/src/openssl30/crypto/evp/evp_pkey.c

Source (jump to first uncovered line)
/*
 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/encoder.h>
#include <openssl/decoder.h>
#include "internal/provider.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "crypto/x509.h"

/* Extract a private key from a PKCS8 structure */

EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx,
                                const char *propq)
{
    EVP_PKEY *pkey = NULL;
    const ASN1_OBJECT *algoid;
    char obj_tmp[80];

    if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
        return NULL;

    if ((pkey = EVP_PKEY_new()) == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
        i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
        ERR_raise_data(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
                       "TYPE=%s", obj_tmp);
        goto error;
    }

    if (pkey->ameth->priv_decode_ex != NULL) {
        if (!pkey->ameth->priv_decode_ex(pkey, p8, libctx, propq))
            goto error;
    } else if (pkey->ameth->priv_decode != NULL) {
        if (!pkey->ameth->priv_decode(pkey, p8)) {
            ERR_raise(ERR_LIB_EVP, EVP_R_PRIVATE_KEY_DECODE_ERROR);
            goto error;
        }
    } else {
        ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED);
        goto error;
    }

    return pkey;

 error:
    EVP_PKEY_free(pkey);
    return NULL;
}

EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx,
                            const char *propq)
{
    EVP_PKEY *pkey = NULL;
    const unsigned char *p8_data = NULL;
    unsigned char *encoded_data = NULL;
    int encoded_len;
    int selection;
    size_t len;
    OSSL_DECODER_CTX *dctx = NULL;

    if ((encoded_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &encoded_data)) <= 0
            || encoded_data == NULL)
        return NULL;

    p8_data = encoded_data;
    len = encoded_len;
    selection = EVP_PKEY_KEYPAIR | EVP_PKEY_KEY_PARAMETERS;
    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo",
                                         NULL, selection, libctx, propq);
    if (dctx == NULL
        || !OSSL_DECODER_from_data(dctx, &p8_data, &len))
        /* try legacy */
        pkey = evp_pkcs82pkey_legacy(p8, libctx, propq);

    OPENSSL_clear_free(encoded_data, encoded_len);
    OSSL_DECODER_CTX_free(dctx);
    return pkey;
}

EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
{
    return EVP_PKCS82PKEY_ex(p8, NULL, NULL);
}

/* Turn a private key into a PKCS8 structure */

PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey)
{
    PKCS8_PRIV_KEY_INFO *p8 = NULL;
    OSSL_ENCODER_CTX *ctx = NULL;

    /*
     * The implementation for provider-native keys is to encode the
     * key to a DER encoded PKCS#8 structure, then convert it to a
     * PKCS8_PRIV_KEY_INFO with good old d2i functions.
     */
    if (evp_pkey_is_provided(pkey)) {
        int selection = OSSL_KEYMGMT_SELECT_ALL;
        unsigned char *der = NULL;
        size_t derlen = 0;
        const unsigned char *pp;

        if ((ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
                                                 "DER", "PrivateKeyInfo",
                                                 NULL)) == NULL
            || !OSSL_ENCODER_to_data(ctx, &der, &derlen))
            goto error;

        pp = der;
        p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pp, (long)derlen);
        OPENSSL_free(der);
        if (p8 == NULL)
            goto error;
    } else {
        p8 = PKCS8_PRIV_KEY_INFO_new();
        if (p8  == NULL) {
            ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
            return NULL;
        }

        if (pkey->ameth != NULL) {
            if (pkey->ameth->priv_encode != NULL) {
                if (!pkey->ameth->priv_encode(p8, pkey)) {
                    ERR_raise(ERR_LIB_EVP, EVP_R_PRIVATE_KEY_ENCODE_ERROR);
                    goto error;
                }
            } else {
                ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED);
                goto error;
            }
        } else {
            ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
            goto error;
        }
    }
    goto end;
 error:
    PKCS8_PRIV_KEY_INFO_free(p8);
    p8 = NULL;
 end:
    OSSL_ENCODER_CTX_free(ctx);
    return p8;

}

/* EVP_PKEY attribute functions */

int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
{
    return X509at_get_attr_count(key->attributes);
}

int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
{
    return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
}

int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
                             int lastpos)
{
    return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
}

X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
{
    return X509at_get_attr(key->attributes, loc);
}

