kris
/
boringssl
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
1538 提交
12 分支
38 MiB
目录树: 705076ac91
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '705076ac91'
${ noResults }
boringssl/crypto/evp/p_dsa_asn1.c

p_dsa_asn1.c 15 KiB
原始文件 普通视图 文件历史

Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Change-Id: Id5ea49fc43aacfd1d348b2a230c9745484bed852 Reviewed-on: https://boringssl-review.googlesource.com/5174 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Change-Id: Id5ea49fc43aacfd1d348b2a230c9745484bed852 Reviewed-on: https://boringssl-review.googlesource.com/5174 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Change-Id: Id5ea49fc43aacfd1d348b2a230c9745484bed852 Reviewed-on: https://boringssl-review.googlesource.com/5174 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Change-Id: Id5ea49fc43aacfd1d348b2a230c9745484bed852 Reviewed-on: https://boringssl-review.googlesource.com/5174 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
Remove unnecessary NULL checks, part 3. Finish up the e's. Change-Id: Iabb8da000fbca6efee541edb469b90896f60d54b Reviewed-on: https://boringssl-review.googlesource.com/4516 Reviewed-by: Adam Langley <agl@google.com>
9 年前
Add DSA support to EVP. Sadly, it turns out that we have need of this, at least for now. The code is taken from upstream and changed only as much as needed. This only imports keys and doesn't know how to actually perform operations on them for now. Change-Id: I0db70fb938186cb7a91d03f068b386c59ed90b84
9 年前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585 
  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  2.  * 2006.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/evp.h>

  57. 

  58. #include <openssl/asn1.h>

  59. #include <openssl/asn1t.h>

  60. #include <openssl/digest.h>

  61. #include <openssl/dsa.h>

  62. #include <openssl/err.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. #include <openssl/x509.h>

  66. 

  67. #include "../dsa/internal.h"

  68. #include "internal.h"

  69. 

  70. 

  71. static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) {

  72.   const uint8_t *p, *pm;

  73.   int pklen, pmlen;

  74.   int ptype;

  75.   void *pval;

  76.   ASN1_STRING *pstr;

  77.   X509_ALGOR *palg;

  78.   ASN1_INTEGER *public_key = NULL;

  79. 

  80.   DSA *dsa = NULL;

  81. 

  82.   if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) {

  83.     return 0;

  84.   }

  85.   X509_ALGOR_get0(NULL, &ptype, &pval, palg);

  86. 

  87.   if (ptype == V_ASN1_SEQUENCE) {

  88.     pstr = pval;

  89.     pm = pstr->data;

  90.     pmlen = pstr->length;

  91. 

  92.     dsa = d2i_DSAparams(NULL, &pm, pmlen);

  93.     if (dsa == NULL) {

  94.       OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_DECODE_ERROR);

  95.       goto err;

  96.     }

  97.   } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {

  98.     dsa = DSA_new();

  99.     if (dsa == NULL) {

  100.       OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, ERR_R_MALLOC_FAILURE);

  101.       goto err;

  102.     }

  103.   } else {

  104.     OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_PARAMETER_ENCODING_ERROR);

  105.     goto err;

  106.   }

  107. 

  108.   public_key = d2i_ASN1_INTEGER(NULL, &p, pklen);

  109.   if (public_key == NULL) {

  110.     OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_DECODE_ERROR);

  111.     goto err;

  112.   }

  113. 

  114.   dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL);

  115.   if (dsa->pub_key == NULL) {

  116.     OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_BN_DECODE_ERROR);

  117.     goto err;

  118.   }

  119. 

  120.   ASN1_INTEGER_free(public_key);

  121.   EVP_PKEY_assign_DSA(pkey, dsa);

  122.   return 1;

  123. 

  124. err:

  125.   ASN1_INTEGER_free(public_key);

  126.   DSA_free(dsa);

  127.   return 0;

  128. }

  129. 

