2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
17 #include "internal/cryptlib.h"
18 #include <openssl/asn1t.h>
19 #include <openssl/x509.h>
20 #include <openssl/engine.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
23 #include "crypto/x509.h"
24 #include <openssl/rsa.h>
25 #include <openssl/dsa.h>
26 #include <openssl/decoder.h>
27 #include <openssl/encoder.h>
28 #include "internal/provider.h"
29 #include "internal/sizes.h"
31 struct X509_pubkey_st
{
33 ASN1_BIT_STRING
*public_key
;
37 /* extra data for the callback, used by d2i_PUBKEY_ex */
41 /* Flag to force legacy keys */
42 unsigned int flag_force_legacy
: 1;
45 static int x509_pubkey_decode(EVP_PKEY
**pk
, const X509_PUBKEY
*key
);
47 static int x509_pubkey_set0_libctx(X509_PUBKEY
*x
, OSSL_LIB_CTX
*libctx
,
52 OPENSSL_free(x
->propq
);
55 x
->propq
= OPENSSL_strdup(propq
);
63 ASN1_SEQUENCE(X509_PUBKEY_INTERNAL
) = {
64 ASN1_SIMPLE(X509_PUBKEY
, algor
, X509_ALGOR
),
65 ASN1_SIMPLE(X509_PUBKEY
, public_key
, ASN1_BIT_STRING
)
66 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY
, X509_PUBKEY_INTERNAL
)
68 X509_PUBKEY
*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp
,
69 long len
, OSSL_LIB_CTX
*libctx
,
72 X509_PUBKEY
*xpub
= OPENSSL_zalloc(sizeof(*xpub
));
76 return (X509_PUBKEY
*)ASN1_item_d2i_ex((ASN1_VALUE
**)&xpub
, pp
, len
,
77 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
),
81 void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY
*xpub
)
83 ASN1_item_free((ASN1_VALUE
*)xpub
, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
));
86 static void x509_pubkey_ex_free(ASN1_VALUE
**pval
, const ASN1_ITEM
*it
)
90 if (pval
!= NULL
&& (pubkey
= (X509_PUBKEY
*)*pval
) != NULL
) {
91 X509_ALGOR_free(pubkey
->algor
);
92 ASN1_BIT_STRING_free(pubkey
->public_key
);
93 EVP_PKEY_free(pubkey
->pkey
);
94 OPENSSL_free(pubkey
->propq
);
100 static int x509_pubkey_ex_populate(ASN1_VALUE
**pval
, const ASN1_ITEM
*it
)
102 X509_PUBKEY
*pubkey
= (X509_PUBKEY
*)*pval
;
104 return (pubkey
->algor
!= NULL
105 || (pubkey
->algor
= X509_ALGOR_new()) != NULL
)
106 && (pubkey
->public_key
!= NULL
107 || (pubkey
->public_key
= ASN1_BIT_STRING_new()) != NULL
);
111 static int x509_pubkey_ex_new_ex(ASN1_VALUE
**pval
, const ASN1_ITEM
*it
,
112 OSSL_LIB_CTX
*libctx
, const char *propq
)
116 if ((ret
= OPENSSL_zalloc(sizeof(*ret
))) == NULL
)
118 if (!x509_pubkey_ex_populate((ASN1_VALUE
**)&ret
, NULL
)
119 || !x509_pubkey_set0_libctx(ret
, libctx
, propq
)) {
120 x509_pubkey_ex_free((ASN1_VALUE
**)&ret
, NULL
);
122 ERR_raise(ERR_LIB_ASN1
, ERR_R_X509_LIB
);
124 *pval
= (ASN1_VALUE
*)ret
;
130 static int x509_pubkey_ex_d2i_ex(ASN1_VALUE
**pval
,
131 const unsigned char **in
, long len
,
132 const ASN1_ITEM
*it
, int tag
, int aclass
,
133 char opt
, ASN1_TLC
*ctx
, OSSL_LIB_CTX
*libctx
,
136 const unsigned char *in_saved
= *in
;
140 OSSL_DECODER_CTX
*dctx
= NULL
;
141 unsigned char *tmpbuf
= NULL
;
143 if (*pval
== NULL
&& !x509_pubkey_ex_new_ex(pval
, it
, libctx
, propq
))
145 if (!x509_pubkey_ex_populate(pval
, NULL
)) {
146 ERR_raise(ERR_LIB_ASN1
, ERR_R_X509_LIB
);
150 /* This ensures that |*in| advances properly no matter what */
151 if ((ret
= ASN1_item_ex_d2i(pval
, in
, len
,
152 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
),
153 tag
, aclass
, opt
, ctx
)) <= 0)
156 publen
= *in
- in_saved
;
157 if (!ossl_assert(publen
> 0)) {
158 ERR_raise(ERR_LIB_ASN1
, ERR_R_INTERNAL_ERROR
);
162 pubkey
= (X509_PUBKEY
*)*pval
;
163 EVP_PKEY_free(pubkey
->pkey
);
167 * Opportunistically decode the key but remove any non fatal errors
168 * from the queue. Subsequent explicit attempts to decode/use the key
169 * will return an appropriate error.
