diff options
| author | tb <> | 2023-08-11 11:32:19 +0000 |
|---|---|---|
| committer | tb <> | 2023-08-11 11:32:19 +0000 |
| commit | 7171df10dbe17cb4be982131045143b1e01ca086 (patch) | |
| tree | dc0e086544bc2a047e1352a262e5f9663f3ea73a | |
| parent | dc735f4a9e74ac924b85bff4f25f1c9cf6cf6c21 (diff) | |
| download | openbsd-7171df10dbe17cb4be982131045143b1e01ca086.tar.gz openbsd-7171df10dbe17cb4be982131045143b1e01ca086.tar.bz2 openbsd-7171df10dbe17cb4be982131045143b1e01ca086.zip | |
Align dh and dsa decoding functions with encoding
This adds some missing error checks and fixes and unifies error codes
which were (as usual) all over the place or just plain nonsense. Use
an auxiliary variable for d2i invocations even though it is not really
needed here.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/dh/dh_ameth.c | 142 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ameth.c | 173 |
2 files changed, 173 insertions, 142 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index 4a600b3bbd..cd4c130f10 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_ameth.c,v 1.33 2023/08/10 16:57:15 tb Exp $ */ | 1 | /* $OpenBSD: dh_ameth.c,v 1.34 2023/08/11 11:32:19 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -78,53 +78,55 @@ int_dh_free(EVP_PKEY *pkey) | |||
| 78 | static int | 78 | static int |
| 79 | dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | 79 | dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) |
| 80 | { | 80 | { |
| 81 | const unsigned char *p, *pm; | 81 | X509_ALGOR *algor; |
| 82 | int pklen, pmlen; | ||
| 83 | int ptype; | 82 | int ptype; |
| 84 | const void *pval; | 83 | const void *pval; |
| 85 | const ASN1_STRING *pstr; | 84 | const ASN1_STRING *params; |
| 86 | X509_ALGOR *palg; | 85 | const unsigned char *key_der, *params_der, *p; |
| 87 | ASN1_INTEGER *public_key = NULL; | 86 | int key_len, params_len; |
| 87 | ASN1_INTEGER *key = NULL; | ||
| 88 | DH *dh = NULL; | 88 | DH *dh = NULL; |
| 89 | int ret = 0; | ||
| 89 | 90 | ||
| 90 | if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) | 91 | if (!X509_PUBKEY_get0_param(NULL, &key_der, &key_len, &algor, pubkey)) |
| 91 | return 0; | 92 | goto err; |
| 92 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | 93 | X509_ALGOR_get0(NULL, &ptype, &pval, algor); |
| 93 | 94 | ||
| 94 | if (ptype != V_ASN1_SEQUENCE) { | 95 | if (ptype != V_ASN1_SEQUENCE) { |
| 95 | DHerror(DH_R_PARAMETER_ENCODING_ERROR); | 96 | DHerror(DH_R_PARAMETER_ENCODING_ERROR); |
| 96 | goto err; | 97 | goto err; |
| 97 | } | 98 | } |
| 98 | 99 | ||
| 99 | pstr = pval; | 100 | params = pval; |
| 100 | pm = pstr->data; | 101 | params_der = params->data; |
| 101 | pmlen = pstr->length; | 102 | params_len = params->length; |
| 102 | 103 | ||
| 103 | if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) { | 104 | p = params_der; |
| 105 | if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) { | ||
| 104 | DHerror(DH_R_DECODE_ERROR); | 106 | DHerror(DH_R_DECODE_ERROR); |
| 105 | goto err; | 107 | goto err; |
| 106 | } | 108 | } |
| 107 | 109 | p = key_der; | |
| 108 | if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { | 110 | if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) { |
| 109 | DHerror(DH_R_DECODE_ERROR); | 111 | DHerror(DH_R_DECODE_ERROR); |
