2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
17 #include "internal/cryptlib.h"
18 #include <openssl/asn1t.h>
19 #include <openssl/x509.h>
20 #include <openssl/engine.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
23 #include "crypto/x509.h"
24 #include <openssl/rsa.h>
25 #include <openssl/dsa.h>
26 #include <openssl/decoder.h>
27 #include <openssl/encoder.h>
28 #include "internal/provider.h"
29 #include "internal/sizes.h"
31 struct X509_pubkey_st
{
33 ASN1_BIT_STRING
*public_key
;
37 /* extra data for the callback, used by d2i_PUBKEY_ex */
41 /* Flag to force legacy keys */
42 unsigned int flag_force_legacy
: 1;
45 static int x509_pubkey_decode(EVP_PKEY
**pk
, const X509_PUBKEY
*key
);
47 static int x509_pubkey_set0_libctx(X509_PUBKEY
*x
, OSSL_LIB_CTX
*libctx
,
52 OPENSSL_free(x
->propq
);
55 x
->propq
= OPENSSL_strdup(propq
);
63 ASN1_SEQUENCE(X509_PUBKEY_INTERNAL
) = {
64 ASN1_SIMPLE(X509_PUBKEY
, algor
, X509_ALGOR
),
65 ASN1_SIMPLE(X509_PUBKEY
, public_key
, ASN1_BIT_STRING
)
66 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY
, X509_PUBKEY_INTERNAL
)
68 X509_PUBKEY
*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp
,
69 long len
, OSSL_LIB_CTX
*libctx
)
71 X509_PUBKEY
*xpub
= OPENSSL_zalloc(sizeof(*xpub
));
75 return (X509_PUBKEY
*)ASN1_item_d2i_ex((ASN1_VALUE
**)&xpub
, pp
, len
,
76 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
),
80 void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY
*xpub
)
82 ASN1_item_free((ASN1_VALUE
*)xpub
, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
));
85 static void x509_pubkey_ex_free(ASN1_VALUE
**pval
, const ASN1_ITEM
*it
)
89 if (pval
!= NULL
&& (pubkey
= (X509_PUBKEY
*)*pval
) != NULL
) {
90 X509_ALGOR_free(pubkey
->algor
);
91 ASN1_BIT_STRING_free(pubkey
->public_key
);
92 EVP_PKEY_free(pubkey
->pkey
);
93 OPENSSL_free(pubkey
->propq
);
99 static int x509_pubkey_ex_populate(ASN1_VALUE
**pval
, const ASN1_ITEM
*it
)
101 X509_PUBKEY
*pubkey
= (X509_PUBKEY
*)*pval
;
103 return (pubkey
->algor
!= NULL
104 || (pubkey
->algor
= X509_ALGOR_new()) != NULL
)
105 && (pubkey
->public_key
!= NULL
106 || (pubkey
->public_key
= ASN1_BIT_STRING_new()) != NULL
);
110 static int x509_pubkey_ex_new_ex(ASN1_VALUE
**pval
, const ASN1_ITEM
*it
,
111 OSSL_LIB_CTX
*libctx
, const char *propq
)
115 if ((ret
= OPENSSL_zalloc(sizeof(*ret
))) == NULL
116 || !x509_pubkey_ex_populate((ASN1_VALUE
**)&ret
, NULL
)
117 || !x509_pubkey_set0_libctx(ret
, libctx
, propq
)) {
118 x509_pubkey_ex_free((ASN1_VALUE
**)&ret
, NULL
);
120 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
122 *pval
= (ASN1_VALUE
*)ret
;
128 static int x509_pubkey_ex_d2i_ex(ASN1_VALUE
**pval
,
129 const unsigned char **in
, long len
,
130 const ASN1_ITEM
*it
, int tag
, int aclass
,
131 char opt
, ASN1_TLC
*ctx
, OSSL_LIB_CTX
*libctx
,
134 const unsigned char *in_saved
= *in
;
138 OSSL_DECODER_CTX
*dctx
= NULL
;
139 unsigned char *tmpbuf
= NULL
;
141 if (*pval
== NULL
&& !x509_pubkey_ex_new_ex(pval
, it
, libctx
, propq
))
143 if (!x509_pubkey_ex_populate(pval
, NULL
)) {
144 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
148 /* This ensures that |*in| advances properly no matter what */
149 if ((ret
= ASN1_item_ex_d2i(pval
, in
, len
,
150 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
),
151 tag
, aclass
, opt
, ctx
)) <= 0)
154 publen
= *in
- in_saved
;
155 if (!ossl_assert(publen
> 0)) {
156 ERR_raise(ERR_LIB_ASN1
, ERR_R_INTERNAL_ERROR
);
160 pubkey
= (X509_PUBKEY
*)*pval
;
161 EVP_PKEY_free(pubkey
->pkey
);
165 * Opportunistically decode the key but remove any non fatal errors
166 * from the queue. Subsequent explicit attempts to decode/use the key
167 * will return an appropriate error.
