]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/p_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add support for parameterized SipHash
[thirdparty/openssl.git] / crypto / evp / p_lib.c
1 /*
2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/bn.h>
13 #include <openssl/err.h>
14 #include <openssl/objects.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509.h>
17 #include <openssl/rsa.h>
18 #include <openssl/dsa.h>
19 #include <openssl/dh.h>
20 #include <openssl/engine.h>
21
22 #include "internal/asn1_int.h"
23 #include "internal/evp_int.h"
24
25 static void EVP_PKEY_free_it(EVP_PKEY *x);
26
27 int EVP_PKEY_bits(const EVP_PKEY *pkey)
28 {
29 if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
30 return pkey->ameth->pkey_bits(pkey);
31 return 0;
32 }
33
34 int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
35 {
36 if (pkey == NULL)
37 return 0;
38 if (!pkey->ameth || !pkey->ameth->pkey_security_bits)
39 return -2;
40 return pkey->ameth->pkey_security_bits(pkey);
41 }
42
43 int EVP_PKEY_size(EVP_PKEY *pkey)
44 {
45 if (pkey && pkey->ameth && pkey->ameth->pkey_size)
46 return pkey->ameth->pkey_size(pkey);
47 return 0;
48 }
49
50 int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
51 {
52 #ifndef OPENSSL_NO_DSA
53 if (pkey->type == EVP_PKEY_DSA) {
54 int ret = pkey->save_parameters;
55
56 if (mode >= 0)
57 pkey->save_parameters = mode;
58 return (ret);
59 }
60 #endif
61 #ifndef OPENSSL_NO_EC
62 if (pkey->type == EVP_PKEY_EC) {
63 int ret = pkey->save_parameters;
64
65 if (mode >= 0)
66 pkey->save_parameters = mode;
67 return (ret);
68 }
69 #endif
70 return (0);
71 }
72
73 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
74 {
75 if (to->type == EVP_PKEY_NONE) {
76 if (EVP_PKEY_set_type(to, from->type) == 0)
77 return 0;
78 } else if (to->type != from->type) {
79 EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
80 goto err;
81 }
82
83 if (EVP_PKEY_missing_parameters(from)) {
84 EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
85 goto err;
86 }
87
88 if (!EVP_PKEY_missing_parameters(to)) {
89 if (EVP_PKEY_cmp_parameters(to, from) == 1)
90 return 1;
91 EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
92 return 0;
93 }
94
95 if (from->ameth && from->ameth->param_copy)
96 return from->ameth->param_copy(to, from);
97 err:
98 return 0;
99 }
100
101 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
102 {
103 if (pkey->ameth && pkey->ameth->param_missing)
104 return pkey->ameth->param_missing(pkey);
105 return 0;
106 }
107
108 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
109 {
110 if (a->type != b->type)
111 return -1;
112 if (a->ameth && a->ameth->param_cmp)
113 return a->ameth->param_cmp(a, b);
114 return -2;
115 }
116
117 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
118 {
119 if (a->type != b->type)
120 return -1;
121
122 if (a->ameth) {
123 int ret;
124 /* Compare parameters if the algorithm has them */
125 if (a->ameth->param_cmp) {
126 ret = a->ameth->param_cmp(a, b);
127 if (ret <= 0)
128 return ret;
129 }
130
131 if (a->ameth->pub_cmp)
132 return a->ameth->pub_cmp(a, b);
133 }
134
135 return -2;
136 }
137
138 EVP_PKEY *EVP_PKEY_new(void)
139 {
140 EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret));
141
142 if (ret == NULL) {
143 EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
144 return NULL;
145 }
146 ret->type = EVP_PKEY_NONE;
147 ret->save_type = EVP_PKEY_NONE;
148 ret->references = 1;
149 ret->save_parameters = 1;
150 ret->lock = CRYPTO_THREAD_lock_new();
151 if (ret->lock == NULL) {
152 EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
153 OPENSSL_free(ret);
154 return NULL;
155 }
156 return ret;
157 }
158
159 int EVP_PKEY_up_ref(EVP_PKEY *pkey)
160 {
161 int i;
162
163 if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0)
164 return 0;
165
166 REF_PRINT_COUNT("EVP_PKEY", pkey);
167 REF_ASSERT_ISNT(i < 2);
168 return ((i > 1) ? 1 : 0);
169 }
170
171 /*
172 * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey
173 * is NULL just return 1 or 0 if the algorithm exists.