| 110 | goto err; | 112 | goto err; |
| 111 | } | 113 | } |
| 112 | 114 | if ((dh->pub_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) { | |
| 113 | /* We have parameters now set public key */ | ||
| 114 | if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { | ||
| 115 | DHerror(DH_R_BN_DECODE_ERROR); | 115 | DHerror(DH_R_BN_DECODE_ERROR); |
| 116 | goto err; | 116 | goto err; |
| 117 | } | 117 | } |
| 118 | 118 | ||
| 119 | ASN1_INTEGER_free(public_key); | 119 | if (!EVP_PKEY_assign_DH(pkey, dh)) |
| 120 | EVP_PKEY_assign_DH(pkey, dh); | 120 | goto err; |
| 121 | return 1; | 121 | dh = NULL; |
| 122 | |||
| 123 | ret = 1; | ||
| 122 | 124 | ||
| 123 | err: | 125 | err: |
| 124 | if (public_key) | 126 | ASN1_INTEGER_free(key); |
| 125 | ASN1_INTEGER_free(public_key); | ||
| 126 | DH_free(dh); | 127 | DH_free(dh); |
| 127 | return 0; | 128 | |
| 129 | return ret; | ||
| 128 | } | 130 | } |
| 129 | 131 | ||
| 130 | static int | 132 | static int |
| @@ -188,52 +190,57 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) | |||
| 188 | static int | 190 | static int |
| 189 | dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) | 191 | dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) |
| 190 | { | 192 | { |
| 191 | const unsigned char *p, *pm; | 193 | const X509_ALGOR *algor; |
| 192 | int pklen, pmlen; | ||
| 193 | int ptype; | 194 | int ptype; |
| 194 | const void *pval; | 195 | const void *pval; |
| 195 | const ASN1_STRING *pstr; | 196 | const ASN1_STRING *params; |
| 196 | const X509_ALGOR *palg; | 197 | const unsigned char *key_der, *params_der, *p; |
| 197 | ASN1_INTEGER *privkey = NULL; | 198 | int key_len, params_len; |
| 199 | ASN1_INTEGER *key = NULL; | ||
| 198 | DH *dh = NULL; | 200 | DH *dh = NULL; |
| 201 | int ret = 0; | ||
| 199 | 202 | ||
| 200 | if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) | 203 | if (!PKCS8_pkey_get0(NULL, &key_der, &key_len, &algor, p8)) |
| 201 | return 0; | 204 | goto err; |
| 202 | 205 | X509_ALGOR_get0(NULL, &ptype, &pval, algor); | |
| 203 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | ||
| 204 | 206 | ||
| 205 | if (ptype != V_ASN1_SEQUENCE) | 207 | if (ptype != V_ASN1_SEQUENCE) { |
| 206 | goto decerr; | 208 | DHerror(DH_R_PARAMETER_ENCODING_ERROR); |
| 209 | goto err; | ||
| 210 | } | ||
| 207 | 211 | ||
| 208 | if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) | 212 | params = pval; |
| 209 | goto decerr; | 213 | params_der = params->data; |
| 214 | params_len = params->length; | ||
| 210 | 215 | ||
| 211 | pstr = pval; | 216 | p = params_der; |
| 212 | pm = pstr->data; | 217 | if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) { |
| 213 | pmlen = pstr->length; | 218 | DHerror(DH_R_DECODE_ERROR); |
| 214 | if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) | 219 | goto err; |
| 215 | goto decerr; | 220 | } |
| 216 | /* We have parameters now set private key */ | 221 | p = key_der; |
| 217 | if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { | 222 | if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) { |
| 218 | DHerror(DH_R_BN_ERROR); | 223 | DHerror(DH_R_DECODE_ERROR); |
| 219 | goto dherr; | 224 | goto err; |
| 225 | } | ||
| 226 | if ((dh->priv_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) { | ||
| 227 | DHerror(DH_R_BN_DECODE_ERROR); | ||