174 * Try to decode with legacy method first. This ensures that engines
175 * aren't overridden by providers.
177 if ((ret
= x509_pubkey_decode(&pubkey
->pkey
, pubkey
)) == -1) {
178 /* -1 indicates a fatal error, like malloc failure */
179 ERR_clear_last_mark();
183 /* Try to decode it into an EVP_PKEY with OSSL_DECODER */
184 if (ret
<= 0 && !pubkey
->flag_force_legacy
) {
185 const unsigned char *p
;
186 char txtoidname
[OSSL_MAX_NAME_SIZE
];
187 size_t slen
= publen
;
190 * The decoders don't know how to handle anything other than Universal
191 * class so we modify the data accordingly.
193 if (aclass
!= V_ASN1_UNIVERSAL
) {
194 tmpbuf
= OPENSSL_memdup(in_saved
, publen
);
198 *tmpbuf
= V_ASN1_CONSTRUCTED
| V_ASN1_SEQUENCE
;
202 if (OBJ_obj2txt(txtoidname
, sizeof(txtoidname
),
203 pubkey
->algor
->algorithm
, 0) <= 0) {
204 ERR_clear_last_mark();
208 OSSL_DECODER_CTX_new_for_pkey(&pubkey
->pkey
,
209 "DER", "SubjectPublicKeyInfo",
210 txtoidname
, EVP_PKEY_PUBLIC_KEY
,
212 pubkey
->propq
)) != NULL
)
214 * As said higher up, we're being opportunistic. In other words,
215 * we don't care if we fail.
217 if (OSSL_DECODER_from_data(dctx
, &p
, &slen
)) {
220 * If we successfully decoded then we *must* consume all the
223 ERR_clear_last_mark();
224 ERR_raise(ERR_LIB_ASN1
, EVP_R_DECODE_ERROR
);
233 OSSL_DECODER_CTX_free(dctx
);
234 OPENSSL_free(tmpbuf
);
238 static int x509_pubkey_ex_i2d(const ASN1_VALUE
**pval
, unsigned char **out
,
239 const ASN1_ITEM
*it
, int tag
, int aclass
)
241 return ASN1_item_ex_i2d(pval
, out
, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
),
245 static int x509_pubkey_ex_print(BIO
*out
, const ASN1_VALUE
**pval
, int indent
,
246 const char *fname
, const ASN1_PCTX
*pctx
)
248 return ASN1_item_print(out
, *pval
, indent
,
249 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
), pctx
);
252 static const ASN1_EXTERN_FUNCS x509_pubkey_ff
= {
256 0, /* Default clear behaviour is OK */
259 x509_pubkey_ex_print
,
260 x509_pubkey_ex_new_ex
,
261 x509_pubkey_ex_d2i_ex
,
264 IMPLEMENT_EXTERN_ASN1(X509_PUBKEY
, V_ASN1_SEQUENCE
, x509_pubkey_ff
)
265 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY
)
267 X509_PUBKEY
*X509_PUBKEY_new_ex(OSSL_LIB_CTX
*libctx
, const char *propq
)
269 X509_PUBKEY
*pubkey
= NULL
;
271 pubkey
= (X509_PUBKEY
*)ASN1_item_new_ex(X509_PUBKEY_it(), libctx
, propq
);
272 if (!x509_pubkey_set0_libctx(pubkey
, libctx
, propq
)) {
273 X509_PUBKEY_free(pubkey
);
280 * X509_PUBKEY_dup() must be implemented manually, because there is no
281 * support for it in ASN1_EXTERN_FUNCS.
