Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 86e95b852eb4a1e43116cb6951b450b78bd52b4b / . / ssl / ssl_privkey.cc
blob: 73808ebe336ebf7ee4b43f363a653b60dfd7414d [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
David Benjamin86e95b82017-07-18 16:34:25 -0400[diff] [blame^]57#define BORINGSSL_INTERNAL_CXX_TYPES
58
David Benjamin443a1f62015-09-04 15:05:05 -0400[diff] [blame]59#include <openssl/ssl.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]60
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]61#include <assert.h>
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]62#include <limits.h>
63
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]64#include <openssl/ec.h>
65#include <openssl/ec_key.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]66#include <openssl/err.h>
67#include <openssl/evp.h>
68#include <openssl/mem.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]69
David Benjamin2ee94aa2015-04-07 22:38:30 -0400[diff] [blame]70#include "internal.h"
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]71#include "../crypto/internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]72
David Benjamin443a1f62015-09-04 15:05:05 -0400[diff] [blame]73
David Benjamin86e95b82017-07-18 16:34:25 -0400[diff] [blame^]74namespace bssl {
75
Adam Langley52940c42017-02-01 12:40:31 -0800[diff] [blame]76int ssl_is_key_type_supported(int key_type) {
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]77 return key_type == EVP_PKEY_RSA || key_type == EVP_PKEY_EC ||
78 key_type == EVP_PKEY_ED25519;
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]79}
80
Adam Langley52940c42017-02-01 12:40:31 -0800[diff] [blame]81static int ssl_set_pkey(CERT *cert, EVP_PKEY *pkey) {
82 if (!ssl_is_key_type_supported(pkey->type)) {
83 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]84 return 0;
85 }
86
Adam Langley52940c42017-02-01 12:40:31 -0800[diff] [blame]87 if (cert->chain != NULL &&
88 sk_CRYPTO_BUFFER_value(cert->chain, 0) != NULL &&
Adam Langleyd04ca952017-02-28 11:26:51 -0800[diff] [blame]89 /* Sanity-check that the private key and the certificate match. */
Adam Langley52940c42017-02-01 12:40:31 -0800[diff] [blame]90 !ssl_cert_check_private_key(cert, pkey)) {
91 return 0;
92 }
93
94 EVP_PKEY_free(cert->privatekey);
95 EVP_PKEY_up_ref(pkey);
96 cert->privatekey = pkey;
97
98 return 1;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]99}
100
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]101typedef struct {
102 uint16_t sigalg;
103 int pkey_type;
104 int curve;
105 const EVP_MD *(*digest_func)(void);
106 char is_rsa_pss;
107} SSL_SIGNATURE_ALGORITHM;
108
109static const SSL_SIGNATURE_ALGORITHM kSignatureAlgorithms[] = {
110 {SSL_SIGN_RSA_PKCS1_MD5_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_md5_sha1, 0},
111 {SSL_SIGN_RSA_PKCS1_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_sha1, 0},
112 {SSL_SIGN_RSA_PKCS1_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 0},
113 {SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 0},
114 {SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 0},
115
116 {SSL_SIGN_RSA_PSS_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 1},
117 {SSL_SIGN_RSA_PSS_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 1},
118 {SSL_SIGN_RSA_PSS_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 1},
119
120 {SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, 0},
121 {SSL_SIGN_ECDSA_SECP256R1_SHA256, EVP_PKEY_EC, NID_X9_62_prime256v1,
122 &EVP_sha256, 0},
123 {SSL_SIGN_ECDSA_SECP384R1_SHA384, EVP_PKEY_EC, NID_secp384r1, &EVP_sha384,
124 0},
125 {SSL_SIGN_ECDSA_SECP521R1_SHA512, EVP_PKEY_EC, NID_secp521r1, &EVP_sha512,
126 0},
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]127
128 {SSL_SIGN_ED25519, EVP_PKEY_ED25519, NID_undef, NULL, 0},
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]129};
130
131static const SSL_SIGNATURE_ALGORITHM *get_signature_algorithm(uint16_t sigalg) {
132 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kSignatureAlgorithms); i++) {
133 if (kSignatureAlgorithms[i].sigalg == sigalg) {
134 return &kSignatureAlgorithms[i];
135 }
136 }
137 return NULL;
138}
139
David Benjamin32a66d52016-07-13 22:03:11 -0400[diff] [blame]140int ssl_has_private_key(const SSL *ssl) {
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]141 return ssl->cert->privatekey != NULL || ssl->cert->key_method != NULL;
142}
143
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]144static int pkey_supports_algorithm(const SSL *ssl, EVP_PKEY *pkey,
145 uint16_t sigalg) {
146 const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg);
147 if (alg == NULL ||
