summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh
diff options
context:
space:
mode:
authortb <>2023-08-11 11:32:19 +0000
committertb <>2023-08-11 11:32:19 +0000
commit7171df10dbe17cb4be982131045143b1e01ca086 (patch)
treedc0e086544bc2a047e1352a262e5f9663f3ea73a /src/lib/libcrypto/dh
parentdc735f4a9e74ac924b85bff4f25f1c9cf6cf6c21 (diff)
downloadopenbsd-7171df10dbe17cb4be982131045143b1e01ca086.tar.gz
openbsd-7171df10dbe17cb4be982131045143b1e01ca086.tar.bz2
openbsd-7171df10dbe17cb4be982131045143b1e01ca086.zip
Align dh and dsa decoding functions with encoding
This adds some missing error checks and fixes and unifies error codes which were (as usual) all over the place or just plain nonsense. Use an auxiliary variable for d2i invocations even though it is not really needed here. ok jsing
Diffstat (limited to 'src/lib/libcrypto/dh')
-rw-r--r--src/lib/libcrypto/dh/dh_ameth.c142
1 files changed, 79 insertions, 63 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 4a600b3bbd..cd4c130f10 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_ameth.c,v 1.33 2023/08/10 16:57:15 tb Exp $ */ 1/* $OpenBSD: dh_ameth.c,v 1.34 2023/08/11 11:32:19 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -78,53 +78,55 @@ int_dh_free(EVP_PKEY *pkey)
78static int 78static int
79dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 79dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
80{ 80{
81 const unsigned char *p, *pm; 81 X509_ALGOR *algor;
82 int pklen, pmlen;
83 int ptype; 82 int ptype;
84 const void *pval; 83 const void *pval;
85 const ASN1_STRING *pstr; 84 const ASN1_STRING *params;
86 X509_ALGOR *palg; 85 const unsigned char *key_der, *params_der, *p;
87 ASN1_INTEGER *public_key = NULL; 86 int key_len, params_len;
87 ASN1_INTEGER *key = NULL;
88 DH *dh = NULL; 88 DH *dh = NULL;
89 int ret = 0;
89 90
90 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) 91 if (!X509_PUBKEY_get0_param(NULL, &key_der, &key_len, &algor, pubkey))
91 return 0; 92 goto err;
92 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 93 X509_ALGOR_get0(NULL, &ptype, &pval, algor);
93 94
94 if (ptype != V_ASN1_SEQUENCE) { 95 if (ptype != V_ASN1_SEQUENCE) {
95 DHerror(DH_R_PARAMETER_ENCODING_ERROR); 96 DHerror(DH_R_PARAMETER_ENCODING_ERROR);
96 goto err; 97 goto err;
97 } 98 }
98 99
99 pstr = pval; 100 params = pval;
100 pm = pstr->data; 101 params_der = params->data;
101 pmlen = pstr->length; 102 params_len = params->length;
102 103
103 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) { 104 p = params_der;
105 if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
104 DHerror(DH_R_DECODE_ERROR); 106 DHerror(DH_R_DECODE_ERROR);
105 goto err; 107 goto err;
106 } 108 }
107 109 p = key_der;
108 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { 110 if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
109 DHerror(DH_R_DECODE_ERROR); 111 DHerror(DH_R_DECODE_ERROR);
110 goto err; 112 goto err;
111 } 113 }
112 114 if ((dh->pub_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) {
113 /* We have parameters now set public key */
114 if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
115 DHerror(DH_R_BN_DECODE_ERROR); 115 DHerror(DH_R_BN_DECODE_ERROR);
116 goto err; 116 goto err;
117 } 117 }
118 118
119 ASN1_INTEGER_free(public_key); 119 if (!EVP_PKEY_assign_DH(pkey, dh))
120 EVP_PKEY_assign_DH(pkey, dh); 120 goto err;
121 return 1; 121 dh = NULL;
122
123 ret = 1;
122 124
123err: 125 err:
