#include "internal/ffc.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
+#include "crypto/dh.h"
+#include "crypto/dsa.h"
#include "crypto/ec.h"
#include "crypto/ecx.h"
+#include "crypto/rsa.h"
#include "crypto/x509.h"
#include "internal/provider.h"
#include "evp_local.h"
-#include "crypto/ec.h"
-
#include "e_os.h" /* strcasecmp on Windows */
static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
/*
* If |to| is provided, we know that |from| is legacy at this point.
- * Try exporting |from| to |to|'s keymgmt, then use evp_keymgmt_copy()
+ * Try exporting |from| to |to|'s keymgmt, then use evp_keymgmt_dup()
* to copy the appropriate data to |to|'s keydata.
+ * We cannot override existing data so do it only if there is no keydata
+ * in |to| yet.
*/
- if (to->keymgmt != NULL) {
+ if (to->keymgmt != NULL && to->keydata == NULL) {
EVP_KEYMGMT *to_keymgmt = to->keymgmt;
void *from_keydata =
evp_pkey_export_to_provider((EVP_PKEY *)from, NULL, &to_keymgmt,
if (from_keydata == NULL)
ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
else
- ok = evp_keymgmt_copy(to->keymgmt, to->keydata, from_keydata,
- SELECT_PARAMETERS);
+ ok = (to->keydata = evp_keymgmt_dup(to->keymgmt,
+ from_keydata,
+ SELECT_PARAMETERS)) != NULL;
goto end;
}
return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection);
}
+# ifndef OPENSSL_NO_DEPRECATED_3_0
int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{
return EVP_PKEY_parameters_eq(a, b);
}
+#endif
int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b)
{
return -2;
}
+# ifndef OPENSSL_NO_DEPRECATED_3_0
int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
return EVP_PKEY_eq(a, b);
}
+#endif
int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b)
{
* is gone.
*/
+ /* Trivial shortcuts */
+ if (a == b)
+ return 1;
+ if (a == NULL || b == NULL)
+ return 0;
+
if (a->keymgmt != NULL || b->keymgmt != NULL)
return evp_pkey_cmp_any(a, b, (SELECT_PARAMETERS
| OSSL_KEYMGMT_SELECT_PUBLIC_KEY));
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
+static void detect_foreign_key(EVP_PKEY *pkey)
+{
+ switch (pkey->type) {
+ case EVP_PKEY_RSA:
+ pkey->foreign = pkey->pkey.rsa != NULL
+ && ossl_rsa_is_foreign(pkey->pkey.rsa);
+ break;
+# ifndef OPENSSL_NO_EC
+ case EVP_PKEY_SM2:
+ case EVP_PKEY_EC:
+ pkey->foreign = pkey->pkey.ec != NULL
+ && ossl_ec_key_is_foreign(pkey->pkey.ec);
+ break;
+# endif
+# ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ pkey->foreign = pkey->pkey.dsa != NULL
+ && ossl_dsa_is_foreign(pkey->pkey.dsa);
+ break;
+#endif
+# ifndef OPENSSL_NO_DH
+ case EVP_PKEY_DH:
+ pkey->foreign = pkey->pkey.dh != NULL
+ && ossl_dh_is_foreign(pkey->pkey.dh);
+ break;
+#endif
+ default:
+ pkey->foreign = 0;
+ break;
+ }
+}
+
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
{
# ifndef OPENSSL_NO_EC
return 0;
pkey->pkey.ptr = key;
+ detect_foreign_key(pkey);
+
return (key != NULL);
}
# endif
# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *dhkey)
{
- int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
- int ret = EVP_PKEY_assign(pkey, type, key);
+ int ret, type;
+
+ /*
+ * ossl_dh_is_named_safe_prime_group() returns 1 for named safe prime groups
+ * related to ffdhe and modp (which cache q = (p - 1) / 2),
+ * and returns 0 for all other dh parameter generation types including
+ * RFC5114 named groups.
+ *
+ * The EVP_PKEY_DH type is used for dh parameter generation types:
+ * - named safe prime groups related to ffdhe and modp
+ * - safe prime generator
+ *
+ * The type EVP_PKEY_DHX is used for dh parameter generation types
+ * - fips186-4 and fips186-2
+ * - rfc5114 named groups.
+ *
+ * The EVP_PKEY_DH type is used to save PKCS#3 data than can be stored
+ * without a q value.
+ * The EVP_PKEY_DHX type is used to save X9.42 data that requires the
+ * q value to be stored.
+ */
+ if (ossl_dh_is_named_safe_prime_group(dhkey))
+ type = EVP_PKEY_DH;
+ else
+ type = DH_get0_q(dhkey) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+
+ ret = EVP_PKEY_assign(pkey, type, dhkey);
if (ret)
- DH_up_ref(key);
+ DH_up_ref(dhkey);
return ret;
}
return EVP_KEYMGMT_is_a(pkey->keymgmt, name);
}
-int EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey,
- void (*fn)(const char *name, void *data),
- void *data)
+int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey,
+ void (*fn)(const char *name, void *data),
+ void *data)
{
if (!evp_pkey_is_typed(pkey))
return 0;
const char *supported_sig =
pkey->keymgmt->query_operation_name != NULL
? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE)
- : evp_first_name(prov, pkey->keymgmt->name_id);
+ : EVP_KEYMGMT_name(pkey->keymgmt);
EVP_SIGNATURE *signature = NULL;
signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL);
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid)
{
- int rv, default_nid;
+ int rv = -2, default_nid;
- rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SUPPORTS_MD_NID, nid, NULL);
if (rv == -2) {
/*
* If there is a mandatory default digest and this isn't it, then
ret->type = EVP_PKEY_NONE;
ret->save_type = EVP_PKEY_NONE;
ret->references = 1;
- ret->save_parameters = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
}
#ifndef FIPS_MODULE
+ ret->save_parameters = 1;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, ret, &ret->ex_data)) {
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
goto err;
/* Synchronize the dirty count */
pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
-
+
CRYPTO_THREAD_unlock(pk->lock);
goto end;
}
int type = src->type;
const char *keytype = NULL;
- keytype = evp_first_name(EVP_KEYMGMT_provider(keymgmt),
- keymgmt->name_id);
+ keytype = EVP_KEYMGMT_name(keymgmt);
/*
* If the type is EVP_PKEY_NONE, then we have a problem somewhere