/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
struct key2any_ctx_st {
PROV_CTX *provctx;
+ /* Set to 0 if parameters should not be saved (dsa only) */
+ int save_parameters;
+
/* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
int cipher_intent;
};
typedef int check_key_type_fn(const void *key, int nid);
-typedef int key_to_paramstring_fn(const void *key, int nid,
+typedef int key_to_paramstring_fn(const void *key, int nid, int save,
void **str, int *strtype);
typedef int key_to_der_fn(BIO *out, const void *key,
int key_nid, const char *pemname,
struct key2any_ctx_st *ctx);
typedef int write_bio_of_void_fn(BIO *bp, const void *x);
+
+/* Free the blob allocated during key_to_paramstring_fn */
+static void free_asn1_data(int type, void *data)
+{
+ switch (type) {
+ case V_ASN1_OBJECT:
+ ASN1_OBJECT_free(data);
+ break;
+ case V_ASN1_SEQUENCE:
+ ASN1_STRING_free(data);
+ break;
+ }
+}
+
static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
void *params, int params_type,
i2d_of_void *k2d)
/* The final PKCS#8 info */
PKCS8_PRIV_KEY_INFO *p8info = NULL;
-
if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
|| (derlen = k2d(key, &der)) <= 0
|| !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
params_type, params, der, derlen)) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
PKCS8_PRIV_KEY_INFO_free(p8info);
OPENSSL_free(der);
p8info = NULL;
X509_SIG *p8 = NULL;
char kstr[PEM_BUFSIZE];
size_t klen = 0;
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
if (ctx->cipher == NULL)
return NULL;
if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
&ctx->pwdata)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
+ ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
return NULL;
}
/* First argument == -1 means "standard" */
- p8 = PKCS8_encrypt(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info);
+ p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
OPENSSL_cleanse(kstr, klen);
return p8;
}
{
PKCS8_PRIV_KEY_INFO *p8info =
key_to_p8info(key, key_nid, params, params_type, k2d);
- X509_SIG *p8 = p8info_to_encp8(p8info, ctx);
+ X509_SIG *p8 = NULL;
- PKCS8_PRIV_KEY_INFO_free(p8info);
+ if (p8info == NULL) {
+ free_asn1_data(params_type, params);
+ } else {
+ p8 = p8info_to_encp8(p8info, ctx);
+ PKCS8_PRIV_KEY_INFO_free(p8info);
+ }
return p8;
}
|| (derlen = k2d(key, &der)) <= 0
|| !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
params_type, params, der, derlen)) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_X509_LIB);
X509_PUBKEY_free(xpk);
OPENSSL_free(der);
xpk = NULL;
}
/*
- * key_to_pkcs8_* produce encoded output with the key data pkcs8
- * in a structure. For private keys, that structure is PKCS#8, and for
- * public keys, it's X.509 SubjectPublicKeyInfo. Parameters don't have
- * any defined envelopment of that kind.
+ * key_to_epki_* produce encoded output with the private key data in a
+ * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
+ * that there's an intent to encrypt, anything else is an error.
+ *
+ * key_to_pki_* primarily produce encoded output with the private key data
+ * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
+ * there is an intent to encrypt the data, the corresponding key_to_epki_*
+ * function is used instead.
+ *
+ * key_to_spki_* produce encoded output with the public key data in an
+ * X.509 SubjectPublicKeyInfo.
+ *
+ * Key parameters don't have any defined envelopment of this kind, but are
+ * included in some manner in the output from the functions described above,
+ * either in the AlgorithmIdentifier's parameter field, or as part of the
+ * key data itself.
