/src/boringssl/crypto/evp/print.cc

Source
// Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <openssl/evp.h>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/ec.h>
#include <openssl/ec_key.h>
#include <openssl/mem.h>
#include <openssl/rsa.h>

#include "../fipsmodule/rsa/internal.h"
#include "../internal.h"


static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
  for (size_t i = 0; i < len; i++) {
    if ((i % 15) == 0) {
      if (BIO_puts(bp, "\n") <= 0 ||  //
          !BIO_indent(bp, off + 4, 128)) {
        return 0;
      }
    }
    if (BIO_printf(bp, "%02x%s", data[i], (i + 1 == len) ? "" : ":") <= 0) {
      return 0;
    }
  }
  if (BIO_write(bp, "\n", 1) <= 0) {
    return 0;
  }
  return 1;
}

static int bn_print(BIO *bp, const char *name, const BIGNUM *num, int off) {
  if (num == nullptr) {
    return 1;
  }

  if (!BIO_indent(bp, off, 128)) {
    return 0;
  }
  if (BN_is_zero(num)) {
    if (BIO_printf(bp, "%s 0\n", name) <= 0) {
      return 0;
    }
    return 1;
  }

  uint64_t u64;
  if (BN_get_u64(num, &u64)) {
    const char *neg = BN_is_negative(num) ? "-" : "";
    return BIO_printf(bp, "%s %s%" PRIu64 " (%s0x%" PRIx64 ")\n", name, neg,
                      u64, neg, u64) > 0;
  }

  if (BIO_printf(bp, "%s%s", name,
                 (BN_is_negative(num)) ? " (Negative)" : "") <= 0) {
    return 0;
  }

  // Print |num| in hex, adding a leading zero, as in ASN.1, if the high bit
  // is set.
  //
  // TODO(davidben): Do we need to do this? We already print "(Negative)" above
  // and negative values are never valid in keys anyway.
  size_t len = BN_num_bytes(num);
  uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1));
  if (buf == nullptr) {
    return 0;
  }

  buf[0] = 0;
  BN_bn2bin(num, buf + 1);
  int ret;
  if (len > 0 && (buf[1] & 0x80) != 0) {
    // Print the whole buffer.
    ret = print_hex(bp, buf, len + 1, off);
  } else {
    // Skip the leading zero.
    ret = print_hex(bp, buf + 1, len, off);
  }
  OPENSSL_free(buf);
  return ret;
}

// RSA keys.

static int do_rsa_print(BIO *out, const RSA *rsa, int off,
                        int include_private) {
  int mod_len = 0;
  if (rsa->n != nullptr) {
    mod_len = BN_num_bits(rsa->n);
  }

  if (!BIO_indent(out, off, 128)) {
    return 0;
  }

  const char *s, *str;
  if (include_private && rsa->d) {
    if (BIO_printf(out, "Private-Key: (%d bit)\n", mod_len) <= 0) {
      return 0;
    }
    str = "modulus:";
    s = "publicExponent:";
  } else {
    if (BIO_printf(out, "Public-Key: (%d bit)\n", mod_len) <= 0) {
      return 0;
    }
    str = "Modulus:";
    s = "Exponent:";
  }
  if (!bn_print(out, str, rsa->n, off) || !bn_print(out, s, rsa->e, off)) {
    return 0;
  }

  if (include_private) {
    if (!bn_print(out, "privateExponent:", rsa->d, off) ||
        !bn_print(out, "prime1:", rsa->p, off) ||
        !bn_print(out, "prime2:", rsa->q, off) ||
        !bn_print(out, "exponent1:", rsa->dmp1, off) ||
        !bn_print(out, "exponent2:", rsa->dmq1, off) ||
        !bn_print(out, "coefficient:", rsa->iqmp, off)) {
      return 0;
    }
  }

  return 1;
}

static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 0);
}

static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 1);
}


// EC keys.

