evp_pkey.c

mediastreamer2是开源的网络传输媒体流的库

#ifndef OPENSSL_NO_EC
		case EVP_PKEY_EC:
		if (!eckey_pkey2pkcs8(p8, pkey))
		{
			PKCS8_PRIV_KEY_INFO_free(p8);
			return(NULL);
		}
		break;
#endif
		default:
		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
		PKCS8_PRIV_KEY_INFO_free (p8);
		return NULL;
	}
	RAND_add(p8->pkey->value.octet_string->data,
		 p8->pkey->value.octet_string->length, 0.0);
	return p8;
}

PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
{
	switch (broken) {

		case PKCS8_OK:
		p8->broken = PKCS8_OK;
		return p8;
		break;

		case PKCS8_NO_OCTET:
		p8->broken = PKCS8_NO_OCTET;
		p8->pkey->type = V_ASN1_SEQUENCE;
		return p8;
		break;

		default:
		EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
		return NULL;
	}
}

#ifndef OPENSSL_NO_DSA
static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
{
	ASN1_STRING *params = NULL;
	ASN1_INTEGER *prkey = NULL;
	ASN1_TYPE *ttmp = NULL;
	STACK_OF(ASN1_TYPE) *ndsa = NULL;
	unsigned char *p = NULL, *q;
	int len;

	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
	if (!(p = OPENSSL_malloc(len))) {
		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	q = p;
	i2d_DSAparams (pkey->pkey.dsa, &q);
	if (!(params = ASN1_STRING_new())) {
		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!ASN1_STRING_set(params, p, len)) {
		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	OPENSSL_free(p);
	p = NULL;
	/* Get private key into integer */
	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
		EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
		goto err;
	}

	switch(p8->broken) {

		case PKCS8_OK:
		case PKCS8_NO_OCTET:

		if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
					 &p8->pkey->value.octet_string)) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}

		M_ASN1_INTEGER_free (prkey);
		prkey = NULL;
		p8->pkeyalg->parameter->value.sequence = params;
		params = NULL;
		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;

		break;

		case PKCS8_NS_DB:

		p8->pkeyalg->parameter->value.sequence = params;
		params = NULL;
		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		if (!(ndsa = sk_ASN1_TYPE_new_null())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!(ttmp = ASN1_TYPE_new())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!(ttmp->value.integer =
			BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
			goto err;
		}
		ttmp->type = V_ASN1_INTEGER;
		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (!(ttmp = ASN1_TYPE_new())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ttmp->value.integer = prkey;
		prkey = NULL;
		ttmp->type = V_ASN1_INTEGER;
		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ttmp = NULL;

		if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
					 &p8->pkey->value.octet_string->data,
					 &p8->pkey->value.octet_string->length)) {

			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		break;

		case PKCS8_EMBEDDED_PARAM:

		p8->pkeyalg->parameter->type = V_ASN1_NULL;
		if (!(ndsa = sk_ASN1_TYPE_new_null())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		if (!(ttmp = ASN1_TYPE_new())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ttmp->value.sequence = params;
		params = NULL;
		ttmp->type = V_ASN1_SEQUENCE;
		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (!(ttmp = ASN1_TYPE_new())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ttmp->value.integer = prkey;
		prkey = NULL;
		ttmp->type = V_ASN1_INTEGER;
		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		ttmp = NULL;

		if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}

		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
					 &p8->pkey->value.octet_string->data,
					 &p8->pkey->value.octet_string->length)) {

			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		break;
	}
	return 1;
err:
	if (p != NULL) OPENSSL_free(p);
	if (params != NULL) ASN1_STRING_free(params);
	if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
	if (ttmp != NULL) ASN1_TYPE_free(ttmp);
	if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
	return 0;
}
#endif

#ifndef OPENSSL_NO_EC
static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
{
	EC_KEY		*ec_key;
	const EC_GROUP  *group;
	unsigned char	*p, *pp;
	int 		nid, i, ret = 0;
	unsigned int    tmp_flags, old_flags;

	ec_key = pkey->pkey.ec;
	if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
	{
		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
		return 0;
	}

	/* set the ec parameters OID */
	if (p8->pkeyalg->algorithm)
		ASN1_OBJECT_free(p8->pkeyalg->algorithm);

	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);

	/* set the ec parameters */

	if (p8->pkeyalg->parameter)
	{
		ASN1_TYPE_free(p8->pkeyalg->parameter);
		p8->pkeyalg->parameter = NULL;
	}

	if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
	{
		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	
	if (EC_GROUP_get_asn1_flag(group)
                     && (nid = EC_GROUP_get_curve_name(group)))
	{
		/* we have a 'named curve' => just set the OID */
		p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
		p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
	}
	else	/* explicit parameters */
	{
		if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
		{
			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
			return 0;
		}
		if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
		{
			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
			return 0;
		}	
		pp = p;
		if (!i2d_ECParameters(ec_key, &pp))
		{
			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
			OPENSSL_free(p);
			return 0;
		}
		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		if ((p8->pkeyalg->parameter->value.sequence 
			= ASN1_STRING_new()) == NULL)
		{
			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
			OPENSSL_free(p);
			return 0;
		}
		ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
		OPENSSL_free(p);
	}

	/* set the private key */

	/* do not include the parameters in the SEC1 private key
	 * see PKCS#11 12.11 */
	old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
	tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
	EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
	i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
	if (!i)
	{
		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
		return 0;
	}
	p = (unsigned char *) OPENSSL_malloc(i);
	if (!p)
	{
		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	pp = p;
	if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
	{
		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
		OPENSSL_free(p);
		return 0;
	}
	/* restore old encoding flags */
	EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);

	switch(p8->broken) {

		case PKCS8_OK:
		p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
		if (!p8->pkey->value.octet_string ||
		    !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
		    (const void *)p, i))

		{
			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
		}
		else
			ret = 1;
		break;
		case PKCS8_NO_OCTET:		/* RSA specific */
		case PKCS8_NS_DB:		/* DSA specific */
		case PKCS8_EMBEDDED_PARAM:	/* DSA specific */
		default:
			EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
	}
	OPENSSL_cleanse(p, (size_t)i);
	OPENSSL_free(p);
	return ret;
}
#endif

/* EVP_PKEY attribute functions */

int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
{
	return X509at_get_attr_count(key->attributes);
}

int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
			  int lastpos)
{
	return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
}

int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
			  int lastpos)
{
	return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
}

X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
{
	return X509at_get_attr(key->attributes, loc);
}

X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
{
	return X509at_delete_attr(key->attributes, loc);
}

int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
{
	if(X509at_add1_attr(&key->attributes, attr)) return 1;
	return 0;
}

int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
			const ASN1_OBJECT *obj, int type,
			const unsigned char *bytes, int len)
{
	if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
				type, bytes, len)) return 1;
	return 0;
}

int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
			int nid, int type,
			const unsigned char *bytes, int len)
{
	if(X509at_add1_attr_by_NID(&key->attributes, nid,
				type, bytes, len)) return 1;
	return 0;
}

int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
			const char *attrname, int type,
			const unsigned char *bytes, int len)
{
	if(X509at_add1_attr_by_txt(&key->attributes, attrname,
				type, bytes, len)) return 1;
	return 0;
}