*/
-static int key_to_pkcs8_der_priv_bio(BIO *out, const void *key,
- int key_nid,
- ossl_unused const char *pemname,
- key_to_paramstring_fn *p2s,
- i2d_of_void *k2d,
- struct key2any_ctx_st *ctx)
+
+static int key_to_epki_der_priv_bio(BIO *out, const void *key,
+ int key_nid,
+ ossl_unused const char *pemname,
+ key_to_paramstring_fn *p2s,
+ i2d_of_void *k2d,
+ struct key2any_ctx_st *ctx)
{
int ret = 0;
void *str = NULL;
int strtype = V_ASN1_UNDEF;
+ X509_SIG *p8;
- if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
+ if (!ctx->cipher_intent)
return 0;
- if (ctx->cipher_intent) {
- X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
+ if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
+ &str, &strtype))
+ return 0;
- if (p8 != NULL)
- ret = i2d_PKCS8_bio(out, p8);
+ p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
+ if (p8 != NULL)
+ ret = i2d_PKCS8_bio(out, p8);
- X509_SIG_free(p8);
- } else {
- PKCS8_PRIV_KEY_INFO *p8info =
- key_to_p8info(key, key_nid, str, strtype, k2d);
+ X509_SIG_free(p8);
- if (p8info != NULL)
- ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
+ return ret;
+}
- PKCS8_PRIV_KEY_INFO_free(p8info);
- }
+static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
+ int key_nid,
+ ossl_unused const char *pemname,
+ key_to_paramstring_fn *p2s,
+ i2d_of_void *k2d,
+ struct key2any_ctx_st *ctx)
+{
+ int ret = 0;
+ void *str = NULL;
+ int strtype = V_ASN1_UNDEF;
+ X509_SIG *p8;
+
+ if (!ctx->cipher_intent)
+ return 0;
+
+ if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
+ &str, &strtype))
+ return 0;
+
+ p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
+ if (p8 != NULL)
+ ret = PEM_write_bio_PKCS8(out, p8);
+
+ X509_SIG_free(p8);
return ret;
}
-static int key_to_pkcs8_pem_priv_bio(BIO *out, const void *key,
- int key_nid,
- ossl_unused const char *pemname,
- key_to_paramstring_fn *p2s,
- i2d_of_void *k2d,
- struct key2any_ctx_st *ctx)
+static int key_to_pki_der_priv_bio(BIO *out, const void *key,
+ int key_nid,
+ ossl_unused const char *pemname,
+ key_to_paramstring_fn *p2s,
+ i2d_of_void *k2d,
+ struct key2any_ctx_st *ctx)
{
int ret = 0;
void *str = NULL;
int strtype = V_ASN1_UNDEF;
+ PKCS8_PRIV_KEY_INFO *p8info;
- if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
+ if (ctx->cipher_intent)
+ return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
+ p2s, k2d, ctx);
+
+ if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
+ &str, &strtype))
return 0;
- if (ctx->cipher_intent) {
- X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
+ p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
- if (p8 != NULL)
- ret = PEM_write_bio_PKCS8(out, p8);
+ if (p8info != NULL)
+ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
+ else
+ free_asn1_data(strtype, str);
- X509_SIG_free(p8);
- } else {
- PKCS8_PRIV_KEY_INFO *p8info =
- key_to_p8info(key, key_nid, str, strtype, k2d);
+ PKCS8_PRIV_KEY_INFO_free(p8info);
- if (p8info != NULL)
- ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
+ return ret;
+}
- PKCS8_PRIV_KEY_INFO_free(p8info);
- }
+static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
+ int key_nid,
+ ossl_unused const char *pemname,
+ key_to_paramstring_fn *p2s,
+ i2d_of_void *k2d,
+ struct key2any_ctx_st *ctx)
+{
+ int ret = 0;
+ void *str = NULL;
+ int strtype = V_ASN1_UNDEF;
+ PKCS8_PRIV_KEY_INFO *p8info;
+
+ if (ctx->cipher_intent)
+ return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
+ p2s, k2d, ctx);
+
+ if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
+ &str, &strtype))
+ return 0;
+
+ p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
+
+ if (p8info != NULL)
+ ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
+ else
+ free_asn1_data(strtype, str);
+
+ PKCS8_PRIV_KEY_INFO_free(p8info);
return ret;
}
int strtype = V_ASN1_UNDEF;
X509_PUBKEY *xpk = NULL;
- if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
+ if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
+ &str, &strtype))
return 0;
xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
int strtype = V_ASN1_UNDEF;
X509_PUBKEY *xpk = NULL;
