dsa_ameth.c

Timestamp:

Mar 3, 2022 7:17:34 PM (3 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

150325

Message:

libs/openssl-3.0.1: started applying and adjusting our OpenSSL changes to 3.0.1. bugref:10128

Location:

trunk/src/libs/openssl-3.0.1

Files:

: 2 edited

. (modified) (1 prop)
crypto/dsa/dsa_ameth.c (modified) (26 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/libs/openssl-3.0.1

Property svn:mergeinfo

old	new
12	12	/vendor/openssl/1.1.1c:131722-131725
13	13	/vendor/openssl/1.1.1k:145841-145843
	14	/vendor/openssl/3.0.1:150323-150324
	15	/vendor/openssl/current:147554-150322

trunk/src/libs/openssl-3.0.1/crypto/dsa/dsa_ameth.c

-              r91772
+              r94082
 /*
  * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
  * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
 …
  */
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
 #include <stdio.h>
-#include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
+#include <openssl/bn.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#include "internal/cryptlib.h"
+#include "crypto/asn1.h"
+#include "crypto/dsa.h"
+#include "crypto/evp.h"
+#include "internal/ffc.h"
 #include "dsa_local.h"
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+static int dsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
+{
     const unsigned char *p, *pm;
 …
         if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
             DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+            ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR);
             goto err;
+        }
 …
     } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
         if ((dsa = DSA_new()) == NULL) {
             DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+            ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
     } else {
         DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+        ERR_raise(ERR_LIB_DSA, DSA_R_PARAMETER_ENCODING_ERROR);
         goto err;
+    }
     if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
         DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+        ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR);
         goto err;
+    }
     if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+        goto err;
+    }
+        ERR_raise(ERR_LIB_DSA, DSA_R_BN_DECODE_ERROR);
+        goto err;
+    }
+    dsa->dirty_cnt++;
     ASN1_INTEGER_free(public_key);
     EVP_PKEY_assign_DSA(pkey, dsa);
 …
     dsa = pkey->pkey.dsa;
+    if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
+    if (pkey->save_parameters
+        && dsa->params.p != NULL
+        && dsa->params.q != NULL
+        && dsa->params.g != NULL) {
         str = ASN1_STRING_new();
         if (str == NULL) {
             DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         str->length = i2d_DSAparams(dsa, &str->data);
         if (str->length <= 0) {
             DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
 …
     if (pubint == NULL) {
         DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 …
     if (penclen <= 0) {
         DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 …
 static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
-    const unsigned char *p, *pm;
-    int pklen, pmlen;
-    int ptype;
-    const void *pval;
-    const ASN1_STRING *pstr;
-    const X509_ALGOR *palg;
-    ASN1_INTEGER *privkey = NULL;
-    BN_CTX *ctx = NULL;
-    DSA *dsa = NULL;
     int ret = 0;
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+    if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
+        goto decerr;
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
+        goto decerr;
+    /* We have parameters now set private key */
+    if ((dsa->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+    /* Calculate public key */
+    if ((dsa->pub_key = BN_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+    if ((ctx = BN_CTX_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+    BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
+    if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    ret = 1;
+    goto done;
+ decerr:
+    DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
+ dsaerr:
+    DSA_free(dsa);
+ done:
+    BN_CTX_free(ctx);
+    ASN1_STRING_clear_free(privkey);
+    DSA *dsa = ossl_dsa_key_from_pkcs8(p8, NULL, NULL);
+    if (dsa != NULL) {
+        ret = 1;
+        EVP_PKEY_assign_DSA(pkey, dsa);
+    }
     return ret;
+}
 …
     int dplen;
     if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
         DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
+    if (pkey->pkey.dsa  == NULL|| pkey->pkey.dsa->priv_key == NULL) {
+        ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS);
         goto err;
+    }
 …
     if (params == NULL) {
         DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 …
     params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
     if (params->length <= 0) {
         DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 …
     prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
     if (!prkey) {
         DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
+    if (prkey == NULL) {
+        ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR);
         goto err;
+    }
 …
     DSA *dsa;
     dsa = pkey->pkey.dsa;
+    if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
+        return 1;
+    return 0;
+    return dsa == NULL
+        || dsa->params.p == NULL
+        || dsa->params.q == NULL
+        || dsa->params.g == NULL;
+}
 static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
-    BIGNUM *a;
     if (to->pkey.dsa == NULL) {
         to->pkey.dsa = DSA_new();
 …
             return 0;
+    }
+    if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->p);
+    to->pkey.dsa->p = a;
+    if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->q);
+    to->pkey.dsa->q = a;
+    if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->g);
+    to->pkey.dsa->g = a;
+    if (!ossl_ffc_params_copy(&to->pkey.dsa->params, &from->pkey.dsa->params))
+        return 0;
+    to->pkey.dsa->dirty_cnt++;
     return 1;
+}
 …
 static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
+        BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
+        BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
+        return 0;
+    else
+        return 1;
+    return ossl_ffc_params_cmp(&a->pkey.dsa->params, &b->pkey.dsa->params, 1);
+}
 static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+    return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0;
+}
 …
     const char *ktype = NULL;
     const BIGNUM *priv_key, *pub_key;