148 EVP_PKEY_id(pkey) != alg->pkey_type) {
149 return 0;
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]150 }
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]151
152 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
153 /* RSA keys may only be used with RSA-PSS. */
154 if (alg->pkey_type == EVP_PKEY_RSA && !alg->is_rsa_pss) {
155 return 0;
156 }
157
158 /* EC keys have a curve requirement. */
159 if (alg->pkey_type == EVP_PKEY_EC &&
160 (alg->curve == NID_undef ||
161 EC_GROUP_get_curve_name(
162 EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey))) != alg->curve)) {
163 return 0;
164 }
165 }
166
167 return 1;
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]168}
169
David Benjamin19670942017-05-31 19:07:31 -0400[diff] [blame]170static int setup_ctx(SSL *ssl, EVP_MD_CTX *ctx, EVP_PKEY *pkey, uint16_t sigalg,
171 int is_verify) {
172 if (!pkey_supports_algorithm(ssl, pkey, sigalg)) {
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]173 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
174 return 0;
David Benjamin887c3002016-07-08 16:15:32 -0700[diff] [blame]175 }
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]176
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]177 const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg);
David Benjamin19670942017-05-31 19:07:31 -0400[diff] [blame]178 const EVP_MD *digest = alg->digest_func != NULL ? alg->digest_func() : NULL;
179 EVP_PKEY_CTX *pctx;
180 if (is_verify) {
181 if (!EVP_DigestVerifyInit(ctx, &pctx, digest, NULL, pkey)) {
182 return 0;
183 }
184 } else if (!EVP_DigestSignInit(ctx, &pctx, digest, NULL, pkey)) {
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]185 return 0;
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]186 }
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]187
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]188 if (alg->is_rsa_pss) {
David Benjamin19670942017-05-31 19:07:31 -0400[diff] [blame]189 if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
190 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* salt len = hash len */)) {
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]191 return 0;
David Benjamin76feb1f2017-03-28 14:17:01 -0500[diff] [blame]192 }
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]193 }
194
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]195 return 1;
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]196}
197
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]198static int legacy_sign_digest_supported(const SSL_SIGNATURE_ALGORITHM *alg) {
199 return (alg->pkey_type == EVP_PKEY_EC || alg->pkey_type == EVP_PKEY_RSA) &&
200 !alg->is_rsa_pss;
201}
202
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]203static enum ssl_private_key_result_t legacy_sign(
204 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, uint16_t sigalg,
205 const uint8_t *in, size_t in_len) {
206 /* TODO(davidben): Remove support for |sign_digest|-only
207 * |SSL_PRIVATE_KEY_METHOD|s. */
208 const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg);
209 if (alg == NULL || !legacy_sign_digest_supported(alg)) {
210 OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY);
211 return ssl_private_key_failure;
212 }
213
214 const EVP_MD *md = alg->digest_func();
215 uint8_t hash[EVP_MAX_MD_SIZE];
216 unsigned hash_len;
217 if (!EVP_Digest(in, in_len, hash, &hash_len, md, NULL)) {
218 return ssl_private_key_failure;
219 }
220
221 return ssl->cert->key_method->sign_digest(ssl, out, out_len, max_out, md,
222 hash, hash_len);
223}
224
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]225enum ssl_private_key_result_t ssl_private_key_sign(
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]226 SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, size_t max_out,
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]227 uint16_t sigalg, const uint8_t *in, size_t in_len) {
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]228 SSL *const ssl = hs->ssl;
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]229 if (ssl->cert->key_method != NULL) {
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]230 enum ssl_private_key_result_t ret;
231 if (hs->pending_private_key_op) {
232 ret = ssl->cert->key_method->complete(ssl, out, out_len, max_out);
233 } else {
234 ret = (ssl->cert->key_method->sign != NULL
235 ? ssl->cert->key_method->sign
236 : legacy_sign)(ssl, out, out_len, max_out, sigalg, in, in_len);
David Benjamind3440b42016-07-14 14:52:41 -0400[diff] [blame]237 }
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]238 hs->pending_private_key_op = ret == ssl_private_key_retry;
239 return ret;
