Fold p_${alg}_asn1.cc into p_${alg}.cc
The two method tables both need access to the same internal EVP_PKEY
representation. For the old algorithms, those representations were
one-to-one with the low-level types, Ed25519 and X25519 ended up
defining custom things.
Folding the files together lets us limit it to one translation unit that
handles the EVP binding for that algorithm.
Change-Id: I3b55f543047f2b0af4a3759446f2ff10487f1712
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82988
Reviewed-by: Lily Chen <chlily@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/build.json b/build.json
index 98a5cdc..bb58e38 100644
--- a/build.json
+++ b/build.json
@@ -261,17 +261,12 @@
"crypto/evp/evp_asn1.cc",
"crypto/evp/evp_ctx.cc",
"crypto/evp/p_dh.cc",
- "crypto/evp/p_dh_asn1.cc",
- "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_dsa.cc",
"crypto/evp/p_ec.cc",
- "crypto/evp/p_ec_asn1.cc",
"crypto/evp/p_ed25519.cc",
- "crypto/evp/p_ed25519_asn1.cc",
"crypto/evp/p_hkdf.cc",
"crypto/evp/p_rsa.cc",
- "crypto/evp/p_rsa_asn1.cc",
"crypto/evp/p_x25519.cc",
- "crypto/evp/p_x25519_asn1.cc",
"crypto/evp/pbkdf.cc",
"crypto/evp/print.cc",
"crypto/evp/scrypt.cc",
diff --git a/crypto/evp/evp.cc b/crypto/evp/evp.cc
index 3376b6a..8904444 100644
--- a/crypto/evp/evp.cc
+++ b/crypto/evp/evp.cc
@@ -200,9 +200,9 @@
// but forgets to put anything in the |pkey|. The one pattern where it does
// anything is |EVP_PKEY_X25519|, where it's needed to make
// |EVP_PKEY_set1_tls_encodedpoint| work, so we support only that.
- const EVP_PKEY_ASN1_METHOD *ameth;
+ const EVP_PKEY_ALG *alg;
if (type == EVP_PKEY_X25519) {
- ameth = &x25519_asn1_meth;
+ alg = EVP_pkey_x25519();
} else {
OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
ERR_add_error_dataf("algorithm %d", type);
@@ -210,7 +210,7 @@
}
if (pkey) {
- evp_pkey_set0(pkey, ameth, nullptr);
+ evp_pkey_set0(pkey, alg->method, nullptr);
}
return 1;
diff --git a/crypto/evp/internal.h b/crypto/evp/internal.h
index 5d8b0fe..da32821 100644
--- a/crypto/evp/internal.h
+++ b/crypto/evp/internal.h
@@ -253,23 +253,6 @@
int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
} /* EVP_PKEY_CTX_METHOD */;
-typedef struct {
- // key is the concatenation of the private seed and public key. It is stored
- // as a single 64-bit array to allow passing to |ED25519_sign|. If
- // |has_private| is false, the first 32 bytes are uninitialized and the public
- // key is in the last 32 bytes.
- uint8_t key[64];
- char has_private;
-} ED25519_KEY;
-
-#define ED25519_PUBLIC_KEY_OFFSET 32
-
-typedef struct {
- uint8_t pub[32];
- uint8_t priv[32];
- char has_private;
-} X25519_KEY;
-
extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD ec_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
diff --git a/crypto/evp/p_dh.cc b/crypto/evp/p_dh.cc
index 2308c88..23065f2 100644
--- a/crypto/evp/p_dh.cc
+++ b/crypto/evp/p_dh.cc
@@ -16,13 +16,136 @@
#include <assert.h>
+#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/mem.h>
+#include "../internal.h"
#include "internal.h"
+static void dh_free(EVP_PKEY *pkey) {
+ DH_free(reinterpret_cast<DH *>(pkey->pkey));
+ pkey->pkey = nullptr;
+}
+
+static int dh_size(const EVP_PKEY *pkey) {
+ return DH_size(reinterpret_cast<const DH *>(pkey->pkey));
+}
+
+static int dh_bits(const EVP_PKEY *pkey) {
+ return DH_bits(reinterpret_cast<const DH *>(pkey->pkey));
+}
+
+static int dh_param_missing(const EVP_PKEY *pkey) {
+ const DH *dh = reinterpret_cast<const DH *>(pkey->pkey);
+ return dh == nullptr || DH_get0_p(dh) == nullptr || DH_get0_g(dh) == nullptr;
+}
+
+static int dh_param_copy(EVP_PKEY *to, const EVP_PKEY *from) {
+ if (dh_param_missing(from)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ const DH *dh = reinterpret_cast<DH *>(from->pkey);
+ const BIGNUM *q_old = DH_get0_q(dh);
+ BIGNUM *p = BN_dup(DH_get0_p(dh));
+ BIGNUM *q = q_old == nullptr ? nullptr : BN_dup(q_old);
+ BIGNUM *g = BN_dup(DH_get0_g(dh));
+ if (p == nullptr || (q_old != nullptr && q == nullptr) || g == nullptr ||
+ !DH_set0_pqg(reinterpret_cast<DH *>(to->pkey), p, q, g)) {
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ return 0;
+ }
+
+ // |DH_set0_pqg| took ownership of |p|, |q|, and |g|.
+ return 1;
+}
+
+static int dh_param_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
+ if (dh_param_missing(a) || dh_param_missing(b)) {
+ return -2;
+ }
+
+ // Matching OpenSSL, only compare p and g for PKCS#3-style Diffie-Hellman.
+ // OpenSSL only checks q in X9.42-style Diffie-Hellman ("DHX").
+ const DH *a_dh = reinterpret_cast<const DH *>(a->pkey);
+ const DH *b_dh = reinterpret_cast<const DH *>(b->pkey);
+ return BN_cmp(DH_get0_p(a_dh), DH_get0_p(b_dh)) == 0 &&
+ BN_cmp(DH_get0_g(a_dh), DH_get0_g(b_dh)) == 0;
+}
+
+static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
+ if (dh_param_cmp(a, b) <= 0) {
+ return 0;
+ }
+
+ const DH *a_dh = reinterpret_cast<const DH *>(a->pkey);
+ const DH *b_dh = reinterpret_cast<const DH *>(b->pkey);
+ return BN_cmp(DH_get0_pub_key(a_dh), DH_get0_pub_key(b_dh)) == 0;
+}
+
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
+ /*pkey_id=*/EVP_PKEY_DH,
+ /*oid=*/{0},
+ /*oid_len=*/0,
+ /*pkey_method=*/&dh_pkey_meth,
+ /*pub_decode=*/nullptr,
+ /*pub_encode=*/nullptr,
+ /*pub_cmp=*/dh_pub_cmp,
+ /*priv_decode=*/nullptr,
+ /*priv_encode=*/nullptr,
+ /*set_priv_raw=*/nullptr,
+ /*set_pub_raw=*/nullptr,
+ /*get_priv_raw=*/nullptr,
+ /*get_pub_raw=*/nullptr,
+ /*set1_tls_encodedpoint=*/nullptr,
+ /*get1_tls_encodedpoint=*/nullptr,
+ /*pkey_opaque=*/nullptr,
+ /*pkey_size=*/dh_size,
+ /*pkey_bits=*/dh_bits,
+ /*param_missing=*/dh_param_missing,
+ /*param_copy=*/dh_param_copy,
+ /*param_cmp=*/dh_param_cmp,
+ /*pkey_free=*/dh_free,
+};
+
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) {
+ if (EVP_PKEY_assign_DH(pkey, key)) {
+ DH_up_ref(key);
+ return 1;
+ }
+ return 0;
+}
+
+int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key) {
+ if (key == nullptr) {
+ return 0;
+ }
+ evp_pkey_set0(pkey, &dh_asn1_meth, key);
+ return 1;
+}
+
+DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) {
+ if (EVP_PKEY_id(pkey) != EVP_PKEY_DH) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY);
+ return nullptr;
+ }
+ return reinterpret_cast<DH *>(const_cast<EVP_PKEY *>(pkey)->pkey);
+}
+
+DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) {
+ DH *dh = EVP_PKEY_get0_DH(pkey);
+ if (dh != nullptr) {
+ DH_up_ref(dh);
+ }
+ return dh;
+}
+
namespace {
typedef struct dh_pkey_ctx_st {
int pad;
diff --git a/crypto/evp/p_dh_asn1.cc b/crypto/evp/p_dh_asn1.cc
deleted file mode 100644
index a18cad0..0000000
--- a/crypto/evp/p_dh_asn1.cc
+++ /dev/null
@@ -1,144 +0,0 @@
-// Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <openssl/evp.h>
-
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/err.h>
-
-#include "../internal.h"
-#include "internal.h"
-
-
-static void dh_free(EVP_PKEY *pkey) {
- DH_free(reinterpret_cast<DH *>(pkey->pkey));
- pkey->pkey = nullptr;
-}
-
-static int dh_size(const EVP_PKEY *pkey) {
- return DH_size(reinterpret_cast<const DH *>(pkey->pkey));
-}
-
-static int dh_bits(const EVP_PKEY *pkey) {
- return DH_bits(reinterpret_cast<const DH *>(pkey->pkey));
-}
-
-static int dh_param_missing(const EVP_PKEY *pkey) {
- const DH *dh = reinterpret_cast<const DH *>(pkey->pkey);
- return dh == nullptr || DH_get0_p(dh) == nullptr || DH_get0_g(dh) == nullptr;
-}
-
-static int dh_param_copy(EVP_PKEY *to, const EVP_PKEY *from) {
- if (dh_param_missing(from)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
- return 0;
- }
-
- const DH *dh = reinterpret_cast<DH *>(from->pkey);
- const BIGNUM *q_old = DH_get0_q(dh);
- BIGNUM *p = BN_dup(DH_get0_p(dh));
- BIGNUM *q = q_old == nullptr ? nullptr : BN_dup(q_old);
- BIGNUM *g = BN_dup(DH_get0_g(dh));
- if (p == nullptr || (q_old != nullptr && q == nullptr) || g == nullptr ||
- !DH_set0_pqg(reinterpret_cast<DH *>(to->pkey), p, q, g)) {
- BN_free(p);
- BN_free(q);
- BN_free(g);
- return 0;
- }
-
- // |DH_set0_pqg| took ownership of |p|, |q|, and |g|.
- return 1;
-}
-
-static int dh_param_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- if (dh_param_missing(a) || dh_param_missing(b)) {
- return -2;
- }
-
- // Matching OpenSSL, only compare p and g for PKCS#3-style Diffie-Hellman.
