kris
/
boringssl
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
3505 Cometimentos
12 Ramos
38 MiB
Árvore: aedf303cc2
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de 'aedf303cc2'
${ noResults }
boringssl/crypto/evp/evp_asn1.c

evp_asn1.c 9.8 KiB
Em bruto Vista normal Histórico

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Adding ARRAY_SIZE macro for getting the size of constant arrays. Change-Id: Ie60744761f5aa434a71a998f5ca98a8f8b1c25d5 Reviewed-on: https://boringssl-review.googlesource.com/10447 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Adding ARRAY_SIZE macro for getting the size of constant arrays. Change-Id: Ie60744761f5aa434a71a998f5ca98a8f8b1c25d5 Reviewed-on: https://boringssl-review.googlesource.com/10447 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Handle empty keys in EVP_marshal_public_key() Instead of crashing when an empty key is passed to EVP_marshal_public_key(), return with an EVP_R_UNSUPPORTED_ALGORITHM_ERROR. This brings e.g. X509_PUBKEY_set() closer to how it behaved before 68772b31 (previously, it returned an error on an empty public key rather than dereferencing pkey->ameth). Change-Id: Ieac368725adb7f22329c035d9d0685b44b885888 Reviewed-on: https://boringssl-review.googlesource.com/7351 Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Handle empty keys in EVP_marshal_public_key() Instead of crashing when an empty key is passed to EVP_marshal_public_key(), return with an EVP_R_UNSUPPORTED_ALGORITHM_ERROR. This brings e.g. X509_PUBKEY_set() closer to how it behaved before 68772b31 (previously, it returned an error on an empty public key rather than dereferencing pkey->ameth). Change-Id: Ieac368725adb7f22329c035d9d0685b44b885888 Reviewed-on: https://boringssl-review.googlesource.com/7351 Reviewed-by: David Benjamin <davidben@google.com>
há 8 anos
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Reimplement d2i_PrivateKey. Functions which lose object reuse and need auditing: - d2i_PrivateKey This removes evp_asn1.c's dependency on the old stack. (Aside from obj/.) It also takes old_priv_decode out of EVP_ASN1_METHOD in favor of calling out to the new-style function. EVP_ASN1_METHOD no longer has any old-style type-specific serialization hooks, only the PKCS#8 and SPKI ones. BUG=499653 Change-Id: Ic142dc05a5505b50e4717c260d3893b20e680194 Reviewed-on: https://boringssl-review.googlesource.com/7027 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_PrivateKey. Functions which lose object reuse and need auditing: - d2i_PrivateKey This removes evp_asn1.c's dependency on the old stack. (Aside from obj/.) It also takes old_priv_decode out of EVP_ASN1_METHOD in favor of calling out to the new-style function. EVP_ASN1_METHOD no longer has any old-style type-specific serialization hooks, only the PKCS#8 and SPKI ones. BUG=499653 Change-Id: Ic142dc05a5505b50e4717c260d3893b20e680194 Reviewed-on: https://boringssl-review.googlesource.com/7027 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_PrivateKey. Functions which lose object reuse and need auditing: - d2i_PrivateKey This removes evp_asn1.c's dependency on the old stack. (Aside from obj/.) It also takes old_priv_decode out of EVP_ASN1_METHOD in favor of calling out to the new-style function. EVP_ASN1_METHOD no longer has any old-style type-specific serialization hooks, only the PKCS#8 and SPKI ones. BUG=499653 Change-Id: Ic142dc05a5505b50e4717c260d3893b20e680194 Reviewed-on: https://boringssl-review.googlesource.com/7027 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
d2i: don't update input pointer on failure (Imported from upstream's 728bcd59d3d41e152aead0d15acc51a8958536d3.) Actually this one was reported by us, but the commit message doesn't mention this. This is slightly modified from upstream's version to fix some problems noticed in import. Specifically one of d2i_X509_AUX's success paths is bust and d2i_PrivateKey still updates on one error path. Resolve the latter by changing both it and d2i_AutoPrivateKey to explicitly hit the error path on ret == NULL. This lets us remove the NULL check in d2i_AutoPrivateKey. We'll want to report the problems back upstream. Change-Id: Ifcfc965ca6d5ec0a08ac154854bd351cafbaba25 Reviewed-on: https://boringssl-review.googlesource.com/5948 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Reimplement d2i_PrivateKey. Functions which lose object reuse and need auditing: - d2i_PrivateKey This removes evp_asn1.c's dependency on the old stack. (Aside from obj/.) It also takes old_priv_decode out of EVP_ASN1_METHOD in favor of calling out to the new-style function. EVP_ASN1_METHOD no longer has any old-style type-specific serialization hooks, only the PKCS#8 and SPKI ones. BUG=499653 Change-Id: Ic142dc05a5505b50e4717c260d3893b20e680194 Reviewed-on: https://boringssl-review.googlesource.com/7027 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_PrivateKey. Functions which lose object reuse and need auditing: - d2i_PrivateKey This removes evp_asn1.c's dependency on the old stack. (Aside