/src/boringssl/crypto/evp/print.cc

Source (jump to first uncovered line)
// Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <openssl/evp.h>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/ec.h>
#include <openssl/ec_key.h>
#include <openssl/mem.h>
#include <openssl/rsa.h>

#include "../fipsmodule/rsa/internal.h"
#include "../internal.h"


static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
  for (size_t i = 0; i < len; i++) {
    if ((i % 15) == 0) {
      if (BIO_puts(bp, "\n") <= 0 ||  //
          !BIO_indent(bp, off + 4, 128)) {
        return 0;
      }
    }
    if (BIO_printf(bp, "%02x%s", data[i], (i + 1 == len) ? "" : ":") <= 0) {
      return 0;
    }
  }
  if (BIO_write(bp, "\n", 1) <= 0) {
    return 0;
  }
  return 1;
}

static int bn_print(BIO *bp, const char *name, const BIGNUM *num, int off) {
  if (num == NULL) {
    return 1;
  }

  if (!BIO_indent(bp, off, 128)) {
    return 0;
  }
  if (BN_is_zero(num)) {
    if (BIO_printf(bp, "%s 0\n", name) <= 0) {
      return 0;
    }
    return 1;
  }

  uint64_t u64;
  if (BN_get_u64(num, &u64)) {
    const char *neg = BN_is_negative(num) ? "-" : "";
    return BIO_printf(bp, "%s %s%" PRIu64 " (%s0x%" PRIx64 ")\n", name, neg,
                      u64, neg, u64) > 0;
  }

  if (BIO_printf(bp, "%s%s", name,
                 (BN_is_negative(num)) ? " (Negative)" : "") <= 0) {
    return 0;
  }

  // Print |num| in hex, adding a leading zero, as in ASN.1, if the high bit
  // is set.
  //
  // TODO(davidben): Do we need to do this? We already print "(Negative)" above
  // and negative values are never valid in keys anyway.
  size_t len = BN_num_bytes(num);
  uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1));
  if (buf == NULL) {
    return 0;
  }

  buf[0] = 0;
  BN_bn2bin(num, buf + 1);
  int ret;
  if (len > 0 && (buf[1] & 0x80) != 0) {
    // Print the whole buffer.
    ret = print_hex(bp, buf, len + 1, off);
  } else {
    // Skip the leading zero.
    ret = print_hex(bp, buf + 1, len, off);
  }
  OPENSSL_free(buf);
  return ret;
}

// RSA keys.

static int do_rsa_print(BIO *out, const RSA *rsa, int off,
                        int include_private) {
  int mod_len = 0;
  if (rsa->n != NULL) {
    mod_len = BN_num_bits(rsa->n);
  }

  if (!BIO_indent(out, off, 128)) {
    return 0;
  }

  const char *s, *str;
  if (include_private && rsa->d) {
    if (BIO_printf(out, "Private-Key: (%d bit)\n", mod_len) <= 0) {
      return 0;
    }
    str = "modulus:";
    s = "publicExponent:";
  } else {
    if (BIO_printf(out, "Public-Key: (%d bit)\n", mod_len) <= 0) {
      return 0;
    }
    str = "Modulus:";
    s = "Exponent:";
  }
  if (!bn_print(out, str, rsa->n, off) || !bn_print(out, s, rsa->e, off)) {
    return 0;
  }

  if (include_private) {
    if (!bn_print(out, "privateExponent:", rsa->d, off) ||
        !bn_print(out, "prime1:", rsa->p, off) ||
        !bn_print(out, "prime2:", rsa->q, off) ||
        !bn_print(out, "exponent1:", rsa->dmp1, off) ||
        !bn_print(out, "exponent2:", rsa->dmq1, off) ||
        !bn_print(out, "coefficient:", rsa->iqmp, off)) {
      return 0;
    }
  }

  return 1;
}

static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 0);
}

static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 1);
}


// EC keys.