172 * Try to decode with legacy method first. This ensures that engines
173 * aren't overridden by providers.
175 if ((ret
= x509_pubkey_decode(&pubkey
->pkey
, pubkey
)) == -1) {
176 /* -1 indicates a fatal error, like malloc failure */
177 ERR_clear_last_mark();
181 /* Try to decode it into an EVP_PKEY with OSSL_DECODER */
182 if (ret
<= 0 && !pubkey
->flag_force_legacy
) {
183 const unsigned char *p
;
184 char txtoidname
[OSSL_MAX_NAME_SIZE
];
185 size_t slen
= publen
;
188 * The decoders don't know how to handle anything other than Universal
189 * class so we modify the data accordingly.
191 if (aclass
!= V_ASN1_UNIVERSAL
) {
192 tmpbuf
= OPENSSL_memdup(in_saved
, publen
);
193 if (tmpbuf
== NULL
) {
194 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
198 *tmpbuf
= V_ASN1_CONSTRUCTED
| V_ASN1_SEQUENCE
;
202 if (OBJ_obj2txt(txtoidname
, sizeof(txtoidname
),
203 pubkey
->algor
->algorithm
, 0) <= 0) {
204 ERR_clear_last_mark();
208 OSSL_DECODER_CTX_new_for_pkey(&pubkey
->pkey
,
209 "DER", "SubjectPublicKeyInfo",
210 txtoidname
, EVP_PKEY_PUBLIC_KEY
,
212 pubkey
->propq
)) != NULL
)
214 * As said higher up, we're being opportunistic. In other words,
215 * we don't care if we fail.
217 if (OSSL_DECODER_from_data(dctx
, &p
, &slen
)) {
220 * If we successfully decoded then we *must* consume all the
223 ERR_clear_last_mark();
224 ERR_raise(ERR_LIB_ASN1
, EVP_R_DECODE_ERROR
);
233 OSSL_DECODER_CTX_free(dctx
);
234 OPENSSL_free(tmpbuf
);
238 static int x509_pubkey_ex_i2d(const ASN1_VALUE
**pval
, unsigned char **out
,
239 const ASN1_ITEM
*it
, int tag
, int aclass
)
241 return ASN1_item_ex_i2d(pval
, out
, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
),
245 static int x509_pubkey_ex_print(BIO
*out
, const ASN1_VALUE
**pval
, int indent
,
246 const char *fname
, const ASN1_PCTX
*pctx
)
248 return ASN1_item_print(out
, *pval
, indent
,
249 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
), pctx
);
252 static const ASN1_EXTERN_FUNCS x509_pubkey_ff
= {
256 0, /* Default clear behaviour is OK */
259 x509_pubkey_ex_print
,
260 x509_pubkey_ex_new_ex
,
261 x509_pubkey_ex_d2i_ex
,
264 IMPLEMENT_EXTERN_ASN1(X509_PUBKEY
, V_ASN1_SEQUENCE
, x509_pubkey_ff
)
265 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY
)
267 X509_PUBKEY
*X509_PUBKEY_new_ex(OSSL_LIB_CTX
*libctx
, const char *propq
)
269 X509_PUBKEY
*pubkey
= NULL
;
271 pubkey
= (X509_PUBKEY
*)ASN1_item_new_ex(X509_PUBKEY_it(), libctx
, propq
);
272 if (!x509_pubkey_set0_libctx(pubkey
, libctx
, propq
)) {
273 X509_PUBKEY_free(pubkey
);
280 * X509_PUBKEY_dup() must be implemented manually, because there is no
281 * support for it in ASN1_EXTERN_FUNCS.