from obj/.) It also takes old_priv_decode out of EVP_ASN1_METHOD in favor of calling out to the new-style function. EVP_ASN1_METHOD no longer has any old-style type-specific serialization hooks, only the PKCS#8 and SPKI ones. BUG=499653 Change-Id: Ic142dc05a5505b50e4717c260d3893b20e680194 Reviewed-on: https://boringssl-review.googlesource.com/7027 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Enforce that d2i_PrivateKey returns a key of the specified type. If d2i_PrivateKey hit the PKCS#8 codepath, it didn't enforce that the key was of the specified type. Note that this requires tweaking d2i_AutoPrivateKey slightly. A PKCS #8 PrivateKeyInfo may have 3 or 4 elements (optional attributes), so we were relying on this bug for d2i_AutoPrivateKey to work. Change-Id: If50b7a742f535d208e944ba37c3a585689d1da43 Reviewed-on: https://boringssl-review.googlesource.com/7253 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_PrivateKey. Functions which lose object reuse and need auditing: - d2i_PrivateKey This removes evp_asn1.c's dependency on the old stack. (Aside from obj/.) It also takes old_priv_decode out of EVP_ASN1_METHOD in favor of calling out to the new-style function. EVP_ASN1_METHOD no longer has any old-style type-specific serialization hooks, only the PKCS#8 and SPKI ones. BUG=499653 Change-Id: Ic142dc05a5505b50e4717c260d3893b20e680194 Reviewed-on: https://boringssl-review.googlesource.com/7027 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_PrivateKey. Functions which lose object reuse and need auditing: - d2i_PrivateKey This removes evp_asn1.c's dependency on the old stack. (Aside from obj/.) It also takes old_priv_decode out of EVP_ASN1_METHOD in favor of calling out to the new-style function. EVP_ASN1_METHOD no longer has any old-style type-specific serialization hooks, only the PKCS#8 and SPKI ones. BUG=499653 Change-Id: Ic142dc05a5505b50e4717c260d3893b20e680194 Reviewed-on: https://boringssl-review.googlesource.com/7027 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
d2i: don't update input pointer on failure (Imported from upstream's 728bcd59d3d41e152aead0d15acc51a8958536d3.) Actually this one was reported by us, but the commit message doesn't mention this. This is slightly modified from upstream's version to fix some problems noticed in import. Specifically one of d2i_X509_AUX's success paths is bust and d2i_PrivateKey still updates on one error path. Resolve the latter by changing both it and d2i_AutoPrivateKey to explicitly hit the error path on ret == NULL. This lets us remove the NULL check in d2i_AutoPrivateKey. We'll want to report the problems back upstream. Change-Id: Ifcfc965ca6d5ec0a08ac154854bd351cafbaba25 Reviewed-on: https://boringssl-review.googlesource.com/5948 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Enforce that d2i_PrivateKey returns a key of the specified type. If d2i_PrivateKey hit the PKCS#8 codepath, it didn't enforce that the key was of the specified type. Note that this requires tweaking d2i_AutoPrivateKey slightly. A PKCS #8 PrivateKeyInfo may have 3 or 4 elements (optional attributes), so we were relying on this bug for d2i_AutoPrivateKey to work. Change-Id: If50b7a742f535d208e944ba37c3a585689d1da43 Reviewed-on: https://boringssl-review.googlesource.com/7253 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Enforce that d2i_PrivateKey returns a key of the specified type. If d2i_PrivateKey hit the PKCS#8 codepath, it didn't enforce that the key was of the specified type. Note that this requires tweaking d2i_AutoPrivateKey slightly. A PKCS #8 PrivateKeyInfo may have 3 or 4 elements (optional attributes), so we were relying on this bug for d2i_AutoPrivateKey to work. Change-Id: If50b7a742f535d208e944ba37c3a585689d1da43 Reviewed-on: https://boringssl-review.googlesource.com/7253 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Enforce that d2i_PrivateKey returns a key of the specified type. If d2i_PrivateKey hit the PKCS#8 codepath, it didn't enforce that the key was of the specified type. Note that this requires tweaking d2i_AutoPrivateKey slightly. A PKCS #8 PrivateKeyInfo may have 3 or 4 elements (optional attributes), so we were relying on this bug for d2i_AutoPrivateKey to work. Change-Id: If50b7a742f535d208e944ba37c3a585689d1da43 Reviewed-on: https://boringssl-review.googlesource.com/7253 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Reimplement d2i_AutoPrivateKey with the new ASN.1 stack. This is kind of a ridiculous function. It would be nice to lose it, but SSL_use_PrivateKey_file actually calls into it (by way of d2i_PrivateKey_bio). BUG=499653 Change-Id: I83634f6982b15f4b877e29f6793b7e00a1c10450 Reviewed-on: https://boringssl-review.googlesource.com/7026 Reviewed-by: Adam Langley <agl@google.com>
há 8 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
há 10 anos
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337 
  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/evp.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/bytestring.h>