124 if (public_key) 126 ASN1_INTEGER_free(key);
125 ASN1_INTEGER_free(public_key);
126 DH_free(dh); 127 DH_free(dh);
127 return 0; 128
129 return ret;
128} 130}
129 131
130static int 132static int
@@ -188,52 +190,57 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
188static int 190static int
189dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) 191dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
190{ 192{
191 const unsigned char *p, *pm; 193 const X509_ALGOR *algor;
192 int pklen, pmlen;
193 int ptype; 194 int ptype;
194 const void *pval; 195 const void *pval;
195 const ASN1_STRING *pstr; 196 const ASN1_STRING *params;
196 const X509_ALGOR *palg; 197 const unsigned char *key_der, *params_der, *p;
197 ASN1_INTEGER *privkey = NULL; 198 int key_len, params_len;
199 ASN1_INTEGER *key = NULL;
198 DH *dh = NULL; 200 DH *dh = NULL;
201 int ret = 0;
199 202
200 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) 203 if (!PKCS8_pkey_get0(NULL, &key_der, &key_len, &algor, p8))
201 return 0; 204 goto err;
202 205 X509_ALGOR_get0(NULL, &ptype, &pval, algor);
203 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
204 206
205 if (ptype != V_ASN1_SEQUENCE) 207 if (ptype != V_ASN1_SEQUENCE) {
206 goto decerr; 208 DHerror(DH_R_PARAMETER_ENCODING_ERROR);
209 goto err;
210 }
207 211
208 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) 212 params = pval;
209 goto decerr; 213 params_der = params->data;
214 params_len = params->length;
210 215
211 pstr = pval; 216 p = params_der;
212 pm = pstr->data; 217 if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
213 pmlen = pstr->length; 218 DHerror(DH_R_DECODE_ERROR);
214 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) 219 goto err;
215 goto decerr; 220 }
216 /* We have parameters now set private key */ 221 p = key_der;
217 if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { 222 if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
218 DHerror(DH_R_BN_ERROR); 223 DHerror(DH_R_DECODE_ERROR);
219 goto dherr; 224 goto err;
225 }
226 if ((dh->priv_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) {
227 DHerror(DH_R_BN_DECODE_ERROR);
228 goto err;
220 } 229 }
221 /* Calculate public key */
222 if (!DH_generate_key(dh)) 230 if (!DH_generate_key(dh))
223 goto dherr; 231 goto err;
224
225 EVP_PKEY_assign_DH(pkey, dh);
226 232
227 ASN1_INTEGER_free(privkey); 233 if (!EVP_PKEY_assign_DH(pkey, dh))
234 goto err;
235 dh = NULL;
228 236
229 return 1; 237 ret = 1;
230 238
231decerr: 239 err:
232 DHerror(EVP_R_DECODE_ERROR); 240 ASN1_INTEGER_free(key);
233dherr:
234 ASN1_INTEGER_free(privkey);
235 DH_free(dh); 241 DH_free(dh);
236 return 0; 242
243 return ret;
237} 244}
238 245
239static int 246static int
@@ -293,14 +300,23 @@ dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
293static int 300static int
294dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) 301dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
295{ 302{
296 DH *dh; 303 DH *dh = NULL;
304 int ret = 0;
297 305
298 if (!(dh = d2i_DHparams(NULL, pder, derlen))) { 306 if ((dh = d2i_DHparams(NULL, pder, derlen)) == NULL) {
299 DHerror(ERR_R_DH_LIB); 307 DHerror(ERR_R_DH_LIB);
300 return 0; 308 goto err;
301 } 309 }
302 EVP_PKEY_assign_DH(pkey, dh); 310 if (!EVP_PKEY_assign_DH(pkey, dh))
303 return 1; 311 goto err;
312 dh = NULL;
313
314 ret = 1;
315
316 err:
317 DH_free(dh);
318
319 return ret;
304} 320}
305 321
306static int 322static int