*/
/*
- * DSA low level APIs are deprecated for public use, but still ok for
+ * RSA and DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "crypto/pem.h"
#include <openssl/rand.h>
#include <openssl/bn.h>
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
-# include <openssl/dsa.h>
-# include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
/*
* Utility function: read a DWORD (4 byte unsigned integer) in little endian
{
const unsigned char *p = *in;
unsigned int ret;
+
ret = (unsigned int)*p++;
ret |= (unsigned int)*p++ << 8;
ret |= (unsigned int)*p++ << 16;
static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub);
+#ifndef OPENSSL_NO_DSA
static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub);
+#endif
int ossl_do_blob_header(const unsigned char **in, unsigned int length,
unsigned int *pmagic, unsigned int *pbitlen,
int *pisdss, int *pispub)
{
const unsigned char *p = *in;
+
if (length < 16)
return 0;
/* bType */
return 0;
}
*pispub = 0;
- } else
+ } else {
return 0;
+ }
p++;
/* Version */
if (*p++ != 0x2) {
static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
{
- unsigned int nbyte, hnbyte;
- nbyte = (bitlen + 7) >> 3;
- hnbyte = (bitlen + 15) >> 4;
+ unsigned int nbyte = (bitlen + 7) >> 3;
+ unsigned int hnbyte = (bitlen + 15) >> 4;
+
if (isdss) {
/*
const unsigned char *p = *in;
unsigned int bitlen, magic;
int isdss;
+
if (ossl_do_blob_header(&p, length, &magic, &bitlen, &isdss, ispub) <= 0) {
ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
return NULL;
ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
return NULL;
}
- if (isdss)
- return b2i_dss(&p, bitlen, *ispub);
- else
+ if (!isdss)
return b2i_rsa(&p, bitlen, *ispub);
+#ifndef OPENSSL_NO_DSA
+ else
+ return b2i_dss(&p, bitlen, *ispub);
+#endif
+
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+ return NULL;
}
EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub)
unsigned int bitlen, magic, length;
int isdss;
EVP_PKEY *ret = NULL;
+
if (BIO_read(in, hdr_buf, 16) != 16) {
ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
return NULL;
goto err;
}
- if (isdss)
- ret = b2i_dss(&p, bitlen, *ispub);
- else
+ if (!isdss)
ret = b2i_rsa(&p, bitlen, *ispub);
+#ifndef OPENSSL_NO_DSA
+ else
+ ret = b2i_dss(&p, bitlen, *ispub);
+#endif
+
+ if (ret == NULL)
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
err:
OPENSSL_free(buf);
return ret;
}
+#ifndef OPENSSL_NO_DSA
static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub)
{
EVP_PKEY *ret = NULL;
DSA *dsa = NULL;
BN_CTX *ctx = NULL;
- unsigned int nbyte;
BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL;
BIGNUM *pub_key = NULL;
-
- nbyte = (bitlen + 7) >> 3;
+ unsigned int nbyte = (bitlen + 7) >> 3;
dsa = DSA_new();
ret = EVP_PKEY_new();
BN_CTX_free(ctx);
return NULL;
}
+#endif
static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub)
BIGNUM *e = NULL, *n = NULL, *d = NULL;
BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
RSA *rsa = NULL;
- unsigned int nbyte, hnbyte;
- nbyte = (bitlen + 7) >> 3;
- hnbyte = (bitlen + 15) >> 4;
+ unsigned int nbyte = (bitlen + 7) >> 3;
+ unsigned int hnbyte = (bitlen + 15) >> 4;
+
rsa = RSA_new();
ret = EVP_PKEY_new();
if (rsa == NULL || ret == NULL)
static void write_ledword(unsigned char **out, unsigned int dw)
{
unsigned char *p = *out;
+
*p++ = dw & 0xff;
*p++ = (dw >> 8) & 0xff;
*p++ = (dw >> 16) & 0xff;
}
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
-
static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+
+#ifndef OPENSSL_NO_DSA
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+#endif
static int do_i2b(unsigned char **out, const EVP_PKEY *pk, int ispub)
{
unsigned char *p;
- unsigned int bitlen, magic = 0, keyalg;
+ unsigned int bitlen = 0, magic = 0, keyalg = 0;
int outlen, noinc = 0;
int pktype = EVP_PKEY_id(pk);
- if (pktype == EVP_PKEY_DSA) {
- bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
- keyalg = MS_KEYALG_DSS_SIGN;
- } else if (pktype == EVP_PKEY_RSA) {
+
+ if (pktype == EVP_PKEY_RSA) {
bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic);
keyalg = MS_KEYALG_RSA_KEYX;
- } else
- return -1;
+#ifndef OPENSSL_NO_DSA
+ } else if (pktype == EVP_PKEY_DSA) {
+ bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
+ keyalg = MS_KEYALG_DSS_SIGN;
+#endif
+ }
if (bitlen == 0)
return -1;
outlen = 16 + blob_length(bitlen,
write_ledword(&p, keyalg);
write_ledword(&p, magic);
write_ledword(&p, bitlen);
- if (keyalg == MS_KEYALG_DSS_SIGN)
- write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
- else
+ if (keyalg == MS_KEYALG_RSA_KEYX)
write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub);
+#ifndef OPENSSL_NO_DSA
+ else
+ write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
+#endif
if (!noinc)
*out += outlen;
return outlen;
{
unsigned char *tmp = NULL;
int outlen, wrlen;
+
outlen = do_i2b(&tmp, pk, ispub);
if (outlen < 0)
return -1;
return -1;
}
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
-{
- int bitlen;
- const BIGNUM *p = NULL, *q = NULL, *g = NULL;
- const BIGNUM *pub_key = NULL, *priv_key = NULL;
-
- DSA_get0_pqg(dsa, &p, &q, &g);
- DSA_get0_key(dsa, &pub_key, &priv_key);
- bitlen = BN_num_bits(p);
- if ((bitlen & 7) || (BN_num_bits(q) != 160)
- || (BN_num_bits(g) > bitlen))
- goto badkey;
- if (ispub) {
- if (BN_num_bits(pub_key) > bitlen)
- goto badkey;
- *pmagic = MS_DSS1MAGIC;
- } else {
- if (BN_num_bits(priv_key) > 160)
- goto badkey;
- *pmagic = MS_DSS2MAGIC;
- }
-
- return bitlen;
- badkey:
- ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
- return 0;
-}
-
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
{
int nbyte, hnbyte, bitlen;
write_lebn(out, d, nbyte);
}
+#ifndef OPENSSL_NO_DSA
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+{
+ int bitlen;
+ const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
+ bitlen = BN_num_bits(p);
+ if ((bitlen & 7) || (BN_num_bits(q) != 160)
+ || (BN_num_bits(g) > bitlen))
+ goto badkey;
+ if (ispub) {
+ if (BN_num_bits(pub_key) > bitlen)
+ goto badkey;
+ *pmagic = MS_DSS1MAGIC;
+ } else {
+ if (BN_num_bits(priv_key) > 160)
+ goto badkey;
+ *pmagic = MS_DSS2MAGIC;
+ }
+
+ return bitlen;
+ badkey:
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+ return 0;
+}
+
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
{
int nbyte;
*out += 24;
return;
}
+#endif
int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk)
{
return do_i2b_bio(out, pk, 1);
}
-# ifndef OPENSSL_NO_RC4
-
int ossl_do_PVK_header(const unsigned char **in, unsigned int length,
int skip_magic,
unsigned int *psaltlen, unsigned int *pkeylen)
return 1;
}
+#ifndef OPENSSL_NO_RC4
static int derive_pvk_key(unsigned char *key,
const unsigned char *salt, unsigned int saltlen,
const unsigned char *pass, int passlen)
{
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
int rv = 1;
+
if (mctx == NULL
|| !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
|| !EVP_DigestUpdate(mctx, salt, saltlen)
EVP_MD_CTX_free(mctx);
return rv;
}
+#endif
static EVP_PKEY *do_PVK_body(const unsigned char **in,
unsigned int saltlen, unsigned int keylen,
{
EVP_PKEY *ret = NULL;
const unsigned char *p = *in;
- unsigned int magic;
- unsigned char *enctmp = NULL, *q;
+ unsigned char *enctmp = NULL;
unsigned char keybuf[20];
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
+#ifndef OPENSSL_NO_RC4
+ unsigned int magic;
char psbuf[PEM_BUFSIZE];
int enctmplen, inlen;
+ unsigned char *q;
+
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
}
}
p = enctmp;
+#else
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
+ goto err;
+#endif
}
ret = b2i_PrivateKey(&p, keylen);
int buflen;
EVP_PKEY *ret = NULL;
unsigned int saltlen, keylen;
+
if (BIO_read(in, pvk_hdr, 24) != 24) {
ERR_raise(ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT);
return NULL;
pem_password_cb *cb, void *u)
{
int outlen = 24, pklen;
- unsigned char *p = NULL, *start = NULL, *salt = NULL;
+ unsigned char *p = NULL, *start = NULL;
EVP_CIPHER_CTX *cctx = NULL;
+#ifndef OPENSSL_NO_RC4
+ unsigned char *salt = NULL;
+#endif
+
if (enclevel)
outlen += PVK_SALTLEN;
pklen = do_i2b(NULL, pk, 0);
write_ledword(&p, MS_PVKMAGIC);
write_ledword(&p, 0);
- if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
- write_ledword(&p, MS_KEYTYPE_SIGN);
- else
+ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA)
write_ledword(&p, MS_KEYTYPE_KEYX);
+#ifndef OPENSSL_NO_DSA