  62. #include <openssl/dsa.h>

  63. #include <openssl/ec_key.h>

  64. #include <openssl/err.h>

  65. #include <openssl/rsa.h>

  66. 

  67. #include "internal.h"

  68. #include "../internal.h"

  69. 

  70. 

  71. static const EVP_PKEY_ASN1_METHOD *const kASN1Methods[] = {

  72.     &rsa_asn1_meth,

  73.     &ec_asn1_meth,

  74.     &dsa_asn1_meth,

  75. };

  76. 

  77. static int parse_key_type(CBS *cbs, int *out_type) {

  78.   CBS oid;

  79.   if (!CBS_get_asn1(cbs, &oid, CBS_ASN1_OBJECT)) {

  80.     return 0;

  81.   }

  82. 

  83.   unsigned i;

  84.   for (i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Methods); i++) {

  85.     const EVP_PKEY_ASN1_METHOD *method = kASN1Methods[i];

  86.     if (CBS_len(&oid) == method->oid_len &&

  87.         memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) {

  88.       *out_type = method->pkey_id;

  89.       return 1;

  90.     }

  91.   }

  92. 

  93.   return 0;

  94. }

  95. 

  96. EVP_PKEY *EVP_parse_public_key(CBS *cbs) {

  97.   /* Parse the SubjectPublicKeyInfo. */

  98.   CBS spki, algorithm, key;

  99.   int type;

  100.   uint8_t padding;

  101.   if (!CBS_get_asn1(cbs, &spki, CBS_ASN1_SEQUENCE) ||

  102.       !CBS_get_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||

  103.       !parse_key_type(&algorithm, &type) ||

  104.       !CBS_get_asn1(&spki, &key, CBS_ASN1_BITSTRING) ||

  105.       CBS_len(&spki) != 0 ||

  106.       /* Every key type defined encodes the key as a byte string with the same

  107.        * conversion to BIT STRING. */

  108.       !CBS_get_u8(&key, &padding) ||

  109.       padding != 0) {

  110.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  111.     return NULL;

  112.   }

  113. 