- if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
+ if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
+ &str, &strtype))
return 0;
xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
if (xpk != NULL)
ret = PEM_write_bio_X509_PUBKEY(out, xpk);
+ else
+ free_asn1_data(strtype, str);
/* Also frees |str| */
X509_PUBKEY_free(xpk);
int ret;
if ((derlen = k2d(key, &der)) <= 0) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
return 0;
}
{
return
PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher,
- NULL, 0, ossl_pw_pem_password, &ctx->pwdata) > 0;
+ NULL, 0, cb, cbarg) > 0;
}
static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key,
}
#endif
-#define der_output_type "DER"
-#define pem_output_type "PEM"
-
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_DH
-static int prepare_dh_params(const void *dh, int nid,
+static int prepare_dh_params(const void *dh, int nid, int save,
void **pstr, int *pstrtype)
{
ASN1_STRING *params = ASN1_STRING_new();
if (params == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
return 0;
}
params->length = i2d_DHparams(dh, ¶ms->data);
if (params->length <= 0) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
ASN1_STRING_free(params);
return 0;
}
return ret;
}
-static int dh_pkcs8_priv_to_der(const void *dh, unsigned char **pder)
+static int dh_pki_priv_to_der(const void *dh, unsigned char **pder)
{
const BIGNUM *bn = NULL;
ASN1_INTEGER *priv_key = NULL;
return ret;
}
+# define dh_epki_priv_to_der dh_pki_priv_to_der
+
static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder)
{
if (DH_test_flags(dh, DH_FLAG_TYPE_DHX))
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_DSA
-static int prepare_some_dsa_params(const void *dsa, int nid,
- void **pstr, int *pstrtype)
+static int encode_dsa_params(const void *dsa, int nid,
+ void **pstr, int *pstrtype)
{
ASN1_STRING *params = ASN1_STRING_new();
if (params == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
return 0;
}
params->length = i2d_DSAparams(dsa, ¶ms->data);
if (params->length <= 0) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
ASN1_STRING_free(params);
return 0;
}
return 1;
}
-static int prepare_all_dsa_params(const void *dsa, int nid,
- void **pstr, int *pstrtype)
+static int prepare_dsa_params(const void *dsa, int nid, int save,
+ void **pstr, int *pstrtype)
{
const BIGNUM *p = DSA_get0_p(dsa);
const BIGNUM *q = DSA_get0_q(dsa);
const BIGNUM *g = DSA_get0_g(dsa);
- if (p != NULL && q != NULL && g != NULL)
- return prepare_some_dsa_params(dsa, nid, pstr, pstrtype);
+ if (save && p != NULL && q != NULL && g != NULL)
+ return encode_dsa_params(dsa, nid, pstr, pstrtype);
*pstr = NULL;
*pstrtype = V_ASN1_UNDEF;
return 1;
}
-static int prepare_dsa_params(const void *dsa, int nid,
- void **pstr, int *pstrtype)
-{
- /*
- * TODO(v3.0) implement setting save_parameters, see dsa_pub_encode()
- * in crypto/dsa/dsa_ameth.c
- */
- int save_parameters = 1;
-
- return save_parameters
- ? prepare_all_dsa_params(dsa, nid, pstr, pstrtype)
- : prepare_some_dsa_params(dsa, nid, pstr, pstrtype);
-}
-
static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder)
{
const BIGNUM *bn = NULL;
return ret;
}
-static int dsa_pkcs8_priv_to_der(const void *dsa, unsigned char **pder)
+static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder)
{
const BIGNUM *bn = NULL;
ASN1_INTEGER *priv_key = NULL;
return ret;
}
+# define dsa_epki_priv_to_der dsa_pki_priv_to_der
+
# define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey
# define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey
# define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams
ASN1_STRING *params = ASN1_STRING_new();
if (params == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
return 0;
}
params->length = i2d_ECParameters(eckey, ¶ms->data);
if (params->length <= 0) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
ASN1_STRING_free(params);
return 0;
}
/*
* This implements EcpkParameters, where the CHOICE is based on whether there
* is a curve name (curve nid) to be found or not. See RFC 3279 for details.
- * TODO: shouldn't we use i2d_ECPKParameters()?