283 X509_PUBKEY
*X509_PUBKEY_dup(const X509_PUBKEY
*a
)
285 X509_PUBKEY
*pubkey
= OPENSSL_zalloc(sizeof(*pubkey
));
289 if (!x509_pubkey_set0_libctx(pubkey
, a
->libctx
, a
->propq
)) {
290 ERR_raise(ERR_LIB_X509
, ERR_R_X509_LIB
);
291 x509_pubkey_ex_free((ASN1_VALUE
**)&pubkey
,
292 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
));
295 if ((pubkey
->algor
= X509_ALGOR_dup(a
->algor
)) == NULL
296 || (pubkey
->public_key
= ASN1_BIT_STRING_new()) == NULL
297 || !ASN1_BIT_STRING_set(pubkey
->public_key
,
299 a
->public_key
->length
)) {
300 x509_pubkey_ex_free((ASN1_VALUE
**)&pubkey
,
301 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
));
302 ERR_raise(ERR_LIB_X509
, ERR_R_ASN1_LIB
);
306 if (a
->pkey
!= NULL
) {
308 pubkey
->pkey
= EVP_PKEY_dup(a
->pkey
);
309 if (pubkey
->pkey
== NULL
) {
310 pubkey
->flag_force_legacy
= 1;
311 if (x509_pubkey_decode(&pubkey
->pkey
, pubkey
) <= 0) {
312 x509_pubkey_ex_free((ASN1_VALUE
**)&pubkey
,
313 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
));
314 ERR_clear_last_mark();
323 int X509_PUBKEY_set(X509_PUBKEY
**x
, EVP_PKEY
*pkey
)
325 X509_PUBKEY
*pk
= NULL
;
327 if (x
== NULL
|| pkey
== NULL
) {
328 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
332 if (pkey
->ameth
!= NULL
) {
333 if ((pk
= X509_PUBKEY_new()) == NULL
) {
334 ERR_raise(ERR_LIB_X509
, ERR_R_ASN1_LIB
);
337 if (pkey
->ameth
->pub_encode
!= NULL
) {
338 if (!pkey
->ameth
->pub_encode(pk
, pkey
)) {
339 ERR_raise(ERR_LIB_X509
, X509_R_PUBLIC_KEY_ENCODE_ERROR
);
343 ERR_raise(ERR_LIB_X509
, X509_R_METHOD_NOT_SUPPORTED
);
346 } else if (evp_pkey_is_provided(pkey
)) {
347 unsigned char *der
= NULL
;
349 OSSL_ENCODER_CTX
*ectx
=
350 OSSL_ENCODER_CTX_new_for_pkey(pkey
, EVP_PKEY_PUBLIC_KEY
,
351 "DER", "SubjectPublicKeyInfo",
354 if (OSSL_ENCODER_to_data(ectx
, &der
, &derlen
)) {
355 const unsigned char *pder
= der
;
357 pk
= d2i_X509_PUBKEY(NULL
, &pder
, (long)derlen
);
360 OSSL_ENCODER_CTX_free(ectx
);
365 ERR_raise(ERR_LIB_X509
, X509_R_UNSUPPORTED_ALGORITHM
);
369 X509_PUBKEY_free(*x
);
370 if (!EVP_PKEY_up_ref(pkey
)) {
371 ERR_raise(ERR_LIB_X509
, ERR_R_INTERNAL_ERROR
);
377 * pk->pkey is NULL when using the legacy routine, but is non-NULL when
378 * going through the encoder, and for all intents and purposes, it's
379 * a perfect copy of the public key portions of |pkey|, just not the same
380 * instance. If that's all there was to pkey then we could simply return
381 * early, right here. However, some application might very well depend on
382 * the passed |pkey| being used and none other, so we spend a few more
383 * cycles throwing away the newly created |pk->pkey| and replace it with
386 if (pk
->pkey
!= NULL
)
387 EVP_PKEY_free(pk
->pkey
);
393 X509_PUBKEY_free(pk
);
398 * Attempt to decode a public key.
