1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/evp.h>
58
59 #include <assert.h>
60 #include <string.h>
61
62 #include <openssl/dsa.h>
63 #include <openssl/ec.h>
64 #include <openssl/err.h>
65 #include <openssl/mem.h>
66 #include <openssl/nid.h>
67 #include <openssl/rsa.h>
68 #include <openssl/thread.h>
69
70 #include "internal.h"
71 #include "../internal.h"
72
73
74 // Node depends on |EVP_R_NOT_XOF_OR_INVALID_LENGTH|.
75 //
76 // TODO(davidben): Fix Node to not touch the error queue itself and remove this.
OPENSSL_DECLARE_ERROR_REASON(EVP,NOT_XOF_OR_INVALID_LENGTH)77 OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH)
78
79 // The HPKE module uses the EVP error namespace, but it lives in another
80 // directory.
81 OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK)
82
83 EVP_PKEY *EVP_PKEY_new(void) {
84 EVP_PKEY *ret = OPENSSL_zalloc(sizeof(EVP_PKEY));
85 if (ret == NULL) {
86 return NULL;
87 }
88
89 ret->type = EVP_PKEY_NONE;
90 ret->references = 1;
91 return ret;
92 }
93
free_it(EVP_PKEY * pkey)94 static void free_it(EVP_PKEY *pkey) {
95 if (pkey->ameth && pkey->ameth->pkey_free) {
96 pkey->ameth->pkey_free(pkey);
97 pkey->pkey = NULL;
98 pkey->type = EVP_PKEY_NONE;
99 }
100 }
101
EVP_PKEY_free(EVP_PKEY * pkey)102 void EVP_PKEY_free(EVP_PKEY *pkey) {
103 if (pkey == NULL) {
104 return;
105 }
106
107 if (!CRYPTO_refcount_dec_and_test_zero(&pkey->references)) {
108 return;
109 }
110
111 free_it(pkey);
112 OPENSSL_free(pkey);
113 }
114
EVP_PKEY_up_ref(EVP_PKEY * pkey)115 int EVP_PKEY_up_ref(EVP_PKEY *pkey) {
116 CRYPTO_refcount_inc(&pkey->references);
117 return 1;
118 }
119
EVP_PKEY_is_opaque(const EVP_PKEY * pkey)120 int EVP_PKEY_is_opaque(const EVP_PKEY *pkey) {
121 if (pkey->ameth && pkey->ameth->pkey_opaque) {
122 return pkey->ameth->pkey_opaque(pkey);
123 }
124 return 0;
125 }
126
EVP_PKEY_cmp(const EVP_PKEY * a,const EVP_PKEY * b)127 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
128 if (a->type != b->type) {
129 return -1;
130 }
131
132 if (a->ameth) {
133 int ret;
134 // Compare parameters if the algorithm has them
135 if (a->ameth->param_cmp) {
136 ret = a->ameth->param_cmp(a, b);
137 if (ret <= 0) {
138 return ret;
139 }
140 }
141
142 if (a->ameth->pub_cmp) {
143 return a->ameth->pub_cmp(a, b);
144 }
145 }
146
147 return -2;
148 }
149
EVP_PKEY_copy_parameters(EVP_PKEY * to,const EVP_PKEY * from)150 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
151 if (to->type == EVP_PKEY_NONE) {
152 if (!EVP_PKEY_set_type(to, from->type)) {
153 return 0;
154 }
155 } else if (to->type != from->type) {
156 OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES);
157 return 0;
158 }
159
160 if (EVP_PKEY_missing_parameters(from)) {
161 OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
162 return 0;
163 }
164
165 // Once set, parameters may not change.
166 if (!EVP_PKEY_missing_parameters(to)) {
167 if (EVP_PKEY_cmp_parameters(to, from) == 1) {
168 return 1;
169 }
170 OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_PARAMETERS);
171 return 0;
172 }
173
174 if (from->ameth && from->ameth->param_copy) {
175 return from->ameth->param_copy(to, from);
176 }
177
178 // TODO(https://crbug.com/boringssl/536): If the algorithm takes no
179 // parameters, copying them should vacuously succeed.
