/src/openssl/crypto/evp/pmeth_check.c

Source
/*
 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "crypto/bn.h"
#ifndef FIPS_MODULE
#include "crypto/asn1.h"
#endif
#include "crypto/evp.h"
#include "evp_local.h"

/*
 * Returns:
 *  1   True
 *  0   False
 * -1   Unsupported (use legacy path)
 */
static int try_provided_check(EVP_PKEY_CTX *ctx, int selection, int checktype)
{
    EVP_KEYMGMT *keymgmt;
    void *keydata;

    if (evp_pkey_ctx_is_legacy(ctx))
        return -1;

    keymgmt = ctx->keymgmt;
    keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
        &keymgmt, ctx->propquery);
    if (keydata == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
        return 0;
    }

    return evp_keymgmt_validate(keymgmt, keydata, selection, checktype);
}

static int evp_pkey_public_check_combined(EVP_PKEY_CTX *ctx, int checktype)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
             checktype))
        != -1)
        return ok;

    if (pkey->type == EVP_PKEY_NONE)
        goto not_supported;

#ifndef FIPS_MODULE
    /* legacy */
    /* call customized public key check function first */
    if (ctx->pmeth->public_check != NULL)
        return ctx->pmeth->public_check(pkey);

    /* use default public key check function in ameth */
    if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL)
        goto not_supported;

    return pkey->ameth->pkey_public_check(pkey);
#endif
not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_public_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK);
}

int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_public_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK);
}

static int evp_pkey_param_check_combined(EVP_PKEY_CTX *ctx, int checktype)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx,
             OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
             checktype))
        != -1)
        return ok;

    if (pkey->type == EVP_PKEY_NONE)
        goto not_supported;

#ifndef FIPS_MODULE
    /* legacy */
    /* call customized param check function first */
    if (ctx->pmeth->param_check != NULL)
        return ctx->pmeth->param_check(pkey);

    /* use default param check function in ameth */
    if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL)
        goto not_supported;

    return pkey->ameth->pkey_param_check(pkey);
#endif
not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK);
}

int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK);
}

int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
             OSSL_KEYMGMT_VALIDATE_FULL_CHECK))
        != -1)
        return ok;

    /* not supported for legacy keys */
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
{
    return EVP_PKEY_pairwise_check(ctx);
}

int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR,
             OSSL_KEYMGMT_VALIDATE_FULL_CHECK))
        != -1)
        return ok;

    if (pkey->type == EVP_PKEY_NONE)
        goto not_supported;

#ifndef FIPS_MODULE
    /* legacy */
    /* call customized check function first */
    if (ctx->pmeth->check != NULL)
        return ctx->pmeth->check(pkey);

    /* use default check function in ameth */
    if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL)
        goto not_supported;

    return pkey->ameth->pkey_check(pkey);
#endif
not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