static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) {
  const EC_GROUP *group;
  if (x == nullptr || (group = EC_KEY_get0_group(x)) == nullptr) {
    OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
    return 0;
  }

  const char *ecstr;
  if (ktype == 2) {
    ecstr = "Private-Key";
  } else if (ktype == 1) {
    ecstr = "Public-Key";
  } else {
    ecstr = "ECDSA-Parameters";
  }

  if (!BIO_indent(bp, off, 128)) {
    return 0;
  }
  int curve_name = EC_GROUP_get_curve_name(group);
  if (BIO_printf(bp, "%s: (%s)\n", ecstr,
                 curve_name == NID_undef
                     ? "unknown curve"
                     : EC_curve_nid2nist(curve_name)) <= 0) {
    return 0;
  }

  if (ktype == 2) {
    const BIGNUM *priv_key = EC_KEY_get0_private_key(x);
    if (priv_key != nullptr &&  //
        !bn_print(bp, "priv:", priv_key, off)) {
      return 0;
    }
  }

  if (ktype > 0 && EC_KEY_get0_public_key(x) != nullptr) {
    uint8_t *pub = nullptr;
    size_t pub_len = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, nullptr);
    if (pub_len == 0) {
      return 0;
    }
    int ret = BIO_indent(bp, off, 128) &&  //
              BIO_puts(bp, "pub:") > 0 &&  //
              print_hex(bp, pub, pub_len, off);
    OPENSSL_free(pub);
    if (!ret) {
      return 0;
    }
  }

  return 1;
}

static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 0);
}

static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 1);
}


static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
  return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
}


typedef struct {
  int type;
  int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent);
  int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent);
  int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent);
} EVP_PKEY_PRINT_METHOD;

static const EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
    {
        EVP_PKEY_RSA,
        rsa_pub_print,
        rsa_priv_print,
        /*param_print=*/nullptr,
    },
    {
        EVP_PKEY_EC,
        eckey_pub_print,
        eckey_priv_print,
        eckey_param_print,
    },
};

static const EVP_PKEY_PRINT_METHOD *find_method(int type) {
  for (const auto &p : kPrintMethods) {
    if (p.type == type) {
      return &p;
    }
  }
  return nullptr;
}

static int print_unsupported(BIO *out, const EVP_PKEY *pkey, int indent,
                             const char *kstr) {
  BIO_indent(out, indent, 128);
  BIO_printf(out, "%s algorithm unsupported\n", kstr);
  return 1;
}

int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *pctx) {
  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
  if (method != nullptr && method->pub_print != nullptr) {
    return method->pub_print(out, pkey, indent);
  }
  return print_unsupported(out, pkey, indent, "Public Key");
}

int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
                           ASN1_PCTX *pctx) {
  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
  if (method != nullptr && method->priv_print != nullptr) {
    return method->priv_print(out, pkey, indent);
  }
  return print_unsupported(out, pkey, indent, "Private Key");
}

int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *pctx) {
  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
  if (method != nullptr && method->param_print != nullptr) {
    return method->param_print(out, pkey, indent);
  }
  return print_unsupported(out, pkey, indent, "Parameters");
}