283 X509_PUBKEY
*X509_PUBKEY_dup(const X509_PUBKEY
*a
)
285 X509_PUBKEY
*pubkey
= OPENSSL_zalloc(sizeof(*pubkey
));
288 || !x509_pubkey_set0_libctx(pubkey
, a
->libctx
, a
->propq
)
289 || (pubkey
->algor
= X509_ALGOR_dup(a
->algor
)) == NULL
290 || (pubkey
->public_key
= ASN1_BIT_STRING_new()) == NULL
291 || !ASN1_BIT_STRING_set(pubkey
->public_key
,
293 a
->public_key
->length
)) {
294 x509_pubkey_ex_free((ASN1_VALUE
**)&pubkey
,
295 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
));
296 ERR_raise(ERR_LIB_X509
, ERR_R_MALLOC_FAILURE
);
300 if (a
->pkey
!= NULL
) {
302 pubkey
->pkey
= EVP_PKEY_dup(a
->pkey
);
303 if (pubkey
->pkey
== NULL
) {
304 pubkey
->flag_force_legacy
= 1;
305 if (x509_pubkey_decode(&pubkey
->pkey
, pubkey
) <= 0) {
306 x509_pubkey_ex_free((ASN1_VALUE
**)&pubkey
,
307 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL
));
308 ERR_clear_last_mark();
317 int X509_PUBKEY_set(X509_PUBKEY
**x
, EVP_PKEY
*pkey
)
319 X509_PUBKEY
*pk
= NULL
;
321 if (x
== NULL
|| pkey
== NULL
) {
322 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
326 if (pkey
->ameth
!= NULL
) {
327 if ((pk
= X509_PUBKEY_new()) == NULL
) {
328 ERR_raise(ERR_LIB_X509
, ERR_R_MALLOC_FAILURE
);
331 if (pkey
->ameth
->pub_encode
!= NULL
) {
332 if (!pkey
->ameth
->pub_encode(pk
, pkey
)) {
333 ERR_raise(ERR_LIB_X509
, X509_R_PUBLIC_KEY_ENCODE_ERROR
);
337 ERR_raise(ERR_LIB_X509
, X509_R_METHOD_NOT_SUPPORTED
);
340 } else if (evp_pkey_is_provided(pkey
)) {
341 unsigned char *der
= NULL
;
343 OSSL_ENCODER_CTX
*ectx
=
344 OSSL_ENCODER_CTX_new_for_pkey(pkey
, EVP_PKEY_PUBLIC_KEY
,
345 "DER", "SubjectPublicKeyInfo",
348 if (OSSL_ENCODER_to_data(ectx
, &der
, &derlen
)) {
349 const unsigned char *pder
= der
;
351 pk
= d2i_X509_PUBKEY(NULL
, &pder
, (long)derlen
);
354 OSSL_ENCODER_CTX_free(ectx
);
359 ERR_raise(ERR_LIB_X509
, X509_R_UNSUPPORTED_ALGORITHM
);
363 X509_PUBKEY_free(*x
);
364 if (!EVP_PKEY_up_ref(pkey
)) {
365 ERR_raise(ERR_LIB_X509
, ERR_R_INTERNAL_ERROR
);
371 * pk->pkey is NULL when using the legacy routine, but is non-NULL when
372 * going through the encoder, and for all intents and purposes, it's
373 * a perfect copy of the public key portions of |pkey|, just not the same
374 * instance. If that's all there was to pkey then we could simply return
375 * early, right here. However, some application might very well depend on
376 * the passed |pkey| being used and none other, so we spend a few more
377 * cycles throwing away the newly created |pk->pkey| and replace it with
380 if (pk
->pkey
!= NULL
)
381 EVP_PKEY_free(pk
->pkey
);
387 X509_PUBKEY_free(pk
);
392 * Attempt to decode a public key.