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]240 }
241
David Benjamin76feb1f2017-03-28 14:17:01 -0500[diff] [blame]242 *out_len = max_out;
David Benjamin19670942017-05-31 19:07:31 -0400[diff] [blame]243 EVP_MD_CTX ctx;
244 EVP_MD_CTX_init(&ctx);
245 int ret = setup_ctx(ssl, &ctx, ssl->cert->privatekey, sigalg, 0 /* sign */) &&
246 EVP_DigestSign(&ctx, out, out_len, in, in_len);
247 EVP_MD_CTX_cleanup(&ctx);
David Benjamin76feb1f2017-03-28 14:17:01 -0500[diff] [blame]248 return ret ? ssl_private_key_success : ssl_private_key_failure;
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]249}
250
Steven Valdez2b8415e2016-06-30 13:27:23 -0400[diff] [blame]251int ssl_public_key_verify(SSL *ssl, const uint8_t *signature,
David Benjamin19670942017-05-31 19:07:31 -0400[diff] [blame]252 size_t signature_len, uint16_t sigalg, EVP_PKEY *pkey,
253 const uint8_t *in, size_t in_len) {
254 EVP_MD_CTX ctx;
255 EVP_MD_CTX_init(&ctx);
256 int ret = setup_ctx(ssl, &ctx, pkey, sigalg, 1 /* verify */) &&
257 EVP_DigestVerify(&ctx, signature, signature_len, in, in_len);
258 EVP_MD_CTX_cleanup(&ctx);
David Benjamin76feb1f2017-03-28 14:17:01 -0500[diff] [blame]259 return ret;
Steven Valdez2b8415e2016-06-30 13:27:23 -0400[diff] [blame]260}
261
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]262enum ssl_private_key_result_t ssl_private_key_decrypt(
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]263 SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, size_t max_out,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]264 const uint8_t *in, size_t in_len) {
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]265 SSL *const ssl = hs->ssl;
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]266 if (ssl->cert->key_method != NULL) {
David Benjamin44148742017-06-17 13:20:59 -0400[diff] [blame]267 enum ssl_private_key_result_t ret;
268 if (hs->pending_private_key_op) {
269 ret = ssl->cert->key_method->complete(ssl, out, out_len, max_out);
270 } else {
271 ret = ssl->cert->key_method->decrypt(ssl, out, out_len, max_out, in,
272 in_len);
273 }
274 hs->pending_private_key_op = ret == ssl_private_key_retry;
275 return ret;
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]276 }
277
David Benjamin758d1272015-11-20 17:47:25 -0500[diff] [blame]278 RSA *rsa = EVP_PKEY_get0_RSA(ssl->cert->privatekey);
279 if (rsa == NULL) {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]280 /* Decrypt operations are only supported for RSA keys. */
281 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
282 return ssl_private_key_failure;
283 }
284
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]285 /* Decrypt with no padding. PKCS#1 padding will be removed as part
286 * of the timing-sensitive code by the caller. */
David Benjamin758d1272015-11-20 17:47:25 -0500[diff] [blame]287 if (!RSA_decrypt(rsa, out_len, out, max_out, in, in_len, RSA_NO_PADDING)) {
288 return ssl_private_key_failure;
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]289 }
David Benjamin758d1272015-11-20 17:47:25 -0500[diff] [blame]290 return ssl_private_key_success;
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]291}
292
David Benjamina232a712017-03-30 15:51:53 -0500[diff] [blame]293int ssl_private_key_supports_signature_algorithm(SSL_HANDSHAKE *hs,
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]294 uint16_t sigalg) {
David Benjamina232a712017-03-30 15:51:53 -0500[diff] [blame]295 SSL *const ssl = hs->ssl;
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]296 if (!pkey_supports_algorithm(ssl, hs->local_pubkey, sigalg)) {
297 return 0;
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]298 }
299
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]300 /* Ensure the RSA key is large enough for the hash. RSASSA-PSS requires that
301 * emLen be at least hLen + sLen + 2. Both hLen and sLen are the size of the
302 * hash in TLS. Reasonable RSA key sizes are large enough for the largest
303 * defined RSASSA-PSS algorithm, but 1024-bit RSA is slightly too small for
304 * SHA-512. 1024-bit RSA is sometimes used for test credentials, so check the
305 * size so that we can fall back to another algorithm in that case. */
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]306 const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg);
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]307 if (alg->is_rsa_pss &&
308 (size_t)EVP_PKEY_size(hs->local_pubkey) <
309 2 * EVP_MD_size(alg->digest_func()) + 2) {
310 return 0;
311 }
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]312
David Benjamin69522112017-03-28 15:38:29 -0500[diff] [blame]313 /* Newer algorithms require message-based private keys.