  114.   /* Set up an |EVP_PKEY| of the appropriate type. */

  115.   EVP_PKEY *ret = EVP_PKEY_new();

  116.   if (ret == NULL ||

  117.       !EVP_PKEY_set_type(ret, type)) {

  118.     goto err;

  119.   }

  120. 

  121.   /* Call into the type-specific SPKI decoding function. */

  122.   if (ret->ameth->pub_decode == NULL) {

  123.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  124.     goto err;

  125.   }

  126.   if (!ret->ameth->pub_decode(ret, &algorithm, &key)) {

  127.     goto err;

  128.   }

  129. 

  130.   return ret;

  131. 

  132. err:

  133.   EVP_PKEY_free(ret);

  134.   return NULL;

  135. }

  136. 

  137. int EVP_marshal_public_key(CBB *cbb, const EVP_PKEY *key) {

  138.   if (key->ameth == NULL || key->ameth->pub_encode == NULL) {

  139.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  140.     return 0;

  141.   }

  142. 

  143.   return key->ameth->pub_encode(cbb, key);

  144. }

  145. 

  146. EVP_PKEY *EVP_parse_private_key(CBS *cbs) {

  147.   /* Parse the PrivateKeyInfo. */

  148.   CBS pkcs8, algorithm, key;

  149.   uint64_t version;

  150.   int type;

  151.   if (!CBS_get_asn1(cbs, &pkcs8, CBS_ASN1_SEQUENCE) ||

  152.       !CBS_get_asn1_uint64(&pkcs8, &version) ||

  153.       version != 0 ||

  154.       !CBS_get_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||

  155.       !parse_key_type(&algorithm, &type) ||

  156.       !CBS_get_asn1(&pkcs8, &key, CBS_ASN1_OCTETSTRING)) {

  157.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  158.     return NULL;

  159.   }

  160. 

  161.   /* A PrivateKeyInfo ends with a SET of Attributes which we ignore. */

  162. 

  163.   /* Set up an |EVP_PKEY| of the appropriate type. */

  164.   EVP_PKEY *ret = EVP_PKEY_new();

  165.   if (ret == NULL ||

  166.       !EVP_PKEY_set_type(ret, type)) {

  167.     goto err;

  168.   }

  169. 

  170.   /* Call into the type-specific PrivateKeyInfo decoding function. */

  171.   if (ret->ameth->priv_decode == NULL) {

  172.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  173.     goto err;

  174.   }

  175.   if (!ret->ameth->priv_decode(ret, &algorithm, &key)) {

  176.     goto err;

  177.   }

  178. 

  179.   return ret;

  180. 

  181. err:

  182.   EVP_PKEY_free(ret);

  183.   return NULL;

  184. }

  185. 

  186. int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key) {

  187.   if (key->ameth == NULL || key->ameth->priv_encode == NULL) {

  188.     OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);

  189.     return 0;

  190.   }

  191. 

  192.   return key->ameth->priv_encode(cbb, key);

  193. }

  194. 

  195. static EVP_PKEY *old_priv_decode(CBS *cbs, int type) {

  196.   EVP_PKEY *ret = EVP_PKEY_new();

  197.   if (ret == NULL) {

  198.     return NULL;

  199.   }

  200. 

  201.   switch (type) {

  202.     case EVP_PKEY_EC: {

  203.       EC_KEY *ec_key = EC_KEY_parse_private_key(cbs, NULL);

  204.       if (ec_key == NULL || !EVP_PKEY_assign_EC_KEY(ret, ec_key)) {

  205.         EC_KEY_free(ec_key);

  206.         goto err;

  207.       }

  208.       return ret;

  209.     }

  210.     case EVP_PKEY_DSA: {

  211.       DSA *dsa = DSA_parse_private_key(cbs);

  212.       if (dsa == NULL || !EVP_PKEY_assign_DSA(ret, dsa)) {

  213.         DSA_free(dsa);

  214.         goto err;

  215.       }

  216.       return ret;

  217.     }

  218.     case EVP_PKEY_RSA: {

  219.       RSA *rsa = RSA_parse_private_key(cbs);

  220.       if (rsa == NULL || !EVP_PKEY_assign_RSA(ret, rsa)) {

  221.         RSA_free(rsa);

  222.         goto err;

  223.       }

  224.       return ret;

  225.     }

  226.     default:

  227.       OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE);

  228.       goto err;

  229.   }

  230. 