| 228 | goto err; | ||
| 220 | } | 229 | } |
| 221 | /* Calculate public key */ | ||
| 222 | if (!DH_generate_key(dh)) | 230 | if (!DH_generate_key(dh)) |
| 223 | goto dherr; | 231 | goto err; |
| 224 | |||
| 225 | EVP_PKEY_assign_DH(pkey, dh); | ||
| 226 | 232 | ||
| 227 | ASN1_INTEGER_free(privkey); | 233 | if (!EVP_PKEY_assign_DH(pkey, dh)) |
| 234 | goto err; | ||
| 235 | dh = NULL; | ||
| 228 | 236 | ||
| 229 | return 1; | 237 | ret = 1; |
| 230 | 238 | ||
| 231 | decerr: | 239 | err: |
| 232 | DHerror(EVP_R_DECODE_ERROR); | 240 | ASN1_INTEGER_free(key); |
| 233 | dherr: | ||
| 234 | ASN1_INTEGER_free(privkey); | ||
| 235 | DH_free(dh); | 241 | DH_free(dh); |
| 236 | return 0; | 242 | |
| 243 | return ret; | ||
| 237 | } | 244 | } |
| 238 | 245 | ||
| 239 | static int | 246 | static int |
| @@ -293,14 +300,23 @@ dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) | |||
| 293 | static int | 300 | static int |
| 294 | dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | 301 | dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) |
| 295 | { | 302 | { |
| 296 | DH *dh; | 303 | DH *dh = NULL; |
| 304 | int ret = 0; | ||
| 297 | 305 | ||
| 298 | if (!(dh = d2i_DHparams(NULL, pder, derlen))) { | 306 | if ((dh = d2i_DHparams(NULL, pder, derlen)) == NULL) { |
| 299 | DHerror(ERR_R_DH_LIB); | 307 | DHerror(ERR_R_DH_LIB); |
| 300 | return 0; | 308 | goto err; |
| 301 | } | 309 | } |
| 302 | EVP_PKEY_assign_DH(pkey, dh); | 310 | if (!EVP_PKEY_assign_DH(pkey, dh)) |
| 303 | return 1; | 311 | goto err; |
| 312 | dh = NULL; | ||
| 313 | |||
| 314 | ret = 1; | ||
| 315 | |||
| 316 | err: | ||
| 317 | DH_free(dh); | ||
| 318 | |||
| 319 | return ret; | ||
| 304 | } | 320 | } |
| 305 | 321 | ||
| 306 | static int | 322 | static int |
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 28aafebc04..badd2d25b5 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ameth.c,v 1.46 2023/08/10 16:57:15 tb Exp $ */ | 1 | /* $OpenBSD: dsa_ameth.c,v 1.47 2023/08/11 11:32:19 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -75,31 +75,32 @@ | |||
| 75 | static int | 75 | static int |
| 76 | dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | 76 | dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) |
| 77 | { | 77 | { |
| 78 | const unsigned char *p, *pm; | 78 | X509_ALGOR *algor; |
| 79 | int pklen, pmlen; | ||
| 80 | int ptype; | 79 | int ptype; |
| 81 | const void *pval; | 80 | const void *pval; |
| 82 | const ASN1_STRING *pstr; | 81 | const ASN1_STRING *params; |
| 83 | X509_ALGOR *palg; | 82 | const unsigned char *key_der, *params_der, *p; |
| 84 | ASN1_INTEGER *public_key = NULL; | 83 | int key_len, params_len; |
| 85 | 84 | ASN1_INTEGER *key = NULL; | |
| 86 | DSA *dsa = NULL; | 85 | DSA *dsa = NULL; |
| 86 | int ret = 0; | ||
| 87 | 87 | ||
| 88 | if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) | 88 | if (!X509_PUBKEY_get0_param(NULL, &key_der, &key_len, &algor, pubkey)) |
| 89 | return 0; | 89 | goto err; |
| 90 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | 90 | X509_ALGOR_get0(NULL, &ptype, &pval, algor); |
| 91 | 91 | ||
| 92 | if (ptype == V_ASN1_SEQUENCE) { | 92 | if (ptype == V_ASN1_SEQUENCE) { |
| 93 | pstr = pval; | 93 | params = pval; |
| 94 | pm = pstr->data; | 94 | params_der = params->data; |