180 return 0;
181 }
182
EVP_PKEY_missing_parameters(const EVP_PKEY * pkey)183 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) {
184 if (pkey->ameth && pkey->ameth->param_missing) {
185 return pkey->ameth->param_missing(pkey);
186 }
187 return 0;
188 }
189
EVP_PKEY_size(const EVP_PKEY * pkey)190 int EVP_PKEY_size(const EVP_PKEY *pkey) {
191 if (pkey && pkey->ameth && pkey->ameth->pkey_size) {
192 return pkey->ameth->pkey_size(pkey);
193 }
194 return 0;
195 }
196
EVP_PKEY_bits(const EVP_PKEY * pkey)197 int EVP_PKEY_bits(const EVP_PKEY *pkey) {
198 if (pkey && pkey->ameth && pkey->ameth->pkey_bits) {
199 return pkey->ameth->pkey_bits(pkey);
200 }
201 return 0;
202 }
203
EVP_PKEY_id(const EVP_PKEY * pkey)204 int EVP_PKEY_id(const EVP_PKEY *pkey) {
205 return pkey->type;
206 }
207
208 // evp_pkey_asn1_find returns the ASN.1 method table for the given |nid|, which
209 // should be one of the |EVP_PKEY_*| values. It returns NULL if |nid| is
210 // unknown.
evp_pkey_asn1_find(int nid)211 static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) {
212 switch (nid) {
213 case EVP_PKEY_RSA:
214 return &rsa_asn1_meth;
215 case EVP_PKEY_EC:
216 return &ec_asn1_meth;
217 case EVP_PKEY_DSA:
218 return &dsa_asn1_meth;
219 case EVP_PKEY_ED25519:
220 return &ed25519_asn1_meth;
221 case EVP_PKEY_X25519:
222 return &x25519_asn1_meth;
223 default:
224 return NULL;
225 }
226 }
227
evp_pkey_set_method(EVP_PKEY * pkey,const EVP_PKEY_ASN1_METHOD * method)228 static void evp_pkey_set_method(EVP_PKEY *pkey,
229 const EVP_PKEY_ASN1_METHOD *method) {
230 free_it(pkey);
231 pkey->ameth = method;
232 pkey->type = pkey->ameth->pkey_id;
233 }
234
EVP_PKEY_type(int nid)235 int EVP_PKEY_type(int nid) {
236 const EVP_PKEY_ASN1_METHOD *meth = evp_pkey_asn1_find(nid);
237 if (meth == NULL) {
238 return NID_undef;
239 }
240 return meth->pkey_id;
241 }
242
EVP_PKEY_set1_RSA(EVP_PKEY * pkey,RSA * key)243 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) {
244 if (EVP_PKEY_assign_RSA(pkey, key)) {
245 RSA_up_ref(key);
246 return 1;
247 }
248 return 0;
249 }
250
EVP_PKEY_assign_RSA(EVP_PKEY * pkey,RSA * key)251 int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) {
252 evp_pkey_set_method(pkey, &rsa_asn1_meth);
253 pkey->pkey = key;
254 return key != NULL;
255 }
256
EVP_PKEY_get0_RSA(const EVP_PKEY * pkey)257 RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {
258 if (pkey->type != EVP_PKEY_RSA) {
259 OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY);
260 return NULL;
261 }
262 return pkey->pkey;
263 }
264
EVP_PKEY_get1_RSA(const EVP_PKEY * pkey)265 RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) {
266 RSA *rsa = EVP_PKEY_get0_RSA(pkey);
267 if (rsa != NULL) {
268 RSA_up_ref(rsa);
269 }
270 return rsa;
271 }
272
EVP_PKEY_set1_DSA(EVP_PKEY * pkey,DSA * key)273 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) {
274 if (EVP_PKEY_assign_DSA(pkey, key)) {
275 DSA_up_ref(key);
276 return 1;
277 }
278 return 0;
279 }
280
EVP_PKEY_assign_DSA(EVP_PKEY * pkey,DSA * key)281 int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) {
282 evp_pkey_set_method(pkey, &dsa_asn1_meth);
283 pkey->pkey = key;
284 return key != NULL;
285 }
286
EVP_PKEY_get0_DSA(const EVP_PKEY * pkey)287 DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) {
288 if (pkey->type != EVP_PKEY_DSA) {
289 OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DSA_KEY);
290 return NULL;
291 }
292 return pkey->pkey;
293 }
294
EVP_PKEY_get1_DSA(const EVP_PKEY * pkey)295 DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey) {
296 DSA *dsa = EVP_PKEY_get0_DSA(pkey);
297 if (dsa != NULL) {
298 DSA_up_ref(dsa);
