/src/libressl/crypto/dsa/dsa_ameth.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* $OpenBSD: dsa_ameth.c,v 1.37 2022/06/27 12:36:05 tb Exp $ */ |
2 | | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | | * project 2006. |
4 | | */ |
5 | | /* ==================================================================== |
6 | | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
7 | | * |
8 | | * Redistribution and use in source and binary forms, with or without |
9 | | * modification, are permitted provided that the following conditions |
10 | | * are met: |
11 | | * |
12 | | * 1. Redistributions of source code must retain the above copyright |
13 | | * notice, this list of conditions and the following disclaimer. |
14 | | * |
15 | | * 2. Redistributions in binary form must reproduce the above copyright |
16 | | * notice, this list of conditions and the following disclaimer in |
17 | | * the documentation and/or other materials provided with the |
18 | | * distribution. |
19 | | * |
20 | | * 3. All advertising materials mentioning features or use of this |
21 | | * software must display the following acknowledgment: |
22 | | * "This product includes software developed by the OpenSSL Project |
23 | | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
24 | | * |
25 | | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
26 | | * endorse or promote products derived from this software without |
27 | | * prior written permission. For written permission, please contact |
28 | | * licensing@OpenSSL.org. |
29 | | * |
30 | | * 5. Products derived from this software may not be called "OpenSSL" |
31 | | * nor may "OpenSSL" appear in their names without prior written |
32 | | * permission of the OpenSSL Project. |
33 | | * |
34 | | * 6. Redistributions of any form whatsoever must retain the following |
35 | | * acknowledgment: |
36 | | * "This product includes software developed by the OpenSSL Project |
37 | | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
38 | | * |
39 | | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
40 | | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
41 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
42 | | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
43 | | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
44 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
45 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
46 | | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
48 | | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
49 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
50 | | * OF THE POSSIBILITY OF SUCH DAMAGE. |
51 | | * ==================================================================== |
52 | | * |
53 | | * This product includes cryptographic software written by Eric Young |
54 | | * (eay@cryptsoft.com). This product includes software written by Tim |
55 | | * Hudson (tjh@cryptsoft.com). |
56 | | * |
57 | | */ |
58 | | |
59 | | #include <stdio.h> |
60 | | |
61 | | #include <openssl/opensslconf.h> |
62 | | |
63 | | #include <openssl/asn1.h> |
64 | | #include <openssl/bn.h> |
65 | | #include <openssl/cms.h> |
66 | | #include <openssl/dsa.h> |
67 | | #include <openssl/err.h> |
68 | | #include <openssl/x509.h> |
69 | | |
70 | | #include "asn1_locl.h" |
71 | | #include "bn_lcl.h" |
72 | | #include "dsa_locl.h" |
73 | | #include "evp_locl.h" |
74 | | |
75 | | static int |