*/
-static int prepare_ec_params(const void *eckey, int nid,
+static int prepare_ec_params(const void *eckey, int nid, int save,
void **pstr, int *pstrtype)
{
int curve_nid;
static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder)
{
+ if (EC_KEY_get0_public_key(eckey) == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
+ return 0;
+ }
return i2o_ECPublicKey(eckey, pder);
}
-static int ec_pkcs8_priv_to_der(const void *veckey, unsigned char **pder)
+static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder)
{
EC_KEY *eckey = (EC_KEY *)veckey;
unsigned int old_flags;
return ret; /* return the length of the der encoded data */
}
+# define ec_epki_priv_to_der ec_pki_priv_to_der
+
# define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters
-# define ec_type_specific_pub_to_der (i2d_of_void *)i2o_ECPublicKey
+/* No ec_type_specific_pub_to_der, there simply is no such thing */
# define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey
# define ec_check_key_type NULL
# define ec_pem_type "EC"
# ifndef OPENSSL_NO_SM2
-# define sm2_evp_type EVP_PKEY_SM2
+/*
+ * Albeit SM2 is a slightly different algorithm than ECDSA, the key type
+ * encoding (in all places where an AlgorithmIdentifier is produced, such
+ * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys
+ * according to the example in GM/T 0015-2012, appendix D.2.
+ * This leaves the distinction of SM2 keys to the EC group (which is found
+ * in AlgorithmIdentified.params).
+ */
+# define sm2_evp_type ec_evp_type
# define sm2_input_type "SM2"
# define sm2_pem_type "SM2"
# endif
/* ---------------------------------------------------------------------- */
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECX
# define prepare_ecx_params NULL
static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder)
}
keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen);
- if (keyblob == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ if (keyblob == NULL)
return 0;
- }
*pder = keyblob;
return ecxkey->keylen;
}
-static int ecx_pkcs8_priv_to_der(const void *vecxkey, unsigned char **pder)
+static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder)
{
const ECX_KEY *ecxkey = vecxkey;
ASN1_OCTET_STRING oct;
keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
if (keybloblen < 0) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
return 0;
}
return keybloblen;
}
+# define ecx_epki_priv_to_der ecx_pki_priv_to_der
+
/*
* ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo
* representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der.
* functionality doesn't allow that.
*/
-static int prepare_rsa_params(const void *rsa, int nid,
+static int prepare_rsa_params(const void *rsa, int nid, int save,
void **pstr, int *pstrtype)
{
const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
case 1:
if ((str = OPENSSL_malloc(str_sz)) == NULL
|| !WPACKET_init_der(&pkt, str, str_sz)) {
+ WPACKET_cleanup(&pkt);
goto err;
}
break;
}
if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss)
|| !WPACKET_finish(&pkt)
- || !WPACKET_get_total_written(&pkt, &str_sz))
+ || !WPACKET_get_total_written(&pkt, &str_sz)) {
+ WPACKET_cleanup(&pkt);
goto err;
+ }
WPACKET_cleanup(&pkt);
/*
* RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey|
* field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
*/
-#define rsa_pkcs8_priv_to_der rsa_type_specific_priv_to_der
+#define rsa_pki_priv_to_der rsa_type_specific_priv_to_der
+#define rsa_epki_priv_to_der rsa_type_specific_priv_to_der
#define rsa_spki_pub_to_der rsa_type_specific_pub_to_der
#define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey
#define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey
{
struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
- if (ctx != NULL)
+ if (ctx != NULL) {
ctx->provctx = provctx;
+ ctx->save_parameters = 1;
+ }
return ctx;
}
OPENSSL_free(ctx);
}
-static const OSSL_PARAM *key2any_gettable_params(void *provctx, int structure)
-{
- static const OSSL_PARAM gettables[] = {
- { OSSL_ENCODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
- { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
- OSSL_PARAM_END,
- };
-
- static const OSSL_PARAM gettables_w_structure[] = {
- { OSSL_ENCODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
- { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
- { OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
- OSSL_PARAM_END,
- };
-
- return structure ? gettables_w_structure : gettables;
-}
-
-static int key2any_get_params(OSSL_PARAM params[], const char *input_type,
- const char *output_type,
- const char *output_struct)
-{
- OSSL_PARAM *p;
-
- p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_INPUT_TYPE);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, input_type))
- return 0;
-
- p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, output_type))
- return 0;
-
- if (output_struct != NULL) {
- p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, output_struct))
- return 0;
- }
-
- return 1;
-}
-
static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
{
static const OSSL_PARAM settables[] = {
OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
const OSSL_PARAM *propsp =
OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
+ const OSSL_PARAM *save_paramsp =
+ OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
if (cipherp != NULL) {
const char *ciphername = NULL;
EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
return 0;
}
+
+ if (save_paramsp != NULL) {
+ if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters))
+ return 0;
+ }
return 1;
}
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
} else if (writer != NULL
&& (checker == NULL || checker(key, type))) {
- BIO *out = bio_new_from_core_bio(ctx->provctx, cout);
+ BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
if (out != NULL
&& (pwcb == NULL
* referred to by name, and for each name, the following macros are defined
* (braces not included):
*
- * {kind}_output_structure
- *
- * A string that names the output structure. This is used as a selection
- * criterion for each implementation. It may be NULL, which means that
- * there is only one possible output structure for the implemented output
- * type.