174 */
175
176 static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
177 {
178 const EVP_PKEY_ASN1_METHOD *ameth;
179 ENGINE *e = NULL;
180 if (pkey) {
181 if (pkey->pkey.ptr)
182 EVP_PKEY_free_it(pkey);
183 /*
184 * If key type matches and a method exists then this lookup has
185 * succeeded once so just indicate success.
186 */
187 if ((type == pkey->save_type) && pkey->ameth)
188 return 1;
189 #ifndef OPENSSL_NO_ENGINE
190 /* If we have an ENGINE release it */
191 ENGINE_finish(pkey->engine);
192 pkey->engine = NULL;
193 #endif
194 }
195 if (str)
196 ameth = EVP_PKEY_asn1_find_str(&e, str, len);
197 else
198 ameth = EVP_PKEY_asn1_find(&e, type);
199 #ifndef OPENSSL_NO_ENGINE
200 if (pkey == NULL)
201 ENGINE_finish(e);
202 #endif
203 if (ameth == NULL) {
204 EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
205 return 0;
206 }
207 if (pkey) {
208 pkey->ameth = ameth;
209 pkey->engine = e;
210
211 pkey->type = pkey->ameth->pkey_id;
212 pkey->save_type = type;
213 }
214 return 1;
215 }
216
217 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
218 {
219 return pkey_set_type(pkey, type, NULL, -1);
220 }
221
222 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
223 {
224 return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
225 }
226
227 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
228 {
229 if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
230 return 0;
231 pkey->pkey.ptr = key;
232 return (key != NULL);
233 }
234
235 void *EVP_PKEY_get0(const EVP_PKEY *pkey)
236 {
237 return pkey->pkey.ptr;
238 }
239
240 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
241 {
242 ASN1_OCTET_STRING *os = NULL;
243 if (pkey->type != EVP_PKEY_HMAC) {
244 EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
245 return NULL;
246 }
247 os = EVP_PKEY_get0(pkey);
248 *len = os->length;
249 return os->data;
250 }
251
252 #ifndef OPENSSL_NO_POLY1305
253 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
254 {
255 ASN1_OCTET_STRING *os = NULL;
256 if (pkey->type != EVP_PKEY_POLY1305) {
257 EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY);
258 return NULL;
259 }
260 os = EVP_PKEY_get0(pkey);
261 *len = os->length;
262 return os->data;
263 }
264 #endif
265
266 #ifndef OPENSSL_NO_SIPHASH
267 const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
268 {
269 ASN1_OCTET_STRING *os = NULL;
270
271 if (pkey->type != EVP_PKEY_SIPHASH) {
272 EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY);
273 return NULL;
274 }
275 os = EVP_PKEY_get0(pkey);
276 *len = os->length;
277 return os->data;
278 }
279 #endif
280
281 #ifndef OPENSSL_NO_RSA
282 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
283 {
284 int ret = EVP_PKEY_assign_RSA(pkey, key);
285 if (ret)
286 RSA_up_ref(key);
287 return ret;
288 }
289
290 RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
291 {
292 if (pkey->type != EVP_PKEY_RSA) {
293 EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
294 return NULL;
295 }
296 return pkey->pkey.rsa;
297 }
298
299 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
300 {
301 RSA *ret = EVP_PKEY_get0_RSA(pkey);
302 if (ret != NULL)
303 RSA_up_ref(ret);
304 return ret;
305 }
306 #endif
307
308 #ifndef OPENSSL_NO_DSA
309 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
310 {
311 int ret = EVP_PKEY_assign_DSA(pkey, key);
312 if (ret)
313 DSA_up_ref(key);
314 return ret;
315 }
316
317 DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
318 {
319 if (pkey->type != EVP_PKEY_DSA) {
320 EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY);
321 return NULL;
322 }
323 return pkey->pkey.dsa;
324 }
325
326 DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
327 {
328 DSA *ret = EVP_PKEY_get0_DSA(pkey);
329 if (ret != NULL)
330 DSA_up_ref(ret);
331 return ret;
332 }
333 #endif
334
335 #ifndef OPENSSL_NO_EC
336
337 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
338 {
339 int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
340 if (ret)
341 EC_KEY_up_ref(key);
342 return ret;
343 }
344
345 EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
346 {
347 if (pkey->type != EVP_PKEY_EC) {