static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) {
  const EC_GROUP *group;
  if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
    OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
    return 0;
  }

  const char *ecstr;
  if (ktype == 2) {
    ecstr = "Private-Key";
  } else if (ktype == 1) {
    ecstr = "Public-Key";
  } else {
    ecstr = "ECDSA-Parameters";
  }

  if (!BIO_indent(bp, off, 128)) {
    return 0;
  }
  int curve_name = EC_GROUP_get_curve_name(group);
  if (BIO_printf(bp, "%s: (%s)\n", ecstr,
                 curve_name == NID_undef
                     ? "unknown curve"
                     : EC_curve_nid2nist(curve_name)) <= 0) {
    return 0;
  }

  if (ktype == 2) {
    const BIGNUM *priv_key = EC_KEY_get0_private_key(x);
    if (priv_key != NULL &&  //
        !bn_print(bp, "priv:", priv_key, off)) {
      return 0;
    }
  }

  if (ktype > 0 && EC_KEY_get0_public_key(x) != NULL) {
    uint8_t *pub = NULL;
    size_t pub_len = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
    if (pub_len == 0) {
      return 0;
    }
    int ret = BIO_indent(bp, off, 128) &&  //
              BIO_puts(bp, "pub:") > 0 &&  //
              print_hex(bp, pub, pub_len, off);
    OPENSSL_free(pub);
    if (!ret) {
      return 0;
    }
  }

  return 1;
}

static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 0);
}

static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 1);
}


static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
}


typedef struct {
  int type;
  int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent);
  int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent);
  int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent);
} EVP_PKEY_PRINT_METHOD;

static const EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
    {
        EVP_PKEY_RSA,
        rsa_pub_print,
        rsa_priv_print,
        /*param_print=*/nullptr,
    },
    {
        EVP_PKEY_EC,
        eckey_pub_print,
        eckey_priv_print,
        eckey_param_print,
    },
};

static const EVP_PKEY_PRINT_METHOD *find_method(int type) {
  for (const auto &p : kPrintMethods) {
    if (p.type == type) {
      return &p;
    }
  }
  return nullptr;
}

static int print_unsupported(BIO *out, const EVP_PKEY *pkey, int indent,
                             const char *kstr) {
  BIO_indent(out, indent, 128);
  BIO_printf(out, "%s algorithm unsupported\n", kstr);
  return 1;
}

int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *pctx) {
  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
  if (method != NULL && method->pub_print != NULL) {
    return method->pub_print(out, pkey, indent);
  }
  return print_unsupported(out, pkey, indent, "Public Key");
}

int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
                           ASN1_PCTX *pctx) {
  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
  if (method != NULL && method->priv_print != NULL) {
    return method->priv_print(out, pkey, indent);
  }
  return print_unsupported(out, pkey, indent, "Private Key");
}

int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *pctx) {
  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
  if (method != NULL && method->param_print != NULL) {
    return method->param_print(out, pkey, indent);
  }
  return print_unsupported(out, pkey, indent, "Parameters");
}