393 * Returns 1 on success, 0 for a decode failure and -1 for a fatal
394 * error e.g. malloc failure.
396 * This function is #legacy.
398 static int x509_pubkey_decode(EVP_PKEY
**ppkey
, const X509_PUBKEY
*key
)
403 nid
= OBJ_obj2nid(key
->algor
->algorithm
);
404 if (!key
->flag_force_legacy
) {
405 #ifndef OPENSSL_NO_ENGINE
408 e
= ENGINE_get_pkey_meth_engine(nid
);
417 pkey
= EVP_PKEY_new();
419 ERR_raise(ERR_LIB_X509
, ERR_R_MALLOC_FAILURE
);
423 if (!EVP_PKEY_set_type(pkey
, nid
)) {
424 ERR_raise(ERR_LIB_X509
, X509_R_UNSUPPORTED_ALGORITHM
);
428 if (pkey
->ameth
->pub_decode
) {
430 * Treat any failure of pub_decode as a decode error. In
431 * future we could have different return codes for decode
432 * errors and fatal errors such as malloc failure.
434 if (!pkey
->ameth
->pub_decode(pkey
, key
))
437 ERR_raise(ERR_LIB_X509
, X509_R_METHOD_NOT_SUPPORTED
);
449 EVP_PKEY
*X509_PUBKEY_get0(const X509_PUBKEY
*key
)
452 ERR_raise(ERR_LIB_X509
, ERR_R_PASSED_NULL_PARAMETER
);
456 if (key
->pkey
== NULL
) {
457 /* We failed to decode the key when we loaded it, or it was never set */
458 ERR_raise(ERR_LIB_EVP
, EVP_R_DECODE_ERROR
);
465 EVP_PKEY
*X509_PUBKEY_get(const X509_PUBKEY
*key
)
467 EVP_PKEY
*ret
= X509_PUBKEY_get0(key
);
469 if (ret
!= NULL
&& !EVP_PKEY_up_ref(ret
)) {
470 ERR_raise(ERR_LIB_X509
, ERR_R_INTERNAL_ERROR
);
477 * Now three pseudo ASN1 routines that take an EVP_PKEY structure and encode
478 * or decode as X509_PUBKEY
480 static EVP_PKEY
*d2i_PUBKEY_int(EVP_PKEY
**a
,
481 const unsigned char **pp
, long length
,
482 OSSL_LIB_CTX
*libctx
, const char *propq
,
483 unsigned int force_legacy
,
485 (*d2i_x509_pubkey
)(X509_PUBKEY
**a
,
486 const unsigned char **in
,
489 X509_PUBKEY
*xpk
, *xpk2
= NULL
, **pxpk
= NULL
;
490 EVP_PKEY
*pktmp
= NULL
;
491 const unsigned char *q
;
496 * If libctx or propq are non-NULL, we take advantage of the reuse
497 * feature. It's not generally recommended, but is safe enough for
498 * newly created structures.
