
593 EVP_PKEY *pktmp;
594 int ret;
595 if (!a)
596 return 0;
597 pktmp = EVP_PKEY_new();
598 if (pktmp == NULL) {
599 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
600 return -1;
601 }
602 (void)EVP_PKEY_assign_DH(pktmp, (DH *)a);
603 ret = i2d_PUBKEY(pktmp, pp);
604 pktmp->pkey.ptr = NULL;
605 EVP_PKEY_free(pktmp);
606 return ret;
607}
608
609DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length)
610{
611 EVP_PKEY *pkey;
612 DH *key = NULL;
613 const unsigned char *q;
614
615 q = *pp;
aff442dc 616 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
06f67612
RL		 617 if (pkey == NULL)
618 return NULL;
ed576acd 619 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DHX)
06f67612
RL		 620 key = EVP_PKEY_get1_DH(pkey);
621 EVP_PKEY_free(pkey);
622 if (key == NULL)
623 return NULL;
624 *pp = q;
625 if (a != NULL) {
626 DH_free(*a);
627 *a = key;
628 }
629 return key;
630}
631
632int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp)
633{
634 EVP_PKEY *pktmp;
635 int ret;
636 if (!a)
637 return 0;
638 pktmp = EVP_PKEY_new();
639 if (pktmp == NULL) {
640 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
641 return -1;
642 }
643 (void)EVP_PKEY_assign(pktmp, EVP_PKEY_DHX, (DH *)a);
644 ret = i2d_PUBKEY(pktmp, pp);
645 pktmp->pkey.ptr = NULL;
646 EVP_PKEY_free(pktmp);
647 return ret;
648}
649#endif
650
cf1b7d96 651#ifndef OPENSSL_NO_DSA
0f113f3e
MC		 652DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
653{
654 EVP_PKEY *pkey;
06f67612 655 DSA *key = NULL;
0f113f3e 656 const unsigned char *q;
12a765a5 657
0f113f3e 658 q = *pp;
aff442dc 659 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
12a765a5 660 if (pkey == NULL)
0f113f3e
MC		 661 return NULL;
662 key = EVP_PKEY_get1_DSA(pkey);
663 EVP_PKEY_free(pkey);
12a765a5 664 if (key == NULL)
0f113f3e
MC		 665 return NULL;
666 *pp = q;
12a765a5 667 if (a != NULL) {
0f113f3e
MC		 668 DSA_free(*a);
669 *a = key;
670 }
671 return key;
672}
52664f50 673
9fdcc21f 674int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp)
0f113f3e
MC		 675{
676 EVP_PKEY *pktmp;
677 int ret;
678 if (!a)
679 return 0;
680 pktmp = EVP_PKEY_new();
90945fa3 681 if (pktmp == NULL) {
9311d0c4 682 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
157997f0 683 return -1;
0f113f3e 684 }
9fdcc21f 685 (void)EVP_PKEY_assign_DSA(pktmp, (DSA *)a);
0f113f3e 686 ret = i2d_PUBKEY(pktmp, pp);
9fdcc21f 687 pktmp->pkey.ptr = NULL;
0f113f3e
MC		 688 EVP_PKEY_free(pktmp);
689 return ret;
690}
4d94ae00
BM		 691#endif
692
14a7cfb3 693#ifndef OPENSSL_NO_EC
6343829a 694EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
0f113f3e
MC		 695{
696 EVP_PKEY *pkey;
06f67612 697 EC_KEY *key = NULL;
0f113f3e 698 const unsigned char *q;
b4c4a2c6 699 int type;
12a765a5 700
0f113f3e 701 q = *pp;
aff442dc 702 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
12a765a5 703 if (pkey == NULL)
26a7d938 704 return NULL;
ed576acd 705 type = EVP_PKEY_get_id(pkey);
b4c4a2c6 706 if (type == EVP_PKEY_EC || type == EVP_PKEY_SM2)
06f67612 707 key = EVP_PKEY_get1_EC_KEY(pkey);
0f113f3e 708 EVP_PKEY_free(pkey);
12a765a5 709 if (key == NULL)
26a7d938 710 return NULL;
0f113f3e 711 *pp = q;
12a765a5 712 if (a != NULL) {
0f113f3e
MC		 713 EC_KEY_free(*a);
714 *a = key;
715 }
26a7d938 716 return key;
0f113f3e 717}
4d94ae00 718
9fdcc21f 719int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp)
0f113f3e