  130. static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) {

  131.   DSA *dsa;

  132.   ASN1_STRING *pval = NULL;

  133.   uint8_t *penc = NULL;

  134.   int penclen;

  135. 

  136.   dsa = pkey->pkey.dsa;

  137.   dsa->write_params = 0;

  138. 

  139.   int ptype;

  140.   if (dsa->p && dsa->q && dsa->g) {

  141.     pval = ASN1_STRING_new();

  142.     if (!pval) {

  143.       OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE);

  144.       goto err;

  145.     }

  146.     pval->length = i2d_DSAparams(dsa, &pval->data);

  147.     if (pval->length <= 0) {

  148.       OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE);

  149.       goto err;

  150.     }

  151.     ptype = V_ASN1_SEQUENCE;

  152.   } else {

  153.     ptype = V_ASN1_UNDEF;

  154.   }

  155. 

  156.   penclen = i2d_DSAPublicKey(dsa, &penc);

  157.   if (penclen <= 0) {

  158.     OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE);

  159.     goto err;

  160.   }

  161. 

  162.   if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,

  163.                              penc, penclen)) {

  164.     return 1;

  165.   }

  166. 

  167. err:

  168.   OPENSSL_free(penc);

  169.   ASN1_STRING_free(pval);

  170. 

  171.   return 0;

  172. }

  173. 

  174. static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) {

  175.   const uint8_t *p, *pm;

  176.   int pklen, pmlen;

  177.   int ptype;

  178.   void *pval;

  179.   ASN1_STRING *pstr;

  180.   X509_ALGOR *palg;

  181.   ASN1_INTEGER *privkey = NULL;

  182.   BN_CTX *ctx = NULL;

  183. 

  184.   /* In PKCS#8 DSA: you just get a private key integer and parameters in the

  185.    * AlgorithmIdentifier the pubkey must be recalculated. */

  186. 

  187.   STACK_OF(ASN1_TYPE) *ndsa = NULL;

  188.   DSA *dsa = NULL;

  189. 

  190.   if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) {

  191.     return 0;

  192.   }

  193.   X509_ALGOR_get0(NULL, &ptype, &pval, palg);

  194. 

  195.   /* Check for broken DSA PKCS#8, UGH! */

  196.   if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {

  197.     ASN1_TYPE *t1, *t2;

  198.     ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen);

  199.     if (ndsa == NULL) {

  200.       goto decerr;

  201.     }

  202.     if (sk_ASN1_TYPE_num(ndsa) != 2) {

  203.       goto decerr;

  204.     }

  205. 

  206.     /* Handle Two broken types:

  207.      * SEQUENCE {parameters, priv_key}

  208.      * SEQUENCE {pub_key, priv_key}. */

  209. 

  210.     t1 = sk_ASN1_TYPE_value(ndsa, 0);

  211.     t2 = sk_ASN1_TYPE_value(ndsa, 1);

  212.     if (t1->type == V_ASN1_SEQUENCE) {

  213.       p8->broken = PKCS8_EMBEDDED_PARAM;

  214.       pval = t1->value.ptr;

  215.     } else if (ptype == V_ASN1_SEQUENCE) {

  216.       p8->broken = PKCS8_NS_DB;

  217.     } else {

  218.       goto decerr;

  219.     }

  220. 

  221.     if (t2->type != V_ASN1_INTEGER) {

  222.       goto decerr;

  223.     }

  224. 

  225.     privkey = t2->value.integer;

  226.   } else {

  227.     const uint8_t *q = p;

  228.     privkey = d2i_ASN1_INTEGER(NULL, &p, pklen);

  229.     if (privkey == NULL) {

  230.       goto decerr;

  231.     }

  232.     if (privkey->type == V_ASN1_NEG_INTEGER) {

  233.       p8->broken = PKCS8_NEG_PRIVKEY;

  234.       ASN1_INTEGER_free(privkey);

  235.       privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen);

  236.       if (privkey == NULL) {

  237.         goto decerr;

  238.       }

  239.     }

  240.     if (ptype != V_ASN1_SEQUENCE) {

  241.       goto decerr;

  242.     }

  243.   }

  244. 