348 EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
349 return NULL;
350 }
351 return pkey->pkey.ec;
352 }
353
354 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
355 {
356 EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
357 if (ret != NULL)
358 EC_KEY_up_ref(ret);
359 return ret;
360 }
361 #endif
362
363 #ifndef OPENSSL_NO_DH
364
365 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
366 {
367 int ret = EVP_PKEY_assign_DH(pkey, key);
368 if (ret)
369 DH_up_ref(key);
370 return ret;
371 }
372
373 DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey)
374 {
375 if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
376 EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY);
377 return NULL;
378 }
379 return pkey->pkey.dh;
380 }
381
382 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
383 {
384 DH *ret = EVP_PKEY_get0_DH(pkey);
385 if (ret != NULL)
386 DH_up_ref(ret);
387 return ret;
388 }
389 #endif
390
391 int EVP_PKEY_type(int type)
392 {
393 int ret;
394 const EVP_PKEY_ASN1_METHOD *ameth;
395 ENGINE *e;
396 ameth = EVP_PKEY_asn1_find(&e, type);
397 if (ameth)
398 ret = ameth->pkey_id;
399 else
400 ret = NID_undef;
401 #ifndef OPENSSL_NO_ENGINE
402 ENGINE_finish(e);
403 #endif
404 return ret;
405 }
406
407 int EVP_PKEY_id(const EVP_PKEY *pkey)
408 {
409 return pkey->type;
410 }
411
412 int EVP_PKEY_base_id(const EVP_PKEY *pkey)
413 {
414 return EVP_PKEY_type(pkey->type);
415 }
416
417 void EVP_PKEY_free(EVP_PKEY *x)
418 {
419 int i;
420
421 if (x == NULL)
422 return;
423
424 CRYPTO_DOWN_REF(&x->references, &i, x->lock);
425 REF_PRINT_COUNT("EVP_PKEY", x);
426 if (i > 0)
427 return;
428 REF_ASSERT_ISNT(i < 0);
429 EVP_PKEY_free_it(x);
430 CRYPTO_THREAD_lock_free(x->lock);
431 sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
432 OPENSSL_free(x);
433 }
434
435 static void EVP_PKEY_free_it(EVP_PKEY *x)
436 {
437 /* internal function; x is never NULL */
438 if (x->ameth && x->ameth->pkey_free) {
439 x->ameth->pkey_free(x);
440 x->pkey.ptr = NULL;
441 }
442 #ifndef OPENSSL_NO_ENGINE
443 ENGINE_finish(x->engine);
444 x->engine = NULL;
445 #endif
446 }
447
448 static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
449 const char *kstr)
450 {
451 BIO_indent(out, indent, 128);
452 BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
453 kstr, OBJ_nid2ln(pkey->type));
454 return 1;
455 }
456
457 int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
458 int indent, ASN1_PCTX *pctx)
459 {
460 if (pkey->ameth && pkey->ameth->pub_print)
461 return pkey->ameth->pub_print(out, pkey, indent, pctx);
462
463 return unsup_alg(out, pkey, indent, "Public Key");
464 }
465
466 int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
467 int indent, ASN1_PCTX *pctx)
468 {
469 if (pkey->ameth && pkey->ameth->priv_print)
470 return pkey->ameth->priv_print(out, pkey, indent, pctx);
471
472 return unsup_alg(out, pkey, indent, "Private Key");
473 }
474
475 int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
476 int indent, ASN1_PCTX *pctx)
477 {
478 if (pkey->ameth && pkey->ameth->param_print)
479 return pkey->ameth->param_print(out, pkey, indent, pctx);
480 return unsup_alg(out, pkey, indent, "Parameters");
481 }
482
483 static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
484 {
485 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
486 return -2;
487 return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2);
488 }
489
490 int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
491 {
492 return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
493 }
494
495 int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
496 const unsigned char *pt, size_t ptlen)
497 {
498 if (ptlen > INT_MAX)
499 return 0;
500 if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen,
501 (void *)pt) <= 0)
502 return 0;
503 return 1;
504 }
505
506 size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt)
507 {
508 int rv;
509 rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt);
510 if (rv <= 0)
511 return 0;
512 return rv;
513 }
A mirror of the official openssl repository