+ else
+ write_ledword(&p, MS_KEYTYPE_SIGN);
+#endif
write_ledword(&p, enclevel ? 1 : 0);
write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
write_ledword(&p, pklen);
if (enclevel) {
+#ifndef OPENSSL_NO_RC4
if (RAND_bytes(p, PVK_SALTLEN) <= 0)
goto error;
salt = p;
p += PVK_SALTLEN;
+#endif
}
do_i2b(&p, pk, 0);
if (enclevel != 0) {
+#ifndef OPENSSL_NO_RC4
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
int enctmplen, inlen;
+
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
else
goto error;
if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen))
goto error;
+#else
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
+ goto error;
+#endif
}
EVP_CIPHER_CTX_free(cctx);
{
unsigned char *tmp = NULL;
int outlen, wrlen;
+
outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
if (outlen < 0)
return -1;
ERR_raise(ERR_LIB_PEM, PEM_R_BIO_WRITE_FAILURE);
return -1;
}
-
-# endif
-
-#endif
d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:EC
-b2i_PVK_bio 2 3_0_0 EXIST::FUNCTION:DSA,RC4
+b2i_PVK_bio 2 3_0_0 EXIST::FUNCTION:
PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_chain 4 3_0_0 EXIST::FUNCTION:
COMP_expand_block 5 3_0_0 EXIST::FUNCTION:COMP
EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC
PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO
X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION:
-b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION:DSA
+b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION:
s2i_ASN1_OCTET_STRING 217 3_0_0 EXIST::FUNCTION:
POLICYINFO_it 218 3_0_0 EXIST::FUNCTION:
OBJ_create 219 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_file 232 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_decrypt 233 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_rc2_ecb 234 3_0_0 EXIST::FUNCTION:RC2
-i2b_PublicKey_bio 235 3_0_0 EXIST::FUNCTION:DSA
+i2b_PublicKey_bio 235 3_0_0 EXIST::FUNCTION:
d2i_ASN1_SET_ANY 236 3_0_0 EXIST::FUNCTION:
ASN1_item_i2d 238 3_0_0 EXIST::FUNCTION:
OCSP_copy_nonce 239 3_0_0 EXIST::FUNCTION:OCSP
i2d_PKCS12_fp 1319 3_0_0 EXIST::FUNCTION:STDIO
EVP_PKEY_meth_get_init 1320 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_check_trust 1321 3_0_0 EXIST::FUNCTION:
-b2i_PrivateKey 1322 3_0_0 EXIST::FUNCTION:DSA
+b2i_PrivateKey 1322 3_0_0 EXIST::FUNCTION:
HMAC_Init_ex 1323 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SMIME_read_CMS 1324 3_0_0 EXIST::FUNCTION:CMS
X509_subject_name_cmp 1325 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_get_bag_nid 1696 3_0_0 EXIST::FUNCTION:
TS_CONF_set_digests 1697 3_0_0 EXIST::FUNCTION:TS
PKCS7_SIGNED_it 1698 3_0_0 EXIST::FUNCTION:
-b2i_PublicKey 1699 3_0_0 EXIST::FUNCTION:DSA
+b2i_PublicKey 1699 3_0_0 EXIST::FUNCTION:
X509_PURPOSE_cleanup 1700 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_dup 1701 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_DSA 1702 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
BIO_next 1855 3_0_0 EXIST::FUNCTION:
ASN1_STRING_set_default_mask_asc 1856 3_0_0 EXIST::FUNCTION:
X509_CRL_new 1857 3_0_0 EXIST::FUNCTION:
-i2b_PrivateKey_bio 1858 3_0_0 EXIST::FUNCTION:DSA
+i2b_PrivateKey_bio 1858 3_0_0 EXIST::FUNCTION:
ASN1_STRING_length_set 1859 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PEM_write_PKCS8 1860 3_0_0 EXIST::FUNCTION:STDIO
PKCS7_digest_from_attributes 1861 3_0_0 EXIST::FUNCTION:
ERR_clear_error 2810 3_0_0 EXIST::FUNCTION:
EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:EC
X509_LOOKUP_init 2812 3_0_0 EXIST::FUNCTION:
-i2b_PVK_bio 2813 3_0_0 EXIST::FUNCTION:DSA,RC4
+i2b_PVK_bio 2813 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_free 2814 3_0_0 EXIST::FUNCTION:OCSP
X509V3_EXT_print_fp 2815 3_0_0 EXIST::FUNCTION:STDIO
OBJ_bsearch_ex_ 2816 3_0_0 EXIST::FUNCTION:
i2a_ACCESS_DESCRIPTION 3178 3_0_0 EXIST::FUNCTION:
EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:EC
i2d_PUBKEY_fp 3180 3_0_0 EXIST::FUNCTION:STDIO
-b2i_PrivateKey_bio 3181 3_0_0 EXIST::FUNCTION:DSA
+b2i_PrivateKey_bio 3181 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_add_ext 3182 3_0_0 EXIST::FUNCTION:OCSP
SXNET_add_id_INTEGER 3183 3_0_0 EXIST::FUNCTION:
CTLOG_get0_public_key 3184 3_0_0 EXIST::FUNCTION:CT