- *
* DO_{kind}_selection_mask
*
* A mask of selection bits that must not be zero. This is used as a
* the same.
*/
-/* PKCS#8 is a structure for private keys only */
-#define PKCS8_output_structure "pkcs8"
-#define DO_PKCS8_selection_mask DO_PRIVATE_KEY_selection_mask
-#define DO_PKCS8(impl, type, output) \
- DO_PRIVATE_KEY(impl, type, pkcs8, output)
+/*
+ * PKCS#8 defines two structures for private keys only:
+ * - PrivateKeyInfo (raw unencrypted form)
+ * - EncryptedPrivateKeyInfo (encrypted wrapping)
+ *
+ * To allow a certain amount of flexibility, we allow the routines
+ * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
+ * passphrase callback has been passed to them.
+ */
+#define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
+#define DO_PrivateKeyInfo(impl, type, output) \
+ DO_PRIVATE_KEY(impl, type, pki, output)
+
+#define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
+#define DO_EncryptedPrivateKeyInfo(impl, type, output) \
+ DO_PRIVATE_KEY(impl, type, epki, output)
/* SubjectPublicKeyInfo is a structure for public keys only */
-#define SubjectPublicKeyInfo_output_structure "SubjectPublicKeyInfo"
#define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
#define DO_SubjectPublicKeyInfo(impl, type, output) \
DO_PUBLIC_KEY(impl, type, spki, output)
* - type_specific_no_pub Supports all parts of an EVP_PKEY
* except public key
*/
-#define type_specific_params_output_structure "type-specific"
#define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask
#define DO_type_specific_params(impl, type, output) \
DO_PARAMETERS(impl, type, type_specific, output)
-#define type_specific_keypair_output_structure "type-specific"
#define DO_type_specific_keypair_selection_mask \
( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask )
#define DO_type_specific_keypair(impl, type, output) \
DO_PRIVATE_KEY(impl, type, type_specific, output) \
DO_PUBLIC_KEY(impl, type, type_specific, output)
-#define type_specific_output_structure "type-specific"
#define DO_type_specific_selection_mask \
( DO_type_specific_keypair_selection_mask \
| DO_type_specific_params_selection_mask )
#define DO_type_specific(impl, type, output) \
DO_type_specific_keypair(impl, type, output) \
DO_type_specific_params(impl, type, output)
-#define type_specific_no_pub_output_structure "type-specific"
#define DO_type_specific_no_pub_selection_mask \
( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask)
#define DO_type_specific_no_pub(impl, type, output) \
* This only covers key types that are represented with i2d_{TYPE}PrivateKey,
* i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters.
