Correctly handle missing DSA parameters.

[openssl.git] / crypto / dsa / dsa_ameth.c

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 56d2099ba4ed3c4a533fe3d448bfe27be20e0b1f..954cd514bf33e6c52ce520c3436d05294c581723 100644 (file)
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -78,19 +78,31 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                return 0;
        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
 
                return 0;
        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
 

-       if (ptype != V_ASN1_SEQUENCE)
+
+       if (ptype == V_ASN1_SEQUENCE)

                {
                {

-               DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
-               goto err;
-               }
+               pstr = pval;    
+               pm = pstr->data;
+               pmlen = pstr->length;

 
 

-       pstr = pval;    
-       pm = pstr->data;
-       pmlen = pstr->length;
+               if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+                       {
+                       DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+                       goto err;
+                       }

 
 

-       if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+               }
+       else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))

                {
                {

-               DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+               if (!(dsa = DSA_new()))
+                       {
+                       DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+               }
+       else
+               {
+               DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);

                goto err;
                }
 
                goto err;
                }
 


@@ -100,7 +112,6 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                goto err;
                }
 
                goto err;
                }
 

-       /* We have parameters now set public key */

        if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
                {
                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
        if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
                {
                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);


@@ -129,7 +140,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
        int penclen;
 
        dsa=pkey->pkey.dsa;
        int penclen;
 
        dsa=pkey->pkey.dsa;

-       if (pkey->save_parameters)
+       if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)

                {
                ASN1_STRING *str;
                str = ASN1_STRING_new();
                {
                ASN1_STRING *str;
                str = ASN1_STRING_new();


@@ -144,6 +155,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
                }
        else
                ptype = V_ASN1_UNDEF;
                }
        else
                ptype = V_ASN1_UNDEF;

+

        dsa->write_params=0;
 
        penclen = i2d_DSAPublicKey(dsa, &penc);
        dsa->write_params=0;
 
        penclen = i2d_DSAPublicKey(dsa, &penc);


@@ -400,7 +412,7 @@ static void int_dsa_free(EVP_PKEY *pkey)
 
 static void update_buflen(const BIGNUM *b, size_t *pbuflen)
        {
 
 static void update_buflen(const BIGNUM *b, size_t *pbuflen)
        {

-       int i;
+       size_t i;

        if (!b)
                return;
        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
        if (!b)
                return;
        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))


@@ -433,11 +445,13 @@ int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
        else
                ktype = "DSA-Parameters";
 
        else
                ktype = "DSA-Parameters";
 

+#if 0

        if (x->p == NULL)
                {
                DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
                goto err;
                }
        if (x->p == NULL)
                {
                DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
                goto err;
                }

+#endif

 
        update_buflen(x->p, &buf_len);
        update_buflen(x->q, &buf_len);
 
        update_buflen(x->p, &buf_len);
        update_buflen(x->q, &buf_len);


@@ -528,6 +542,33 @@ static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
        return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
        }
 
        return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
        }
 

+static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+       {
+       switch (op)
+               {
+               case ASN1_PKEY_CTRL_PKCS7_SIGN:
+               if (arg1 == 0)
+                       {
+                       X509_ALGOR *alg1, *alg2;
+                       PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+                       X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1),
+                                                       V_ASN1_NULL, 0);
+                       X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_dsaWithSHA1),
+                                                       V_ASN1_UNDEF, 0);
+                       }
+               return 1;
+
+               case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+               *(int *)arg2 = NID_sha1;
+               return 2;
+
+               default:
+               return -2;
+
+               }
+
+       }
+

 /* NB these are sorted in pkey_id order, lowest first */
 
 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = 
 /* NB these are sorted in pkey_id order, lowest first */
 
 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = 


@@ -585,7 +626,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
                dsa_param_print,
 
                int_dsa_free,
                dsa_param_print,
 
                int_dsa_free,

-               0,
+               dsa_pkey_ctrl,

                old_dsa_priv_decode,
                old_dsa_priv_encode
                }
                old_dsa_priv_decode,
                old_dsa_priv_encode
                }