76 | | dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) |
77 | 14 | { |
78 | 14 | const unsigned char *p, *pm; |
79 | 14 | int pklen, pmlen; |
80 | 14 | int ptype; |
81 | 14 | const void *pval; |
82 | 14 | const ASN1_STRING *pstr; |
83 | 14 | X509_ALGOR *palg; |
84 | 14 | ASN1_INTEGER *public_key = NULL; |
85 | | |
86 | 14 | DSA *dsa = NULL; |
87 | | |
88 | 14 | if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) |
89 | 0 | return 0; |
90 | 14 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); |
91 | | |
92 | 14 | if (ptype == V_ASN1_SEQUENCE) { |
93 | 6 | pstr = pval; |
94 | 6 | pm = pstr->data; |
95 | 6 | pmlen = pstr->length; |
96 | | |
97 | 6 | if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) { |
98 | 6 | DSAerror(DSA_R_DECODE_ERROR); |
99 | 6 | goto err; |
100 | 6 | } |
101 | 8 | } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { |
102 | 0 | if (!(dsa = DSA_new())) { |
103 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
104 | 0 | goto err; |
105 | 0 | } |
106 | 8 | } else { |
107 | 8 | DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); |
108 | 8 | goto err; |
109 | 8 | } |
110 | | |
111 | 0 | if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { |
112 | 0 | DSAerror(DSA_R_DECODE_ERROR); |
113 | 0 | goto err; |
114 | 0 | } |
115 | | |
116 | 0 | if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { |
117 | 0 | DSAerror(DSA_R_BN_DECODE_ERROR); |
118 | 0 | goto err; |
119 | 0 | } |
120 | | |
121 | 0 | ASN1_INTEGER_free(public_key); |
122 | 0 | EVP_PKEY_assign_DSA(pkey, dsa); |
123 | 0 | return 1; |
124 | | |
125 | 14 | err: |
126 | 14 | if (public_key) |
127 | 0 | ASN1_INTEGER_free(public_key); |
128 | 14 | DSA_free(dsa); |
129 | 14 | return 0; |
130 | 0 | } |
131 | | |
132 | | static int |
133 | | dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) |
134 | 0 | { |
135 | 0 | DSA *dsa; |
136 | 0 | ASN1_INTEGER *pubint = NULL; |
137 | 0 | ASN1_STRING *str = NULL; |
138 | 0 | int ptype = V_ASN1_UNDEF; |
139 | 0 | unsigned char *penc = NULL; |
140 | 0 | int penclen; |
141 | |
|
142 | 0 | dsa = pkey->pkey.dsa; |
143 | 0 | if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { |
144 | 0 | if ((str = ASN1_STRING_new()) == NULL) { |
145 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
146 | 0 | goto err; |
147 | 0 | } |
148 | 0 | str->length = i2d_DSAparams(dsa, &str->data); |
149 | 0 | if (str->length <= 0) { |
150 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
151 | 0 | goto err; |
152 | 0 | } |
153 | 0 | ptype = V_ASN1_SEQUENCE; |
154 | 0 | } |
155 | | |
156 | 0 | if ((pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) { |
157 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
158 | 0 | goto err; |
159 | 0 | } |
160 | | |
161 | 0 | penclen = i2d_ASN1_INTEGER(pubint, &penc); |
162 | 0 | ASN1_INTEGER_free(pubint); |
163 | |
|
164 | 0 | if (penclen <= 0) { |
165 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
166 | 0 | goto err; |
167 | 0 | } |
168 | | |
169 | 0 | if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, str, |
170 | 0 | penc, penclen)) |
171 | 0 | return 1; |
172 | | |
173 | 0 | err: |
174 | 0 | free(penc); |
175 | 0 | ASN1_STRING_free(str); |
176 | |
|
177 | 0 | return 0; |
178 | 0 | } |
179 | | |
180 | | /* In PKCS#8 DSA: you just get a private key integer and parameters in the |
181 | | * AlgorithmIdentifier the pubkey must be recalculated. |
182 | | */ |