- // OpenSSL only checks q in X9.42-style Diffie-Hellman ("DHX").
- const DH *a_dh = reinterpret_cast<const DH *>(a->pkey);
- const DH *b_dh = reinterpret_cast<const DH *>(b->pkey);
- return BN_cmp(DH_get0_p(a_dh), DH_get0_p(b_dh)) == 0 &&
- BN_cmp(DH_get0_g(a_dh), DH_get0_g(b_dh)) == 0;
-}
-
-static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- if (dh_param_cmp(a, b) <= 0) {
- return 0;
- }
-
- const DH *a_dh = reinterpret_cast<const DH *>(a->pkey);
- const DH *b_dh = reinterpret_cast<const DH *>(b->pkey);
- return BN_cmp(DH_get0_pub_key(a_dh), DH_get0_pub_key(b_dh)) == 0;
-}
-
-const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
- /*pkey_id=*/EVP_PKEY_DH,
- /*oid=*/{0},
- /*oid_len=*/0,
- /*pkey_method=*/&dh_pkey_meth,
- /*pub_decode=*/nullptr,
- /*pub_encode=*/nullptr,
- /*pub_cmp=*/dh_pub_cmp,
- /*priv_decode=*/nullptr,
- /*priv_encode=*/nullptr,
- /*set_priv_raw=*/nullptr,
- /*set_pub_raw=*/nullptr,
- /*get_priv_raw=*/nullptr,
- /*get_pub_raw=*/nullptr,
- /*set1_tls_encodedpoint=*/nullptr,
- /*get1_tls_encodedpoint=*/nullptr,
- /*pkey_opaque=*/nullptr,
- /*pkey_size=*/dh_size,
- /*pkey_bits=*/dh_bits,
- /*param_missing=*/dh_param_missing,
- /*param_copy=*/dh_param_copy,
- /*param_cmp=*/dh_param_cmp,
- /*pkey_free=*/dh_free,
-};
-
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) {
- if (EVP_PKEY_assign_DH(pkey, key)) {
- DH_up_ref(key);
- return 1;
- }
- return 0;
-}
-
-int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key) {
- if (key == nullptr) {
- return 0;
- }
- evp_pkey_set0(pkey, &dh_asn1_meth, key);
- return 1;
-}
-
-DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) {
- if (EVP_PKEY_id(pkey) != EVP_PKEY_DH) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY);
- return nullptr;
- }
- return reinterpret_cast<DH *>(const_cast<EVP_PKEY *>(pkey)->pkey);
-}
-
-DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) {
- DH *dh = EVP_PKEY_get0_DH(pkey);
- if (dh != nullptr) {
- DH_up_ref(dh);
- }
- return dh;
-}
diff --git a/crypto/evp/p_dsa_asn1.cc b/crypto/evp/p_dsa.cc
similarity index 100%
rename from crypto/evp/p_dsa_asn1.cc
rename to crypto/evp/p_dsa.cc
diff --git a/crypto/evp/p_ec.cc b/crypto/evp/p_ec.cc
index 415459a..751141e 100644
--- a/crypto/evp/p_ec.cc
+++ b/crypto/evp/p_ec.cc
@@ -17,6 +17,7 @@
#include <string.h>
#include <openssl/bn.h>
+#include <openssl/bytestring.h>
#include <openssl/digest.h>
#include <openssl/ec.h>
#include <openssl/ec_key.h>
@@ -25,19 +26,352 @@
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/nid.h>
+#include <openssl/span.h>
+#include "../ec/internal.h"
#include "../fipsmodule/ec/internal.h"
#include "../internal.h"
#include "internal.h"
+namespace {
+
+struct EVP_PKEY_ALG_EC : public EVP_PKEY_ALG {
+ // ec_group returns the |EC_GROUP| for this algorithm.
+ const EC_GROUP *(*ec_group)();
+};
+
+static int eckey_pub_encode(CBB *out, const EVP_PKEY *key) {
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey);
+ const EC_GROUP *group = EC_KEY_get0_group(ec_key);
+ const EC_POINT *public_key = EC_KEY_get0_public_key(ec_key);
+
+ // See RFC 5480, section 2.
+ CBB spki, algorithm, key_bitstring;
+ if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ec_asn1_meth.oid,
+ ec_asn1_meth.oid_len) ||
+ !EC_KEY_marshal_curve_name(&algorithm, group) ||
+ !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
+ !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
+ !EC_POINT_point2cbb(&key_bitstring, group, public_key,
+ POINT_CONVERSION_UNCOMPRESSED, nullptr) ||
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static evp_decode_result_t eckey_pub_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // See RFC 5480, section 2.
+
+ // Check that |params| matches |alg|. Only the namedCurve form is allowed.
+ const EC_GROUP *group = static_cast<const EVP_PKEY_ALG_EC*>(alg)->ec_group();
+ if (ec_key_parse_curve_name(params, bssl::Span(&group, 1)) == nullptr) {
+ if (ERR_equals(ERR_peek_last_error(), ERR_LIB_EC, EC_R_UNKNOWN_GROUP)) {
+ ERR_clear_error();
+ return evp_decode_unsupported;
+ }
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+ if (CBS_len(params) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ bssl::UniquePtr<EC_KEY> eckey(EC_KEY_new());
+ if (eckey == nullptr || //
+ !EC_KEY_set_group(eckey.get(), group) ||
+ !EC_KEY_oct2key(eckey.get(), CBS_data(key), CBS_len(key), nullptr)) {
+ return evp_decode_error;
+ }
+
+ EVP_PKEY_assign_EC_KEY(out, eckey.release());
+ return evp_decode_ok;
+}
+
+static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
+ const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey);
+ const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey);
+ const EC_GROUP *group = EC_KEY_get0_group(b_ec);
+ const EC_POINT *pa = EC_KEY_get0_public_key(a_ec),
+ *pb = EC_KEY_get0_public_key(b_ec);
+ int r = EC_POINT_cmp(group, pa, pb, nullptr);
+ if (r == 0) {
+ return 1;
+ } else if (r == 1) {
+ return 0;
+ } else {
+ return -2;
+ }
+}
+
+static evp_decode_result_t eckey_priv_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // See RFC 5915.
+ const EC_GROUP *group = static_cast<const EVP_PKEY_ALG_EC*>(alg)->ec_group();
+ if (ec_key_parse_parameters(params, bssl::Span(&group, 1)) == nullptr) {
+ if (ERR_equals(ERR_peek_last_error(), ERR_LIB_EC, EC_R_UNKNOWN_GROUP)) {
+ ERR_clear_error();
+ return evp_decode_unsupported;
+ }
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+ if (CBS_len(params) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ bssl::UniquePtr<EC_KEY> ec_key(ec_key_parse_private_key(key, group, {}));
+ if (ec_key == nullptr || CBS_len(key) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ EVP_PKEY_assign_EC_KEY(out, ec_key.release());
+ return evp_decode_ok;
+}
+
+static int eckey_priv_encode(CBB *out, const EVP_PKEY *key) {
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey);
+
+ // Omit the redundant copy of the curve name. This contradicts RFC 5915 but
+ // aligns with PKCS #11. SEC 1 only says they may be omitted if known by other
+ // means. Both OpenSSL and NSS omit the redundant parameters, so we omit them
+ // as well.
+ unsigned enc_flags = EC_KEY_get_enc_flags(ec_key) | EC_PKEY_NO_PARAMETERS;
+
+ // See RFC 5915.