314 * TODO(davidben): Remove this check when sign_digest is gone. */
315 if (ssl->cert->key_method != NULL &&
316 ssl->cert->key_method->sign == NULL &&
317 !legacy_sign_digest_supported(alg)) {
318 return 0;
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]319 }
320
David Benjamin6114c3c2017-03-30 16:37:54 -0500[diff] [blame]321 return 1;
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]322}
David Benjamin86e95b82017-07-18 16:34:25 -0400[diff] [blame^]323
324} // namespace bssl
325
326using namespace bssl;
327
328int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) {
329 EVP_PKEY *pkey;
330 int ret;
331
332 if (rsa == NULL) {
333 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
334 return 0;
335 }
336
337 pkey = EVP_PKEY_new();
338 if (pkey == NULL) {
339 OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB);
340 return 0;
341 }
342
343 RSA_up_ref(rsa);
344 EVP_PKEY_assign_RSA(pkey, rsa);
345
346 ret = ssl_set_pkey(ssl->cert, pkey);
347 EVP_PKEY_free(pkey);
348
349 return ret;
350}
351
352int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) {
353 UniquePtr<RSA> rsa(RSA_private_key_from_bytes(der, der_len));
354 if (!rsa) {
355 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
356 return 0;
357 }
358
359 return SSL_use_RSAPrivateKey(ssl, rsa.get());
360}
361
362int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) {
363 if (pkey == NULL) {
364 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
365 return 0;
366 }
367
368 return ssl_set_pkey(ssl->cert, pkey);
369}
370
371int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const uint8_t *der,
372 size_t der_len) {
373 if (der_len > LONG_MAX) {
374 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
375 return 0;
376 }
377
378 const uint8_t *p = der;
379 EVP_PKEY *pkey = d2i_PrivateKey(type, NULL, &p, (long)der_len);
380 if (pkey == NULL || p != der + der_len) {
381 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
382 EVP_PKEY_free(pkey);
383 return 0;
384 }
385
386 int ret = SSL_use_PrivateKey(ssl, pkey);
387 EVP_PKEY_free(pkey);
388 return ret;
389}
390
391int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) {
392 int ret;
393 EVP_PKEY *pkey;
394
395 if (rsa == NULL) {
396 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
397 return 0;
398 }
399
400 pkey = EVP_PKEY_new();
401 if (pkey == NULL) {
402 OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB);
403 return 0;
404 }
405
406 RSA_up_ref(rsa);
407 EVP_PKEY_assign_RSA(pkey, rsa);
408
409 ret = ssl_set_pkey(ctx->cert, pkey);
410 EVP_PKEY_free(pkey);
411 return ret;
412}
413
414int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const uint8_t *der,
415 size_t der_len) {
416 RSA *rsa = RSA_private_key_from_bytes(der, der_len);
417 if (rsa == NULL) {
418 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
419 return 0;
420 }
421
422 int ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
423 RSA_free(rsa);
424 return ret;
425}
426
427int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) {
428 if (pkey == NULL) {
429 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
430 return 0;
431 }
432
433 return ssl_set_pkey(ctx->cert, pkey);
434}
435
436int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *der,
437 size_t der_len) {
438 if (der_len > LONG_MAX) {
439 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
440 return 0;
441 }