299 }
300 return dsa;
301 }
302
EVP_PKEY_set1_EC_KEY(EVP_PKEY * pkey,EC_KEY * key)303 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
304 if (EVP_PKEY_assign_EC_KEY(pkey, key)) {
305 EC_KEY_up_ref(key);
306 return 1;
307 }
308 return 0;
309 }
310
EVP_PKEY_assign_EC_KEY(EVP_PKEY * pkey,EC_KEY * key)311 int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
312 evp_pkey_set_method(pkey, &ec_asn1_meth);
313 pkey->pkey = key;
314 return key != NULL;
315 }
316
EVP_PKEY_get0_EC_KEY(const EVP_PKEY * pkey)317 EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) {
318 if (pkey->type != EVP_PKEY_EC) {
319 OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_EC_KEY_KEY);
320 return NULL;
321 }
322 return pkey->pkey;
323 }
324
EVP_PKEY_get1_EC_KEY(const EVP_PKEY * pkey)325 EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) {
326 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
327 if (ec_key != NULL) {
328 EC_KEY_up_ref(ec_key);
329 }
330 return ec_key;
331 }
332
EVP_PKEY_get0_DH(const EVP_PKEY * pkey)333 DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { return NULL; }
EVP_PKEY_get1_DH(const EVP_PKEY * pkey)334 DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { return NULL; }
335
EVP_PKEY_assign(EVP_PKEY * pkey,int type,void * key)336 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) {
337 // This function can only be used to assign RSA, DSA, and EC keys. Other key
338 // types have internal representations which are not exposed through the
339 // public API.
340 switch (type) {
341 case EVP_PKEY_RSA:
342 return EVP_PKEY_assign_RSA(pkey, key);
343 case EVP_PKEY_DSA:
344 return EVP_PKEY_assign_DSA(pkey, key);
345 case EVP_PKEY_EC:
346 return EVP_PKEY_assign_EC_KEY(pkey, key);
347 }
348
349 OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
350 ERR_add_error_dataf("algorithm %d", type);
351 return 0;
352 }
353
EVP_PKEY_set_type(EVP_PKEY * pkey,int type)354 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) {
355 if (pkey && pkey->pkey) {
356 // This isn't strictly necessary, but historically |EVP_PKEY_set_type| would
357 // clear |pkey| even if |evp_pkey_asn1_find| failed, so we preserve that
358 // behavior.
359 free_it(pkey);
360 }
361
362 const EVP_PKEY_ASN1_METHOD *ameth = evp_pkey_asn1_find(type);
363 if (ameth == NULL) {
364 OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
365 ERR_add_error_dataf("algorithm %d", type);
366 return 0;
367 }
368
369 if (pkey) {
370 evp_pkey_set_method(pkey, ameth);
371 }
372
373 return 1;
374 }
375
EVP_PKEY_new_raw_private_key(int type,ENGINE * unused,const uint8_t * in,size_t len)376 EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *unused,
377 const uint8_t *in, size_t len) {
378 EVP_PKEY *ret = EVP_PKEY_new();
379 if (ret == NULL ||
380 !EVP_PKEY_set_type(ret, type)) {
381 goto err;
382 }
383
384 if (ret->ameth->set_priv_raw == NULL) {
385 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
386 goto err;
387 }
388
389 if (!ret->ameth->set_priv_raw(ret, in, len)) {
390 goto err;
391 }
392
393 return ret;
394
395 err:
396 EVP_PKEY_free(ret);
397 return NULL;
398 }
399
EVP_PKEY_new_raw_public_key(int type,ENGINE * unused,const uint8_t * in,size_t len)400 EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *unused,
401 const uint8_t *in, size_t len) {
402 EVP_PKEY *ret = EVP_PKEY_new();
403 if (ret == NULL ||
404 !EVP_PKEY_set_type(ret, type)) {
405 goto err;
406 }
407
408 if (ret->ameth->set_pub_raw == NULL) {
409 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
410 goto err;
411 }
412
413 if (!ret->ameth->set_pub_raw(ret, in, len)) {
414 goto err;
415 }
416
417 return ret;