Coverage Report

Created: 2025-09-05 06:13

Line	Count	Source (jump to first uncovered line)
1		// Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <openssl/evp.h>
16
17		#include <openssl/bio.h>
18		#include <openssl/bn.h>
19		#include <openssl/dsa.h>
20		#include <openssl/ec.h>
21		#include <openssl/ec_key.h>
22		#include <openssl/mem.h>
23		#include <openssl/rsa.h>
24
25		#include "../fipsmodule/rsa/internal.h"
26		#include "../internal.h"
27
28
29	2.43k	static int print_hex(BIO bp, const uint8_t data, size_t len, int off) {
30	188k	for (size_t i = 0; i < len; i++) {
31	185k	if ((i % 15) == 0) {
32	13.2k	if (BIO_puts(bp, "\n") <= 0 \|\| //
33	13.2k	!BIO_indent(bp, off + 4, 128)) {
34	0	return 0;
35	0	}
36	13.2k	}
37	185k	if (BIO_printf(bp, "%02x%s", data[i], (i + 1 == len) ? "" : ":") <= 0) {
38	0	return 0;
39	0	}
40	185k	}
41	2.43k	if (BIO_write(bp, "\n", 1) <= 0) {
42	0	return 0;
43	0	}
44	2.43k	return 1;
45	2.43k	}
46
47	1.32k	static int bn_print(BIO bp, const char name, const BIGNUM *num, int off) {
48	1.32k	if (num == NULL) {
49	0	return 1;
50	0	}
51
52	1.32k	if (!BIO_indent(bp, off, 128)) {
53	0	return 0;
54	0	}
55	1.32k	if (BN_is_zero(num)) {
56	0	if (BIO_printf(bp, "%s 0\n", name) <= 0) {
57	0	return 0;
58	0	}
59	0	return 1;
60	0	}
61
62	1.32k	uint64_t u64;
63	1.32k	if (BN_get_u64(num, &u64)) {
64	683	const char *neg = BN_is_negative(num) ? "-" : "";
65	683	return BIO_printf(bp, "%s %s%" PRIu64 " (%s0x%" PRIx64 ")\n", name, neg,
66	683	u64, neg, u64) > 0;
67	683	}
68
69	638	if (BIO_printf(bp, "%s%s", name,
70	638	(BN_is_negative(num)) ? " (Negative)" : "") <= 0) {
71	0	return 0;
72	0	}
73
74		// Print \|num\| in hex, adding a leading zero, as in ASN.1, if the high bit
75		// is set.
76		//
77		// TODO(davidben): Do we need to do this? We already print "(Negative)" above
78		// and negative values are never valid in keys anyway.
79	638	size_t len = BN_num_bytes(num);
80	638	uint8_t buf = reinterpret_cast<uint8_t >(OPENSSL_malloc(len + 1));
81	638	if (buf == NULL) {
82	0	return 0;
83	0	}
84
85	638	buf[0] = 0;
86	638	BN_bn2bin(num, buf + 1);
87	638	int ret;
88	638	if (len > 0 && (buf[1] & 0x80) != 0) {
89		// Print the whole buffer.
90	493	ret = print_hex(bp, buf, len + 1, off);
91	493	} else {
92		// Skip the leading zero.
93	145	ret = print_hex(bp, buf + 1, len, off);
94	145	}
95	638	OPENSSL_free(buf);
96	638	return ret;
97	638	}
98
99		// RSA keys.
100
101		static int do_rsa_print(BIO out, const RSA rsa, int off,
102	399	int include_private) {
103	399	int mod_len = 0;
104	399	if (rsa->n != NULL) {
105	399	mod_len = BN_num_bits(rsa->n);
106	399	}
107
108	399	if (!BIO_indent(out, off, 128)) {
109	0	return 0;
110	0	}
111
112	399	const char s, str;
113	399	if (include_private && rsa->d) {
114	2	if (BIO_printf(out, "Private-Key: (%d bit)\n", mod_len) <= 0) {
115	0	return 0;
116	0	}
117	2	str = "modulus:";
118	2	s = "publicExponent:";
119	397	} else {
120	397	if (BIO_printf(out, "Public-Key: (%d bit)\n", mod_len) <= 0) {
121	0	return 0;
122	0	}
123	397	str = "Modulus:";
124	397	s = "Exponent:";
125	397	}
126	399	if (!bn_print(out, str, rsa->n, off) \|\| !bn_print(out, s, rsa->e, off)) {
127	0	return 0;
128	0	}
129
130	399	if (include_private) {
131	2	if (!bn_print(out, "privateExponent:", rsa->d, off) \|\|
132	2	!bn_print(out, "prime1:", rsa->p, off) \|\|
133	2	!bn_print(out, "prime2:", rsa->q, off) \|\|
134	2	!bn_print(out, "exponent1:", rsa->dmp1, off) \|\|
135	2	!bn_print(out, "exponent2:", rsa->dmq1, off) \|\|
136	2	!bn_print(out, "coefficient:", rsa->iqmp, off)) {
137	0	return 0;
138	0	}
139	2	}
140
141	399	return 1;
142	399	}
143
144	397	static int rsa_pub_print(BIO bp, const EVP_PKEY pkey, int indent) {
145	397	return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 0);
146	397	}
147
148	2	static int rsa_priv_print(BIO bp, const EVP_PKEY pkey, int indent) {
149	2	return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 1);
150	2	}
151
152
153		// EC keys.
154
155	2.77k	static int do_EC_KEY_print(BIO bp, const EC_KEY x, int off, int ktype) {
156	2.77k	const EC_GROUP *group;