+ CBB pkcs8, algorithm, private_key;
+ if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
+ !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ec_asn1_meth.oid,
+ ec_asn1_meth.oid_len) ||
+ !EC_KEY_marshal_curve_name(&algorithm, EC_KEY_get0_group(ec_key)) ||
+ !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
+ !EC_KEY_marshal_private_key(&private_key, ec_key, enc_flags) ||
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int eckey_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in,
+ size_t len) {
+ EC_KEY *ec_key = reinterpret_cast<EC_KEY *>(pkey->pkey);
+ if (ec_key == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
+ return 0;
+ }
+
+ return EC_KEY_oct2key(ec_key, in, len, nullptr);
+}
+
+static size_t eckey_get1_tls_encodedpoint(const EVP_PKEY *pkey,
+ uint8_t **out_ptr) {
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
+ if (ec_key == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
+ return 0;
+ }
+
+ return EC_KEY_key2buf(ec_key, POINT_CONVERSION_UNCOMPRESSED, out_ptr,
+ nullptr);
+}
+
+static int int_ec_size(const EVP_PKEY *pkey) {
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
+ return ECDSA_size(ec_key);
+}
+
+static int ec_bits(const EVP_PKEY *pkey) {
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
+ const EC_GROUP *group = EC_KEY_get0_group(ec_key);
+ if (group == nullptr) {
+ ERR_clear_error();
+ return 0;
+ }
+ return EC_GROUP_order_bits(group);
+}
+
+static int ec_missing_parameters(const EVP_PKEY *pkey) {
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
+ return ec_key == nullptr || EC_KEY_get0_group(ec_key) == nullptr;
+}
+
+static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
+ const EC_KEY *from_key = reinterpret_cast<const EC_KEY *>(from->pkey);
+ if (from_key == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
+ return 0;
+ }
+ const EC_GROUP *group = EC_KEY_get0_group(from_key);
+ if (group == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
+ return 0;
+ }
+ if (to->pkey == nullptr) {
+ to->pkey = EC_KEY_new();
+ if (to->pkey == nullptr) {
+ return 0;
+ }
+ }
+ return EC_KEY_set_group(reinterpret_cast<EC_KEY *>(to->pkey), group);
+}
+
+static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
+ const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey);
+ const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey);
+ if (a_ec == nullptr || b_ec == nullptr) {
+ return -2;
+ }
+ const EC_GROUP *group_a = EC_KEY_get0_group(a_ec),
+ *group_b = EC_KEY_get0_group(b_ec);
+ if (group_a == nullptr || group_b == nullptr) {
+ return -2;
+ }
+ if (EC_GROUP_cmp(group_a, group_b, nullptr) != 0) {
+ // mismatch
+ return 0;
+ }
+ return 1;
+}
+
+static void int_ec_free(EVP_PKEY *pkey) {
+ EC_KEY_free(reinterpret_cast<EC_KEY *>(pkey->pkey));
+ pkey->pkey = nullptr;
+}
+
+static int eckey_opaque(const EVP_PKEY *pkey) {
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
+ return EC_KEY_is_opaque(ec_key);
+}
+
+} // namespace
+
+const EVP_PKEY_ASN1_METHOD ec_asn1_meth = {
+ EVP_PKEY_EC,
+ // 1.2.840.10045.2.1
+ {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01},
+ 7,
+
+ &ec_pkey_meth,
+
+ eckey_pub_decode,
+ eckey_pub_encode,
+ eckey_pub_cmp,
+
+ eckey_priv_decode,
+ eckey_priv_encode,
+
+ /*set_priv_raw=*/nullptr,
+ /*set_pub_raw=*/nullptr,
+ /*get_priv_raw=*/nullptr,
+ /*get_pub_raw=*/nullptr,
+ eckey_set1_tls_encodedpoint,
+ eckey_get1_tls_encodedpoint,
+
+ eckey_opaque,
+
+ int_ec_size,
+ ec_bits,
+
+ ec_missing_parameters,
+ ec_copy_parameters,
+ ec_cmp_parameters,
+
+ int_ec_free,
+};
+
+const EVP_PKEY_ALG *EVP_pkey_ec_p224(void) {
+ static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p224};
+ return &kAlg;
+}
+
+const EVP_PKEY_ALG *EVP_pkey_ec_p256(void) {
+ static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p256};
+ return &kAlg;
+}
+
+const EVP_PKEY_ALG *EVP_pkey_ec_p384(void) {
+ static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p384};
+ return &kAlg;
+}
+
+const EVP_PKEY_ALG *EVP_pkey_ec_p521(void) {
+ static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p521};
+ return &kAlg;
+}
+
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
+ if (EVP_PKEY_assign_EC_KEY(pkey, key)) {
+ EC_KEY_up_ref(key);
+ return 1;
+ }
+ return 0;
+}
+
+int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
+ if (key == nullptr) {
+ return 0;
+ }
+ evp_pkey_set0(pkey, &ec_asn1_meth, key);
+ return 1;
+}
+
+EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) {
+ if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_EC_KEY);
+ return nullptr;
+ }
+ return reinterpret_cast<EC_KEY *>(pkey->pkey);
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) {
+ EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
+ if (ec_key != nullptr) {
+ EC_KEY_up_ref(ec_key);
+ }
+ return ec_key;
+}
+
+int EVP_PKEY_get_ec_curve_nid(const EVP_PKEY *pkey) {
+ const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
+ if (ec_key == nullptr) {
+ return NID_undef;
+ }
+ const EC_GROUP *group = EC_KEY_get0_group(ec_key);
+ if (group == nullptr) {
+ return NID_undef;
+ }
+ return EC_GROUP_get_curve_name(group);
+}
+
+int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey) {
+ const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
+ if (ec_key == nullptr) {
+ return 0;
+ }
+ return EC_KEY_get_conv_form(ec_key);
+}
+
typedef struct {
// message digest
const EVP_MD *md;
const EC_GROUP *gen_group;
} EC_PKEY_CTX;
-
static int pkey_ec_init(EVP_PKEY_CTX *ctx) {
EC_PKEY_CTX *dctx =
reinterpret_cast<EC_PKEY_CTX *>(OPENSSL_zalloc(sizeof(EC_PKEY_CTX)));
diff --git a/crypto/evp/p_ec_asn1.cc b/crypto/evp/p_ec_asn1.cc
deleted file mode 100644
index 42d4494..0000000
--- a/crypto/evp/p_ec_asn1.cc
+++ /dev/null
@@ -1,360 +0,0 @@
-// Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <openssl/evp.h>
-
-#include <openssl/bn.h>
-#include <openssl/bytestring.h>
-#include <openssl/ec.h>
-#include <openssl/ec_key.h>
-#include <openssl/ecdsa.h>
-#include <openssl/err.h>
-#include <openssl/nid.h>
-#include <openssl/span.h>
-
-#include "../ec/internal.h"
-#include "internal.h"
-
-
-namespace {
-
-struct EVP_PKEY_ALG_EC : public EVP_PKEY_ALG {
- // ec_group returns the |EC_GROUP| for this algorithm.
- const EC_GROUP *(*ec_group)();
-};
-
-static int eckey_pub_encode(CBB *out, const EVP_PKEY *key) {
- const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey);
- const EC_GROUP *group = EC_KEY_get0_group(ec_key);
- const EC_POINT *public_key = EC_KEY_get0_public_key(ec_key);
-
- // See RFC 5480, section 2.
- CBB spki, algorithm, key_bitstring;
- if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ec_asn1_meth.oid,
- ec_asn1_meth.oid_len) ||
- !EC_KEY_marshal_curve_name(&algorithm, group) ||
- !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
- !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !EC_POINT_point2cbb(&key_bitstring, group, public_key,
- POINT_CONVERSION_UNCOMPRESSED, nullptr) ||
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static evp_decode_result_t eckey_pub_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // See RFC 5480, section 2.
-
- // Check that |params| matches |alg|. Only the namedCurve form is allowed.
- const EC_GROUP *group = static_cast<const EVP_PKEY_ALG_EC*>(alg)->ec_group();
- if (ec_key_parse_curve_name(params, bssl::Span(&group, 1)) == nullptr) {
- if (ERR_equals(ERR_peek_last_error(), ERR_LIB_EC, EC_R_UNKNOWN_GROUP)) {
- ERR_clear_error();
- return evp_decode_unsupported;
- }
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
- if (CBS_len(params) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- bssl::UniquePtr<EC_KEY> eckey(EC_KEY_new());
- if (eckey == nullptr || //
- !EC_KEY_set_group(eckey.get(), group) ||
- !EC_KEY_oct2key(eckey.get(), CBS_data(key), CBS_len(key), nullptr)) {
- return evp_decode_error;
- }
-
- EVP_PKEY_assign_EC_KEY(out, eckey.release());
- return evp_decode_ok;
-}
-
-static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey);
- const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey);
- const EC_GROUP *group = EC_KEY_get0_group(b_ec);
- const EC_POINT *pa = EC_KEY_get0_public_key(a_ec),
- *pb = EC_KEY_get0_public_key(b_ec);
- int r = EC_POINT_cmp(group, pa, pb, nullptr);
- if (r == 0) {
- return 1;
- } else if (r == 1) {
- return 0;
- } else {
- return -2;
- }
-}
-
-static evp_decode_result_t eckey_priv_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // See RFC 5915.
- const EC_GROUP *group = static_cast<const EVP_PKEY_ALG_EC*>(alg)->ec_group();
- if (ec_key_parse_parameters(params, bssl::Span(&group, 1)) == nullptr) {
- if (ERR_equals(ERR_peek_last_error(), ERR_LIB_EC, EC_R_UNKNOWN_GROUP)) {
- ERR_clear_error();
- return evp_decode_unsupported;
- }
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
- if (CBS_len(params) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- bssl::UniquePtr<EC_KEY> ec_key(ec_key_parse_private_key(key, group, {}));
- if (ec_key == nullptr || CBS_len(key) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- EVP_PKEY_assign_EC_KEY(out, ec_key.release());
- return evp_decode_ok;
-}
-
-static int eckey_priv_encode(CBB *out, const EVP_PKEY *key) {
- const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey);
-
- // Omit the redundant copy of the curve name. This contradicts RFC 5915 but
- // aligns with PKCS #11. SEC 1 only says they may be omitted if known by other
- // means. Both OpenSSL and NSS omit the redundant parameters, so we omit them
- // as well.
- unsigned enc_flags = EC_KEY_get_enc_flags(ec_key) | EC_PKEY_NO_PARAMETERS;
-
- // See RFC 5915.
- CBB pkcs8, algorithm, private_key;
- if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
- !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ec_asn1_meth.oid,
- ec_asn1_meth.oid_len) ||
- !EC_KEY_marshal_curve_name(&algorithm, EC_KEY_get0_group(ec_key)) ||
- !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
- !EC_KEY_marshal_private_key(&private_key, ec_key, enc_flags) ||
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static int eckey_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in,
- size_t len) {
- EC_KEY *ec_key = reinterpret_cast<EC_KEY *>(pkey->pkey);
- if (ec_key == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
- return 0;
- }
-
- return EC_KEY_oct2key(ec_key, in, len, nullptr);
-}
-
-static size_t eckey_get1_tls_encodedpoint(const EVP_PKEY *pkey,
- uint8_t **out_ptr) {
- const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
- if (ec_key == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
- return 0;
- }
-
- return EC_KEY_key2buf(ec_key, POINT_CONVERSION_UNCOMPRESSED, out_ptr,
- nullptr);
-}
-
-static int int_ec_size(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
- return ECDSA_size(ec_key);
-}
-
-static int ec_bits(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
- const EC_GROUP *group = EC_KEY_get0_group(ec_key);
- if (group == nullptr) {
- ERR_clear_error();
- return 0;
- }
- return EC_GROUP_order_bits(group);
-}
-
-static int ec_missing_parameters(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
- return ec_key == nullptr || EC_KEY_get0_group(ec_key) == nullptr;
-}
-
-static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
- const EC_KEY *from_key = reinterpret_cast<const EC_KEY *>(from->pkey);
- if (from_key == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
- return 0;
- }
- const EC_GROUP *group = EC_KEY_get0_group(from_key);
- if (group == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
- return 0;
- }
- if (to->pkey == nullptr) {
- to->pkey = EC_KEY_new();
- if (to->pkey == nullptr) {
- return 0;
- }
- }
- return EC_KEY_set_group(reinterpret_cast<EC_KEY *>(to->pkey), group);
-}
-
-static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
- const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey);
- const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey);
- if (a_ec == nullptr || b_ec == nullptr) {
- return -2;
- }
- const EC_GROUP *group_a = EC_KEY_get0_group(a_ec),
- *group_b = EC_KEY_get0_group(b_ec);
- if (group_a == nullptr || group_b == nullptr) {
- return -2;
- }
- if (EC_GROUP_cmp(group_a, group_b, nullptr) != 0) {
- // mismatch
- return 0;
- }
- return 1;
-}
-
-static void int_ec_free(EVP_PKEY *pkey) {
- EC_KEY_free(reinterpret_cast<EC_KEY *>(pkey->pkey));
- pkey->pkey = nullptr;
-}
-
-static int eckey_opaque(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
- return EC_KEY_is_opaque(ec_key);
-}
-
-} // namespace
-
-const EVP_PKEY_ASN1_METHOD ec_asn1_meth = {
- EVP_PKEY_EC,
- // 1.2.840.10045.2.1
- {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01},
- 7,
-
- &ec_pkey_meth,
-
- eckey_pub_decode,
- eckey_pub_encode,
- eckey_pub_cmp,
-
- eckey_priv_decode,
- eckey_priv_encode,
-
- /*set_priv_raw=*/nullptr,
- /*set_pub_raw=*/nullptr,
- /*get_priv_raw=*/nullptr,
- /*get_pub_raw=*/nullptr,
- eckey_set1_tls_encodedpoint,
- eckey_get1_tls_encodedpoint,
-
- eckey_opaque,
-
- int_ec_size,
- ec_bits,
-
- ec_missing_parameters,
- ec_copy_parameters,
- ec_cmp_parameters,
-
- int_ec_free,
-};
-
-const EVP_PKEY_ALG *EVP_pkey_ec_p224(void) {
- static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p224};
- return &kAlg;
-}
-
-const EVP_PKEY_ALG *EVP_pkey_ec_p256(void) {
- static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p256};
- return &kAlg;
-}
-
-const EVP_PKEY_ALG *EVP_pkey_ec_p384(void) {
- static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p384};
- return &kAlg;
-}
-
-const EVP_PKEY_ALG *EVP_pkey_ec_p521(void) {
- static const EVP_PKEY_ALG_EC kAlg = {{&ec_asn1_meth}, &EC_group_p521};
- return &kAlg;
-}
-
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
- if (EVP_PKEY_assign_EC_KEY(pkey, key)) {
- EC_KEY_up_ref(key);
- return 1;
- }
- return 0;
-}
-
-int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
- if (key == nullptr) {
- return 0;
- }
- evp_pkey_set0(pkey, &ec_asn1_meth, key);
- return 1;
-}
-
-EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) {
- if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_EC_KEY);
- return nullptr;
- }
- return reinterpret_cast<EC_KEY *>(pkey->pkey);
-}
-
-EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) {
- EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
- if (ec_key != nullptr) {
- EC_KEY_up_ref(ec_key);
- }
- return ec_key;
-}
-
-int EVP_PKEY_get_ec_curve_nid(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
- if (ec_key == nullptr) {
- return NID_undef;
- }
- const EC_GROUP *group = EC_KEY_get0_group(ec_key);
- if (group == nullptr) {
- return NID_undef;
- }
- return EC_GROUP_get_curve_name(group);
-}
-
-int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
- if (ec_key == nullptr) {
- return 0;
- }
- return EC_KEY_get_conv_form(ec_key);
-}
diff --git a/crypto/evp/p_ed25519.cc b/crypto/evp/p_ed25519.cc
index 50ea776..3ccfdaa 100644
--- a/crypto/evp/p_ed25519.cc
+++ b/crypto/evp/p_ed25519.cc
@@ -14,13 +14,236 @@
#include <openssl/evp.h>
+#include <openssl/bytestring.h>
#include <openssl/curve25519.h>
#include <openssl/err.h>
#include <openssl/mem.h>
+#include "../internal.h"
#include "internal.h"
+typedef struct {
+ // key is the concatenation of the private seed and public key. It is stored
+ // as a single 64-bit array to allow passing to |ED25519_sign|. If
+ // |has_private| is false, the first 32 bytes are uninitialized and the public
+ // key is in the last 32 bytes.
+ uint8_t key[64];
+ char has_private;
+} ED25519_KEY;
+
+#define ED25519_PUBLIC_KEY_OFFSET 32
+
+static void ed25519_free(EVP_PKEY *pkey) {
+ OPENSSL_free(pkey->pkey);
+ pkey->pkey = nullptr;
+}
+
+static int ed25519_set_priv_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
+ if (len != 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ ED25519_KEY *key =
+ reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY)));
+ if (key == nullptr) {
+ return 0;
+ }
+
+ // The RFC 8032 encoding stores only the 32-byte seed, so we must recover the
+ // full representation which we use from it.
+ uint8_t pubkey_unused[32];
+ ED25519_keypair_from_seed(pubkey_unused, key->key, in);
+ key->has_private = 1;
+ evp_pkey_set0(pkey, &ed25519_asn1_meth, key);
+ return 1;
+}
+
+static int ed25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
+ if (len != 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ ED25519_KEY *key =
+ reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY)));
+ if (key == nullptr) {
+ return 0;
+ }
+
+ OPENSSL_memcpy(key->key + ED25519_PUBLIC_KEY_OFFSET, in, 32);
+ key->has_private = 0;
+ evp_pkey_set0(pkey, &ed25519_asn1_meth, key);
+ return 1;
+}
+
+static int ed25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out,
+ size_t *out_len) {
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
+ if (!key->has_private) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
+ return 0;
+ }
+
+ if (out == nullptr) {
+ *out_len = 32;
+ return 1;
+ }
+
+ if (*out_len < 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ // The raw private key format is the first 32 bytes of the private key.
+ OPENSSL_memcpy(out, key->key, 32);
+ *out_len = 32;
+ return 1;
+}
+
+static int ed25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out,
+ size_t *out_len) {
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
+ if (out == nullptr) {
+ *out_len = 32;
+ return 1;
+ }
+
+ if (*out_len < 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ OPENSSL_memcpy(out, key->key + ED25519_PUBLIC_KEY_OFFSET, 32);
+ *out_len = 32;
+ return 1;
+}
+
+static evp_decode_result_t ed25519_pub_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // See RFC 8410, section 4.
+
+ // The parameters must be omitted. Public keys have length 32.
+ if (CBS_len(params) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ return ed25519_set_pub_raw(out, CBS_data(key), CBS_len(key))
+ ? evp_decode_ok
+ : evp_decode_error;
+}
+
+static int ed25519_pub_encode(CBB *out, const EVP_PKEY *pkey) {
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
+
+ // See RFC 8410, section 4.
+ CBB spki, algorithm, key_bitstring;
+ if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ed25519_asn1_meth.oid,
+ ed25519_asn1_meth.oid_len) ||
+ !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
+ !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
+ !CBB_add_bytes(&key_bitstring, key->key + ED25519_PUBLIC_KEY_OFFSET,
+ 32) ||
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int ed25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
+ const ED25519_KEY *a_key = reinterpret_cast<const ED25519_KEY *>(a->pkey);
+ const ED25519_KEY *b_key = reinterpret_cast<const ED25519_KEY *>(b->pkey);
+ return OPENSSL_memcmp(a_key->key + ED25519_PUBLIC_KEY_OFFSET,
+ b_key->key + ED25519_PUBLIC_KEY_OFFSET, 32) == 0;
+}
+
+static evp_decode_result_t ed25519_priv_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // See RFC 8410, section 7.
+
+ // Parameters must be empty. The key is a 32-byte value wrapped in an extra
+ // OCTET STRING layer.
+ CBS inner;
+ if (CBS_len(params) != 0 ||
+ !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ return ed25519_set_priv_raw(out, CBS_data(&inner), CBS_len(&inner))
+ ? evp_decode_ok
+ : evp_decode_error;
+}
+
+static int ed25519_priv_encode(CBB *out, const EVP_PKEY *pkey) {
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
+ if (!key->has_private) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
+ return 0;
+ }
+
+ // See RFC 8410, section 7.
+ CBB pkcs8, algorithm, private_key, inner;
+ if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
+ !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ed25519_asn1_meth.oid,
+ ed25519_asn1_meth.oid_len) ||
+ !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
+ !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) ||
+ // The PKCS#8 encoding stores only the 32-byte seed which is the first 32
+ // bytes of the private key.
+ !CBB_add_bytes(&inner, key->key, 32) || //
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int ed25519_size(const EVP_PKEY *pkey) { return 64; }
+
+static int ed25519_bits(const EVP_PKEY *pkey) { return 253; }
+
+const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
+ EVP_PKEY_ED25519,
+ {0x2b, 0x65, 0x70},
+ 3,
+ &ed25519_pkey_meth,
+ ed25519_pub_decode,
+ ed25519_pub_encode,
+ ed25519_pub_cmp,
+ ed25519_priv_decode,
+ ed25519_priv_encode,
+ ed25519_set_priv_raw,
+ ed25519_set_pub_raw,
+ ed25519_get_priv_raw,
+ ed25519_get_pub_raw,
+ /*set1_tls_encodedpoint=*/nullptr,
+ /*get1_tls_encodedpoint=*/nullptr,
+ /*pkey_opaque=*/nullptr,
+ ed25519_size,
+ ed25519_bits,
+ /*param_missing=*/nullptr,
+ /*param_copy=*/nullptr,
+ /*param_cmp=*/nullptr,
+ ed25519_free,
+};
+
+const EVP_PKEY_ALG *EVP_pkey_ed25519(void) {
+ static const EVP_PKEY_ALG kAlg = {&ed25519_asn1_meth};
+ return &kAlg;
+}
+
// Ed25519 has no parameters to copy.
static int pkey_ed25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; }
diff --git a/crypto/evp/p_ed25519_asn1.cc b/crypto/evp/p_ed25519_asn1.cc
deleted file mode 100644
index c87b7ba..0000000
--- a/crypto/evp/p_ed25519_asn1.cc
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright 2017 The BoringSSL Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <openssl/evp.h>
-
-#include <openssl/bytestring.h>
-#include <openssl/curve25519.h>
-#include <openssl/err.h>
-#include <openssl/mem.h>
-
-#include "../internal.h"
-#include "internal.h"
-
-
-static void ed25519_free(EVP_PKEY *pkey) {
- OPENSSL_free(pkey->pkey);
- pkey->pkey = nullptr;
-}
-
-static int ed25519_set_priv_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
- if (len != 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return 0;
- }
-
- ED25519_KEY *key =
- reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY)));
- if (key == nullptr) {
- return 0;
- }
-
- // The RFC 8032 encoding stores only the 32-byte seed, so we must recover the
- // full representation which we use from it.
- uint8_t pubkey_unused[32];
- ED25519_keypair_from_seed(pubkey_unused, key->key, in);
- key->has_private = 1;
- evp_pkey_set0(pkey, &ed25519_asn1_meth, key);
- return 1;
-}
-
-static int ed25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
- if (len != 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return 0;
- }
-
- ED25519_KEY *key =
- reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY)));
- if (key == nullptr) {
- return 0;
- }
-
- OPENSSL_memcpy(key->key + ED25519_PUBLIC_KEY_OFFSET, in, 32);
- key->has_private = 0;
- evp_pkey_set0(pkey, &ed25519_asn1_meth, key);
- return 1;
-}
-
-static int ed25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out,
- size_t *out_len) {
- const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
- if (!key->has_private) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
- return 0;
- }
-
- if (out == nullptr) {
- *out_len = 32;
- return 1;
- }
-
- if (*out_len < 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
- return 0;
- }
-
- // The raw private key format is the first 32 bytes of the private key.
- OPENSSL_memcpy(out, key->key, 32);
- *out_len = 32;
- return 1;
-}
-
-static int ed25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out,
- size_t *out_len) {
- const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
- if (out == nullptr) {
- *out_len = 32;
- return 1;
- }
-
- if (*out_len < 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
- return 0;
- }
-
- OPENSSL_memcpy(out, key->key + ED25519_PUBLIC_KEY_OFFSET, 32);
- *out_len = 32;
- return 1;
-}
-
-static evp_decode_result_t ed25519_pub_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // See RFC 8410, section 4.
-
- // The parameters must be omitted. Public keys have length 32.
- if (CBS_len(params) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- return ed25519_set_pub_raw(out, CBS_data(key), CBS_len(key))
- ? evp_decode_ok
- : evp_decode_error;
-}
-
-static int ed25519_pub_encode(CBB *out, const EVP_PKEY *pkey) {
- const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
-
- // See RFC 8410, section 4.
- CBB spki, algorithm, key_bitstring;
- if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ed25519_asn1_meth.oid,
- ed25519_asn1_meth.oid_len) ||
- !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
- !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !CBB_add_bytes(&key_bitstring, key->key + ED25519_PUBLIC_KEY_OFFSET,
- 32) ||
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static int ed25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const ED25519_KEY *a_key = reinterpret_cast<const ED25519_KEY *>(a->pkey);
- const ED25519_KEY *b_key = reinterpret_cast<const ED25519_KEY *>(b->pkey);
- return OPENSSL_memcmp(a_key->key + ED25519_PUBLIC_KEY_OFFSET,
- b_key->key + ED25519_PUBLIC_KEY_OFFSET, 32) == 0;
-}
-
-static evp_decode_result_t ed25519_priv_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // See RFC 8410, section 7.
-
- // Parameters must be empty. The key is a 32-byte value wrapped in an extra
- // OCTET STRING layer.
- CBS inner;
- if (CBS_len(params) != 0 ||
- !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- return ed25519_set_priv_raw(out, CBS_data(&inner), CBS_len(&inner))
- ? evp_decode_ok
- : evp_decode_error;
-}
-
-static int ed25519_priv_encode(CBB *out, const EVP_PKEY *pkey) {
- const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
- if (!key->has_private) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
- return 0;
- }
-
- // See RFC 8410, section 7.
- CBB pkcs8, algorithm, private_key, inner;
- if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
- !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, ed25519_asn1_meth.oid,
- ed25519_asn1_meth.oid_len) ||
- !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
- !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) ||
- // The PKCS#8 encoding stores only the 32-byte seed which is the first 32
- // bytes of the private key.
- !CBB_add_bytes(&inner, key->key, 32) || //
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static int ed25519_size(const EVP_PKEY *pkey) { return 64; }
-
-static int ed25519_bits(const EVP_PKEY *pkey) { return 253; }
-
-const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
- EVP_PKEY_ED25519,
- {0x2b, 0x65, 0x70},
- 3,
- &ed25519_pkey_meth,
- ed25519_pub_decode,
- ed25519_pub_encode,
- ed25519_pub_cmp,
- ed25519_priv_decode,
- ed25519_priv_encode,
- ed25519_set_priv_raw,
- ed25519_set_pub_raw,
- ed25519_get_priv_raw,
- ed25519_get_pub_raw,
- /*set1_tls_encodedpoint=*/nullptr,
- /*get1_tls_encodedpoint=*/nullptr,
- /*pkey_opaque=*/nullptr,
- ed25519_size,
- ed25519_bits,
- /*param_missing=*/nullptr,
- /*param_copy=*/nullptr,
- /*param_cmp=*/nullptr,
- ed25519_free,
-};
-
-const EVP_PKEY_ALG *EVP_pkey_ed25519(void) {
- static const EVP_PKEY_ALG kAlg = {&ed25519_asn1_meth};
- return &kAlg;
-}
diff --git a/crypto/evp/p_rsa.cc b/crypto/evp/p_rsa.cc
index 4c75459..263227f 100644
--- a/crypto/evp/p_rsa.cc
+++ b/crypto/evp/p_rsa.cc
@@ -26,6 +26,7 @@
#include <openssl/rsa.h>
#include <openssl/span.h>
+#include "../fipsmodule/rsa/internal.h"
#include "../internal.h"
#include "../mem_internal.h"
#include "../rsa/internal.h"
@@ -34,6 +35,221 @@
namespace {
+struct EVP_PKEY_ALG_RSA_PSS : public EVP_PKEY_ALG {
+ rsa_pss_params_t pss_params;
+};
+
+static int rsa_pub_encode(CBB *out, const EVP_PKEY *key) {
+ // See RFC 3279, section 2.3.1.
+ const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
+ CBB spki, algorithm, null, key_bitstring;
+ if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_asn1_meth.oid,
+ rsa_asn1_meth.oid_len) ||
+ !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
+ !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
+ !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
+ !RSA_marshal_public_key(&key_bitstring, rsa) || //
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static evp_decode_result_t rsa_pub_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // See RFC 3279, section 2.3.1.
+
+ // The parameters must be NULL.
+ CBS null;
+ if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 ||
+ CBS_len(params) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ bssl::UniquePtr<RSA> rsa(
+ RSA_public_key_from_bytes(CBS_data(key), CBS_len(key)));
+ if (rsa == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ EVP_PKEY_assign_RSA(out, rsa.release());
+ return evp_decode_ok;
+}
+
+static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
+ // We currently assume that all |EVP_PKEY_RSA_PSS| keys have the same
+ // parameters, so this vacuously compares parameters. If we ever support
+ // multiple PSS parameter sets, we probably should compare them too. Note,
+ // however, that OpenSSL does not compare parameters here.
+ const RSA *a_rsa = reinterpret_cast<const RSA *>(a->pkey);
+ const RSA *b_rsa = reinterpret_cast<const RSA *>(b->pkey);
+ return BN_cmp(RSA_get0_n(b_rsa), RSA_get0_n(a_rsa)) == 0 &&
+ BN_cmp(RSA_get0_e(b_rsa), RSA_get0_e(a_rsa)) == 0;
+}
+
+static int rsa_priv_encode(CBB *out, const EVP_PKEY *key) {
+ const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
+ CBB pkcs8, algorithm, null, private_key;
+ if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
+ !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_asn1_meth.oid,
+ rsa_asn1_meth.oid_len) ||
+ !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
+ !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
+ !RSA_marshal_private_key(&private_key, rsa) || //
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static evp_decode_result_t rsa_priv_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // Per RFC 8017, A.1, the parameters have type NULL.
+ CBS null;
+ if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 ||
+ CBS_len(params) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ bssl::UniquePtr<RSA> rsa(
+ RSA_private_key_from_bytes(CBS_data(key), CBS_len(key)));
+ if (rsa == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ EVP_PKEY_assign_RSA(out, rsa.release());
+ return evp_decode_ok;
+}
+
+static evp_decode_result_t rsa_decode_pss_params(rsa_pss_params_t expected,
+ CBS *params) {
+ if (CBS_len(params) == 0) {
+ return evp_decode_unsupported;
+ }
+ rsa_pss_params_t pss_params;
+ if (!rsa_parse_pss_params(params, &pss_params,
+ /*allow_explicit_trailer=*/false) ||
+ CBS_len(params) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+ return pss_params == expected ? evp_decode_ok : evp_decode_unsupported;
+}
+
+static int rsa_pub_encode_pss(CBB *out, const EVP_PKEY *key) {
+ const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
+ CBB spki, algorithm, key_bitstring;
+ if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_pss_asn1_meth.oid,
+ rsa_pss_asn1_meth.oid_len) ||
+ !rsa_marshal_pss_params(&algorithm, rsa->pss_params) ||
+ !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
+ !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
+ !RSA_marshal_public_key(&key_bitstring, rsa) || //
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static evp_decode_result_t rsa_pub_decode_pss(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ const auto *alg_pss = static_cast<const EVP_PKEY_ALG_RSA_PSS *>(alg);
+ evp_decode_result_t ret = rsa_decode_pss_params(alg_pss->pss_params, params);
+ if (ret != evp_decode_ok) {
+ return ret;
+ }
+
+ bssl::UniquePtr<RSA> rsa(
+ RSA_public_key_from_bytes(CBS_data(key), CBS_len(key)));
+ if (rsa == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ rsa->pss_params = alg_pss->pss_params;
+ evp_pkey_set0(out, &rsa_pss_asn1_meth, rsa.release());
+ return evp_decode_ok;
+}
+
+static int rsa_priv_encode_pss(CBB *out, const EVP_PKEY *key) {
+ const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
+ CBB pkcs8, algorithm, private_key;
+ if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
+ !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_pss_asn1_meth.oid,
+ rsa_pss_asn1_meth.oid_len) ||
+ !rsa_marshal_pss_params(&algorithm, rsa->pss_params) ||
+ !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
+ !RSA_marshal_private_key(&private_key, rsa) || //
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static evp_decode_result_t rsa_priv_decode_pss(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ const auto *alg_pss = static_cast<const EVP_PKEY_ALG_RSA_PSS *>(alg);
+ evp_decode_result_t ret = rsa_decode_pss_params(alg_pss->pss_params, params);
+ if (ret != evp_decode_ok) {
+ return ret;
+ }
+
+ bssl::UniquePtr<RSA> rsa(
+ RSA_private_key_from_bytes(CBS_data(key), CBS_len(key)));
+ if (rsa == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ rsa->pss_params = alg_pss->pss_params;
+ evp_pkey_set0(out, &rsa_pss_asn1_meth, rsa.release());
+ return evp_decode_ok;
+}
+
+static int rsa_opaque(const EVP_PKEY *pkey) {
+ const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
+ return RSA_is_opaque(rsa);
+}
+
+static int int_rsa_size(const EVP_PKEY *pkey) {
+ const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
+ return RSA_size(rsa);
+}
+
+static int rsa_bits(const EVP_PKEY *pkey) {
+ const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
+ return RSA_bits(rsa);
+}
+
+static void int_rsa_free(EVP_PKEY *pkey) {
+ RSA_free(reinterpret_cast<RSA *>(pkey->pkey));
+ pkey->pkey = nullptr;
+}
+
struct RSA_PKEY_CTX {
// Key gen parameters
int nbits = 2048;
@@ -514,6 +730,131 @@
} // namespace
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = {
+ EVP_PKEY_RSA,
+ // 1.2.840.113549.1.1.1
+ {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01},
+ 9,
+
+ &rsa_pkey_meth,
+
+ rsa_pub_decode,
+ rsa_pub_encode,
+ rsa_pub_cmp,
+
+ rsa_priv_decode,
+ rsa_priv_encode,
+
+ /*set_priv_raw=*/nullptr,
+ /*set_pub_raw=*/nullptr,
+ /*get_priv_raw=*/nullptr,
+ /*get_pub_raw=*/nullptr,
+ /*set1_tls_encodedpoint=*/nullptr,
+ /*get1_tls_encodedpoint=*/nullptr,
+
+ rsa_opaque,
+
+ int_rsa_size,
+ rsa_bits,
+
+ /*param_missing=*/nullptr,
+ /*param_copy=*/nullptr,
+ /*param_cmp=*/nullptr,
+
+ int_rsa_free,
+};
+
+const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
+ EVP_PKEY_RSA_PSS,
+ // 1.2.840.113549.1.1.10
+ {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a},
+ 9,
+
+ &rsa_pss_pkey_meth,
+
+ rsa_pub_decode_pss,
+ rsa_pub_encode_pss,
+ rsa_pub_cmp,
+
+ rsa_priv_decode_pss,
+ rsa_priv_encode_pss,
+
+ /*set_priv_raw=*/nullptr,
+ /*set_pub_raw=*/nullptr,
+ /*get_priv_raw=*/nullptr,
+ /*get_pub_raw=*/nullptr,
+ /*set1_tls_encodedpoint=*/nullptr,
+ /*get1_tls_encodedpoint=*/nullptr,
+
+ rsa_opaque,
+
+ int_rsa_size,
+ rsa_bits,
+
+ /*param_missing=*/nullptr,
+ /*param_copy=*/nullptr,
+ /*param_cmp=*/nullptr,
+
+ int_rsa_free,
+};
+
+
+const EVP_PKEY_ALG *EVP_pkey_rsa(void) {
+ static const EVP_PKEY_ALG kAlg = {&rsa_asn1_meth};
+ return &kAlg;
+}
+
+const EVP_PKEY_ALG *EVP_pkey_rsa_pss_sha256(void) {
+ static const EVP_PKEY_ALG_RSA_PSS kAlg = {{&rsa_pss_asn1_meth},
+ rsa_pss_sha256};
+ return &kAlg;
+}
+
+const EVP_PKEY_ALG *EVP_pkey_rsa_pss_sha384(void) {
+ static const EVP_PKEY_ALG_RSA_PSS kAlg = {{&rsa_pss_asn1_meth},
+ rsa_pss_sha384};
+ return &kAlg;
+}
+
+const EVP_PKEY_ALG *EVP_pkey_rsa_pss_sha512(void) {
+ static const EVP_PKEY_ALG_RSA_PSS kAlg = {{&rsa_pss_asn1_meth},
+ rsa_pss_sha512};
+ return &kAlg;
+}
+
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) {
+ if (EVP_PKEY_assign_RSA(pkey, key)) {
+ RSA_up_ref(key);
+ return 1;
+ }
+ return 0;
+}
+
+int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) {
+ if (key == nullptr) {
+ return 0;
+ }
+ evp_pkey_set0(pkey, &rsa_asn1_meth, key);
+ return 1;
+}
+
+RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {
+ int pkey_id = EVP_PKEY_id(pkey);
+ if (pkey_id != EVP_PKEY_RSA && pkey_id != EVP_PKEY_RSA_PSS) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY);
+ return nullptr;
+ }
+ return reinterpret_cast<RSA *>(pkey->pkey);
+}
+
+RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) {
+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ if (rsa != nullptr) {
+ RSA_up_ref(rsa);
+ }
+ return rsa;
+}
+
const EVP_PKEY_CTX_METHOD rsa_pkey_meth = {
EVP_PKEY_RSA,
pkey_rsa_init,
diff --git a/crypto/evp/p_rsa_asn1.cc b/crypto/evp/p_rsa_asn1.cc
deleted file mode 100644
index cbced0e..0000000
--- a/crypto/evp/p_rsa_asn1.cc
+++ /dev/null
@@ -1,372 +0,0 @@
-// Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <openssl/evp.h>
-
-#include <openssl/bn.h>
-#include <openssl/bytestring.h>
-#include <openssl/digest.h>
-#include <openssl/err.h>
-#include <openssl/mem.h>
-#include <openssl/rsa.h>
-#include <openssl/span.h>
-
-#include "../fipsmodule/rsa/internal.h"
-#include "../rsa/internal.h"
-#include "internal.h"
-
-
-namespace {
-
-struct EVP_PKEY_ALG_RSA_PSS : public EVP_PKEY_ALG {
- rsa_pss_params_t pss_params;
-};
-
-static int rsa_pub_encode(CBB *out, const EVP_PKEY *key) {
- // See RFC 3279, section 2.3.1.
- const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
- CBB spki, algorithm, null, key_bitstring;
- if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_asn1_meth.oid,
- rsa_asn1_meth.oid_len) ||
- !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
- !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
- !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !RSA_marshal_public_key(&key_bitstring, rsa) || //
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static evp_decode_result_t rsa_pub_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // See RFC 3279, section 2.3.1.
-
- // The parameters must be NULL.
- CBS null;
- if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 ||
- CBS_len(params) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- bssl::UniquePtr<RSA> rsa(
- RSA_public_key_from_bytes(CBS_data(key), CBS_len(key)));
- if (rsa == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- EVP_PKEY_assign_RSA(out, rsa.release());
- return evp_decode_ok;
-}
-
-static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- // We currently assume that all |EVP_PKEY_RSA_PSS| keys have the same
- // parameters, so this vacuously compares parameters. If we ever support
- // multiple PSS parameter sets, we probably should compare them too. Note,
- // however, that OpenSSL does not compare parameters here.
- const RSA *a_rsa = reinterpret_cast<const RSA *>(a->pkey);
- const RSA *b_rsa = reinterpret_cast<const RSA *>(b->pkey);
- return BN_cmp(RSA_get0_n(b_rsa), RSA_get0_n(a_rsa)) == 0 &&
- BN_cmp(RSA_get0_e(b_rsa), RSA_get0_e(a_rsa)) == 0;
-}
-
-static int rsa_priv_encode(CBB *out, const EVP_PKEY *key) {
- const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
- CBB pkcs8, algorithm, null, private_key;
- if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
- !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_asn1_meth.oid,
- rsa_asn1_meth.oid_len) ||
- !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
- !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
- !RSA_marshal_private_key(&private_key, rsa) || //
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static evp_decode_result_t rsa_priv_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // Per RFC 8017, A.1, the parameters have type NULL.
- CBS null;
- if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 ||
- CBS_len(params) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- bssl::UniquePtr<RSA> rsa(
- RSA_private_key_from_bytes(CBS_data(key), CBS_len(key)));
- if (rsa == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- EVP_PKEY_assign_RSA(out, rsa.release());
- return evp_decode_ok;
-}
-
-static evp_decode_result_t rsa_decode_pss_params(rsa_pss_params_t expected,
- CBS *params) {
- if (CBS_len(params) == 0) {
- return evp_decode_unsupported;
- }
- rsa_pss_params_t pss_params;
- if (!rsa_parse_pss_params(params, &pss_params,
- /*allow_explicit_trailer=*/false) ||
- CBS_len(params) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
- return pss_params == expected ? evp_decode_ok : evp_decode_unsupported;
-}
-
-static int rsa_pub_encode_pss(CBB *out, const EVP_PKEY *key) {
- const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
- CBB spki, algorithm, key_bitstring;
- if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_pss_asn1_meth.oid,
- rsa_pss_asn1_meth.oid_len) ||
- !rsa_marshal_pss_params(&algorithm, rsa->pss_params) ||
- !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
- !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !RSA_marshal_public_key(&key_bitstring, rsa) || //
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static evp_decode_result_t rsa_pub_decode_pss(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- const auto *alg_pss = static_cast<const EVP_PKEY_ALG_RSA_PSS *>(alg);
- evp_decode_result_t ret = rsa_decode_pss_params(alg_pss->pss_params, params);
- if (ret != evp_decode_ok) {
- return ret;
- }
-
- bssl::UniquePtr<RSA> rsa(
- RSA_public_key_from_bytes(CBS_data(key), CBS_len(key)));
- if (rsa == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- rsa->pss_params = alg_pss->pss_params;
- evp_pkey_set0(out, &rsa_pss_asn1_meth, rsa.release());
- return evp_decode_ok;
-}
-
-static int rsa_priv_encode_pss(CBB *out, const EVP_PKEY *key) {
- const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
- CBB pkcs8, algorithm, private_key;
- if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
- !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, rsa_pss_asn1_meth.oid,
- rsa_pss_asn1_meth.oid_len) ||
- !rsa_marshal_pss_params(&algorithm, rsa->pss_params) ||
- !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
- !RSA_marshal_private_key(&private_key, rsa) || //
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static evp_decode_result_t rsa_priv_decode_pss(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- const auto *alg_pss = static_cast<const EVP_PKEY_ALG_RSA_PSS *>(alg);
- evp_decode_result_t ret = rsa_decode_pss_params(alg_pss->pss_params, params);
- if (ret != evp_decode_ok) {
- return ret;
- }
-
- bssl::UniquePtr<RSA> rsa(
- RSA_private_key_from_bytes(CBS_data(key), CBS_len(key)));
- if (rsa == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- rsa->pss_params = alg_pss->pss_params;
- evp_pkey_set0(out, &rsa_pss_asn1_meth, rsa.release());
- return evp_decode_ok;
-}
-
-static int rsa_opaque(const EVP_PKEY *pkey) {
- const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
- return RSA_is_opaque(rsa);
-}
-
-static int int_rsa_size(const EVP_PKEY *pkey) {
- const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
- return RSA_size(rsa);
-}
-
-static int rsa_bits(const EVP_PKEY *pkey) {
- const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
- return RSA_bits(rsa);
-}
-
-static void int_rsa_free(EVP_PKEY *pkey) {
- RSA_free(reinterpret_cast<RSA *>(pkey->pkey));
- pkey->pkey = nullptr;
-}
-
-} // namespace
-
-const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = {
- EVP_PKEY_RSA,
- // 1.2.840.113549.1.1.1
- {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01},
- 9,
-
- &rsa_pkey_meth,
-
- rsa_pub_decode,
- rsa_pub_encode,
- rsa_pub_cmp,
-
- rsa_priv_decode,
- rsa_priv_encode,
-
- /*set_priv_raw=*/nullptr,
- /*set_pub_raw=*/nullptr,
- /*get_priv_raw=*/nullptr,
- /*get_pub_raw=*/nullptr,
- /*set1_tls_encodedpoint=*/nullptr,
- /*get1_tls_encodedpoint=*/nullptr,
-
- rsa_opaque,
-
- int_rsa_size,
- rsa_bits,
-
- /*param_missing=*/nullptr,
- /*param_copy=*/nullptr,
- /*param_cmp=*/nullptr,
-
- int_rsa_free,
-};
-
-const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
- EVP_PKEY_RSA_PSS,
- // 1.2.840.113549.1.1.10
- {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a},
- 9,
-
- &rsa_pss_pkey_meth,
-
- rsa_pub_decode_pss,
- rsa_pub_encode_pss,
- rsa_pub_cmp,
-
- rsa_priv_decode_pss,
- rsa_priv_encode_pss,
-
- /*set_priv_raw=*/nullptr,
- /*set_pub_raw=*/nullptr,
- /*get_priv_raw=*/nullptr,
- /*get_pub_raw=*/nullptr,
- /*set1_tls_encodedpoint=*/nullptr,
- /*get1_tls_encodedpoint=*/nullptr,
-
- rsa_opaque,
-
- int_rsa_size,
- rsa_bits,
-
- /*param_missing=*/nullptr,
- /*param_copy=*/nullptr,
- /*param_cmp=*/nullptr,
-
- int_rsa_free,
-};
-
-
-const EVP_PKEY_ALG *EVP_pkey_rsa(void) {
- static const EVP_PKEY_ALG kAlg = {&rsa_asn1_meth};
- return &kAlg;
-}
-
-const EVP_PKEY_ALG *EVP_pkey_rsa_pss_sha256(void) {
- static const EVP_PKEY_ALG_RSA_PSS kAlg = {{&rsa_pss_asn1_meth},
- rsa_pss_sha256};
- return &kAlg;
-}
-
-const EVP_PKEY_ALG *EVP_pkey_rsa_pss_sha384(void) {
- static const EVP_PKEY_ALG_RSA_PSS kAlg = {{&rsa_pss_asn1_meth},
- rsa_pss_sha384};
- return &kAlg;
-}
-
-const EVP_PKEY_ALG *EVP_pkey_rsa_pss_sha512(void) {
- static const EVP_PKEY_ALG_RSA_PSS kAlg = {{&rsa_pss_asn1_meth},
- rsa_pss_sha512};
- return &kAlg;
-}
-
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) {
- if (EVP_PKEY_assign_RSA(pkey, key)) {
- RSA_up_ref(key);
- return 1;
- }
- return 0;
-}
-
-int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) {
- if (key == nullptr) {
- return 0;
- }
- evp_pkey_set0(pkey, &rsa_asn1_meth, key);
- return 1;
-}
-
-RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {
- int pkey_id = EVP_PKEY_id(pkey);
- if (pkey_id != EVP_PKEY_RSA && pkey_id != EVP_PKEY_RSA_PSS) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY);
- return nullptr;
- }
- return reinterpret_cast<RSA *>(pkey->pkey);
-}
-
-RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) {
- RSA *rsa = EVP_PKEY_get0_RSA(pkey);
- if (rsa != nullptr) {
- RSA_up_ref(rsa);
- }
- return rsa;
-}
diff --git a/crypto/evp/p_x25519.cc b/crypto/evp/p_x25519.cc
index 0fd0881..563a249 100644
--- a/crypto/evp/p_x25519.cc
+++ b/crypto/evp/p_x25519.cc
@@ -14,13 +14,245 @@
#include <openssl/evp.h>
+#include <openssl/bytestring.h>
#include <openssl/curve25519.h>
#include <openssl/err.h>
#include <openssl/mem.h>
+#include "../internal.h"
#include "internal.h"
+typedef struct {
+ uint8_t pub[32];
+ uint8_t priv[32];
+ char has_private;
+} X25519_KEY;
+
+static void x25519_free(EVP_PKEY *pkey) {
+ OPENSSL_free(pkey->pkey);
+ pkey->pkey = nullptr;
+}
+
+static int x25519_set_priv_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
+ if (len != 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ X25519_KEY *key =
+ reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY)));
+ if (key == nullptr) {
+ return 0;
+ }
+
+ OPENSSL_memcpy(key->priv, in, 32);
+ X25519_public_from_private(key->pub, key->priv);
+ key->has_private = 1;
+
+ evp_pkey_set0(pkey, &x25519_asn1_meth, key);
+ return 1;
+}
+
+static int x25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
+ if (len != 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ X25519_KEY *key =
+ reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY)));
+ if (key == nullptr) {
+ return 0;
+ }
+
+ OPENSSL_memcpy(key->pub, in, 32);
+ key->has_private = 0;
+
+ evp_pkey_set0(pkey, &x25519_asn1_meth, key);
+ return 1;
+}
+
+static int x25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out,
+ size_t *out_len) {
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
+ if (!key->has_private) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
+ return 0;
+ }
+
+ if (out == nullptr) {
+ *out_len = 32;
+ return 1;
+ }
+
+ if (*out_len < 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ OPENSSL_memcpy(out, key->priv, 32);
+ *out_len = 32;
+ return 1;
+}
+
+static int x25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out,
+ size_t *out_len) {
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
+ if (out == nullptr) {
+ *out_len = 32;
+ return 1;
+ }
+
+ if (*out_len < 32) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ OPENSSL_memcpy(out, key->pub, 32);
+ *out_len = 32;
+ return 1;
+}
+
+static int x25519_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in,
+ size_t len) {
+ return x25519_set_pub_raw(pkey, in, len);
+}
+
+static size_t x25519_get1_tls_encodedpoint(const EVP_PKEY *pkey,
+ uint8_t **out_ptr) {
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
+ if (key == nullptr) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
+ return 0;
+ }
+
+ *out_ptr = reinterpret_cast<uint8_t *>(OPENSSL_memdup(key->pub, 32));
+ return *out_ptr == nullptr ? 0 : 32;
+}
+
+static evp_decode_result_t x25519_pub_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // See RFC 8410, section 4.
+
+ // The parameters must be omitted. Public keys have length 32.
+ if (CBS_len(params) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ return x25519_set_pub_raw(out, CBS_data(key), CBS_len(key))
+ ? evp_decode_ok
+ : evp_decode_error;
+}
+
+static int x25519_pub_encode(CBB *out, const EVP_PKEY *pkey) {
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
+
+ // See RFC 8410, section 4.
+ CBB spki, algorithm, key_bitstring;
+ if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, x25519_asn1_meth.oid,
+ x25519_asn1_meth.oid_len) ||
+ !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
+ !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
+ !CBB_add_bytes(&key_bitstring, key->pub, 32) || //
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int x25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
+ const X25519_KEY *a_key = reinterpret_cast<const X25519_KEY *>(a->pkey);
+ const X25519_KEY *b_key = reinterpret_cast<const X25519_KEY *>(b->pkey);
+ return OPENSSL_memcmp(a_key->pub, b_key->pub, 32) == 0;
+}
+
+static evp_decode_result_t x25519_priv_decode(const EVP_PKEY_ALG *alg,
+ EVP_PKEY *out, CBS *params,
+ CBS *key) {
+ // See RFC 8410, section 7.
+
+ // Parameters must be empty. The key is a 32-byte value wrapped in an extra
+ // OCTET STRING layer.
+ CBS inner;
+ if (CBS_len(params) != 0 ||
+ !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+ return evp_decode_error;
+ }
+
+ return x25519_set_priv_raw(out, CBS_data(&inner), CBS_len(&inner))
+ ? evp_decode_ok
+ : evp_decode_error;
+}
+
+static int x25519_priv_encode(CBB *out, const EVP_PKEY *pkey) {
+ const X25519_KEY *key = reinterpret_cast<const X25519_KEY *>(pkey->pkey);
+ if (!key->has_private) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
+ return 0;
+ }
+
+ // See RFC 8410, section 7.
+ CBB pkcs8, algorithm, private_key, inner;
+ if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
+ !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, x25519_asn1_meth.oid,
+ x25519_asn1_meth.oid_len) ||
+ !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
+ !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) ||
+ // The PKCS#8 encoding stores only the 32-byte seed which is the first 32
+ // bytes of the private key.
+ !CBB_add_bytes(&inner, key->priv, 32) || //
+ !CBB_flush(out)) {
+ OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int x25519_size(const EVP_PKEY *pkey) { return 32; }
+
+static int x25519_bits(const EVP_PKEY *pkey) { return 253; }
+
+const EVP_PKEY_ASN1_METHOD x25519_asn1_meth = {
+ EVP_PKEY_X25519,
+ {0x2b, 0x65, 0x6e},
+ 3,
+ &x25519_pkey_meth,
+ x25519_pub_decode,
+ x25519_pub_encode,
+ x25519_pub_cmp,
+ x25519_priv_decode,
+ x25519_priv_encode,
+ x25519_set_priv_raw,
+ x25519_set_pub_raw,
+ x25519_get_priv_raw,
+ x25519_get_pub_raw,
+ x25519_set1_tls_encodedpoint,
+ x25519_get1_tls_encodedpoint,
+ /*pkey_opaque=*/nullptr,
+ x25519_size,
+ x25519_bits,
+ /*param_missing=*/nullptr,
+ /*param_copy=*/nullptr,
+ /*param_cmp=*/nullptr,
+ x25519_free,
+};
+
+const EVP_PKEY_ALG *EVP_pkey_x25519(void) {
+ static const EVP_PKEY_ALG kAlg = {&x25519_asn1_meth};
+ return &kAlg;
+}
+
// X25519 has no parameters to copy.