183 | | static int |
184 | | dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) |
185 | 0 | { |
186 | 0 | const unsigned char *p, *pm; |
187 | 0 | int pklen, pmlen; |
188 | 0 | int ptype; |
189 | 0 | const void *pval; |
190 | 0 | const ASN1_STRING *pstr; |
191 | 0 | const X509_ALGOR *palg; |
192 | 0 | ASN1_INTEGER *privkey = NULL; |
193 | 0 | BN_CTX *ctx = NULL; |
194 | 0 | DSA *dsa = NULL; |
195 | |
|
196 | 0 | int ret = 0; |
197 | |
|
198 | 0 | if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) |
199 | 0 | return 0; |
200 | 0 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); |
201 | 0 | if (ptype != V_ASN1_SEQUENCE) |
202 | 0 | goto decerr; |
203 | | |
204 | 0 | if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) |
205 | 0 | goto decerr; |
206 | 0 | if (privkey->type == V_ASN1_NEG_INTEGER) |
207 | 0 | goto decerr; |
208 | | |
209 | 0 | pstr = pval; |
210 | 0 | pm = pstr->data; |
211 | 0 | pmlen = pstr->length; |
212 | 0 | if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) |
213 | 0 | goto decerr; |
214 | | /* We have parameters now set private key */ |
215 | 0 | if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { |
216 | 0 | DSAerror(DSA_R_BN_ERROR); |
217 | 0 | goto dsaerr; |
218 | 0 | } |
219 | | /* Calculate public key */ |
220 | 0 | if (!(dsa->pub_key = BN_new())) { |
221 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
222 | 0 | goto dsaerr; |
223 | 0 | } |
224 | 0 | if (!(ctx = BN_CTX_new())) { |
225 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
226 | 0 | goto dsaerr; |
227 | 0 | } |
228 | | |
229 | 0 | if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { |
230 | 0 | DSAerror(DSA_R_BN_ERROR); |
231 | 0 | goto dsaerr; |
232 | 0 | } |
233 | | |
234 | 0 | if (!EVP_PKEY_assign_DSA(pkey, dsa)) |
235 | 0 | goto decerr; |
236 | | |
237 | 0 | ret = 1; |
238 | 0 | goto done; |
239 | | |
240 | 0 | decerr: |
241 | 0 | DSAerror(DSA_R_DECODE_ERROR); |
242 | 0 | dsaerr: |
243 | 0 | DSA_free(dsa); |
244 | 0 | done: |
245 | 0 | BN_CTX_free(ctx); |
246 | 0 | ASN1_INTEGER_free(privkey); |
247 | 0 | return ret; |
248 | 0 | } |
249 | | |
250 | | static int |
251 | | dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) |
252 | 0 | { |
253 | 0 | ASN1_STRING *params = NULL; |
254 | 0 | ASN1_INTEGER *prkey = NULL; |
255 | 0 | unsigned char *dp = NULL; |
256 | 0 | int dplen; |
257 | |
|
258 | 0 | params = ASN1_STRING_new(); |
259 | 0 | if (!params) { |
260 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
261 | 0 | goto err; |
262 | 0 | } |
263 | | |
264 | 0 | params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); |
265 | 0 | if (params->length <= 0) { |
266 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
267 | 0 | goto err; |
268 | 0 | } |
269 | 0 | params->type = V_ASN1_SEQUENCE; |
270 | | |
271 | | /* Get private key into integer */ |
272 | 0 | prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); |
273 | 0 | if (!prkey) { |
274 | 0 | DSAerror(DSA_R_BN_ERROR); |
275 | 0 | goto err; |
276 | 0 | } |
277 | | |
278 | 0 | dplen = i2d_ASN1_INTEGER(prkey, &dp); |
279 | |
|
280 | 0 | ASN1_INTEGER_free(prkey); |
281 | 0 | prkey = NULL; |
282 | |
|
283 | 0 | if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, |
284 | 0 | params, dp, dplen)) |
285 | 0 | goto err; |
286 | | |
287 | 0 | return 1; |
288 | | |
289 | 0 | err: |
290 | 0 | free(dp); |
291 | 0 | ASN1_STRING_free(params); |