  245.   pstr = pval;

  246.   pm = pstr->data;

  247.   pmlen = pstr->length;

  248.   dsa = d2i_DSAparams(NULL, &pm, pmlen);

  249.   if (dsa == NULL) {

  250.     goto decerr;

  251.   }

  252.   /* We have parameters. Now set private key */

  253.   dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL);

  254.   if (dsa->priv_key == NULL) {

  255.     OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_LIB_BN);

  256.     goto dsaerr;

  257.   }

  258.   /* Calculate public key. */

  259.   dsa->pub_key = BN_new();

  260.   if (dsa->pub_key == NULL) {

  261.     OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_R_MALLOC_FAILURE);

  262.     goto dsaerr;

  263.   }

  264.   ctx = BN_CTX_new();

  265.   if (ctx == NULL) {

  266.     OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_R_MALLOC_FAILURE);

  267.     goto dsaerr;

  268.   }

  269. 

  270.   if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {

  271.     OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_LIB_BN);

  272.     goto dsaerr;

  273.   }

  274. 

  275.   EVP_PKEY_assign_DSA(pkey, dsa);

  276.   BN_CTX_free(ctx);

  277.   sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

  278.   ASN1_INTEGER_free(privkey);

  279. 

  280.   return 1;

  281. 

  282. decerr:

  283.   OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, EVP_R_DECODE_ERROR);

  284. 

  285. dsaerr:

  286.   BN_CTX_free(ctx);

  287.   ASN1_INTEGER_free(privkey);

  288.   sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

  289.   DSA_free(dsa);

  290.   return 0;

  291. }

  292. 

  293. static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) {

  294.   ASN1_STRING *params = NULL;

  295.   ASN1_INTEGER *prkey = NULL;

  296.   uint8_t *dp = NULL;

  297.   int dplen;

  298. 

  299.   if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {

  300.     OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, EVP_R_MISSING_PARAMETERS);

  301.     goto err;

  302.   }

  303. 

  304.   params = ASN1_STRING_new();

  305.   if (!params) {

  306.     OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_R_MALLOC_FAILURE);

  307.     goto err;

  308.   }

  309. 

  310.   params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);

  311.   if (params->length <= 0) {

  312.     OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_R_MALLOC_FAILURE);

  313.     goto err;

  314.   }

  315.   params->type = V_ASN1_SEQUENCE;

  316. 

  317.   /* Get private key into integer. */

  318.   prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);

  319. 

  320.   if (!prkey) {

  321.     OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_LIB_BN);

  322.     goto err;

  323.   }

  324. 

  325.   dplen = i2d_ASN1_INTEGER(prkey, &dp);

  326. 

  327.   ASN1_INTEGER_free(prkey);

  328. 

  329.   if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_dsa), 0,

  330.                        V_ASN1_SEQUENCE, params, dp, dplen)) {

  331.     goto err;

  332.   }

  333. 

  334.   return 1;

  335. 

  336. err:

  337.   OPENSSL_free(dp);

  338.   ASN1_STRING_free(params);

  339.   ASN1_INTEGER_free(prkey);

  340.   return 0;

  341. }

  342. 

  343. static int int_dsa_size(const EVP_PKEY *pkey) {

  344.   return DSA_size(pkey->pkey.dsa);

  345. }

  346. 

  347. static int dsa_bits(const EVP_PKEY *pkey) {

  348.   return BN_num_bits(pkey->pkey.dsa->p);

  349. }

  350. 

  351. static int dsa_missing_parameters(const EVP_PKEY *pkey) {

  352.   DSA *dsa;

  353.   dsa = pkey->pkey.dsa;

  354.   if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {

  355.     return 1;

  356.   }

  357.   return 0;

  358. }

  359. 

  360. static int dup_bn_into(BIGNUM **out, BIGNUM *src) {

  361.   BIGNUM *a;

  362. 

