2 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include "internal/cryptlib.h"
13 #include <openssl/x509.h>
14 #include <openssl/rand.h>
15 #include <openssl/encoder.h>
16 #include <openssl/decoder.h>
17 #include "internal/provider.h"
18 #include "crypto/asn1.h"
19 #include "crypto/evp.h"
20 #include "crypto/x509.h"
22 /* Extract a private key from a PKCS8 structure */
24 EVP_PKEY
*evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO
*p8
, OSSL_LIB_CTX
*libctx
,
27 EVP_PKEY
*pkey
= NULL
;
28 const ASN1_OBJECT
*algoid
;
31 if (!PKCS8_pkey_get0(&algoid
, NULL
, NULL
, NULL
, p8
))
34 if ((pkey
= EVP_PKEY_new()) == NULL
) {
35 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
39 if (!EVP_PKEY_set_type(pkey
, OBJ_obj2nid(algoid
))) {
40 i2t_ASN1_OBJECT(obj_tmp
, 80, algoid
);
41 ERR_raise_data(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM
,
46 if (pkey
->ameth
->priv_decode_ex
!= NULL
) {
47 if (!pkey
->ameth
->priv_decode_ex(pkey
, p8
, libctx
, propq
))
49 } else if (pkey
->ameth
->priv_decode
!= NULL
) {
50 if (!pkey
->ameth
->priv_decode(pkey
, p8
)) {
51 ERR_raise(ERR_LIB_EVP
, EVP_R_PRIVATE_KEY_DECODE_ERROR
);
55 ERR_raise(ERR_LIB_EVP
, EVP_R_METHOD_NOT_SUPPORTED
);
66 EVP_PKEY
*EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO
*p8
, OSSL_LIB_CTX
*libctx
,
69 EVP_PKEY
*pkey
= NULL
;
70 const unsigned char *p8_data
= NULL
;
71 unsigned char *encoded_data
= NULL
;
74 OSSL_DECODER_CTX
*dctx
= NULL
;
76 if ((encoded_len
= i2d_PKCS8_PRIV_KEY_INFO(p8
, &encoded_data
)) <= 0
77 || encoded_data
== NULL
)
80 p8_data
= encoded_data
;
82 dctx
= OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", "pkcs8", EVP_PKEY_NONE
,
85 || !OSSL_DECODER_from_data(dctx
, &p8_data
, &len
))
87 pkey
= evp_pkcs82pkey_legacy(p8
, libctx
, propq
);
89 OPENSSL_clear_free(encoded_data
, encoded_len
);
90 OSSL_DECODER_CTX_free(dctx
);
94 EVP_PKEY
*EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO
*p8
)
96 return EVP_PKCS82PKEY_ex(p8
, NULL
, NULL
);
99 /* Turn a private key into a PKCS8 structure */
101 PKCS8_PRIV_KEY_INFO
*EVP_PKEY2PKCS8(const EVP_PKEY
*pkey
)
103 PKCS8_PRIV_KEY_INFO
*p8
= NULL
;
104 OSSL_ENCODER_CTX
*ctx
= NULL
;
107 * The implementation for provider-native keys is to encode the
108 * key to a DER encoded PKCS#8 structure, then convert it to a
109 * PKCS8_PRIV_KEY_INFO with good old d2i functions.
111 if (evp_pkey_is_provided(pkey
)) {
112 int selection
= OSSL_KEYMGMT_SELECT_ALL
;
113 unsigned char *der
= NULL
;
115 const unsigned char *pp
;
117 if ((ctx
= OSSL_ENCODER_CTX_new_for_pkey(pkey
, selection
,
120 || !OSSL_ENCODER_to_data(ctx
, &der
, &derlen
))
124 p8
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &pp
, (long)derlen
);
129 p8
= PKCS8_PRIV_KEY_INFO_new();
131 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
135 if (pkey
->ameth
!= NULL
) {
136 if (pkey
->ameth
->priv_encode
!= NULL
) {
137 if (!pkey
->ameth
->priv_encode(p8
, pkey
)) {
138 ERR_raise(ERR_LIB_EVP
, EVP_R_PRIVATE_KEY_ENCODE_ERROR
);
142 ERR_raise(ERR_LIB_EVP
, EVP_R_METHOD_NOT_SUPPORTED
);
146 ERR_raise(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM
);
152 PKCS8_PRIV_KEY_INFO_free(p8
);
155 OSSL_ENCODER_CTX_free(ctx
);
160 /* EVP_PKEY attribute functions */
162 int EVP_PKEY_get_attr_count(const EVP_PKEY
*key
)
164 return X509at_get_attr_count(key
->attributes
);
167 int EVP_PKEY_get_attr_by_NID(const EVP_PKEY
*key
, int nid
, int lastpos
)
169 return X509at_get_attr_by_NID(key
->attributes
, nid
, lastpos
);
172 int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY
*key
, const ASN1_OBJECT
*obj
,
175 return X509at_get_attr_by_OBJ(key
->attributes
, obj
, lastpos
);
178 X509_ATTRIBUTE
*EVP_PKEY_get_attr(const EVP_PKEY
*key
, int loc
)
180 return X509at_get_attr(key
->attributes
, loc
);
183 X509_ATTRIBUTE
*EVP_PKEY_delete_attr(EVP_PKEY
*key
, int loc
)
185 return X509at_delete_attr(key
->attributes
, loc
);
188 int EVP_PKEY_add1_attr(EVP_PKEY
*key
, X509_ATTRIBUTE
*attr
)
190 if (X509at_add1_attr(&key
->attributes
, attr
))
195 int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY
*key
,
196 const ASN1_OBJECT
*obj
, int type
,
197 const unsigned char *bytes
, int len
)
199 if (X509at_add1_attr_by_OBJ(&key
->attributes
, obj
, type
, bytes
, len
))
204 int EVP_PKEY_add1_attr_by_NID(EVP_PKEY
*key
,
206 const unsigned char *bytes
, int len
)
208 if (X509at_add1_attr_by_NID(&key
->attributes
, nid
, type
, bytes
, len
))
213 int EVP_PKEY_add1_attr_by_txt(EVP_PKEY
*key
,
214 const char *attrname
, int type
,
215 const unsigned char *bytes
, int len
)
217 if (X509at_add1_attr_by_txt(&key
->attributes
, attrname
, type
, bytes
, len
))
222 const char *EVP_PKEY_get0_type_name(const EVP_PKEY
*key
)
224 const EVP_PKEY_ASN1_METHOD
*ameth
;
225 const char *name
= NULL
;
227 if (key
->keymgmt
!= NULL
)
228 return EVP_KEYMGMT_name(key
->keymgmt
);
230 /* Otherwise fallback to legacy */
231 ameth
= EVP_PKEY_get0_asn1(key
);
233 EVP_PKEY_asn1_get0_info(NULL
, NULL
,
234 NULL
, NULL
, &name
, ameth
);