418
419 err:
420 EVP_PKEY_free(ret);
421 return NULL;
422 }
423
EVP_PKEY_get_raw_private_key(const EVP_PKEY * pkey,uint8_t * out,size_t * out_len)424 int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, uint8_t *out,
425 size_t *out_len) {
426 if (pkey->ameth->get_priv_raw == NULL) {
427 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
428 return 0;
429 }
430
431 return pkey->ameth->get_priv_raw(pkey, out, out_len);
432 }
433
EVP_PKEY_get_raw_public_key(const EVP_PKEY * pkey,uint8_t * out,size_t * out_len)434 int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, uint8_t *out,
435 size_t *out_len) {
436 if (pkey->ameth->get_pub_raw == NULL) {
437 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
438 return 0;
439 }
440
441 return pkey->ameth->get_pub_raw(pkey, out, out_len);
442 }
443
EVP_PKEY_cmp_parameters(const EVP_PKEY * a,const EVP_PKEY * b)444 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
445 if (a->type != b->type) {
446 return -1;
447 }
448 if (a->ameth && a->ameth->param_cmp) {
449 return a->ameth->param_cmp(a, b);
450 }
451 // TODO(https://crbug.com/boringssl/536): If the algorithm doesn't use
452 // parameters, they should compare as vacuously equal.
453 return -2;
454 }
455
EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX * ctx,const EVP_MD * md)456 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
457 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, 0,
458 (void *)md);
459 }
460
EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX * ctx,const EVP_MD ** out_md)461 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {
462 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_GET_MD,
463 0, (void *)out_md);
464 }
465
EVP_PKEY_get0(const EVP_PKEY * pkey)466 void *EVP_PKEY_get0(const EVP_PKEY *pkey) {
467 // Node references, but never calls this function, so for now we return NULL.
468 // If other projects require complete support, call |EVP_PKEY_get0_RSA|, etc.,
469 // rather than reading |pkey->pkey| directly. This avoids problems if our
470 // internal representation does not match the type the caller expects from
471 // OpenSSL.
472 return NULL;
473 }
474
OpenSSL_add_all_algorithms(void)475 void OpenSSL_add_all_algorithms(void) {}
476
OPENSSL_add_all_algorithms_conf(void)477 void OPENSSL_add_all_algorithms_conf(void) {}
478
OpenSSL_add_all_ciphers(void)479 void OpenSSL_add_all_ciphers(void) {}
480
OpenSSL_add_all_digests(void)481 void OpenSSL_add_all_digests(void) {}
482
EVP_cleanup(void)483 void EVP_cleanup(void) {}
484
EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY * pkey,const uint8_t * in,size_t len)485 int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in,
486 size_t len) {
487 if (pkey->ameth->set1_tls_encodedpoint == NULL) {
488 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
489 return 0;
490 }
491
492 return pkey->ameth->set1_tls_encodedpoint(pkey, in, len);
493 }
494
EVP_PKEY_get1_tls_encodedpoint(const EVP_PKEY * pkey,uint8_t ** out_ptr)495 size_t EVP_PKEY_get1_tls_encodedpoint(const EVP_PKEY *pkey, uint8_t **out_ptr) {
496 if (pkey->ameth->get1_tls_encodedpoint == NULL) {
497 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
498 return 0;
499 }
500
501 return pkey->ameth->get1_tls_encodedpoint(pkey, out_ptr);
502 }
503
EVP_PKEY_base_id(const EVP_PKEY * pkey)504 int EVP_PKEY_base_id(const EVP_PKEY *pkey) {
505 // OpenSSL has two notions of key type because it supports multiple OIDs for
506 // the same algorithm: NID_rsa vs NID_rsaEncryption and five distinct spelling
507 // of DSA. We do not support these, so the base ID is simply the ID.
508 return EVP_PKEY_id(pkey);
509 }
510