Line	Count	Source
1		/*
2		* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include <stdlib.h>
12		#include "internal/cryptlib.h"
13		#include <openssl/objects.h>
14		#include <openssl/evp.h>
15		#include "crypto/bn.h"
16		#ifndef FIPS_MODULE
17		#include "crypto/asn1.h"
18		#endif
19		#include "crypto/evp.h"
20		#include "evp_local.h"
21
22		/*
23		* Returns:
24		* 1 True
25		* 0 False
26		* -1 Unsupported (use legacy path)
27		*/
28		static int try_provided_check(EVP_PKEY_CTX *ctx, int selection, int checktype)
29	0	{
30	0	EVP_KEYMGMT *keymgmt;
31	0	void *keydata;
32
33	0	if (evp_pkey_ctx_is_legacy(ctx))
34	0	return -1;
35
36	0	keymgmt = ctx->keymgmt;
37	0	keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
38	0	&keymgmt, ctx->propquery);
39	0	if (keydata == NULL) {
40	0	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
41	0	return 0;
42	0	}
43
44	0	return evp_keymgmt_validate(keymgmt, keydata, selection, checktype);
45	0	}
46
47		static int evp_pkey_public_check_combined(EVP_PKEY_CTX *ctx, int checktype)
48	0	{
49	0	EVP_PKEY *pkey = ctx->pkey;
50	0	int ok;
51
52	0	if (pkey == NULL) {
53	0	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
54	0	return 0;
55	0	}
56
57	0	if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
58	0	checktype))
59	0	!= -1)
60	0	return ok;
61
62	0	if (pkey->type == EVP_PKEY_NONE)
63	0	goto not_supported;
64
65	0	#ifndef FIPS_MODULE
66		/* legacy */
67		/* call customized public key check function first */
68	0	if (ctx->pmeth->public_check != NULL)
69	0	return ctx->pmeth->public_check(pkey);
70
71		/* use default public key check function in ameth */
72	0	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_public_check == NULL)
73	0	goto not_supported;
74
75	0	return pkey->ameth->pkey_public_check(pkey);
76	0	#endif
77	0	not_supported:
78	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
79	0	return -2;
80	0	}
81
82		int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
83	0	{
84	0	return evp_pkey_public_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK);
85	0	}
86
87		int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx)
88	0	{
89	0	return evp_pkey_public_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK);
90	0	}
91
92		static int evp_pkey_param_check_combined(EVP_PKEY_CTX *ctx, int checktype)
93	0	{
94	0	EVP_PKEY *pkey = ctx->pkey;
95	0	int ok;
96
97	0	if (pkey == NULL) {
98	0	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
99	0	return 0;
100	0	}
101
102	0	if ((ok = try_provided_check(ctx,
103	0	OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
104	0	checktype))
105	0	!= -1)
106	0	return ok;
107
108	0	if (pkey->type == EVP_PKEY_NONE)
109	0	goto not_supported;
110
111	0	#ifndef FIPS_MODULE
112		/* legacy */
113		/* call customized param check function first */
114	0	if (ctx->pmeth->param_check != NULL)
115	0	return ctx->pmeth->param_check(pkey);
116
117		/* use default param check function in ameth */
118	0	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_param_check == NULL)
119	0	goto not_supported;
120
121	0	return pkey->ameth->pkey_param_check(pkey);
122	0	#endif
123	0	not_supported:
124	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
125	0	return -2;
126	0	}
127
128		int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
129	0	{
130	0	return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK);
131	0	}
132
133		int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx)
134	0	{
135	0	return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK);
136	0	}
137
138		int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
139	0	{
140	0	EVP_PKEY *pkey = ctx->pkey;
141	0	int ok;
142
143	0	if (pkey == NULL) {
144	0	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
145	0	return 0;
146	0	}
147
148	0	if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
149	0	OSSL_KEYMGMT_VALIDATE_FULL_CHECK))
150	0	!= -1)
151	0	return ok;
152
153		/* not supported for legacy keys */
154	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
155	0	return -2;
156	0	}
157
158		int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
159	0	{
160	0	return EVP_PKEY_pairwise_check(ctx);
161	0	}
162
163		int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
164	0	{
165	0	EVP_PKEY *pkey = ctx->pkey;
166	0	int ok;
167
168	0	if (pkey == NULL) {
169	0	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
170	0	return 0;
171	0	}
172
173	0	if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR,
174	0	OSSL_KEYMGMT_VALIDATE_FULL_CHECK))
175	0	!= -1)
176	0	return ok;
177
178	0	if (pkey->type == EVP_PKEY_NONE)
179	0	goto not_supported;
180
181	0	#ifndef FIPS_MODULE
182		/* legacy */
183		/* call customized check function first */
184	0	if (ctx->pmeth->check != NULL)
185	0	return ctx->pmeth->check(pkey);
186
187		/* use default check function in ameth */
188	0	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_check == NULL)
189	0	goto not_supported;
190
191	0	return pkey->ameth->pkey_check(pkey);
192	0	#endif
193	0	not_supported:
194		ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
195	0	return -2;
196	0	}

Coverage Report

Created: 2025-12-10 06:24