MC		 720{
721 EVP_PKEY *pktmp;
722 int ret;
12a765a5
RS		 723
724 if (a == NULL)
26a7d938 725 return 0;
0f113f3e 726 if ((pktmp = EVP_PKEY_new()) == NULL) {
9311d0c4 727 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
157997f0 728 return -1;
0f113f3e 729 }
9fdcc21f 730 (void)EVP_PKEY_assign_EC_KEY(pktmp, (EC_KEY *)a);
0f113f3e 731 ret = i2d_PUBKEY(pktmp, pp);
9fdcc21f 732 pktmp->pkey.ptr = NULL;
0f113f3e 733 EVP_PKEY_free(pktmp);
26a7d938 734 return ret;
0f113f3e 735}
06f67612
RL		 736
737ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a,
738 const unsigned char **pp, long length)
739{
740 EVP_PKEY *pkey;
741 ECX_KEY *key = NULL;
742 const unsigned char *q;
743
744 q = *pp;
aff442dc 745 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
06f67612
RL		 746 if (pkey == NULL)
747 return NULL;
748 key = ossl_evp_pkey_get1_ED25519(pkey);
749 EVP_PKEY_free(pkey);
750 if (key == NULL)
751 return NULL;
752 *pp = q;
753 if (a != NULL) {
754 ossl_ecx_key_free(*a);
755 *a = key;
756 }
757 return key;
758}
759
760int ossl_i2d_ED25519_PUBKEY(const ECX_KEY *a, unsigned char **pp)
761{
762 EVP_PKEY *pktmp;
763 int ret;
764
765 if (a == NULL)
766 return 0;
767 if ((pktmp = EVP_PKEY_new()) == NULL) {
768 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
769 return -1;
770 }
771 (void)EVP_PKEY_assign(pktmp, EVP_PKEY_ED25519, (ECX_KEY *)a);
772 ret = i2d_PUBKEY(pktmp, pp);
773 pktmp->pkey.ptr = NULL;
774 EVP_PKEY_free(pktmp);
775 return ret;
776}
777
778ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a,
779 const unsigned char **pp, long length)
780{
781 EVP_PKEY *pkey;
782 ECX_KEY *key = NULL;
783 const unsigned char *q;
784
785 q = *pp;
aff442dc 786 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
06f67612
RL		 787 if (pkey == NULL)
788 return NULL;
ed576acd 789 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448)
06f67612
RL		 790 key = ossl_evp_pkey_get1_ED448(pkey);
791 EVP_PKEY_free(pkey);
792 if (key == NULL)
793 return NULL;
794 *pp = q;
795 if (a != NULL) {
796 ossl_ecx_key_free(*a);
797 *a = key;
798 }
799 return key;
800}
801
802int ossl_i2d_ED448_PUBKEY(const ECX_KEY *a, unsigned char **pp)
803{
804 EVP_PKEY *pktmp;
805 int ret;
806
807 if (a == NULL)
808 return 0;
809 if ((pktmp = EVP_PKEY_new()) == NULL) {
810 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
811 return -1;
812 }
813 (void)EVP_PKEY_assign(pktmp, EVP_PKEY_ED448, (ECX_KEY *)a);
814 ret = i2d_PUBKEY(pktmp, pp);
815 pktmp->pkey.ptr = NULL;
816 EVP_PKEY_free(pktmp);
817 return ret;
818}
819
820ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a,
821 const unsigned char **pp, long length)
822{
823 EVP_PKEY *pkey;
824 ECX_KEY *key = NULL;
825 const unsigned char *q;
826
827 q = *pp;
aff442dc 828 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
06f67612
RL		 829 if (pkey == NULL)
830 return NULL;
ed576acd 831 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X25519)
06f67612
RL		 832 key = ossl_evp_pkey_get1_X25519(pkey);
833 EVP_PKEY_free(pkey);
834 if (key == NULL)
835 return NULL;
836 *pp = q;
837 if (a != NULL) {
838 ossl_ecx_key_free(*a);
839 *a = key;
840 }
841 return key;
842}
843
844int ossl_i2d_X25519_PUBKEY(const ECX_KEY *a, unsigned char **pp)
845{
846 EVP_PKEY *pktmp;
847 int ret;
848
849 if (a == NULL)
850 return 0;
851 if ((pktmp = EVP_PKEY_new()) == NULL) {
852 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