157	2.77k	if (x == NULL \|\| (group = EC_KEY_get0_group(x)) == NULL) {
158	0	OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
159	0	return 0;
160	0	}
161
162	2.77k	const char *ecstr;
163	2.77k	if (ktype == 2) {
164	511	ecstr = "Private-Key";
165	2.26k	} else if (ktype == 1) {
166	1.28k	ecstr = "Public-Key";
167	1.28k	} else {
168	982	ecstr = "ECDSA-Parameters";
169	982	}
170
171	2.77k	if (!BIO_indent(bp, off, 128)) {
172	0	return 0;
173	0	}
174	2.77k	int curve_name = EC_GROUP_get_curve_name(group);
175	2.77k	if (BIO_printf(bp, "%s: (%s)\n", ecstr,
176	2.77k	curve_name == NID_undef
177	2.77k	? "unknown curve"
178	2.77k	: EC_curve_nid2nist(curve_name)) <= 0) {
179	0	return 0;
180	0	}
181
182	2.77k	if (ktype == 2) {
183	511	const BIGNUM *priv_key = EC_KEY_get0_private_key(x);
184	511	if (priv_key != NULL && //
185	511	!bn_print(bp, "priv:", priv_key, off)) {
186	0	return 0;
187	0	}
188	511	}
189
190	2.77k	if (ktype > 0 && EC_KEY_get0_public_key(x) != NULL) {
191	1.79k	uint8_t *pub = NULL;
192	1.79k	size_t pub_len = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
193	1.79k	if (pub_len == 0) {
194	0	return 0;
195	0	}
196	1.79k	int ret = BIO_indent(bp, off, 128) && //
197	1.79k	BIO_puts(bp, "pub:") > 0 && //
198	1.79k	print_hex(bp, pub, pub_len, off);
199	1.79k	OPENSSL_free(pub);
200	1.79k	if (!ret) {
201	0	return 0;
202	0	}
203	1.79k	}
204
205	2.77k	return 1;
206	2.77k	}
207
208	982	static int eckey_param_print(BIO bp, const EVP_PKEY pkey, int indent) {
209	982	return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 0);
210	982	}
211
212	1.28k	static int eckey_pub_print(BIO bp, const EVP_PKEY pkey, int indent) {
213	1.28k	return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 1);
214	1.28k	}
215
216
217	511	static int eckey_priv_print(BIO bp, const EVP_PKEY pkey, int indent) {
218	511	return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
219	511	}
220
221
222		typedef struct {
223		int type;
224		int (pub_print)(BIO out, const EVP_PKEY *pkey, int indent);
225		int (priv_print)(BIO out, const EVP_PKEY *pkey, int indent);
226		int (param_print)(BIO out, const EVP_PKEY *pkey, int indent);
227		} EVP_PKEY_PRINT_METHOD;
228
229		static const EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
230		{
231		EVP_PKEY_RSA,
232		rsa_pub_print,
233		rsa_priv_print,
234		/param_print=/nullptr,
235		},
236		{
237		EVP_PKEY_EC,
238		eckey_pub_print,
239		eckey_priv_print,
240		eckey_param_print,
241		},
242		};
243
244	4.57k	static const EVP_PKEY_PRINT_METHOD *find_method(int type) {
245	8.54k	for (const auto &p : kPrintMethods) {
246	8.54k	if (p.type == type) {
247	3.39k	return &p;
248	3.39k	}
249	8.54k	}
250	1.18k	return nullptr;
251	4.57k	}
252
253		static int print_unsupported(BIO out, const EVP_PKEY pkey, int indent,
254	1.40k	const char *kstr) {
255	1.40k	BIO_indent(out, indent, 128);
256	1.40k	BIO_printf(out, "%s algorithm unsupported\n", kstr);
257	1.40k	return 1;
258	1.40k	}
259
260		int EVP_PKEY_print_public(BIO out, const EVP_PKEY pkey, int indent,
261	2.08k	ASN1_PCTX *pctx) {
262	2.08k	const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
263	2.08k	if (method != NULL && method->pub_print != NULL) {
264	1.68k	return method->pub_print(out, pkey, indent);
265	1.68k	}
266	403	return print_unsupported(out, pkey, indent, "Public Key");
267	2.08k	}
268
269		int EVP_PKEY_print_private(BIO out, const EVP_PKEY pkey, int indent,
270	895	ASN1_PCTX *pctx) {
271	895	const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
272	895	if (method != NULL && method->priv_print != NULL) {
273	513	return method->priv_print(out, pkey, indent);
274	513	}
275	382	return print_unsupported(out, pkey, indent, "Private Key");
276	895	}
277
278		int EVP_PKEY_print_params(BIO out, const EVP_PKEY pkey, int indent,
279	1.59k	ASN1_PCTX *pctx) {
280	1.59k	const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
281	1.59k	if (method != NULL && method->param_print != NULL) {
282	982	return method->param_print(out, pkey, indent);
283	982	}
284	616	return print_unsupported(out, pkey, indent, "Parameters");
285	1.59k	}