442
443 const uint8_t *p = der;
444 EVP_PKEY *pkey = d2i_PrivateKey(type, NULL, &p, (long)der_len);
445 if (pkey == NULL || p != der + der_len) {
446 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
447 EVP_PKEY_free(pkey);
448 return 0;
449 }
450
451 int ret = SSL_CTX_use_PrivateKey(ctx, pkey);
452 EVP_PKEY_free(pkey);
453 return ret;
454}
455
456void SSL_set_private_key_method(SSL *ssl,
457 const SSL_PRIVATE_KEY_METHOD *key_method) {
458 ssl->cert->key_method = key_method;
459}
460
461void SSL_CTX_set_private_key_method(SSL_CTX *ctx,
462 const SSL_PRIVATE_KEY_METHOD *key_method) {
463 ctx->cert->key_method = key_method;
464}
465
466static int set_algorithm_prefs(uint16_t **out_prefs, size_t *out_num_prefs,
467 const uint16_t *prefs, size_t num_prefs) {
468 OPENSSL_free(*out_prefs);
469
470 *out_num_prefs = 0;
471 *out_prefs = (uint16_t *)BUF_memdup(prefs, num_prefs * sizeof(prefs[0]));
472 if (*out_prefs == NULL) {
473 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
474 return 0;
475 }
476 *out_num_prefs = num_prefs;
477
478 return 1;
479}
480
481int SSL_CTX_set_signing_algorithm_prefs(SSL_CTX *ctx, const uint16_t *prefs,
482 size_t num_prefs) {
483 return set_algorithm_prefs(&ctx->cert->sigalgs, &ctx->cert->num_sigalgs,
484 prefs, num_prefs);
485}
486
487
488int SSL_set_signing_algorithm_prefs(SSL *ssl, const uint16_t *prefs,
489 size_t num_prefs) {
490 return set_algorithm_prefs(&ssl->cert->sigalgs, &ssl->cert->num_sigalgs,
491 prefs, num_prefs);
492}
493
494int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, const uint16_t *prefs,
495 size_t num_prefs) {
496 return set_algorithm_prefs(&ctx->verify_sigalgs, &ctx->num_verify_sigalgs,
497 prefs, num_prefs);
498}
499
500int SSL_set_private_key_digest_prefs(SSL *ssl, const int *digest_nids,
501 size_t num_digests) {
502 OPENSSL_free(ssl->cert->sigalgs);
503
504 static_assert(sizeof(int) >= 2 * sizeof(uint16_t),
505 "sigalgs allocation may overflow");
506
507 ssl->cert->num_sigalgs = 0;
508 ssl->cert->sigalgs =
509 (uint16_t *)OPENSSL_malloc(sizeof(uint16_t) * 2 * num_digests);
510 if (ssl->cert->sigalgs == NULL) {
511 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
512 return 0;
513 }
514
515 /* Convert the digest list to a signature algorithms list.
516 *
517 * TODO(davidben): Replace this API with one that can express RSA-PSS, etc. */
518 for (size_t i = 0; i < num_digests; i++) {
519 switch (digest_nids[i]) {
520 case NID_sha1:
521 ssl->cert->sigalgs[ssl->cert->num_sigalgs] = SSL_SIGN_RSA_PKCS1_SHA1;
522 ssl->cert->sigalgs[ssl->cert->num_sigalgs + 1] = SSL_SIGN_ECDSA_SHA1;
523 ssl->cert->num_sigalgs += 2;
524 break;
525 case NID_sha256:
526 ssl->cert->sigalgs[ssl->cert->num_sigalgs] = SSL_SIGN_RSA_PKCS1_SHA256;
527 ssl->cert->sigalgs[ssl->cert->num_sigalgs + 1] =
528 SSL_SIGN_ECDSA_SECP256R1_SHA256;
529 ssl->cert->num_sigalgs += 2;
530 break;
531 case NID_sha384:
532 ssl->cert->sigalgs[ssl->cert->num_sigalgs] = SSL_SIGN_RSA_PKCS1_SHA384;
533 ssl->cert->sigalgs[ssl->cert->num_sigalgs + 1] =
534 SSL_SIGN_ECDSA_SECP384R1_SHA384;
535 ssl->cert->num_sigalgs += 2;
536 break;
537 case NID_sha512:
538 ssl->cert->sigalgs[ssl->cert->num_sigalgs] = SSL_SIGN_RSA_PKCS1_SHA512;
539 ssl->cert->sigalgs[ssl->cert->num_sigalgs + 1] =
540 SSL_SIGN_ECDSA_SECP521R1_SHA512;
541 ssl->cert->num_sigalgs += 2;
542 break;
543 }
544 }
545
546 return 1;
547}