500 if (libctx
!= NULL
|| propq
!= NULL
|| force_legacy
) {
501 xpk2
= OPENSSL_zalloc(sizeof(*xpk2
));
503 ERR_raise(ERR_LIB_X509
, ERR_R_MALLOC_FAILURE
);
506 if (!x509_pubkey_set0_libctx(xpk2
, libctx
, propq
))
508 xpk2
->flag_force_legacy
= !!force_legacy
;
511 xpk
= d2i_x509_pubkey(pxpk
, &q
, length
);
514 pktmp
= X509_PUBKEY_get(xpk
);
515 X509_PUBKEY_free(xpk
);
516 xpk2
= NULL
; /* We know that xpk == xpk2 */
525 X509_PUBKEY_free(xpk2
);
529 /* For the algorithm specific d2i functions further down */
530 EVP_PKEY
*ossl_d2i_PUBKEY_legacy(EVP_PKEY
**a
, const unsigned char **pp
,
533 return d2i_PUBKEY_int(a
, pp
, length
, NULL
, NULL
, 1, d2i_X509_PUBKEY
);
536 EVP_PKEY
*d2i_PUBKEY_ex(EVP_PKEY
**a
, const unsigned char **pp
, long length
,
537 OSSL_LIB_CTX
*libctx
, const char *propq
)
539 return d2i_PUBKEY_int(a
, pp
, length
, libctx
, propq
, 0, d2i_X509_PUBKEY
);
542 EVP_PKEY
*d2i_PUBKEY(EVP_PKEY
**a
, const unsigned char **pp
, long length
)
544 return d2i_PUBKEY_ex(a
, pp
, length
, NULL
, NULL
);
547 int i2d_PUBKEY(const EVP_PKEY
*a
, unsigned char **pp
)
553 if (a
->ameth
!= NULL
) {
554 X509_PUBKEY
*xpk
= NULL
;
556 if ((xpk
= X509_PUBKEY_new()) == NULL
)
559 /* pub_encode() only encode parameters, not the key itself */
560 if (a
->ameth
->pub_encode
!= NULL
&& a
->ameth
->pub_encode(xpk
, a
)) {
561 xpk
->pkey
= (EVP_PKEY
*)a
;
562 ret
= i2d_X509_PUBKEY(xpk
, pp
);
565 X509_PUBKEY_free(xpk
);
566 } else if (a
->keymgmt
!= NULL
) {
567 OSSL_ENCODER_CTX
*ctx
=
568 OSSL_ENCODER_CTX_new_for_pkey(a
, EVP_PKEY_PUBLIC_KEY
,
569 "DER", "SubjectPublicKeyInfo",
571 BIO
*out
= BIO_new(BIO_s_mem());
574 if (OSSL_ENCODER_CTX_get_num_encoders(ctx
) != 0
576 && OSSL_ENCODER_to_bio(ctx
, out
)
577 && BIO_get_mem_ptr(out
, &buf
) > 0) {
582 *pp
= (unsigned char *)buf
->data
;
586 memcpy(*pp
, buf
->data
, ret
);
592 OSSL_ENCODER_CTX_free(ctx
);
599 * The following are equivalents but which return RSA and DSA keys
601 RSA
*d2i_RSA_PUBKEY(RSA
**a
, const unsigned char **pp
, long length
)
605 const unsigned char *q
;
608 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
611 key
= EVP_PKEY_get1_RSA(pkey
);
623 int i2d_RSA_PUBKEY(const RSA
*a
, unsigned char **pp
)
629 pktmp
= EVP_PKEY_new();
631 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
634 (void)EVP_PKEY_assign_RSA(pktmp
, (RSA
*)a
);
635 ret
= i2d_PUBKEY(pktmp
, pp
);
636 pktmp
->pkey
.ptr
= NULL
;
637 EVP_PKEY_free(pktmp
);
641 #ifndef OPENSSL_NO_DH
642 DH
*ossl_d2i_DH_PUBKEY(DH
**a
, const unsigned char **pp
, long length
)
646 const unsigned char *q
;
649 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
652 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_DH
)
653 key
= EVP_PKEY_get1_DH(pkey
);
665 int ossl_i2d_DH_PUBKEY(const DH
*a
, unsigned char **pp
)
671 pktmp
= EVP_PKEY_new();
673 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
676 (void)EVP_PKEY_assign_DH(pktmp
, (DH
*)a
);
677 ret
= i2d_PUBKEY(pktmp
, pp
);
678 pktmp
->pkey
.ptr
= NULL
;
679 EVP_PKEY_free(pktmp
);
683 DH
