X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_asn1.c;h=1c7e8c86bdd464dbb3a3d638db576de5164992fc;hb=54846b7c6ef5718f507def9d192628133f97fe20;hp=b7fa7eda4f220839b87774dd9b676e16c7dc5e5f;hpb=a8da89186c447932b9f5abced708330a3bff313b;p=openssl.git diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index b7fa7eda4f..1c7e8c86bd 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -1,102 +1,205 @@ -/* crypto/dsa/dsa_asn1.c */ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ #include -#include "cryptlib.h" -#include "dsa.h" -#include "asn1.h" -#include "asn1_mac.h" +#include "internal/cryptlib.h" +#include "dsa_locl.h" +#include +#include +#include +#include "internal/asn1_dsa.h" DSA_SIG *DSA_SIG_new(void) { - DSA_SIG *ret; - - ret = Malloc(sizeof(DSA_SIG)); - if (ret == NULL) - { - DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->r = NULL; - ret->s = NULL; - return(ret); + DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); + if (sig == NULL) + DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE); + return sig; } -void DSA_SIG_free(r) -DSA_SIG *r; +void DSA_SIG_free(DSA_SIG *sig) { - if (r == NULL) return; - if (r->r) BN_clear_free(r->r); - if (r->s) BN_clear_free(r->s); - Free(r); + if (sig == NULL) + return; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + OPENSSL_free(sig); } -int i2d_DSA_SIG(v,pp) -DSA_SIG *v; -unsigned char **pp; +DSA_SIG *d2i_DSA_SIG(DSA_SIG **psig, const unsigned char **ppin, long len) { - int t=0,len; - ASN1_INTEGER rbs,sbs; - unsigned char *p; - - rbs.data=Malloc(BN_num_bits(v->r)/8+1); - if (rbs.data == NULL) - { - DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); - return(0); - } - rbs.type=V_ASN1_INTEGER; - rbs.length=BN_bn2bin(v->r,rbs.data); - sbs.data=Malloc(BN_num_bits(v->s)/8+1); - if (sbs.data == NULL) - { - Free(rbs.data); - DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); - return(0); - } - sbs.type=V_ASN1_INTEGER; - sbs.length=BN_bn2bin(v->s,sbs.data); - - len=i2d_ASN1_INTEGER(&rbs,NULL); - len+=i2d_ASN1_INTEGER(&sbs,NULL); - - if (pp) - { - p=*pp; - ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_INTEGER(&rbs,&p); - i2d_ASN1_INTEGER(&sbs,&p); - } - t=ASN1_object_size(1,len,V_ASN1_SEQUENCE); - Free(rbs.data); - Free(sbs.data); - return(t); + DSA_SIG *sig; + + if (len < 0) + return NULL; + if (psig != NULL && *psig != NULL) { + sig = *psig; + } else { + sig = DSA_SIG_new(); + if (sig == NULL) + return NULL; + } + if (sig->r == NULL) + sig->r = BN_new(); + if (sig->s == NULL) + sig->s = BN_new(); + if (decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { + if (psig == NULL || *psig == NULL) + DSA_SIG_free(sig); + return NULL; + } + if (psig != NULL && *psig == NULL) + *psig = sig; + return sig; +} + +int i2d_DSA_SIG(const DSA_SIG *sig, unsigned char **ppout) +{ + unsigned char *buf = NULL; + unsigned char *tmp; + unsigned char **pp = NULL; + size_t len; + size_t encoded_len; + + if (ppout != NULL && *ppout == NULL) { + if ((len = encode_der_dsa_sig(sig->r, sig->s, NULL, SIZE_MAX)) == 0) + return -1; + buf = OPENSSL_malloc(len); + if (buf == NULL) + return -1; + tmp = buf; + pp = &tmp; + } else { + len = SIZE_MAX; + pp = ppout; + } + if ((encoded_len = encode_der_dsa_sig(sig->r, sig->s, pp, len)) == 0) { + OPENSSL_free(buf); + return -1; + } + if (buf != NULL) + *ppout = buf; + return (int)encoded_len; +} + +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} + +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + +/* Override the default free and new methods */ +static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DSA_new(); + if (*pval != NULL) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { + DSA_free((DSA *)*pval); + *pval = NULL; + return 2; + } + return 1; } -DSA_SIG *d2i_DSA_SIG(a,pp,length) -DSA_SIG **a; -unsigned char **pp; -long length; +ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { + ASN1_EMBED(DSA, version, INT32), + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM), + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, priv_key, CBIGNUM) +} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey) + +ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM), +} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams) + +ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = { + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM) +} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey) + +DSA *DSAparams_dup(const DSA *dsa) +{ + return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); +} + +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa) { - int i=ERR_R_NESTED_ASN1_ERROR; - ASN1_INTEGER *bs=NULL; - M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL) - goto err_bn; - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) - goto err_bn; - ASN1_BIT_STRING_free(bs); - M_ASN1_D2I_Finish_2(a); - -err_bn: - i=ERR_R_BN_LIB; -err: - DSAerr(DSA_F_D2I_DSA_SIG,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); - if (bs != NULL) ASN1_BIT_STRING_free(bs); - return(NULL); + DSA_SIG *s; + + s = DSA_do_sign(dgst, dlen, dsa); + if (s == NULL) { + *siglen = 0; + return 0; + } + *siglen = i2d_DSA_SIG(s, &sig); + DSA_SIG_free(s); + return 1; +} + +/* data has already been hashed (probably with SHA or SHA-1). */ +/*- + * returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) +{ + DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; + int ret = -1; + + s = DSA_SIG_new(); + if (s == NULL) + return ret; + if (d2i_DSA_SIG(&s, &p, siglen) == NULL) + goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; + ret = DSA_do_verify(dgst, dgst_len, s, dsa); + err: + OPENSSL_clear_free(der, derlen); + DSA_SIG_free(s); + return ret; }