+    int mod_len = 0;
+    if (x->params.p != NULL)
+        mod_len = DSA_bits(x);
     if (ptype == 2)
 …
         ktype = "DSA-Parameters";
     if (priv_key) {
+    if (priv_key != NULL) {
         if (!BIO_indent(bp, off, 128))
             goto err;
+        if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
+            <= 0)
+        if (BIO_printf(bp, "%s: (%d bit)\n", ktype, mod_len) <= 0)
+            goto err;
+    } else {
+        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
             goto err;
+    }
 …
     if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
         goto err;
+    if (!ASN1_bn_print(bp, "P:   ", x->p, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "Q:   ", x->q, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "G:   ", x->g, NULL, off))
+    if (!ossl_ffc_params_print(bp, &x->params, off))
         goto err;
     ret = 1;
 …
     DSA *dsa;
     if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
         DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL)
+        return 0;
+    dsa->dirty_cnt++;
     EVP_PKEY_assign_DSA(pkey, dsa);
     return 1;
 …
     if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
+        DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+        ERR_raise(ERR_LIB_DSA, ERR_R_DSA_LIB);
+        return 0;
+    }
+    dsa->dirty_cnt++;
     EVP_PKEY_assign_DSA(pkey, dsa);
     return 1;
 …
     const unsigned char *p;
     if (!sig) {
+    if (sig == NULL) {
         if (BIO_puts(bp, "\n") <= 0)
             return 0;
 …
     p = sig->data;
     dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
     if (dsa_sig) {
+    if (dsa_sig != NULL) {
         int rv = 0;
         const BIGNUM *r, *s;
 …
         return rv;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        return 0;
     return X509_signature_dump(bp, sig, indent);
+}
 …
+{
     switch (op) {
-    case ASN1_PKEY_CTRL_PKCS7_SIGN:
-        if (arg1 == 0) {
-            int snid, hnid;
-            X509_ALGOR *alg1, *alg2;
-            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-            if (alg1 == NULL || alg1->algorithm == NULL)
-                return -1;
-            hnid = OBJ_obj2nid(alg1->algorithm);
-            if (hnid == NID_undef)
-                return -1;
-            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-                return -1;
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
-        return 1;
-#ifndef OPENSSL_NO_CMS
-    case ASN1_PKEY_CTRL_CMS_SIGN:
-        if (arg1 == 0) {
-            int snid, hnid;
-            X509_ALGOR *alg1, *alg2;
-            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
-            if (alg1 == NULL || alg1->algorithm == NULL)
-                return -1;
-            hnid = OBJ_obj2nid(alg1->algorithm);
-            if (hnid == NID_undef)
-                return -1;
-            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-                return -1;
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
-        return 1;
-    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
-        *(int *)arg2 = CMS_RECIPINFO_NONE;
-        return 1;
-#endif
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
         *(int *)arg2 = NID_sha256;
 …
     default:
         return -2;
+    }
+    }
+}
+static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
+{
+    return pkey->pkey.dsa->dirty_cnt;
+}
+static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
+                              OSSL_FUNC_keymgmt_import_fn *importer,
+                              OSSL_LIB_CTX *libctx, const char *propq)
+{
+    DSA *dsa = from->pkey.dsa;
+    OSSL_PARAM_BLD *tmpl;
+    const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa);
+    const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa);
+    const BIGNUM *priv_key = DSA_get0_priv_key(dsa);
+    OSSL_PARAM *params;
+    int selection = 0;
+    int rv = 0;
+    if (p == NULL || q == NULL || g == NULL)
+        return 0;
+    tmpl = OSSL_PARAM_BLD_new();
+    if (tmpl == NULL)
+        return 0;
+    if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
+        || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
+        || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
+        goto err;
+    selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
+    if (pub_key != NULL) {
+        if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY,
+                                    pub_key))
+            goto err;
+        selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+    }
+    if (priv_key != NULL) {
+        if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
+                                    priv_key))
+            goto err;
+        selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+    }
+    if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
+        goto err;
+    /* We export, the provider imports */
+    rv = importer(to_keydata, selection, params);
+    OSSL_PARAM_free(params);
+ err:
+    OSSL_PARAM_BLD_free(tmpl);
+    return rv;
+}
+static int dsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
+{
+    EVP_PKEY_CTX *pctx = vpctx;
+    EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+    DSA *dsa = ossl_dsa_new(pctx->libctx);
+    if (dsa == NULL) {
+        ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!ossl_dsa_ffc_params_fromdata(dsa, params)
+        || !ossl_dsa_key_fromdata(dsa, params)
+        || !EVP_PKEY_assign_DSA(pkey, dsa)) {
+        DSA_free(dsa);
+        return 0;
+    }
+    return 1;
+}
+static int dsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
+{
+    DSA *dsa = from->pkey.dsa;
+    DSA *dupkey = NULL;
+    int ret;
+    if (dsa != NULL) {
+        dupkey = ossl_dsa_dup(dsa, OSSL_KEYMGMT_SELECT_ALL);
+        if (dupkey == NULL)
+            return 0;
+    }
+    ret = EVP_PKEY_assign_DSA(to, dupkey);
+    if (!ret)
+        DSA_free(dupkey);
+    return ret;
+}
 /* NB these are sorted in pkey_id order, lowest first */
 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
+const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5] = {
+    {
 …
      dsa_pkey_ctrl,
      old_dsa_priv_decode,
+     old_dsa_priv_encode}
+     old_dsa_priv_encode,
+     NULL, NULL, NULL,
+     NULL, NULL, NULL,
+     NULL, NULL, NULL, NULL,
+     dsa_pkey_dirty_cnt,
+     dsa_pkey_export_to,
+     dsa_pkey_import_from,
+     dsa_pkey_copy
+    }
 };

Note: See TracChangeset for help on using the changeset viewer.

Changeset 94082 in vbox for trunk/src/libs/openssl-3.0.1/crypto/dsa/dsa_ameth.c

Legend:

trunk/src/libs/openssl-3.0.1

trunk/src/libs/openssl-3.0.1/crypto/dsa/dsa_ameth.c

Download in other formats: