kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
4677 Коміти
12 Гілки
38 MiB
Дерево: 01f26f3f32
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '01f26f3f32'
${ noResults }
boringssl/crypto/evp/p_dsa_asn1.c

p_dsa_asn1.c 7.7 KiB
Неформатований Звичайний вигляд Історія

Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Use BN_mod_exp_mont_consttime in dsa_priv_decode. The exponent is secret, so we should be using the consttime variant. See also upstream's f9cbf470180841966338db1f4c28d99ec4debec4. Change-Id: I233d4223ded5b80711d7c8f906e3579c36b24cd0 Reviewed-on: https://boringssl-review.googlesource.com/20924 Reviewed-by: Adam Langley <agl@google.com>
7 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 роки тому
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 роки тому
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 роки тому
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 роки тому
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268 
  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  2.  * 2006.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/evp.h>

  57. 

  58. #include <openssl/digest.h>

  59. #include <openssl/bn.h>

  60. #include <openssl/bytestring.h>

  61. #include <openssl/dsa.h>

  62. #include <openssl/err.h>

  63. 

  64. #include "internal.h"

  65. 

  66. 

  67. static int dsa_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {

  68.   // See RFC 3279, section 2.3.2.

  69. 

  70.   // Parameters may or may not be present.

  71.   DSA *dsa;

  72.   if (CBS_len(params) == 0) {

  73.     dsa = DSA_new();

  74.     if (dsa == NULL) {

  75.       return 0;

  76.     }

  77.   } else {

  78.     dsa = DSA_parse_parameters(params);

  79.     if (dsa == NULL || CBS_len(params) != 0) {

  80.       OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  81.       goto err;

  82.     }

  83.   }

  84. 

  85.   dsa->pub_key = BN_new();

  86.   if (dsa->pub_key == NULL) {

  87.     goto err;

  88.   }

  89. 

  90.   if (!BN_parse_asn1_unsigned(key, dsa->pub_key) ||

  91.       CBS_len(key) != 0) {

  92.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  93.     goto err;

  94.   }

  95. 

  96.   EVP_PKEY_assign_DSA(out, dsa);

  97.   return 1;

  98. 

  99. err:

  100.   DSA_free(dsa);

  101.   return 0;

  102. }

  103. 

  104. static int dsa_pub_encode(CBB *out, const EVP_PKEY *key) {

  105.   const DSA *dsa = key->pkey.dsa;

  106.   const int has_params = dsa->p != NULL && dsa->q != NULL && dsa->g != NULL;

  107. 

  108.   // See RFC 5480, section 2.

  109.   CBB spki, algorithm, oid, key_bitstring;

  110.   if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||

  111.       !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||

  112.       !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||

  113.       !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) ||

  114.       (has_params &&

  115.        !DSA_marshal_parameters(&algorithm, dsa)) ||

  116.       !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||

  117.       !CBB_add_u8(&key_bitstring, 0 /* padding */) ||

  118.       !BN_marshal_asn1(&key_bitstring, dsa->pub_key) ||

  119.       !CBB_flush(out)) {

  120.     OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);

  121.     return 0;

  122.   }

  123. 

  124.   return 1;

  125. }

  126. 

  127. static int dsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) {

  128.   // See PKCS#11, v2.40, section 2.5.

  129. 

  130.   // Decode parameters.

  131.   BN_CTX *ctx = NULL;

  132.   DSA *dsa = DSA_parse_parameters(params);

  133.   if (dsa == NULL || CBS_len(params) != 0) {

  134.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  135.     goto err;

  136.   }

  137. 

  138.   dsa->priv_key = BN_new();

  139.   dsa->pub_key = BN_new();

  140.   if (dsa->priv_key == NULL || dsa->pub_key == NULL) {

  141.     goto err;

  142.   }

  143. 

  144.   // Decode the key.

  145.   if (!BN_parse_asn1_unsigned(key, dsa->priv_key) ||

  146.       CBS_len(key) != 0) {

  147.     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);

  148.     goto err;

  149.   }

  150. 