| 95 | pmlen = pstr->length; | 95 | params_len = params->length; |
| 96 | 96 | ||
| 97 | if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) { | 97 | p = params_der; |
| 98 | if ((dsa = d2i_DSAparams(NULL, &p, params_len)) == NULL) { | ||
| 98 | DSAerror(DSA_R_DECODE_ERROR); | 99 | DSAerror(DSA_R_DECODE_ERROR); |
| 99 | goto err; | 100 | goto err; |
| 100 | } | 101 | } |
| 101 | } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { | 102 | } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { |
| 102 | if (!(dsa = DSA_new())) { | 103 | if ((dsa = DSA_new()) == NULL) { |
| 103 | DSAerror(ERR_R_MALLOC_FAILURE); | 104 | DSAerror(ERR_R_MALLOC_FAILURE); |
| 104 | goto err; | 105 | goto err; |
| 105 | } | 106 | } |
| @@ -108,31 +109,32 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | |||
| 108 | goto err; | 109 | goto err; |
| 109 | } | 110 | } |
| 110 | 111 | ||
| 111 | if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { | 112 | p = key_der; |
| 113 | if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) { | ||
| 112 | DSAerror(DSA_R_DECODE_ERROR); | 114 | DSAerror(DSA_R_DECODE_ERROR); |
| 113 | goto err; | 115 | goto err; |
| 114 | } | 116 | } |
| 115 | 117 | if ((dsa->pub_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) { | |
| 116 | if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { | ||
| 117 | DSAerror(DSA_R_BN_DECODE_ERROR); | 118 | DSAerror(DSA_R_BN_DECODE_ERROR); |
| 118 | goto err; | 119 | goto err; |
| 119 | } | 120 | } |
| 120 | |||
| 121 | /* We can only check for key consistency if we have parameters. */ | 121 | /* We can only check for key consistency if we have parameters. */ |
| 122 | if (ptype == V_ASN1_SEQUENCE) { | 122 | if (ptype == V_ASN1_SEQUENCE) { |
| 123 | if (!dsa_check_key(dsa)) | 123 | if (!dsa_check_key(dsa)) |
| 124 | goto err; | 124 | goto err; |
| 125 | } | 125 | } |
| 126 | 126 | ||
| 127 | ASN1_INTEGER_free(public_key); | 127 | if (!EVP_PKEY_assign_DSA(pkey, dsa)) |
| 128 | EVP_PKEY_assign_DSA(pkey, dsa); | 128 | goto err; |
| 129 | return 1; | 129 | dsa = NULL; |
| 130 | 130 | ||
| 131 | err: | 131 | ret = 1; |
| 132 | if (public_key) | 132 | |
| 133 | ASN1_INTEGER_free(public_key); | 133 | err: |
| 134 | ASN1_INTEGER_free(key); | ||
| 134 | DSA_free(dsa); | 135 | DSA_free(dsa); |
| 135 | return 0; | 136 | |
| 137 | return ret; | ||
| 136 | } | 138 | } |
| 137 | 139 | ||
| 138 | static int | 140 | static int |
| @@ -192,81 +194,85 @@ dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) | |||
| 192 | return ret; | 194 | return ret; |
| 193 | } | 195 | } |
| 194 | 196 | ||
| 195 | /* In PKCS#8 DSA: you just get a private key integer and parameters in the | 197 | /* |
| 198 | * In PKCS#8 DSA: you just get a private key integer and parameters in the | ||
| 196 | * AlgorithmIdentifier the pubkey must be recalculated. | 199 | * AlgorithmIdentifier the pubkey must be recalculated. |
| 197 | */ | 200 | */ |
| 198 | static int | 201 | static int |
| 199 | dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) | 202 | dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) |
| 200 | { | 203 | { |
| 201 | const unsigned char *p, *pm; | 204 | const X509_ALGOR *algor; |
| 202 | int pklen, pmlen; | ||
| 203 | int ptype; | 205 | int ptype; |