399 * Returns 1 on success, 0 for a decode failure and -1 for a fatal
400 * error e.g. malloc failure.
402 * This function is #legacy.
404 static int x509_pubkey_decode(EVP_PKEY
**ppkey
, const X509_PUBKEY
*key
)
409 nid
= OBJ_obj2nid(key
->algor
->algorithm
);
410 if (!key
->flag_force_legacy
) {
411 #ifndef OPENSSL_NO_ENGINE
414 e
= ENGINE_get_pkey_meth_engine(nid
);
423 pkey
= EVP_PKEY_new();
425 ERR_raise(ERR_LIB_X509
, ERR_R_EVP_LIB
);
429 if (!EVP_PKEY_set_type(pkey
, nid
)) {
430 ERR_raise(ERR_LIB_X509
, X509_R_UNSUPPORTED_ALGORITHM
);
434 if (pkey
->ameth
->pub_decode
) {
436 * Treat any failure of pub_decode as a decode error. In
437 * future we could have different return codes for decode
438 * errors and fatal errors such as malloc failure.
440 if (!pkey
->ameth
->pub_decode(pkey
, key
))
443 ERR_raise(ERR_LIB_X509
, X509_R_METHOD_NOT_SUPPORTED
);
455 EVP_PKEY
*X509_PUBKEY_get0(const X509_PUBKEY
*key
)
458 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
462 if (key
->pkey
== NULL
) {
463 /* We failed to decode the key when we loaded it, or it was never set */
464 ERR_raise(ERR_LIB_EVP
, EVP_R_DECODE_ERROR
);
471 EVP_PKEY
*X509_PUBKEY_get(const X509_PUBKEY
*key
)
473 EVP_PKEY
*ret
= X509_PUBKEY_get0(key
);
475 if (ret
!= NULL
&& !EVP_PKEY_up_ref(ret
)) {
476 ERR_raise(ERR_LIB_X509
, ERR_R_INTERNAL_ERROR
);
483 * Now three pseudo ASN1 routines that take an EVP_PKEY structure and encode
484 * or decode as X509_PUBKEY
486 static EVP_PKEY
*d2i_PUBKEY_int(EVP_PKEY
**a
,
487 const unsigned char **pp
, long length
,
488 OSSL_LIB_CTX
*libctx
, const char *propq
,
489 unsigned int force_legacy
,
491 (*d2i_x509_pubkey
)(X509_PUBKEY
**a
,
492 const unsigned char **in
,
495 X509_PUBKEY
*xpk
, *xpk2
= NULL
, **pxpk
= NULL
;
496 EVP_PKEY
*pktmp
= NULL
;
497 const unsigned char *q
;
502 * If libctx or propq are non-NULL, we take advantage of the reuse
503 * feature. It's not generally recommended, but is safe enough for
504 * newly created structures.