853 return -1;
854 }
855 (void)EVP_PKEY_assign(pktmp, EVP_PKEY_X25519, (ECX_KEY *)a);
856 ret = i2d_PUBKEY(pktmp, pp);
857 pktmp->pkey.ptr = NULL;
858 EVP_PKEY_free(pktmp);
859 return ret;
860}
861
862ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a,
863 const unsigned char **pp, long length)
864{
865 EVP_PKEY *pkey;
866 ECX_KEY *key = NULL;
867 const unsigned char *q;
868
869 q = *pp;
aff442dc 870 pkey = d2i_PUBKEY_legacy(NULL, &q, length);
06f67612
RL		 871 if (pkey == NULL)
872 return NULL;
ed576acd 873 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X448)
06f67612
RL		 874 key = ossl_evp_pkey_get1_X448(pkey);
875 EVP_PKEY_free(pkey);
876 if (key == NULL)
877 return NULL;
878 *pp = q;
879 if (a != NULL) {
880 ossl_ecx_key_free(*a);
881 *a = key;
882 }
883 return key;
884}
885
886int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp)
887{
888 EVP_PKEY *pktmp;
889 int ret;
890
891 if (a == NULL)
892 return 0;
893 if ((pktmp = EVP_PKEY_new()) == NULL) {
894 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
895 return -1;
896 }
897 (void)EVP_PKEY_assign(pktmp, EVP_PKEY_X448, (ECX_KEY *)a);
898 ret = i2d_PUBKEY(pktmp, pp);
899 pktmp->pkey.ptr = NULL;
900 EVP_PKEY_free(pktmp);
901 return ret;
902}
903
12aefe78 904#endif
448be743
DSH		 905
906int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
0f113f3e
MC		 907 int ptype, void *pval,
908 unsigned char *penc, int penclen)
909{
910 if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
911 return 0;
912 if (penc) {
b548a1f1 913 OPENSSL_free(pub->public_key->data);
0f113f3e
MC		 914 pub->public_key->data = penc;
915 pub->public_key->length = penclen;
916 /* Set number of unused bits to zero */
917 pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
918 pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
919 }
920 return 1;
921}
448be743
DSH		 922
923int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
0f113f3e 924 const unsigned char **pk, int *ppklen,
7674e923 925 X509_ALGOR **pa, const X509_PUBKEY *pub)
0f113f3e
MC		 926{
927 if (ppkalg)
928 *ppkalg = pub->algor->algorithm;
929 if (pk) {
930 *pk = pub->public_key->data;
931 *ppklen = pub->public_key->length;
932 }
933 if (pa)
934 *pa = pub->algor;
935 return 1;
936}
29fa0a1a
DSH		 937
938ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
939{
940 if (x == NULL)
941 return NULL;
942 return x->cert_info.key->public_key;
943}
93f99b68
DDO		 944
945/* Returns 1 for equal, 0, for non-equal, < 0 on error */
946int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b)
947{
948 X509_ALGOR *algA, *algB;
949 EVP_PKEY *pA, *pB;
950
951 if (a == b)
952 return 1;
953 if (a == NULL || b == NULL)
954 return 0;
955 if (!X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a) || algA == NULL
956 || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b) || algB == NULL)
957 return -2;
958 if (X509_ALGOR_cmp(algA, algB) != 0)
959 return 0;
960 if ((pA = X509_PUBKEY_get0(a)) == NULL
961 || (pB = X509_PUBKEY_get0(b)) == NULL)
962 return -2;
c74aaa39 963 return EVP_PKEY_eq(pA, pB);
93f99b68 964}
22b81444 965
4669015d
SL		 966int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
967 const X509_PUBKEY *key)
22b81444
RL		 968{
969 if (plibctx)
970 *plibctx = key->libctx;
971 if (ppropq)
972 *ppropq = key->propq;
973 return 1;
974}
A mirror of the official openssl repository