mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
12603de634
openssl/crypto/evp/pmeth_check.c
Shane Lontis 12603de634 Add RSA key validation to default provider 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10780)
2020-01-29 20:32:32 +10:00

159 lines
4.1 KiB
C
Raw Blame History

/*
* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "crypto/bn.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "evp_local.h"
int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->pkeys[0].keymgmt;
key = pkey->pkeys[0].provdata;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate_public(keymgmt, key);
/* legacy */
/* call customized public key check function first */
if (ctx->pmeth->public_check != NULL)
return ctx->pmeth->public_check(pkey);
/* use default public key check function in ameth */
if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
return pkey->ameth->pkey_public_check(pkey);
}
int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->pkeys[0].keymgmt;
key = pkey->pkeys[0].provdata;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate_domparams(keymgmt, key);
/* call customized param check function first */
if (ctx->pmeth->param_check != NULL)
return ctx->pmeth->param_check(pkey);
/* legacy */
/* use default param check function in ameth */
if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
return pkey->ameth->pkey_param_check(pkey);
}
int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
if (pkey == NULL) {
EVPerr(0, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->pkeys[0].keymgmt;
key = pkey->pkeys[0].provdata;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate_private(keymgmt, key);
/* not supported for legacy keys */
return -2;
}
int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
if (pkey == NULL) {
EVPerr(0, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->pkeys[0].keymgmt;
key = pkey->pkeys[0].provdata;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate_pairwise(keymgmt, key);
/* not supported for legacy keys */
return -2;
}
int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->pkeys[0].keymgmt;
key = pkey->pkeys[0].provdata;
if (key != NULL && keymgmt != NULL) {
return evp_keymgmt_validate_domparams(keymgmt, key)
&& evp_keymgmt_validate_public(keymgmt, key)
&& evp_keymgmt_validate_private(keymgmt, key)
&& evp_keymgmt_validate_pairwise(keymgmt, key);
}
/* legacy */
/* call customized check function first */
if (ctx->pmeth->check != NULL)
return ctx->pmeth->check(pkey);
/* use default check function in ameth */
if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
EVPerr(EVP_F_EVP_PKEY_CHECK,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
return pkey->ameth->pkey_check(pkey);
}
Reference in New Issue View Git Blame Copy Permalink