  151.   // Calculate the public key.

  152.   ctx = BN_CTX_new();

  153.   if (ctx == NULL ||

  154.       !BN_mod_exp_mont_consttime(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p,

  155.                                  ctx, NULL)) {

  156.     goto err;

  157.   }

  158. 

  159.   BN_CTX_free(ctx);

  160.   EVP_PKEY_assign_DSA(out, dsa);

  161.   return 1;

  162. 

  163. err:

  164.   BN_CTX_free(ctx);

  165.   DSA_free(dsa);

  166.   return 0;

  167. }

  168. 

  169. static int dsa_priv_encode(CBB *out, const EVP_PKEY *key) {

  170.   const DSA *dsa = key->pkey.dsa;

  171.   if (dsa == NULL || dsa->priv_key == NULL) {

  172.     OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);

  173.     return 0;

  174.   }

  175. 

  176.   // See PKCS#11, v2.40, section 2.5.

  177.   CBB pkcs8, algorithm, oid, private_key;

  178.   if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||

  179.       !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||

  180.       !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||

  181.       !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||

  182.       !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) ||

  183.       !DSA_marshal_parameters(&algorithm, dsa) ||

  184.       !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||

  185.       !BN_marshal_asn1(&private_key, dsa->priv_key) ||

  186.       !CBB_flush(out)) {

  187.     OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);

  188.     return 0;

  189.   }

  190. 

  191.   return 1;

  192. }

  193. 

  194. static int int_dsa_size(const EVP_PKEY *pkey) {

  195.   return DSA_size(pkey->pkey.dsa);

  196. }

  197. 

  198. static int dsa_bits(const EVP_PKEY *pkey) {

  199.   return BN_num_bits(pkey->pkey.dsa->p);

  200. }

  201. 

  202. static int dsa_missing_parameters(const EVP_PKEY *pkey) {

  203.   DSA *dsa;

  204.   dsa = pkey->pkey.dsa;

  205.   if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {

  206.     return 1;

  207.   }

  208.   return 0;

  209. }

  210. 

  211. static int dup_bn_into(BIGNUM **out, BIGNUM *src) {

  212.   BIGNUM *a;

  213. 

  214.   a = BN_dup(src);

  215.   if (a == NULL) {

  216.     return 0;

  217.   }

  218.   BN_free(*out);

  219.   *out = a;

  220. 

  221.   return 1;

  222. }

  223. 

  224. static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {

  225.   if (!dup_bn_into(&to->pkey.dsa->p, from->pkey.dsa->p) ||

  226.       !dup_bn_into(&to->pkey.dsa->q, from->pkey.dsa->q) ||

  227.       !dup_bn_into(&to->pkey.dsa->g, from->pkey.dsa->g)) {

  228.     return 0;

  229.   }

  230. 

  231.   return 1;

  232. }

  233. 

  234. static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {

  235.   return BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) == 0 &&

  236.          BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) == 0 &&

  237.          BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g) == 0;

  238. }

  239. 

  240. static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {

  241.   return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0;

  242. }

  243. 

  244. static void int_dsa_free(EVP_PKEY *pkey) { DSA_free(pkey->pkey.dsa); }

  245. 

  246. const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = {

  247.   EVP_PKEY_DSA,

  248.   // 1.2.840.10040.4.1

  249.   {0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x01}, 7,

  250. 

  251.   dsa_pub_decode,

  252.   dsa_pub_encode,

  253.   dsa_pub_cmp,

  254. 

  255.   dsa_priv_decode,

  256.   dsa_priv_encode,

  257. 

  258.   NULL /* pkey_opaque */,

  259. 

  260.   int_dsa_size,

  261.   dsa_bits,

  262. 

  263.   dsa_missing_parameters,

  264.   dsa_copy_parameters,

  265.   dsa_cmp_parameters,

  266. 

  267.   int_dsa_free,

  268. };