  363.   a = BN_dup(src);

  364.   if (a == NULL) {

  365.     return 0;

  366.   }

  367.   BN_free(*out);

  368.   *out = a;

  369. 

  370.   return 1;

  371. }

  372. 

  373. static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {

  374.   if (!dup_bn_into(&to->pkey.dsa->p, from->pkey.dsa->p) ||

  375.       !dup_bn_into(&to->pkey.dsa->q, from->pkey.dsa->q) ||

  376.       !dup_bn_into(&to->pkey.dsa->g, from->pkey.dsa->g)) {

  377.     return 0;

  378.   }

  379. 

  380.   return 1;

  381. }

  382. 

  383. static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {

  384.   return BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) == 0 &&

  385.          BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) == 0 &&

  386.          BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g) == 0;

  387. }

  388. 

  389. static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {

  390.   return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0;

  391. }

  392. 

  393. static void int_dsa_free(EVP_PKEY *pkey) { DSA_free(pkey->pkey.dsa); }

  394. 

  395. static void update_buflen(const BIGNUM *b, size_t *pbuflen) {

  396.   size_t i;

  397. 

  398.   if (!b) {

  399.     return;

  400.   }

  401.   i = BN_num_bytes(b);

  402.   if (*pbuflen < i) {

  403.     *pbuflen = i;

  404.   }

  405. }

  406. 

  407. static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) {

  408.   uint8_t *m = NULL;

  409.   int ret = 0;

  410.   size_t buf_len = 0;

  411.   const char *ktype = NULL;

  412. 

  413.   const BIGNUM *priv_key, *pub_key;

  414. 

  415.   priv_key = NULL;

  416.   if (ptype == 2) {

  417.     priv_key = x->priv_key;

  418.   }

  419. 

  420.   pub_key = NULL;

  421.   if (ptype > 0) {

  422.     pub_key = x->pub_key;

  423.   }

  424. 

  425.   ktype = "DSA-Parameters";

  426.   if (ptype == 2) {

  427.     ktype = "Private-Key";

  428.   } else if (ptype == 1) {

  429.     ktype = "Public-Key";

  430.   }

  431. 

  432.   update_buflen(x->p, &buf_len);

  433.   update_buflen(x->q, &buf_len);

  434.   update_buflen(x->g, &buf_len);

  435.   update_buflen(priv_key, &buf_len);

  436.   update_buflen(pub_key, &buf_len);

  437. 

  438.   m = (uint8_t *)OPENSSL_malloc(buf_len + 10);

  439.   if (m == NULL) {

  440.     OPENSSL_PUT_ERROR(EVP, do_dsa_print, ERR_R_MALLOC_FAILURE);

  441.     goto err;

  442.   }

  443. 

  444.   if (priv_key) {

  445.     if (!BIO_indent(bp, off, 128) ||

  446.         BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) {

  447.       goto err;

  448.     }

  449.   }

  450. 

  451.   if (!ASN1_bn_print(bp, "priv:", priv_key, m, off) ||

  452.       !ASN1_bn_print(bp, "pub: ", pub_key, m, off) ||

  453.       !ASN1_bn_print(bp, "P:   ", x->p, m, off) ||

  454.       !ASN1_bn_print(bp, "Q:   ", x->q, m, off) ||

  455.       !ASN1_bn_print(bp, "G:   ", x->g, m, off)) {

  456.     goto err;

  457.   }

  458.   ret = 1;

  459. 

  460. err:

  461.   OPENSSL_free(m);

  462.   return ret;

  463. }

  464. 

  465. static int dsa_param_decode(EVP_PKEY *pkey, const uint8_t **pder, int derlen) {

  466.   DSA *dsa;

  467.   dsa = d2i_DSAparams(NULL, pder, derlen);

  468.   if (dsa == NULL) {

  469.     OPENSSL_PUT_ERROR(EVP, dsa_param_decode, ERR_R_DSA_LIB);

  470.     return 0;

  471.   }

  472.   EVP_PKEY_assign_DSA(pkey, dsa);

  473.   return 1;

  474. }

  475. 