*/
-#define RSA_output_structure "rsa"
#define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask
#define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output)
-#define DH_output_structure "dh"
#define DO_DH_selection_mask DO_type_specific_params_selection_mask
#define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output)
-#define DHX_output_structure "dhx"
#define DO_DHX_selection_mask DO_type_specific_params_selection_mask
#define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output)
-#define DSA_output_structure "dsa"
#define DO_DSA_selection_mask DO_type_specific_selection_mask
#define DO_DSA(impl, type, output) DO_type_specific(impl, type, output)
-#define EC_output_structure "ec"
-#define DO_EC_selection_mask DO_type_specific_selection_mask
-#define DO_EC(impl, type, output) DO_type_specific(impl, type, output)
+#define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask
+#define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output)
-#define SM2_output_structure "sm2"
-#define DO_SM2_selection_mask DO_type_specific_selection_mask
-#define DO_SM2(impl, type, output) DO_type_specific(impl, type, output)
+#define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask
+#define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output)
/* PKCS#1 defines a structure for RSA private and public keys */
-#define PKCS1_output_structure "pkcs1"
#define DO_PKCS1_selection_mask DO_RSA_selection_mask
#define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output)
/* PKCS#3 defines a structure for DH parameters */
-#define PKCS3_output_structure "pkcs3"
#define DO_PKCS3_selection_mask DO_DH_selection_mask
#define DO_PKCS3(impl, type, output) DO_DH(impl, type, output)
/* X9.42 defines a structure for DHx parameters */
-#define X9_42_output_structure "X9.42"
#define DO_X9_42_selection_mask DO_DHX_selection_mask
#define DO_X9_42(impl, type, output) DO_DHX(impl, type, output)
/* X9.62 defines a structure for EC keys and parameters */
-#define X9_62_output_structure "X9.62"
#define DO_X9_62_selection_mask DO_EC_selection_mask
#define DO_X9_62(impl, type, output) DO_EC(impl, type, output)
* ossl_##impl##_to_##kind##_##output##_encoder_functions
*/
#define MAKE_ENCODER(impl, type, evp_type, kind, output) \
- static OSSL_FUNC_encoder_gettable_params_fn \
- impl##_to_##kind##_##output##_gettable_params; \
- static OSSL_FUNC_encoder_get_params_fn \
- impl##_to_##kind##_##output##_get_params; \
static OSSL_FUNC_encoder_import_object_fn \
impl##_to_##kind##_##output##_import_object; \
static OSSL_FUNC_encoder_free_object_fn \
static OSSL_FUNC_encoder_encode_fn \
impl##_to_##kind##_##output##_encode; \
\
- static const OSSL_PARAM * \
- impl##_to_##kind##_##output##_gettable_params(void *provctx) \
- { \
- return key2any_gettable_params(provctx, \
- kind##_output_structure != NULL); \
- } \
- static int \
- impl##_to_##kind##_##output##_get_params(OSSL_PARAM params[]) \
- { \
- return key2any_get_params(params, impl##_input_type, \
- output##_output_type, \
- kind##_output_structure); \
- } \
static void * \
impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \
const OSSL_PARAM params[]) \
(void (*)(void))key2any_newctx }, \
{ OSSL_FUNC_ENCODER_FREECTX, \
(void (*)(void))key2any_freectx }, \
- { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \
- (void (*)(void))impl##_to_##kind##_##output##_gettable_params }, \
- { OSSL_FUNC_ENCODER_GET_PARAMS, \
- (void (*)(void))impl##_to_##kind##_##output##_get_params }, \
{ OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
(void (*)(void))key2any_settable_ctx_params }, \
{ OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
(void (*)(void))impl##_to_##kind##_##output##_free_object }, \
{ OSSL_FUNC_ENCODER_ENCODE, \
(void (*)(void))impl##_to_##kind##_##output##_encode }, \
- { 0, NULL } \
+ OSSL_DISPATCH_END \
}
/*
* For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
* PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
*/
-MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, der);
-MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, pem);
+MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der);
+MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem);
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der);
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, der);
-MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, pem);
+MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der);
+MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem);
#ifndef OPENSSL_NO_DH
-MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, der);
-MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, pem);
+MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der);
+MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem);
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der);
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, der);
-MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, pem);
+MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der);
+MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem);
#endif
#ifndef OPENSSL_NO_DSA
-MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, der);
-MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, pem);
+MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der);
+MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem);
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der);
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem);
#endif
#ifndef OPENSSL_NO_EC
-MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, der);
-MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, pem);
+MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
+MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
# ifndef OPENSSL_NO_SM2
-MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, der);
-MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, pem);
+MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
+MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
# endif
-MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, der);
-MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, pem);
+# ifndef OPENSSL_NO_ECX
+MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der);
+MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem);
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, der);
-MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, pem);
+MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
+MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, der);
-MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, pem);
+MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der);
+MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, der);
-MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, pem);
+MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
+MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
+# endif
#endif
/*