| 204 | const void *pval; | 206 | const void *pval; |
| 205 | const ASN1_STRING *pstr; | 207 | const ASN1_STRING *params; |
| 206 | const X509_ALGOR *palg; | 208 | const unsigned char *key_der, *params_der, *p; |
| 207 | ASN1_INTEGER *privkey = NULL; | 209 | int key_len, params_len; |
| 210 | ASN1_INTEGER *key = NULL; | ||
| 208 | BN_CTX *ctx = NULL; | 211 | BN_CTX *ctx = NULL; |
| 209 | DSA *dsa = NULL; | 212 | DSA *dsa = NULL; |
| 210 | int ret = 0; | 213 | int ret = 0; |
| 211 | 214 | ||
| 212 | if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) | 215 | if (!PKCS8_pkey_get0(NULL, &key_der, &key_len, &algor, p8)) |
| 213 | return 0; | 216 | goto err; |
| 214 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | 217 | X509_ALGOR_get0(NULL, &ptype, &pval, algor); |
| 215 | if (ptype != V_ASN1_SEQUENCE) | 218 | |
| 216 | goto decerr; | 219 | if (ptype != V_ASN1_SEQUENCE) { |
| 217 | 220 | DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); | |
| 218 | if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) | 221 | goto err; |
| 219 | goto decerr; | 222 | } |
| 220 | if (privkey->type == V_ASN1_NEG_INTEGER) | 223 | |
| 221 | goto decerr; | 224 | params = pval; |
| 222 | 225 | params_der = params->data; | |
| 223 | pstr = pval; | 226 | params_len = params->length; |
| 224 | pm = pstr->data; | 227 | |
| 225 | pmlen = pstr->length; | 228 | p = params_der; |
| 226 | if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) | 229 | if ((dsa = d2i_DSAparams(NULL, &p, params_len)) == NULL) { |
| 227 | goto decerr; | 230 | DSAerror(DSA_R_DECODE_ERROR); |
| 228 | /* We have parameters now set private key */ | 231 | goto err; |
| 229 | if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { | 232 | } |
| 230 | DSAerror(DSA_R_BN_ERROR); | 233 | p = key_der; |
| 231 | goto dsaerr; | 234 | if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) { |
| 235 | DSAerror(DSA_R_DECODE_ERROR); | ||
| 236 | goto err; | ||
| 237 | } | ||
| 238 | if ((dsa->priv_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) { | ||
| 239 | DSAerror(DSA_R_BN_DECODE_ERROR); | ||
| 240 | goto err; | ||
| 232 | } | 241 | } |
| 233 | 242 | ||
| 234 | /* Check the key for basic consistency before doing expensive things. */ | 243 | /* Check the key for basic consistency before doing expensive things. */ |
| 235 | if (!dsa_check_key(dsa)) | 244 | if (!dsa_check_key(dsa)) |
| 236 | goto dsaerr; | 245 | goto err; |
| 237 | 246 | ||
| 238 | /* Calculate public key */ | 247 | /* Calculate public key */ |
| 239 | if (!(dsa->pub_key = BN_new())) { | 248 | if ((dsa->pub_key = BN_new()) == NULL) { |
| 240 | DSAerror(ERR_R_MALLOC_FAILURE); | 249 | DSAerror(ERR_R_MALLOC_FAILURE); |
| 241 | goto dsaerr; | 250 | goto err; |
| 242 | } | 251 | } |
| 243 | 252 | ||
| 244 | if ((ctx = BN_CTX_new()) == NULL) { | 253 | if ((ctx = BN_CTX_new()) == NULL) { |
| 245 | DSAerror(ERR_R_MALLOC_FAILURE); | 254 | DSAerror(ERR_R_MALLOC_FAILURE); |
| 246 | goto dsaerr; | 255 | goto err; |
| 247 | } | 256 | } |
| 248 | 257 | ||
| 249 | BN_CTX_start(ctx); | 258 | BN_CTX_start(ctx); |
| 250 | 259 | ||
| 251 | if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { | 260 | if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { |
| 252 | DSAerror(DSA_R_BN_ERROR); | 261 | DSAerror(DSA_R_BN_ERROR); |