Coverage Report

Created: 2025-11-17 06:18

Line	Count	Source
1		// Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <openssl/evp.h>
16
17		#include <openssl/bio.h>
18		#include <openssl/bn.h>
19		#include <openssl/dsa.h>
20		#include <openssl/ec.h>
21		#include <openssl/ec_key.h>
22		#include <openssl/mem.h>
23		#include <openssl/rsa.h>
24
25		#include "../fipsmodule/rsa/internal.h"
26		#include "../internal.h"
27
28
29	2.62k	static int print_hex(BIO bp, const uint8_t data, size_t len, int off) {
30	200k	for (size_t i = 0; i < len; i++) {
31	197k	if ((i % 15) == 0) {
32	14.1k	if (BIO_puts(bp, "\n") <= 0 \|\| //
33	14.1k	!BIO_indent(bp, off + 4, 128)) {
34	0	return 0;
35	0	}
36	14.1k	}
37	197k	if (BIO_printf(bp, "%02x%s", data[i], (i + 1 == len) ? "" : ":") <= 0) {
38	0	return 0;
39	0	}
40	197k	}
41	2.62k	if (BIO_write(bp, "\n", 1) <= 0) {
42	0	return 0;
43	0	}
44	2.62k	return 1;
45	2.62k	}
46
47	1.60k	static int bn_print(BIO bp, const char name, const BIGNUM *num, int off) {
48	1.60k	if (num == nullptr) {
49	0	return 1;
50	0	}
51
52	1.60k	if (!BIO_indent(bp, off, 128)) {
53	0	return 0;
54	0	}
55	1.60k	if (BN_is_zero(num)) {
56	0	if (BIO_printf(bp, "%s 0\n", name) <= 0) {
57	0	return 0;
58	0	}
59	0	return 1;
60	0	}
61
62	1.60k	uint64_t u64;
63	1.60k	if (BN_get_u64(num, &u64)) {
64	837	const char *neg = BN_is_negative(num) ? "-" : "";
65	837	return BIO_printf(bp, "%s %s%" PRIu64 " (%s0x%" PRIx64 ")\n", name, neg,
66	837	u64, neg, u64) > 0;
67	837	}
68
69	766	if (BIO_printf(bp, "%s%s", name,
70	766	(BN_is_negative(num)) ? " (Negative)" : "") <= 0) {
71	0	return 0;
72	0	}
73
74		// Print \|num\| in hex, adding a leading zero, as in ASN.1, if the high bit
75		// is set.
76		//
77		// TODO(davidben): Do we need to do this? We already print "(Negative)" above
78		// and negative values are never valid in keys anyway.
79	766	size_t len = BN_num_bytes(num);
80	766	uint8_t buf = reinterpret_cast<uint8_t >(OPENSSL_malloc(len + 1));
81	766	if (buf == nullptr) {
82	0	return 0;
83	0	}
84
85	766	buf[0] = 0;
86	766	BN_bn2bin(num, buf + 1);
87	766	int ret;
88	766	if (len > 0 && (buf[1] & 0x80) != 0) {
89		// Print the whole buffer.
90	567	ret = print_hex(bp, buf, len + 1, off);
91	567	} else {
92		// Skip the leading zero.
93	199	ret = print_hex(bp, buf + 1, len, off);
94	199	}
95	766	OPENSSL_free(buf);
96	766	return ret;
97	766	}
98
99		// RSA keys.
100
101		static int do_rsa_print(BIO out, const RSA rsa, int off,
102	487	int include_private) {
103	487	int mod_len = 0;
104	487	if (rsa->n != nullptr) {
105	487	mod_len = BN_num_bits(rsa->n);
106	487	}
107
108	487	if (!BIO_indent(out, off, 128)) {
109	0	return 0;
110	0	}
111
112	487	const char s, str;
113	487	if (include_private && rsa->d) {
114	2	if (BIO_printf(out, "Private-Key: (%d bit)\n", mod_len) <= 0) {
115	0	return 0;
116	0	}
117	2	str = "modulus:";
118	2	s = "publicExponent:";
119	485	} else {
120	485	if (BIO_printf(out, "Public-Key: (%d bit)\n", mod_len) <= 0) {
121	0	return 0;
122	0	}
123	485	str = "Modulus:";
124	485	s = "Exponent:";
125	485	}
126	487	if (!bn_print(out, str, rsa->n, off) \|\| !bn_print(out, s, rsa->e, off)) {
127	0	return 0;
128	0	}
129
130	487	if (include_private) {
131	2	if (!bn_print(out, "privateExponent:", rsa->d, off) \|\|
132	2	!bn_print(out, "prime1:", rsa->p, off) \|\|
133	2	!bn_print(out, "prime2:", rsa->q, off) \|\|
134	2	!bn_print(out, "exponent1:", rsa->dmp1, off) \|\|
135	2	!bn_print(out, "exponent2:", rsa->dmq1, off) \|\|
136	2	!bn_print(out, "coefficient:", rsa->iqmp, off)) {
137	0	return 0;
138	0	}
139	2	}
140
141	487	return 1;
142	487	}
143
144	485	static int rsa_pub_print(BIO bp, const EVP_PKEY pkey, int indent) {
145	485	return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 0);
146	485	}
147
148	2	static int rsa_priv_print(BIO bp, const EVP_PKEY pkey, int indent) {
149	2	return do_rsa_print(bp, EVP_PKEY_get0_RSA(pkey), indent, 1);
150	2	}
151
152
153		// EC keys.
154
155	2.91k	static int do_EC_KEY_print(BIO bp, const EC_KEY x, int off, int ktype) {
156	2.91k	const EC_GROUP *group;
157	2.91k	if (x == nullptr \|\| (group = EC_KEY_get0_group(x)) == nullptr) {