506 if (libctx
!= NULL
|| propq
!= NULL
|| force_legacy
) {
507 xpk2
= OPENSSL_zalloc(sizeof(*xpk2
));
510 if (!x509_pubkey_set0_libctx(xpk2
, libctx
, propq
))
512 xpk2
->flag_force_legacy
= !!force_legacy
;
515 xpk
= d2i_x509_pubkey(pxpk
, &q
, length
);
518 pktmp
= X509_PUBKEY_get(xpk
);
519 X509_PUBKEY_free(xpk
);
520 xpk2
= NULL
; /* We know that xpk == xpk2 */
529 X509_PUBKEY_free(xpk2
);
533 /* For the algorithm specific d2i functions further down */
534 EVP_PKEY
*ossl_d2i_PUBKEY_legacy(EVP_PKEY
**a
, const unsigned char **pp
,
537 return d2i_PUBKEY_int(a
, pp
, length
, NULL
, NULL
, 1, d2i_X509_PUBKEY
);
540 EVP_PKEY
*d2i_PUBKEY_ex(EVP_PKEY
**a
, const unsigned char **pp
, long length
,
541 OSSL_LIB_CTX
*libctx
, const char *propq
)
543 return d2i_PUBKEY_int(a
, pp
, length
, libctx
, propq
, 0, d2i_X509_PUBKEY
);
546 EVP_PKEY
*d2i_PUBKEY(EVP_PKEY
**a
, const unsigned char **pp
, long length
)
548 return d2i_PUBKEY_ex(a
, pp
, length
, NULL
, NULL
);
551 int i2d_PUBKEY(const EVP_PKEY
*a
, unsigned char **pp
)
557 if (a
->ameth
!= NULL
) {
558 X509_PUBKEY
*xpk
= NULL
;
560 if ((xpk
= X509_PUBKEY_new()) == NULL
)
563 /* pub_encode() only encode parameters, not the key itself */
564 if (a
->ameth
->pub_encode
!= NULL
&& a
->ameth
->pub_encode(xpk
, a
)) {
565 xpk
->pkey
= (EVP_PKEY
*)a
;
566 ret
= i2d_X509_PUBKEY(xpk
, pp
);
569 X509_PUBKEY_free(xpk
);
570 } else if (a
->keymgmt
!= NULL
) {
571 OSSL_ENCODER_CTX
*ctx
=
572 OSSL_ENCODER_CTX_new_for_pkey(a
, EVP_PKEY_PUBLIC_KEY
,
573 "DER", "SubjectPublicKeyInfo",
575 BIO
*out
= BIO_new(BIO_s_mem());
578 if (OSSL_ENCODER_CTX_get_num_encoders(ctx
) != 0
580 && OSSL_ENCODER_to_bio(ctx
, out
)
581 && BIO_get_mem_ptr(out
, &buf
) > 0) {
586 *pp
= (unsigned char *)buf
->data
;
590 memcpy(*pp
, buf
->data
, ret
);
596 OSSL_ENCODER_CTX_free(ctx
);
603 * The following are equivalents but which return RSA and DSA keys
605 RSA
*d2i_RSA_PUBKEY(RSA
**a
, const unsigned char **pp
, long length
)
609 const unsigned char *q
;
612 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
615 key
= EVP_PKEY_get1_RSA(pkey
);
627 int i2d_RSA_PUBKEY(const RSA
*a
, unsigned char **pp
)
633 pktmp
= EVP_PKEY_new();
635 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
638 (void)EVP_PKEY_assign_RSA(pktmp
, (RSA
*)a
);
639 ret
= i2d_PUBKEY(pktmp
, pp
);
640 pktmp
->pkey
.ptr
= NULL
;
641 EVP_PKEY_free(pktmp
);
645 #ifndef OPENSSL_NO_DH
646 DH
*ossl_d2i_DH_PUBKEY(DH
**a
, const unsigned char **pp
, long length
)
650 const unsigned char *q
;
653 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
656 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_DH
)
657 key
= EVP_PKEY_get1_DH(pkey
);
669 int ossl_i2d_DH_PUBKEY(const DH
*a
, unsigned char **pp
)
675 pktmp
= EVP_PKEY_new();
677 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
680 (void)EVP_PKEY_assign_DH(pktmp
, (DH
*)a
);
681 ret
= i2d_PUBKEY(pktmp
, pp
);
682 pktmp
->pkey
.ptr
= NULL
;
683 EVP_PKEY_free(pktmp
);
687 DH
*ossl_d2i_DHx_PUBKEY(DH
**a
, const unsigned char **pp
, long length
)
691 const unsigned char *q
;
694 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