*ossl_d2i_DHx_PUBKEY(DH
**a
, const unsigned char **pp
, long length
)
687 const unsigned char *q
;
690 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
693 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_DHX
)
694 key
= EVP_PKEY_get1_DH(pkey
);
706 int ossl_i2d_DHx_PUBKEY(const DH
*a
, unsigned char **pp
)
712 pktmp
= EVP_PKEY_new();
714 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
717 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_DHX
, (DH
*)a
);
718 ret
= i2d_PUBKEY(pktmp
, pp
);
719 pktmp
->pkey
.ptr
= NULL
;
720 EVP_PKEY_free(pktmp
);
725 #ifndef OPENSSL_NO_DSA
726 DSA
*d2i_DSA_PUBKEY(DSA
**a
, const unsigned char **pp
, long length
)
730 const unsigned char *q
;
733 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
736 key
= EVP_PKEY_get1_DSA(pkey
);
748 int i2d_DSA_PUBKEY(const DSA
*a
, unsigned char **pp
)
754 pktmp
= EVP_PKEY_new();
756 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
759 (void)EVP_PKEY_assign_DSA(pktmp
, (DSA
*)a
);
760 ret
= i2d_PUBKEY(pktmp
, pp
);
761 pktmp
->pkey
.ptr
= NULL
;
762 EVP_PKEY_free(pktmp
);
767 #ifndef OPENSSL_NO_EC
768 EC_KEY
*d2i_EC_PUBKEY(EC_KEY
**a
, const unsigned char **pp
, long length
)
772 const unsigned char *q
;
776 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
779 type
= EVP_PKEY_get_id(pkey
);
780 if (type
== EVP_PKEY_EC
|| type
== EVP_PKEY_SM2
)
781 key
= EVP_PKEY_get1_EC_KEY(pkey
);
793 int i2d_EC_PUBKEY(const EC_KEY
*a
, unsigned char **pp
)
800 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
801 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
804 (void)EVP_PKEY_assign_EC_KEY(pktmp
, (EC_KEY
*)a
);
805 ret
= i2d_PUBKEY(pktmp
, pp
);
806 pktmp
->pkey
.ptr
= NULL
;
807 EVP_PKEY_free(pktmp
);
811 ECX_KEY
*ossl_d2i_ED25519_PUBKEY(ECX_KEY
**a
,
812 const unsigned char **pp
, long length
)
816 const unsigned char *q
;
819 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
822 key
= ossl_evp_pkey_get1_ED25519(pkey
);
828 ossl_ecx_key_free(*a
);
834 int ossl_i2d_ED25519_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
841 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
842 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
845 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_ED25519
, (ECX_KEY
*)a
);
846 ret
= i2d_PUBKEY(pktmp
, pp
);
847 pktmp
->pkey
.ptr
= NULL
;
848 EVP_PKEY_free(pktmp
);
852 ECX_KEY
*ossl_d2i_ED448_PUBKEY(ECX_KEY
**a
,
853 const unsigned char **pp
, long length
)
857 const unsigned char *q
;
860 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
863 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_ED448
)
864 key
= ossl_evp_pkey_get1_ED448(pkey
);
870 ossl_ecx_key_free(*a
);
876 int ossl_i2d_ED448_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
883 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
884 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
887 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_ED448
, (ECX_KEY
*)a
);
888 ret
= i2d_PUBKEY(pktmp
, pp
);
889 pktmp
->pkey
.ptr
= NULL
;