X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
{
    return X509at_delete_attr(key->attributes, loc);
}

int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
{
    if (X509at_add1_attr(&key->attributes, attr))
        return 1;
    return 0;
}

int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
                              const ASN1_OBJECT *obj, int type,
                              const unsigned char *bytes, int len)
{
    if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
        return 1;
    return 0;
}

int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
                              int nid, int type,
                              const unsigned char *bytes, int len)
{
    if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len))
        return 1;
    return 0;
}

int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
                              const char *attrname, int type,
                              const unsigned char *bytes, int len)
{
    if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len))
        return 1;
    return 0;
}

const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key)
{
    const EVP_PKEY_ASN1_METHOD *ameth;
    const char *name = NULL;

    if (key->keymgmt != NULL)
        return EVP_KEYMGMT_get0_name(key->keymgmt);

    /* Otherwise fallback to legacy */
    ameth = EVP_PKEY_get0_asn1(key);
    if (ameth != NULL)
        EVP_PKEY_asn1_get0_info(NULL, NULL,
                                NULL, NULL, &name, ameth);

    return name;
}

const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key)
{
    if (evp_pkey_is_provided(key))
        return EVP_KEYMGMT_get0_provider(key->keymgmt);
    return NULL;
}

Coverage Report

Created: 2025-06-13 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include <stdlib.h>
12		#include "internal/cryptlib.h"
13		#include <openssl/x509.h>
14		#include <openssl/rand.h>
15		#include <openssl/encoder.h>
16		#include <openssl/decoder.h>
17		#include "internal/provider.h"
18		#include "crypto/asn1.h"
19		#include "crypto/evp.h"
20		#include "crypto/x509.h"
21
22		/* Extract a private key from a PKCS8 structure */
23
24		EVP_PKEY evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO p8, OSSL_LIB_CTX *libctx,
25		const char *propq)
26	780	{
27	780	EVP_PKEY *pkey = NULL;
28	780	const ASN1_OBJECT *algoid;
29	780	char obj_tmp[80];
30
31	780	if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
32	0	return NULL;
33
34	780	if ((pkey = EVP_PKEY_new()) == NULL) {
35	0	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
36	0	return NULL;
37	0	}
38
39	780	if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
40	144	i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
41	144	ERR_raise_data(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
42	144	"TYPE=%s", obj_tmp);
43	144	goto error;
44	144	}
45
46	636	if (pkey->ameth->priv_decode_ex != NULL) {
47	178	if (!pkey->ameth->priv_decode_ex(pkey, p8, libctx, propq))
48	153	goto error;
49	458	} else if (pkey->ameth->priv_decode != NULL) {
50	458	if (!pkey->ameth->priv_decode(pkey, p8)) {
51	112	ERR_raise(ERR_LIB_EVP, EVP_R_PRIVATE_KEY_DECODE_ERROR);
52	112	goto error;
53	112	}
54	458	} else {
55	0	ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED);
56	0	goto error;
57	0	}
58
59	371	return pkey;
60
61	409	error:
62	409	EVP_PKEY_free(pkey);
63	409	return NULL;
64	636	}
65
66		EVP_PKEY EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO p8, OSSL_LIB_CTX *libctx,
67		const char *propq)
68	0	{
69	0	EVP_PKEY *pkey = NULL;
70	0	const unsigned char *p8_data = NULL;
71	0	unsigned char *encoded_data = NULL;
72	0	int encoded_len;
73	0	int selection;
74	0	size_t len;
75	0	OSSL_DECODER_CTX *dctx = NULL;
76
77	0	if ((encoded_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &encoded_data)) <= 0
78	0	\|\| encoded_data == NULL)
79	0	return NULL;
80
81	0	p8_data = encoded_data;
82	0	len = encoded_len;
83	0	selection = EVP_PKEY_KEYPAIR \| EVP_PKEY_KEY_PARAMETERS;
84	0	dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo",
85	0	NULL, selection, libctx, propq);
86	0	if (dctx == NULL
87	0	\|\| !OSSL_DECODER_from_data(dctx, &p8_data, &len))
88		/* try legacy */
89	0	pkey = evp_pkcs82pkey_legacy(p8, libctx, propq);
90
91	0	OPENSSL_clear_free(encoded_data, encoded_len);