292 | 0 | ASN1_INTEGER_free(prkey); |
293 | 0 | return 0; |
294 | 0 | } |
295 | | |
296 | | static int |
297 | | int_dsa_size(const EVP_PKEY *pkey) |
298 | 0 | { |
299 | 0 | return DSA_size(pkey->pkey.dsa); |
300 | 0 | } |
301 | | |
302 | | static int |
303 | | dsa_bits(const EVP_PKEY *pkey) |
304 | 0 | { |
305 | 0 | return BN_num_bits(pkey->pkey.dsa->p); |
306 | 0 | } |
307 | | |
308 | | static int |
309 | | dsa_security_bits(const EVP_PKEY *pkey) |
310 | 0 | { |
311 | 0 | return DSA_security_bits(pkey->pkey.dsa); |
312 | 0 | } |
313 | | |
314 | | static int |
315 | | dsa_missing_parameters(const EVP_PKEY *pkey) |
316 | 0 | { |
317 | 0 | DSA *dsa; |
318 | |
|
319 | 0 | dsa = pkey->pkey.dsa; |
320 | 0 | if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) |
321 | 0 | return 1; |
322 | 0 | return 0; |
323 | 0 | } |
324 | | |
325 | | static int |
326 | | dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) |
327 | 0 | { |
328 | 0 | BIGNUM *a; |
329 | |
|
330 | 0 | if ((a = BN_dup(from->pkey.dsa->p)) == NULL) |
331 | 0 | return 0; |
332 | 0 | BN_free(to->pkey.dsa->p); |
333 | 0 | to->pkey.dsa->p = a; |
334 | |
|
335 | 0 | if ((a = BN_dup(from->pkey.dsa->q)) == NULL) |
336 | 0 | return 0; |
337 | 0 | BN_free(to->pkey.dsa->q); |
338 | 0 | to->pkey.dsa->q = a; |
339 | |
|
340 | 0 | if ((a = BN_dup(from->pkey.dsa->g)) == NULL) |
341 | 0 | return 0; |
342 | 0 | BN_free(to->pkey.dsa->g); |
343 | 0 | to->pkey.dsa->g = a; |
344 | 0 | return 1; |
345 | 0 | } |
346 | | |
347 | | static int |
348 | | dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
349 | 0 | { |
350 | 0 | if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || |
351 | 0 | BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || |
352 | 0 | BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) |
353 | 0 | return 0; |
354 | 0 | else |
355 | 0 | return 1; |
356 | 0 | } |
357 | | |
358 | | static int |
359 | | dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
360 | 0 | { |
361 | 0 | if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) |
362 | 0 | return 0; |
363 | 0 | else |
364 | 0 | return 1; |
365 | 0 | } |
366 | | |
367 | | static void |
368 | | int_dsa_free(EVP_PKEY *pkey) |
369 | 14 | { |
370 | 14 | DSA_free(pkey->pkey.dsa); |
371 | 14 | } |
372 | | |
373 | | static void |
374 | | update_buflen(const BIGNUM *b, size_t *pbuflen) |
375 | 0 | { |
376 | 0 | size_t i; |
377 | |
|
378 | 0 | if (!b) |
379 | 0 | return; |
380 | 0 | if (*pbuflen < (i = (size_t)BN_num_bytes(b))) |
381 | 0 | *pbuflen = i; |
382 | 0 | } |
383 | | |
384 | | static int |
385 | | do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) |
386 | 0 | { |
387 | 0 | unsigned char *m = NULL; |
388 | 0 | int ret = 0; |
389 | 0 | size_t buf_len = 0; |
390 | 0 | const char *ktype = NULL; |
391 | 0 | const BIGNUM *priv_key, *pub_key; |
392 | |
|
393 | 0 | if (ptype == 2) |
394 | 0 | priv_key = x->priv_key; |
395 | 0 | else |
396 | 0 | priv_key = NULL; |
397 | |
|
398 | 0 | if (ptype > 0) |
399 | 0 | pub_key = x->pub_key; |
400 | 0 | else |
401 | 0 | pub_key = NULL; |
402 | |
|
403 | 0 | if (ptype == 2) |
404 | 0 | ktype = "Private-Key"; |
405 | 0 | else if (ptype == 1) |
406 | 0 | ktype = "Public-Key"; |
407 | 0 | else |
408 | 0 | ktype = "DSA-Parameters"; |
409 | |
|
410 | 0 | update_buflen(x->p, &buf_len); |
411 | 0 | update_buflen(x->q, &buf_len); |
412 | 0 | update_buflen(x->g, &buf_len); |