  231. err:

  232.   EVP_PKEY_free(ret);

  233.   return NULL;

  234. }

  235. 

  236. EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp,

  237.                          long len) {

  238.   if (len < 0) {

  239.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  240.     return NULL;

  241.   }

  242. 

  243.   /* Parse with the legacy format. */

  244.   CBS cbs;

  245.   CBS_init(&cbs, *inp, (size_t)len);

  246.   EVP_PKEY *ret = old_priv_decode(&cbs, type);

  247.   if (ret == NULL) {

  248.     /* Try again with PKCS#8. */

  249.     ERR_clear_error();

  250.     CBS_init(&cbs, *inp, (size_t)len);

  251.     ret = EVP_parse_private_key(&cbs);

  252.     if (ret == NULL) {

  253.       return NULL;

  254.     }

  255.     if (ret->type != type) {

  256.       OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES);

  257.       EVP_PKEY_free(ret);

  258.       return NULL;

  259.     }

  260.   }

  261. 

  262.   if (out != NULL) {

  263.     EVP_PKEY_free(*out);

  264.     *out = ret;

  265.   }

  266.   *inp = CBS_data(&cbs);

  267.   return ret;

  268. }

  269. 

  270. /* num_elements parses one SEQUENCE from |in| and returns the number of elements

  271.  * in it. On parse error, it returns zero. */

  272. static size_t num_elements(const uint8_t *in, size_t in_len) {

  273.   CBS cbs, sequence;

  274.   CBS_init(&cbs, in, (size_t)in_len);

  275. 

  276.   if (!CBS_get_asn1(&cbs, &sequence, CBS_ASN1_SEQUENCE)) {

  277.     return 0;

  278.   }

  279. 

  280.   size_t count = 0;

  281.   while (CBS_len(&sequence) > 0) {

  282.     if (!CBS_get_any_asn1_element(&sequence, NULL, NULL, NULL)) {

  283.       return 0;

  284.     }

  285. 

  286.     count++;

  287.   }

  288. 

  289.   return count;

  290. }

  291. 

  292. EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) {

  293.   if (len < 0) {

  294.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  295.     return NULL;

  296.   }

  297. 

  298.   /* Parse the input as a PKCS#8 PrivateKeyInfo. */

  299.   CBS cbs;

  300.   CBS_init(&cbs, *inp, (size_t)len);

  301.   EVP_PKEY *ret = EVP_parse_private_key(&cbs);

  302.   if (ret != NULL) {

  303.     if (out != NULL) {

  304.       EVP_PKEY_free(*out);

  305.       *out = ret;

  306.     }

  307.     *inp = CBS_data(&cbs);

  308.     return ret;

  309.   }

  310.   ERR_clear_error();

  311. 

  312.   /* Count the elements to determine the legacy key format. */

  313.   switch (num_elements(*inp, (size_t)len)) {

  314.     case 4:

  315.       return d2i_PrivateKey(EVP_PKEY_EC, out, inp, len);

  316. 

  317.     case 6:

  318.       return d2i_PrivateKey(EVP_PKEY_DSA, out, inp, len);

  319. 

  320.     default:

  321.       return d2i_PrivateKey(EVP_PKEY_RSA, out, inp, len);

  322.   }

  323. }

  324. 

  325. int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp) {

  326.   switch (key->type) {

  327.     case EVP_PKEY_RSA:

  328.       return i2d_RSAPublicKey(key->pkey.rsa, outp);

  329.     case EVP_PKEY_DSA:

  330.       return i2d_DSAPublicKey(key->pkey.dsa, outp);

  331.     case EVP_PKEY_EC:

  332.       return i2o_ECPublicKey(key->pkey.ec, outp);

  333.     default:

  334.       OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

  335.       return -1;

  336.   }

  337. }