697 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_DHX
)
698 key
= EVP_PKEY_get1_DH(pkey
);
710 int ossl_i2d_DHx_PUBKEY(const DH
*a
, unsigned char **pp
)
716 pktmp
= EVP_PKEY_new();
718 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
721 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_DHX
, (DH
*)a
);
722 ret
= i2d_PUBKEY(pktmp
, pp
);
723 pktmp
->pkey
.ptr
= NULL
;
724 EVP_PKEY_free(pktmp
);
729 #ifndef OPENSSL_NO_DSA
730 DSA
*d2i_DSA_PUBKEY(DSA
**a
, const unsigned char **pp
, long length
)
734 const unsigned char *q
;
737 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
740 key
= EVP_PKEY_get1_DSA(pkey
);
752 /* Called from decoders; disallows provided DSA keys without parameters. */
753 DSA
*ossl_d2i_DSA_PUBKEY(DSA
**a
, const unsigned char **pp
, long length
)
756 const unsigned char *data
;
757 const BIGNUM
*p
, *q
, *g
;
760 key
= d2i_DSA_PUBKEY(NULL
, &data
, length
);
763 DSA_get0_pqg(key
, &p
, &q
, &g
);
764 if (p
== NULL
|| q
== NULL
|| g
== NULL
) {
776 int i2d_DSA_PUBKEY(const DSA
*a
, unsigned char **pp
)
782 pktmp
= EVP_PKEY_new();
784 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
787 (void)EVP_PKEY_assign_DSA(pktmp
, (DSA
*)a
);
788 ret
= i2d_PUBKEY(pktmp
, pp
);
789 pktmp
->pkey
.ptr
= NULL
;
790 EVP_PKEY_free(pktmp
);
795 #ifndef OPENSSL_NO_EC
796 EC_KEY
*d2i_EC_PUBKEY(EC_KEY
**a
, const unsigned char **pp
, long length
)
800 const unsigned char *q
;
804 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
807 type
= EVP_PKEY_get_id(pkey
);
808 if (type
== EVP_PKEY_EC
|| type
== EVP_PKEY_SM2
)
809 key
= EVP_PKEY_get1_EC_KEY(pkey
);
821 int i2d_EC_PUBKEY(const EC_KEY
*a
, unsigned char **pp
)
828 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
829 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
832 (void)EVP_PKEY_assign_EC_KEY(pktmp
, (EC_KEY
*)a
);
833 ret
= i2d_PUBKEY(pktmp
, pp
);
834 pktmp
->pkey
.ptr
= NULL
;
835 EVP_PKEY_free(pktmp
);
839 # ifndef OPENSSL_NO_ECX
840 ECX_KEY
*ossl_d2i_ED25519_PUBKEY(ECX_KEY
**a
,
841 const unsigned char **pp
, long length
)
845 const unsigned char *q
;
848 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
851 key
= ossl_evp_pkey_get1_ED25519(pkey
);
857 ossl_ecx_key_free(*a
);
863 int ossl_i2d_ED25519_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
870 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
871 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
874 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_ED25519
, (ECX_KEY
*)a
);
875 ret
= i2d_PUBKEY(pktmp
, pp
);
876 pktmp
->pkey
.ptr
= NULL
;
877 EVP_PKEY_free(pktmp
);
881 ECX_KEY
*ossl_d2i_ED448_PUBKEY(ECX_KEY
**a
,
882 const unsigned char **pp
, long length
)
886 const unsigned char *q
;
889 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
892 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_ED448
)
893 key
= ossl_evp_pkey_get1_ED448(pkey
);
899 ossl_ecx_key_free(*a
);
905 int ossl_i2d_ED448_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
912 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
913 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