413 | 0 | update_buflen(priv_key, &buf_len); |
414 | 0 | update_buflen(pub_key, &buf_len); |
415 | |
|
416 | 0 | m = malloc(buf_len + 10); |
417 | 0 | if (m == NULL) { |
418 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
419 | 0 | goto err; |
420 | 0 | } |
421 | | |
422 | 0 | if (priv_key) { |
423 | 0 | if (!BIO_indent(bp, off, 128)) |
424 | 0 | goto err; |
425 | 0 | if (BIO_printf(bp, "%s: (%d bit)\n", ktype, |
426 | 0 | BN_num_bits(x->p)) <= 0) |
427 | 0 | goto err; |
428 | 0 | } |
429 | | |
430 | 0 | if (!ASN1_bn_print(bp, "priv:", priv_key, m, off)) |
431 | 0 | goto err; |
432 | 0 | if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off)) |
433 | 0 | goto err; |
434 | 0 | if (!ASN1_bn_print(bp, "P: ", x->p, m, off)) |
435 | 0 | goto err; |
436 | 0 | if (!ASN1_bn_print(bp, "Q: ", x->q, m, off)) |
437 | 0 | goto err; |
438 | 0 | if (!ASN1_bn_print(bp, "G: ", x->g, m, off)) |
439 | 0 | goto err; |
440 | 0 | ret = 1; |
441 | 0 | err: |
442 | 0 | free(m); |
443 | 0 | return ret; |
444 | 0 | } |
445 | | |
446 | | static int |
447 | | dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) |
448 | 0 | { |
449 | 0 | DSA *dsa; |
450 | |
|
451 | 0 | if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) { |
452 | 0 | DSAerror(ERR_R_DSA_LIB); |
453 | 0 | return 0; |
454 | 0 | } |
455 | 0 | EVP_PKEY_assign_DSA(pkey, dsa); |
456 | 0 | return 1; |
457 | 0 | } |
458 | | |
459 | | static int |
460 | | dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) |
461 | 0 | { |
462 | 0 | return i2d_DSAparams(pkey->pkey.dsa, pder); |
463 | 0 | } |
464 | | |
465 | | static int |
466 | | dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) |
467 | 0 | { |
468 | 0 | return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); |
469 | 0 | } |
470 | | |
471 | | static int |
472 | | dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) |
473 | 0 | { |
474 | 0 | return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); |
475 | 0 | } |
476 | | |
477 | | static int |
478 | | dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) |
479 | 0 | { |
480 | 0 | return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); |
481 | 0 | } |
482 | | |
483 | | static int |
484 | | old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) |
485 | 0 | { |
486 | 0 | DSA *dsa; |
487 | 0 | BN_CTX *ctx = NULL; |
488 | 0 | BIGNUM *j, *p1, *newp1, *powg; |
489 | 0 | int qbits; |
490 | |
|
491 | 0 | if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { |
492 | 0 | DSAerror(ERR_R_DSA_LIB); |
493 | 0 | return 0; |
494 | 0 | } |
495 | | |
496 | | /* FIPS 186-3 allows only three different sizes for q. */ |
497 | 0 | qbits = BN_num_bits(dsa->q); |
498 | 0 | if (qbits != 160 && qbits != 224 && qbits != 256) { |
499 | 0 | DSAerror(DSA_R_BAD_Q_VALUE); |
500 | 0 | goto err; |
501 | 0 | } |
502 | 0 | if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { |
503 | 0 | DSAerror(DSA_R_MODULUS_TOO_LARGE); |
504 | 0 | goto err; |
505 | 0 | } |
506 | | |
507 | | /* Check that 1 < g < p. */ |
508 | 0 | if (BN_cmp(dsa->g, BN_value_one()) <= 0 || |
509 | 0 | BN_cmp(dsa->g, dsa->p) >= 0) { |
510 | 0 | DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */ |
511 | 0 | goto err; |
512 | 0 | } |
513 | | |
514 | 0 | ctx = BN_CTX_new(); |
515 | 0 | if (ctx == NULL) |
516 | 0 | goto err; |
517 | | |
518 | | /* |
519 | | * Check that p and q are consistent with each other. |
520 | | */ |
521 | | |