890 EVP_PKEY_free(pktmp
);
894 ECX_KEY
*ossl_d2i_X25519_PUBKEY(ECX_KEY
**a
,
895 const unsigned char **pp
, long length
)
899 const unsigned char *q
;
902 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
905 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_X25519
)
906 key
= ossl_evp_pkey_get1_X25519(pkey
);
912 ossl_ecx_key_free(*a
);
918 int ossl_i2d_X25519_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
925 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
926 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
929 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_X25519
, (ECX_KEY
*)a
);
930 ret
= i2d_PUBKEY(pktmp
, pp
);
931 pktmp
->pkey
.ptr
= NULL
;
932 EVP_PKEY_free(pktmp
);
936 ECX_KEY
*ossl_d2i_X448_PUBKEY(ECX_KEY
**a
,
937 const unsigned char **pp
, long length
)
941 const unsigned char *q
;
944 pkey
= ossl_d2i_PUBKEY_legacy(NULL
, &q
, length
);
947 if (EVP_PKEY_get_id(pkey
) == EVP_PKEY_X448
)
948 key
= ossl_evp_pkey_get1_X448(pkey
);
954 ossl_ecx_key_free(*a
);
960 int ossl_i2d_X448_PUBKEY(const ECX_KEY
*a
, unsigned char **pp
)
967 if ((pktmp
= EVP_PKEY_new()) == NULL
) {
968 ERR_raise(ERR_LIB_ASN1
, ERR_R_MALLOC_FAILURE
);
971 (void)EVP_PKEY_assign(pktmp
, EVP_PKEY_X448
, (ECX_KEY
*)a
);
972 ret
= i2d_PUBKEY(pktmp
, pp
);
973 pktmp
->pkey
.ptr
= NULL
;
974 EVP_PKEY_free(pktmp
);
980 void X509_PUBKEY_set0_public_key(X509_PUBKEY
*pub
,
981 unsigned char *penc
, int penclen
)
983 ASN1_STRING_set0(pub
->public_key
, penc
, penclen
);
984 /* Set number of unused bits to zero */
985 pub
->public_key
->flags
&= ~(ASN1_STRING_FLAG_BITS_LEFT
| 0x07);
986 pub
->public_key
->flags
|= ASN1_STRING_FLAG_BITS_LEFT
;
989 int X509_PUBKEY_set0_param(X509_PUBKEY
*pub
, ASN1_OBJECT
*aobj
,
990 int ptype
, void *pval
,
991 unsigned char *penc
, int penclen
)
993 if (!X509_ALGOR_set0(pub
->algor
, aobj
, ptype
, pval
))
996 X509_PUBKEY_set0_public_key(pub
, penc
, penclen
);
1000 int X509_PUBKEY_get0_param(ASN1_OBJECT
**ppkalg
,
1001 const unsigned char **pk
, int *ppklen
,
1002 X509_ALGOR
**pa
, const X509_PUBKEY
*pub
)
1005 *ppkalg
= pub
->algor
->algorithm
;
1007 *pk
= pub
->public_key
->data
;
1008 *ppklen
= pub
->public_key
->length
;
1015 ASN1_BIT_STRING
*X509_get0_pubkey_bitstr(const X509
*x
)
1019 return x
->cert_info
.key
->public_key
;
1022 /* Returns 1 for equal, 0, for non-equal, < 0 on error */
1023 int X509_PUBKEY_eq(const X509_PUBKEY
*a
, const X509_PUBKEY
*b
)
1025 X509_ALGOR
*algA
, *algB
;
1030 if (a
== NULL
|| b
== NULL
)
1032 if (!X509_PUBKEY_get0_param(NULL
, NULL
, NULL
, &algA
, a
) || algA
== NULL
1033 || !X509_PUBKEY_get0_param(NULL
, NULL
, NULL
, &algB
, b
) || algB
== NULL
)
1035 if (X509_ALGOR_cmp(algA
, algB
) != 0)
1037 if ((pA
= X509_PUBKEY_get0(a
)) == NULL
1038 || (pB
= X509_PUBKEY_get0(b
)) == NULL
)
1040 return EVP_PKEY_eq(pA
, pB
);
1043 int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX
**plibctx
, const char **ppropq
,
1044 const X509_PUBKEY
*key
)
1047 *plibctx
= key
->libctx
;
1049 *ppropq
= key
->propq
;