916 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_ED448
, (ECX_KEY
*)a
);
917 ret
= i2d_PUBKEY(pktmp
, pp
);
918 pktmp
->pkey
.ptr
= NULL
;
919 EVP_PKEY_free(pktmp
);
923 ECX_KEY
*ossl_d2i_X25519_PUBKEY(ECX_KEY
**a
,
924 const unsigned char **pp
, long length
)
928 const unsigned char *q
;
931 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
934 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_X25519
)
935 key
= ossl_evp_pkey_get1_X25519(pkey
);
941 ossl_ecx_key_free(*a
);
947 int ossl_i2d_X25519_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
954 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
955 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
958 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_X25519
, (ECX_KEY
*)a
);
959 ret
= i2d_PUBKEY(pktmp
, pp
);
960 pktmp
->pkey
.ptr
= NULL
;
961 EVP_PKEY_free(pktmp
);
965 ECX_KEY
*ossl_d2i_X448_PUBKEY(ECX_KEY
**a
,
966 const unsigned char **pp
, long length
)
970 const unsigned char *q
;
973 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
976 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_X448
)
977 key
= ossl_evp_pkey_get1_X448(pkey
);
983 ossl_ecx_key_free(*a
);
989 int ossl_i2d_X448_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
996 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
997 ERR_raise(ERR_LIB_ASN1
, ERR_R_EVP_LIB
);
1000 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_X448
, (ECX_KEY
*)a
);
1001 ret
= i2d_PUBKEY(pktmp
, pp
);
1002 pktmp
->pkey
.ptr
= NULL
;
1003 EVP_PKEY_free(pktmp
);
1007 # endif /* OPENSSL_NO_ECX */
1010 void X509_PUBKEY_set0_public_key(X509_PUBKEY
*pub
,
1011 unsigned char *penc
, int penclen
)
1013 ASN1_STRING_set0(pub
->public_key
, penc
, penclen
);
1014 ossl_asn1_string_set_bits_left(pub
->public_key
, 0);
1017 int X509_PUBKEY_set0_param(X509_PUBKEY
*pub
, ASN1_OBJECT
*aobj
,
1018 int ptype
, void *pval
,
1019 unsigned char *penc
, int penclen
)
1021 if (!X509_ALGOR_set0(pub
->algor
, aobj
, ptype
, pval
))
1024 X509_PUBKEY_set0_public_key(pub
, penc
, penclen
);
1028 int X509_PUBKEY_get0_param(ASN1_OBJECT
**ppkalg
,
1029 const unsigned char **pk
, int *ppklen
,
1030 X509_ALGOR
**pa
, const X509_PUBKEY
*pub
)
1033 *ppkalg
= pub
->algor
->algorithm
;
1035 *pk
= pub
->public_key
->data
;
1036 *ppklen
= pub
->public_key
->length
;
1043 ASN1_BIT_STRING
*X509_get0_pubkey_bitstr(const X509
*x
)
1047 return x
->cert_info
.key
->public_key
;
1050 /* Returns 1 for equal, 0, for non-equal, < 0 on error */
1051 int X509_PUBKEY_eq(const X509_PUBKEY
*a
, const X509_PUBKEY
*b
)
1053 X509_ALGOR
*algA
, *algB
;
1058 if (a
== NULL
|| b
== NULL
)
1060 if (!X509_PUBKEY_get0_param(NULL
, NULL
, NULL
, &algA
, a
) || algA
== NULL
1061 || !X509_PUBKEY_get0_param(NULL
, NULL
, NULL
, &algB
, b
) || algB
== NULL
)
1063 if (X509_ALGOR_cmp(algA
, algB
) != 0)
1065 if ((pA
= X509_PUBKEY_get0(a
)) == NULL
1066 || (pB
= X509_PUBKEY_get0(b
)) == NULL
)
1068 return EVP_PKEY_eq(pA
, pB
);
1071 int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX
**plibctx
, const char **ppropq
,
1072 const X509_PUBKEY
*key
)
1075 *plibctx
= key
->libctx
;
1077 *ppropq
= key
->propq
;