522 | 0 | j = BN_CTX_get(ctx); |
523 | 0 | p1 = BN_CTX_get(ctx); |
524 | 0 | newp1 = BN_CTX_get(ctx); |
525 | 0 | powg = BN_CTX_get(ctx); |
526 | 0 | if (j == NULL || p1 == NULL || newp1 == NULL || powg == NULL) |
527 | 0 | goto err; |
528 | | /* p1 = p - 1 */ |
529 | 0 | if (BN_sub(p1, dsa->p, BN_value_one()) == 0) |
530 | 0 | goto err; |
531 | | /* j = (p - 1) / q */ |
532 | 0 | if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0) |
533 | 0 | goto err; |
534 | | /* q * j should == p - 1 */ |
535 | 0 | if (BN_mul(newp1, dsa->q, j, ctx) == 0) |
536 | 0 | goto err; |
537 | 0 | if (BN_cmp(newp1, p1) != 0) { |
538 | 0 | DSAerror(DSA_R_BAD_Q_VALUE); |
539 | 0 | goto err; |
540 | 0 | } |
541 | | |
542 | | /* |
543 | | * Check that g generates a multiplicative subgroup of order q. |
544 | | * We only check that g^q == 1, so the order is a divisor of q. |
545 | | * Once we know that q is prime, this is enough. |
546 | | */ |
547 | | |
548 | 0 | if (!BN_mod_exp_ct(powg, dsa->g, dsa->q, dsa->p, ctx)) |
549 | 0 | goto err; |
550 | 0 | if (BN_cmp(powg, BN_value_one()) != 0) { |
551 | 0 | DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */ |
552 | 0 | goto err; |
553 | 0 | } |
554 | | |
555 | | /* |
556 | | * Check that q is not a composite number. |
557 | | */ |
558 | | |
559 | 0 | if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) { |
560 | 0 | DSAerror(DSA_R_BAD_Q_VALUE); |
561 | 0 | goto err; |
562 | 0 | } |
563 | | |
564 | 0 | BN_CTX_free(ctx); |
565 | |
|
566 | 0 | EVP_PKEY_assign_DSA(pkey, dsa); |
567 | 0 | return 1; |
568 | | |
569 | 0 | err: |
570 | 0 | BN_CTX_free(ctx); |
571 | 0 | DSA_free(dsa); |
572 | 0 | return 0; |
573 | 0 | } |
574 | | |
575 | | static int |
576 | | old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) |
577 | 0 | { |
578 | 0 | return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); |
579 | 0 | } |
580 | | |
581 | | static int |
582 | | dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, |
583 | | int indent, ASN1_PCTX *pctx) |
584 | 0 | { |
585 | 0 | DSA_SIG *dsa_sig; |
586 | 0 | const unsigned char *p; |
587 | |
|
588 | 0 | if (!sig) { |
589 | 0 | if (BIO_puts(bp, "\n") <= 0) |
590 | 0 | return 0; |
591 | 0 | else |
592 | 0 | return 1; |
593 | 0 | } |
594 | 0 | p = sig->data; |
595 | 0 | dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); |
596 | 0 | if (dsa_sig) { |
597 | 0 | int rv = 0; |
598 | 0 | size_t buf_len = 0; |
599 | 0 | unsigned char *m = NULL; |
600 | |
|
601 | 0 | update_buflen(dsa_sig->r, &buf_len); |
602 | 0 | update_buflen(dsa_sig->s, &buf_len); |
603 | 0 | m = malloc(buf_len + 10); |
604 | 0 | if (m == NULL) { |
605 | 0 | DSAerror(ERR_R_MALLOC_FAILURE); |
606 | 0 | goto err; |
607 | 0 | } |
608 | | |
609 | 0 | if (BIO_write(bp, "\n", 1) != 1) |
610 | 0 | goto err; |
611 | | |
612 | 0 | if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent)) |
613 | 0 | goto err; |
614 | 0 | if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) |
615 | 0 | goto err; |
616 | 0 | rv = 1; |
617 | 0 | err: |
618 | 0 | free(m); |
619 | 0 | DSA_SIG_free(dsa_sig); |
620 | 0 | return rv; |
621 | 0 | } |
622 | 0 | return X509_signature_dump(bp, sig, indent); |
623 | 0 | } |
624 | | |
625 | | static int |
626 | | dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) |
627 | 0 | { |
628 | 0 | switch (op) { |
629 | 0 | case ASN1_PKEY_CTRL_PKCS7_SIGN: |
630 | 0 | if (arg1 == 0) { |