158	0	OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
159	0	return 0;
160	0	}
161
162	2.91k	const char *ecstr;
163	2.91k	if (ktype == 2) {
164	617	ecstr = "Private-Key";
165	2.29k	} else if (ktype == 1) {
166	1.24k	ecstr = "Public-Key";
167	1.24k	} else {
168	1.05k	ecstr = "ECDSA-Parameters";
169	1.05k	}
170
171	2.91k	if (!BIO_indent(bp, off, 128)) {
172	0	return 0;
173	0	}
174	2.91k	int curve_name = EC_GROUP_get_curve_name(group);
175	2.91k	if (BIO_printf(bp, "%s: (%s)\n", ecstr,
176	2.91k	curve_name == NID_undef
177	2.91k	? "unknown curve"
178	2.91k	: EC_curve_nid2nist(curve_name)) <= 0) {
179	0	return 0;
180	0	}
181
182	2.91k	if (ktype == 2) {
183	617	const BIGNUM *priv_key = EC_KEY_get0_private_key(x);
184	617	if (priv_key != nullptr && //
185	617	!bn_print(bp, "priv:", priv_key, off)) {
186	0	return 0;
187	0	}
188	617	}
189
190	2.91k	if (ktype > 0 && EC_KEY_get0_public_key(x) != nullptr) {
191	1.85k	uint8_t *pub = nullptr;
192	1.85k	size_t pub_len = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, nullptr);
193	1.85k	if (pub_len == 0) {
194	0	return 0;
195	0	}
196	1.85k	int ret = BIO_indent(bp, off, 128) && //
197	1.85k	BIO_puts(bp, "pub:") > 0 && //
198	1.85k	print_hex(bp, pub, pub_len, off);
199	1.85k	OPENSSL_free(pub);
200	1.85k	if (!ret) {
201	0	return 0;
202	0	}
203	1.85k	}
204
205	2.91k	return 1;
206	2.91k	}
207
208	1.05k	static int eckey_param_print(BIO bp, const EVP_PKEY pkey, int indent) {
209	1.05k	return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 0);
210	1.05k	}
211
212	1.24k	static int eckey_pub_print(BIO bp, const EVP_PKEY pkey, int indent) {
213	1.24k	return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 1);
214	1.24k	}
215
216
217	617	static int eckey_priv_print(BIO bp, const EVP_PKEY pkey, int indent) {
218	617	return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
219	617	}
220
221
222		typedef struct {
223		int type;
224		int (pub_print)(BIO out, const EVP_PKEY *pkey, int indent);
225		int (priv_print)(BIO out, const EVP_PKEY *pkey, int indent);
226		int (param_print)(BIO out, const EVP_PKEY *pkey, int indent);
227		} EVP_PKEY_PRINT_METHOD;
228
229		static const EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
230		{
231		EVP_PKEY_RSA,
232		rsa_pub_print,
233		rsa_priv_print,
234		/param_print=/nullptr,
235		},
236		{
237		EVP_PKEY_EC,
238		eckey_pub_print,
239		eckey_priv_print,
240		eckey_param_print,
241		},
242		};
243
244	4.72k	static const EVP_PKEY_PRINT_METHOD *find_method(int type) {
245	8.76k	for (const auto &p : kPrintMethods) {
246	8.76k	if (p.type == type) {
247	3.60k	return &p;
248	3.60k	}
249	8.76k	}
250	1.12k	return nullptr;
251	4.72k	}
252
253		static int print_unsupported(BIO out, const EVP_PKEY pkey, int indent,
254	1.33k	const char *kstr) {
255	1.33k	BIO_indent(out, indent, 128);
256	1.33k	BIO_printf(out, "%s algorithm unsupported\n", kstr);
257	1.33k	return 1;
258	1.33k	}
259
260		int EVP_PKEY_print_public(BIO out, const EVP_PKEY pkey, int indent,
261	2.10k	ASN1_PCTX *pctx) {
262	2.10k	const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
263	2.10k	if (method != nullptr && method->pub_print != nullptr) {
264	1.72k	return method->pub_print(out, pkey, indent);
265	1.72k	}
266	381	return print_unsupported(out, pkey, indent, "Public Key");
267	2.10k	}
268
269		int EVP_PKEY_print_private(BIO out, const EVP_PKEY pkey, int indent,
270	981	ASN1_PCTX *pctx) {
271	981	const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
272	981	if (method != nullptr && method->priv_print != nullptr) {
273	619	return method->priv_print(out, pkey, indent);
274	619	}
275	362	return print_unsupported(out, pkey, indent, "Private Key");
276	981	}
277
278		int EVP_PKEY_print_params(BIO out, const EVP_PKEY pkey, int indent,
279	1.64k	ASN1_PCTX *pctx) {
280	1.64k	const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
281	1.64k	if (method != nullptr && method->param_print != nullptr) {
282	1.05k	return method->param_print(out, pkey, indent);
283	1.05k	}
284	588	return print_unsupported(out, pkey, indent, "Parameters");
285	1.64k	}