  476. static int dsa_param_encode(const EVP_PKEY *pkey, uint8_t **pder) {

  477.   return i2d_DSAparams(pkey->pkey.dsa, pder);

  478. }

  479. 

  480. static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,

  481.                            ASN1_PCTX *ctx) {

  482.   return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);

  483. }

  484. 

  485. static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,

  486.                          ASN1_PCTX *ctx) {

  487.   return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);

  488. }

  489. 

  490. static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,

  491.                           ASN1_PCTX *ctx) {

  492.   return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);

  493. }

  494. 

  495. static int old_dsa_priv_decode(EVP_PKEY *pkey, const uint8_t **pder,

  496.                                int derlen) {

  497.   DSA *dsa;

  498.   dsa = d2i_DSAPrivateKey(NULL, pder, derlen);

  499.   if (dsa == NULL) {

  500.     OPENSSL_PUT_ERROR(EVP, old_dsa_priv_decode, ERR_R_DSA_LIB);

  501.     return 0;

  502.   }

  503.   EVP_PKEY_assign_DSA(pkey, dsa);

  504.   return 1;

  505. }

  506. 

  507. static int old_dsa_priv_encode(const EVP_PKEY *pkey, uint8_t **pder) {

  508.   return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);

  509. }

  510. 

  511. static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,

  512.                          const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) {

  513.   DSA_SIG *dsa_sig;

  514.   const uint8_t *p;

  515. 

  516.   if (!sig) {

  517.     return BIO_puts(bp, "\n") > 0;

  518.   }

  519. 

  520.   p = sig->data;

  521.   dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);

  522.   if (dsa_sig == NULL) {

  523.     return X509_signature_dump(bp, sig, indent);

  524.   }

  525. 

  526.   int rv = 0;

  527.   size_t buf_len = 0;

  528.   uint8_t *m = NULL;

  529. 

  530.   update_buflen(dsa_sig->r, &buf_len);

  531.   update_buflen(dsa_sig->s, &buf_len);

  532.   m = OPENSSL_malloc(buf_len + 10);

  533.   if (m == NULL) {

  534.     OPENSSL_PUT_ERROR(EVP, dsa_sig_print, ERR_R_MALLOC_FAILURE);

  535.     goto err;

  536.   }

  537. 

  538.   if (BIO_write(bp, "\n", 1) != 1 ||

  539.       !ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent) ||

  540.       !ASN1_bn_print(bp, "s:   ", dsa_sig->s, m, indent)) {

  541.     goto err;

  542.   }

  543.   rv = 1;

  544. 

  545. err:

  546.   OPENSSL_free(m);

  547.   DSA_SIG_free(dsa_sig);

  548.   return rv;

  549. }

  550. 

  551. const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = {

  552.   EVP_PKEY_DSA,

  553.   EVP_PKEY_DSA,

  554.   0,

  555. 

  556.   "DSA",

  557.   "OpenSSL DSA method",

  558. 

  559.   dsa_pub_decode,

  560.   dsa_pub_encode,

  561.   dsa_pub_cmp,

  562.   dsa_pub_print,

  563. 

  564.   dsa_priv_decode,

  565.   dsa_priv_encode,

  566.   dsa_priv_print,

  567. 

  568.   NULL /* pkey_opaque */,

  569.   NULL /* pkey_supports_digest */,

  570. 

  571.   int_dsa_size,

  572.   dsa_bits,

  573. 

  574.   dsa_param_decode,

  575.   dsa_param_encode,

  576.   dsa_missing_parameters,

  577.   dsa_copy_parameters,

  578.   dsa_cmp_parameters,

  579.   dsa_param_print,

  580.   dsa_sig_print,

  581. 

  582.   int_dsa_free,

  583.   old_dsa_priv_decode,

  584.   old_dsa_priv_encode,

  585. };