631 | 0 | int snid, hnid; |
632 | 0 | X509_ALGOR *alg1, *alg2; |
633 | |
|
634 | 0 | PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); |
635 | 0 | if (alg1 == NULL || alg1->algorithm == NULL) |
636 | 0 | return -1; |
637 | 0 | hnid = OBJ_obj2nid(alg1->algorithm); |
638 | 0 | if (hnid == NID_undef) |
639 | 0 | return -1; |
640 | 0 | if (!OBJ_find_sigid_by_algs(&snid, hnid, |
641 | 0 | EVP_PKEY_id(pkey))) |
642 | 0 | return -1; |
643 | 0 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, |
644 | 0 | 0); |
645 | 0 | } |
646 | 0 | return 1; |
647 | | |
648 | 0 | #ifndef OPENSSL_NO_CMS |
649 | 0 | case ASN1_PKEY_CTRL_CMS_SIGN: |
650 | 0 | if (arg1 == 0) { |
651 | 0 | int snid, hnid; |
652 | 0 | X509_ALGOR *alg1, *alg2; |
653 | |
|
654 | 0 | CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); |
655 | 0 | if (alg1 == NULL || alg1->algorithm == NULL) |
656 | 0 | return -1; |
657 | 0 | hnid = OBJ_obj2nid(alg1->algorithm); |
658 | 0 | if (hnid == NID_undef) |
659 | 0 | return -1; |
660 | 0 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) |
661 | 0 | return -1; |
662 | 0 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); |
663 | 0 | } |
664 | 0 | return 1; |
665 | | |
666 | 0 | case ASN1_PKEY_CTRL_CMS_RI_TYPE: |
667 | 0 | *(int *)arg2 = CMS_RECIPINFO_NONE; |
668 | 0 | return 1; |
669 | 0 | #endif |
670 | | |
671 | 0 | case ASN1_PKEY_CTRL_DEFAULT_MD_NID: |
672 | 0 | *(int *)arg2 = NID_sha1; |
673 | 0 | return 2; |
674 | | |
675 | 0 | default: |
676 | 0 | return -2; |
677 | 0 | } |
678 | 0 | } |
679 | | |
680 | | /* NB these are sorted in pkey_id order, lowest first */ |
681 | | |
682 | | const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { |
683 | | { |
684 | | .pkey_id = EVP_PKEY_DSA2, |
685 | | .pkey_base_id = EVP_PKEY_DSA, |
686 | | .pkey_flags = ASN1_PKEY_ALIAS |
687 | | }, |
688 | | |
689 | | { |
690 | | .pkey_id = EVP_PKEY_DSA1, |
691 | | .pkey_base_id = EVP_PKEY_DSA, |
692 | | .pkey_flags = ASN1_PKEY_ALIAS |
693 | | }, |
694 | | |
695 | | { |
696 | | .pkey_id = EVP_PKEY_DSA4, |
697 | | .pkey_base_id = EVP_PKEY_DSA, |
698 | | .pkey_flags = ASN1_PKEY_ALIAS |
699 | | }, |
700 | | |
701 | | { |
702 | | .pkey_id = EVP_PKEY_DSA3, |
703 | | .pkey_base_id = EVP_PKEY_DSA, |
704 | | .pkey_flags = ASN1_PKEY_ALIAS |
705 | | }, |
706 | | |
707 | | { |
708 | | .pkey_id = EVP_PKEY_DSA, |
709 | | .pkey_base_id = EVP_PKEY_DSA, |
710 | | |
711 | | .pem_str = "DSA", |
712 | | .info = "OpenSSL DSA method", |
713 | | |
714 | | .pub_decode = dsa_pub_decode, |
715 | | .pub_encode = dsa_pub_encode, |
716 | | .pub_cmp = dsa_pub_cmp, |
717 | | .pub_print = dsa_pub_print, |
718 | | |
719 | | .priv_decode = dsa_priv_decode, |
720 | | .priv_encode = dsa_priv_encode, |
721 | | .priv_print = dsa_priv_print, |
722 | | |
723 | | .pkey_size = int_dsa_size, |
724 | | .pkey_bits = dsa_bits, |
725 | | .pkey_security_bits = dsa_security_bits, |
726 | | |
727 | | .param_decode = dsa_param_decode, |
728 | | .param_encode = dsa_param_encode, |
729 | | .param_missing = dsa_missing_parameters, |
730 | | .param_copy = dsa_copy_parameters, |
731 | | .param_cmp = dsa_cmp_parameters, |
732 | | .param_print = dsa_param_print, |
733 | | .sig_print = dsa_sig_print, |
734 | | |
735 | | .pkey_free = int_dsa_free, |
736 | | .pkey_ctrl = dsa_pkey_ctrl, |
737 | | .old_priv_decode = old_dsa_priv_decode, |
738 | | .old_priv_encode = old_dsa_priv_encode |
739 | | } |
740 | | }; |