92	0	OSSL_DECODER_CTX_free(dctx);
93	0	return pkey;
94	0	}
95
96		EVP_PKEY EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO p8)
97	0	{
98	0	return EVP_PKCS82PKEY_ex(p8, NULL, NULL);
99	0	}
100
101		/* Turn a private key into a PKCS8 structure */
102
103		PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(const EVP_PKEY pkey)
104	16	{
105	16	PKCS8_PRIV_KEY_INFO *p8 = NULL;
106	16	OSSL_ENCODER_CTX *ctx = NULL;
107
108		/*
109		* The implementation for provider-native keys is to encode the
110		* key to a DER encoded PKCS#8 structure, then convert it to a
111		* PKCS8_PRIV_KEY_INFO with good old d2i functions.
112		*/
113	16	if (evp_pkey_is_provided(pkey)) {
114	0	int selection = OSSL_KEYMGMT_SELECT_ALL;
115	0	unsigned char *der = NULL;
116	0	size_t derlen = 0;
117	0	const unsigned char *pp;
118
119	0	if ((ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
120	0	"DER", "PrivateKeyInfo",
121	0	NULL)) == NULL
122	0	\|\| !OSSL_ENCODER_to_data(ctx, &der, &derlen))
123	0	goto error;
124
125	0	pp = der;
126	0	p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pp, (long)derlen);
127	0	OPENSSL_free(der);
128	0	if (p8 == NULL)
129	0	goto error;
130	16	} else {
131	16	p8 = PKCS8_PRIV_KEY_INFO_new();
132	16	if (p8 == NULL) {
133	0	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
134	0	return NULL;
135	0	}
136
137	16	if (pkey->ameth != NULL) {
138	16	if (pkey->ameth->priv_encode != NULL) {
139	16	if (!pkey->ameth->priv_encode(p8, pkey)) {
140	0	ERR_raise(ERR_LIB_EVP, EVP_R_PRIVATE_KEY_ENCODE_ERROR);
141	0	goto error;
142	0	}
143	16	} else {
144	0	ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED);
145	0	goto error;
146	0	}
147	16	} else {
148	0	ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
149	0	goto error;
150	0	}
151	16	}
152	16	goto end;
153	16	error:
154	0	PKCS8_PRIV_KEY_INFO_free(p8);
155	0	p8 = NULL;
156	16	end:
157	16	OSSL_ENCODER_CTX_free(ctx);
158	16	return p8;
159
160	0	}
161
162		/* EVP_PKEY attribute functions */
163
164		int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
165	0	{
166	0	return X509at_get_attr_count(key->attributes);
167	0	}
168
169		int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
170	0	{
171	0	return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
172	0	}
173
174		int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY key, const ASN1_OBJECT obj,
175		int lastpos)
176	0	{
177	0	return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
178	0	}
179
180		X509_ATTRIBUTE EVP_PKEY_get_attr(const EVP_PKEY key, int loc)
181	0	{
182	0	return X509at_get_attr(key->attributes, loc);
183	0	}
184
185		X509_ATTRIBUTE EVP_PKEY_delete_attr(EVP_PKEY key, int loc)
186	0	{
187	0	return X509at_delete_attr(key->attributes, loc);
188	0	}
189
190		int EVP_PKEY_add1_attr(EVP_PKEY key, X509_ATTRIBUTE attr)
191	0	{
192	0	if (X509at_add1_attr(&key->attributes, attr))
193	0	return 1;
194	0	return 0;
195	0	}
196
197		int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
198		const ASN1_OBJECT *obj, int type,
199		const unsigned char *bytes, int len)
200	0	{
201	0	if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
202	0	return 1;
203	0	return 0;
204	0	}
205
206		int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
207		int nid, int type,
208		const unsigned char *bytes, int len)
209	0	{
210	0	if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len))
211	0	return 1;
212	0	return 0;
213	0	}
214
215		int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
216		const char *attrname, int type,
217		const unsigned char *bytes, int len)
218	0	{
219	0	if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len))
220	0	return 1;
221	0	return 0;
222	0	}
223
224		const char EVP_PKEY_get0_type_name(const EVP_PKEY key)
225	119	{
226	119	const EVP_PKEY_ASN1_METHOD *ameth;
227	119	const char *name = NULL;
228
229	119	if (key->keymgmt != NULL)
230	119	return EVP_KEYMGMT_get0_name(key->keymgmt);
231
232		/* Otherwise fallback to legacy */
233	0	ameth = EVP_PKEY_get0_asn1(key);
234	0	if (ameth != NULL)
235	0	EVP_PKEY_asn1_get0_info(NULL, NULL,
236	0	NULL, NULL, &name, ameth);
237
238	0	return name;
239	119	}
240
241		const OSSL_PROVIDER EVP_PKEY_get0_provider(const EVP_PKEY key)
242	0	{
243	0	if (evp_pkey_is_provided(key))
244	0	return EVP_KEYMGMT_get0_provider(key->keymgmt);
245	0	return NULL;
246	0	}