1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57#include <openssl/evp.h> 58 59#include <openssl/asn1.h> 60#include <openssl/err.h> 61#include <openssl/obj.h> 62#include <openssl/x509.h> 63 64#include "internal.h" 65 66 67EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp, 68 long len) { 69 EVP_PKEY *ret; 70 71 if (out == NULL || *out == NULL) { 72 ret = EVP_PKEY_new(); 73 if (ret == NULL) { 74 OPENSSL_PUT_ERROR(EVP, d2i_PrivateKey, ERR_R_EVP_LIB); 75 return NULL; 76 } 77 } else { 78 ret = *out; 79 } 80 81 if (!EVP_PKEY_set_type(ret, type)) { 82 OPENSSL_PUT_ERROR(EVP, d2i_PrivateKey, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE); 83 goto err; 84 } 85 86 if (!ret->ameth->old_priv_decode || 87 !ret->ameth->old_priv_decode(ret, inp, len)) { 88 if (ret->ameth->priv_decode) { 89 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, inp, len); 90 if (!p8) { 91 goto err; 92 } 93 EVP_PKEY_free(ret); 94 ret = EVP_PKCS82PKEY(p8); 95 PKCS8_PRIV_KEY_INFO_free(p8); 96 } else { 97 OPENSSL_PUT_ERROR(EVP, d2i_PrivateKey, ERR_R_ASN1_LIB); 98 goto err; 99 } 100 } 101 102 if (out != NULL) { 103 *out = ret; 104 } 105 return ret; 106 107err: 108 if (ret != NULL && (out == NULL || *out != ret)) { 109 EVP_PKEY_free(ret); 110 } 111 return NULL; 112} 113 114EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) { 115 STACK_OF(ASN1_TYPE) *inkey; 116 const uint8_t *p; 117 int keytype; 118 p = *inp; 119 120 /* Dirty trick: read in the ASN1 data into out STACK_OF(ASN1_TYPE): 121 * by analyzing it we can determine the passed structure: this 122 * assumes the input is surrounded by an ASN1 SEQUENCE. */ 123 inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, len); 124 /* Since we only need to discern "traditional format" RSA and DSA 125 * keys we can just count the elements. */ 126 if (sk_ASN1_TYPE_num(inkey) == 6) { 127 keytype = EVP_PKEY_DSA; 128 } else if (sk_ASN1_TYPE_num(inkey) == 4) { 129 keytype = EVP_PKEY_EC; 130 } else if (sk_ASN1_TYPE_num(inkey) == 3) { 131 OPENSSL_PUT_ERROR(EVP, d2i_AutoPrivateKey, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 132 return 0; 133 134 /* This seems to be PKCS8, not traditional format */ 135 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, inp, len); 136 EVP_PKEY *ret; 137 138 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); 139 if (!p8) { 140 OPENSSL_PUT_ERROR(EVP, d2i_AutoPrivateKey, 141 EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 142 return NULL; 143 } 144 ret = EVP_PKCS82PKEY(p8); 145 PKCS8_PRIV_KEY_INFO_free(p8); 146 if (out) { 147 *out = ret; 148 } 149 return ret; 150 } else { 151 keytype = EVP_PKEY_RSA; 152 } 153 154 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); 155 return d2i_PrivateKey(keytype, out, inp, len); 156} 157 158int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp) { 159 switch (key->type) { 160 case EVP_PKEY_RSA: 161 return i2d_RSAPublicKey(key->pkey.rsa, outp); 162 case EVP_PKEY_DSA: 163 return i2d_DSAPublicKey(key->pkey.dsa, outp); 164 case EVP_PKEY_EC: 165 return i2o_ECPublicKey(key->pkey.ec, outp); 166 default: 167 OPENSSL_PUT_ERROR(EVP, i2d_PublicKey, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 168 return -1; 169 } 170} 171