| 253 | goto dsaerr; | 262 | goto err; |
| 254 | } | 263 | } |
| 255 | 264 | ||
| 256 | if (!EVP_PKEY_assign_DSA(pkey, dsa)) | 265 | if (!EVP_PKEY_assign_DSA(pkey, dsa)) |
| 257 | goto decerr; | 266 | goto err; |
| 267 | dsa = NULL; | ||
| 258 | 268 | ||
| 259 | ret = 1; | 269 | ret = 1; |
| 260 | goto done; | ||
| 261 | 270 | ||
| 262 | decerr: | 271 | err: |
| 263 | DSAerror(DSA_R_DECODE_ERROR); | ||
| 264 | dsaerr: | ||
| 265 | DSA_free(dsa); | 272 | DSA_free(dsa); |
| 266 | done: | ||
| 267 | BN_CTX_end(ctx); | 273 | BN_CTX_end(ctx); |
| 268 | BN_CTX_free(ctx); | 274 | BN_CTX_free(ctx); |
| 269 | ASN1_INTEGER_free(privkey); | 275 | ASN1_INTEGER_free(key); |
| 270 | 276 | ||
| 271 | return ret; | 277 | return ret; |
| 272 | } | 278 | } |
| @@ -454,18 +460,25 @@ do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) | |||
| 454 | static int | 460 | static int |
| 455 | dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | 461 | dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) |
| 456 | { | 462 | { |
| 457 | DSA *dsa; | 463 | DSA *dsa = NULL; |
| 464 | int ret = 0; | ||
| 458 | 465 | ||
| 459 | if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) { | 466 | if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) { |
| 460 | DSAerror(ERR_R_DSA_LIB); | 467 | DSAerror(ERR_R_DSA_LIB); |
| 461 | return 0; | 468 | goto err; |
| 462 | } | ||
| 463 | if (!dsa_check_key(dsa)) { | ||
| 464 | DSA_free(dsa); | ||
| 465 | return 0; | ||
| 466 | } | 469 | } |
| 467 | EVP_PKEY_assign_DSA(pkey, dsa); | 470 | if (!dsa_check_key(dsa)) |
| 468 | return 1; | 471 | goto err; |
| 472 | if (!EVP_PKEY_assign_DSA(pkey, dsa)) | ||
| 473 | goto err; | ||
| 474 | dsa = NULL; | ||
| 475 | |||
| 476 | ret = 1; | ||
| 477 | |||
| 478 | err: | ||
| 479 | DSA_free(dsa); | ||
| 480 | |||
| 481 | return ret; | ||
| 469 | } | 482 | } |
| 470 | 483 | ||
| 471 | static int | 484 | static int |
| @@ -495,9 +508,10 @@ dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) | |||
| 495 | static int | 508 | static int |
| 496 | old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | 509 | old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) |
| 497 | { | 510 | { |
| 498 | DSA *dsa; | 511 | DSA *dsa = NULL; |
| 499 | BN_CTX *ctx = NULL; | 512 | BN_CTX *ctx = NULL; |
| 500 | BIGNUM *result; | 513 | BIGNUM *result; |
| 514 | int ret = 0; | ||
| 501 | 515 | ||
| 502 | if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) { | 516 | if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) { |
| 503 | DSAerror(ERR_R_DSA_LIB); | 517 | DSAerror(ERR_R_DSA_LIB); |
| @@ -551,17 +565,18 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | |||
| 551 | goto err; | 565 | goto err; |
| 552 | } | 566 | } |
| 553 | 567 | ||
| 554 | BN_CTX_end(ctx); | 568 | if (!EVP_PKEY_assign_DSA(pkey, dsa)) |
| 555 | BN_CTX_free(ctx); | 569 | goto err; |
| 570 | dsa = NULL; | ||
| 556 | 571 | ||
| 557 | EVP_PKEY_assign_DSA(pkey, dsa); | 572 | ret = 1; |
| 558 | return 1; | ||
| 559 | 573 | ||
| 560 | err: | 574 | err: |
| 561 | BN_CTX_end(ctx); | 575 | BN_CTX_end(ctx); |
| 562 | BN_CTX_free(ctx); | 576 | BN_CTX_free(ctx); |
| 563 | DSA_free(dsa); | 577 | DSA_free(dsa); |
| 564 | return 0; | 578 | |
| 579 | return ret; | ||
| 565 | } | 580 | } |
| 566 | 581 | ||
| 567 | static int | 582 | static int |