static int pkey_x25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; }
diff --git a/crypto/evp/p_x25519_asn1.cc b/crypto/evp/p_x25519_asn1.cc
deleted file mode 100644
index 62ef92c..0000000
--- a/crypto/evp/p_x25519_asn1.cc
+++ /dev/null
@@ -1,248 +0,0 @@
-// Copyright 2019 The BoringSSL Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <openssl/evp.h>
-
-#include <openssl/bytestring.h>
-#include <openssl/curve25519.h>
-#include <openssl/err.h>
-#include <openssl/mem.h>
-
-#include "../internal.h"
-#include "internal.h"
-
-
-static void x25519_free(EVP_PKEY *pkey) {
- OPENSSL_free(pkey->pkey);
- pkey->pkey = nullptr;
-}
-
-static int x25519_set_priv_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
- if (len != 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return 0;
- }
-
- X25519_KEY *key =
- reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY)));
- if (key == nullptr) {
- return 0;
- }
-
- OPENSSL_memcpy(key->priv, in, 32);
- X25519_public_from_private(key->pub, key->priv);
- key->has_private = 1;
-
- evp_pkey_set0(pkey, &x25519_asn1_meth, key);
- return 1;
-}
-
-static int x25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) {
- if (len != 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return 0;
- }
-
- X25519_KEY *key =
- reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY)));
- if (key == nullptr) {
- return 0;
- }
-
- OPENSSL_memcpy(key->pub, in, 32);
- key->has_private = 0;
-
- evp_pkey_set0(pkey, &x25519_asn1_meth, key);
- return 1;
-}
-
-static int x25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out,
- size_t *out_len) {
- const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
- if (!key->has_private) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
- return 0;
- }
-
- if (out == nullptr) {
- *out_len = 32;
- return 1;
- }
-
- if (*out_len < 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
- return 0;
- }
-
- OPENSSL_memcpy(out, key->priv, 32);
- *out_len = 32;
- return 1;
-}
-
-static int x25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out,
- size_t *out_len) {
- const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
- if (out == nullptr) {
- *out_len = 32;
- return 1;
- }
-
- if (*out_len < 32) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
- return 0;
- }
-
- OPENSSL_memcpy(out, key->pub, 32);
- *out_len = 32;
- return 1;
-}
-
-static int x25519_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in,
- size_t len) {
- return x25519_set_pub_raw(pkey, in, len);
-}
-
-static size_t x25519_get1_tls_encodedpoint(const EVP_PKEY *pkey,
- uint8_t **out_ptr) {
- const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
- if (key == nullptr) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
- return 0;
- }
-
- *out_ptr = reinterpret_cast<uint8_t *>(OPENSSL_memdup(key->pub, 32));
- return *out_ptr == nullptr ? 0 : 32;
-}
-
-static evp_decode_result_t x25519_pub_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // See RFC 8410, section 4.
-
- // The parameters must be omitted. Public keys have length 32.
- if (CBS_len(params) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- return x25519_set_pub_raw(out, CBS_data(key), CBS_len(key))
- ? evp_decode_ok
- : evp_decode_error;
-}
-
-static int x25519_pub_encode(CBB *out, const EVP_PKEY *pkey) {
- const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
-
- // See RFC 8410, section 4.
- CBB spki, algorithm, key_bitstring;
- if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, x25519_asn1_meth.oid,
- x25519_asn1_meth.oid_len) ||
- !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
- !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !CBB_add_bytes(&key_bitstring, key->pub, 32) || //
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static int x25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const X25519_KEY *a_key = reinterpret_cast<const X25519_KEY *>(a->pkey);
- const X25519_KEY *b_key = reinterpret_cast<const X25519_KEY *>(b->pkey);
- return OPENSSL_memcmp(a_key->pub, b_key->pub, 32) == 0;
-}
-
-static evp_decode_result_t x25519_priv_decode(const EVP_PKEY_ALG *alg,
- EVP_PKEY *out, CBS *params,
- CBS *key) {
- // See RFC 8410, section 7.
-
- // Parameters must be empty. The key is a 32-byte value wrapped in an extra
- // OCTET STRING layer.
- CBS inner;
- if (CBS_len(params) != 0 ||
- !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- return evp_decode_error;
- }
-
- return x25519_set_priv_raw(out, CBS_data(&inner), CBS_len(&inner))
- ? evp_decode_ok
- : evp_decode_error;
-}
-
-static int x25519_priv_encode(CBB *out, const EVP_PKEY *pkey) {
- const X25519_KEY *key = reinterpret_cast<const X25519_KEY *>(pkey->pkey);
- if (!key->has_private) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
- return 0;
- }
-
- // See RFC 8410, section 7.
- CBB pkcs8, algorithm, private_key, inner;
- if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
- !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, x25519_asn1_meth.oid,
- x25519_asn1_meth.oid_len) ||
- !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
- !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) ||
- // The PKCS#8 encoding stores only the 32-byte seed which is the first 32
- // bytes of the private key.
- !CBB_add_bytes(&inner, key->priv, 32) || //
- !CBB_flush(out)) {
- OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-static int x25519_size(const EVP_PKEY *pkey) { return 32; }
-
-static int x25519_bits(const EVP_PKEY *pkey) { return 253; }
-
-const EVP_PKEY_ASN1_METHOD x25519_asn1_meth = {
- EVP_PKEY_X25519,
- {0x2b, 0x65, 0x6e},
- 3,
- &x25519_pkey_meth,
- x25519_pub_decode,
- x25519_pub_encode,
- x25519_pub_cmp,
- x25519_priv_decode,
- x25519_priv_encode,
- x25519_set_priv_raw,
- x25519_set_pub_raw,
- x25519_get_priv_raw,
- x25519_get_pub_raw,
- x25519_set1_tls_encodedpoint,
- x25519_get1_tls_encodedpoint,
- /*pkey_opaque=*/nullptr,
- x25519_size,
- x25519_bits,
- /*param_missing=*/nullptr,
- /*param_copy=*/nullptr,
- /*param_cmp=*/nullptr,
- x25519_free,
-};
-
-const EVP_PKEY_ALG *EVP_pkey_x25519(void) {
- static const EVP_PKEY_ALG kAlg = {&x25519_asn1_meth};
- return &kAlg;
-}
diff --git a/gen/sources.bzl b/gen/sources.bzl
index f96c087..c27f2ee 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -360,17 +360,12 @@
"crypto/evp/evp_asn1.cc",
"crypto/evp/evp_ctx.cc",
"crypto/evp/p_dh.cc",
- "crypto/evp/p_dh_asn1.cc",
- "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_dsa.cc",
"crypto/evp/p_ec.cc",
- "crypto/evp/p_ec_asn1.cc",
"crypto/evp/p_ed25519.cc",
- "crypto/evp/p_ed25519_asn1.cc",
"crypto/evp/p_hkdf.cc",
"crypto/evp/p_rsa.cc",
- "crypto/evp/p_rsa_asn1.cc",
"crypto/evp/p_x25519.cc",
- "crypto/evp/p_x25519_asn1.cc",
"crypto/evp/pbkdf.cc",
"crypto/evp/print.cc",
"crypto/evp/scrypt.cc",
diff --git a/gen/sources.cmake b/gen/sources.cmake
index d149c36..8d2c7b8 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -374,17 +374,12 @@
crypto/evp/evp_asn1.cc
crypto/evp/evp_ctx.cc
crypto/evp/p_dh.cc
- crypto/evp/p_dh_asn1.cc
- crypto/evp/p_dsa_asn1.cc
+ crypto/evp/p_dsa.cc
crypto/evp/p_ec.cc
- crypto/evp/p_ec_asn1.cc
crypto/evp/p_ed25519.cc
- crypto/evp/p_ed25519_asn1.cc
crypto/evp/p_hkdf.cc
crypto/evp/p_rsa.cc
- crypto/evp/p_rsa_asn1.cc
crypto/evp/p_x25519.cc
- crypto/evp/p_x25519_asn1.cc
crypto/evp/pbkdf.cc
crypto/evp/print.cc
crypto/evp/scrypt.cc
diff --git a/gen/sources.gni b/gen/sources.gni
index b14ee29..7c5032a 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -360,17 +360,12 @@
"crypto/evp/evp_asn1.cc",
"crypto/evp/evp_ctx.cc",
"crypto/evp/p_dh.cc",
- "crypto/evp/p_dh_asn1.cc",
- "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_dsa.cc",
"crypto/evp/p_ec.cc",
- "crypto/evp/p_ec_asn1.cc",
"crypto/evp/p_ed25519.cc",
- "crypto/evp/p_ed25519_asn1.cc",
"crypto/evp/p_hkdf.cc",
"crypto/evp/p_rsa.cc",
- "crypto/evp/p_rsa_asn1.cc",
"crypto/evp/p_x25519.cc",
- "crypto/evp/p_x25519_asn1.cc",
"crypto/evp/pbkdf.cc",
"crypto/evp/print.cc",
"crypto/evp/scrypt.cc",
diff --git a/gen/sources.json b/gen/sources.json
index 39141a5..a88a603 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -344,17 +344,12 @@
"crypto/evp/evp_asn1.cc",
"crypto/evp/evp_ctx.cc",
"crypto/evp/p_dh.cc",
- "crypto/evp/p_dh_asn1.cc",
- "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_dsa.cc",
"crypto/evp/p_ec.cc",
- "crypto/evp/p_ec_asn1.cc",
"crypto/evp/p_ed25519.cc",
- "crypto/evp/p_ed25519_asn1.cc",
"crypto/evp/p_hkdf.cc",
"crypto/evp/p_rsa.cc",
- "crypto/evp/p_rsa_asn1.cc",
"crypto/evp/p_x25519.cc",
- "crypto/evp/p_x25519_asn1.cc",
"crypto/evp/pbkdf.cc",
"crypto/evp/print.cc",
"crypto/evp/scrypt.cc",
diff --git a/gen/sources.mk b/gen/sources.mk
index f6d7f79..b0e8ca0 100644
--- a/gen/sources.mk
+++ b/gen/sources.mk
@@ -354,17 +354,12 @@
crypto/evp/evp_asn1.cc \
crypto/evp/evp_ctx.cc \
crypto/evp/p_dh.cc \
- crypto/evp/p_dh_asn1.cc \
- crypto/evp/p_dsa_asn1.cc \
+ crypto/evp/p_dsa.cc \
crypto/evp/p_ec.cc \
- crypto/evp/p_ec_asn1.cc \
crypto/evp/p_ed25519.cc \
- crypto/evp/p_ed25519_asn1.cc \
crypto/evp/p_hkdf.cc \
crypto/evp/p_rsa.cc \
- crypto/evp/p_rsa_asn1.cc \
crypto/evp/p_x25519.cc \
- crypto/evp/p_x25519_asn1.cc \
crypto/evp/pbkdf.cc \
crypto/evp/print.cc \
crypto/evp/scrypt.cc \
