OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
author: beck <> 2000-03-19 11:13:58 +0000
committer: beck <> 2000-03-19 11:13:58 +0000
commit: 796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree: 6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/evp/evp_pkey.c
parent: 5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
download: openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
1 files changed, 183 insertions, 82 deletions
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 421e452db1..d5e6f5880f 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -62,19 +62,22 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
 /* Extract a private key from a PKCS8 structure */
 EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 {
-        EVP_PKEY *pkey;
+        EVP_PKEY *pkey = NULL;
 #ifndef NO_RSA
-        RSA *rsa;
+        RSA *rsa = NULL;
 #endif
 #ifndef NO_DSA
-        DSA *dsa;
+        DSA *dsa = NULL;
-        ASN1_INTEGER *dsapriv;
+        ASN1_INTEGER *privkey;
-        STACK *ndsa;
+        ASN1_TYPE *t1, *t2, *param = NULL;
-        BN_CTX *ctx;
+        STACK *ndsa = NULL;
+        BN_CTX *ctx = NULL;
        int plen;
 #endif
        X509_ALGOR *a;
@@ -82,21 +85,14 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
        int pkeylen;
        char obj_tmp[80];
-        switch (p8->broken) {
+        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
-                case PKCS8_OK:
+                p8->broken = PKCS8_OK;
                p = p8->pkey->value.octet_string->data;
                pkeylen = p8->pkey->value.octet_string->length;
-                break;
+        } else {
+                p8->broken = PKCS8_NO_OCTET;
-                case PKCS8_NO_OCTET:
                p = p8->pkey->value.sequence->data;
                pkeylen = p8->pkey->value.sequence->length;
-                break;
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-                return NULL;
-                break;
        }
        if (!(pkey = EVP_PKEY_new())) {
                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
@@ -121,65 +117,83 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
                 * be recalculated.
                 */
        
-                /* Check for broken Netscape Database DSA PKCS#8, UGH! */
+                /* Check for broken DSA PKCS#8, UGH! */
                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
                    if(!(ndsa = ASN1_seq_unpack(p, pkeylen, 
-                                        (char *(*)())d2i_ASN1_INTEGER,
+                                        (char *(*)())d2i_ASN1_TYPE,
-                                                         ASN1_STRING_free))) {
+                                                         ASN1_TYPE_free))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
                    }
                    if(sk_num(ndsa) != 2 ) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        sk_pop_free(ndsa, ASN1_STRING_free);
+                        goto dsaerr;
-                        return NULL;
                    }
-                    dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);
+                    /* Handle Two broken types:
-                    sk_pop_free(ndsa, ASN1_STRING_free);
+                     * SEQUENCE {parameters, priv_key}
-                } else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                     * SEQUENCE {pub_key, priv_key}
+                     */
+                     
+                    t1 = (ASN1_TYPE *)sk_value(ndsa, 0);
+                    t2 = (ASN1_TYPE *)sk_value(ndsa, 1);
+                    if(t1->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_EMBEDDED_PARAM;
+                        param = t1;
+                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_NS_DB;
+                        param = a->parameter;
+                    } else {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
-                }
+                    }
-                /* Retrieve parameters */
-                if (a->parameter->type != V_ASN1_SEQUENCE) {
+                    if(t2->type != V_ASN1_INTEGER) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
+                    }
+                    privkey = t2->value.integer;
+                } else if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
                }
-                p = a->parameter->value.sequence->data;
+                p = param->value.sequence->data;
-                plen = a->parameter->value.sequence->length;
+                plen = param->value.sequence->length;
                if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
                }
                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {
+                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                /* Calculate public key (ouch!) */
                if (!(dsa->pub_key = BN_new())) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                if (!(ctx = BN_CTX_new())) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                        
                if (!BN_mod_exp(dsa->pub_key, dsa->g,
                                                 dsa->priv_key, dsa->p, ctx)) {
                        
                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        BN_CTX_free (ctx);
+                        goto dsaerr;
-                        DSA_free (dsa);
-                        return NULL;
                }
-                EVP_PKEY_assign_DSA (pkey, dsa);
+                EVP_PKEY_assign_DSA(pkey, dsa);
                BN_CTX_free (ctx);
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+                dsaerr:
+                BN_CTX_free (ctx);
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                DSA_free(dsa);
+                EVP_PKEY_free(pkey);
+                return NULL;
                break;
 #endif
                default:
@@ -193,30 +207,35 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
        return pkey;
 }
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+        return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
+}
 /* Turn a private key into a PKCS8 structure */
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 {
        PKCS8_PRIV_KEY_INFO *p8;
-#ifndef NO_DSA
-        ASN1_INTEGER *dpkey;
-        unsigned char *p, *q;
-        int len;
-#endif
        if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
+        p8->broken = broken;
        ASN1_INTEGER_set (p8->version, 0);
        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
+        p8->pkey->type = V_ASN1_OCTET_STRING;
        switch (EVP_PKEY_type(pkey->type)) {
 #ifndef NO_RSA
                case EVP_PKEY_RSA:
+                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
                p8->pkeyalg->parameter->type = V_ASN1_NULL;
                if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
@@ -229,36 +248,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
 #endif
 #ifndef NO_DSA
                case EVP_PKEY_DSA:
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+                if(!dsa_pkey2pkcs8(p8, pkey)) {
-                /* get paramaters and place in AlgorithmIdentifier */
-                len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-                if (!(p = Malloc(len))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        PKCS8_PRIV_KEY_INFO_free (p8);
                        return NULL;
                }
-                q = p;
-                i2d_DSAparams (pkey->pkey.dsa, &q);
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
-                ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
-                Free(p);
-                /* Get private key into an integer and pack */
-                if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                
-                if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        ASN1_INTEGER_free (dpkey);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                ASN1_INTEGER_free (dpkey);
                break;
 #endif
                default:
@@ -266,9 +260,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
+        RAND_add(p8->pkey->value.octet_string->data,
-        RAND_seed (p8->pkey->value.octet_string->data,
+                 p8->pkey->value.octet_string->length, 0);
-                                         p8->pkey->value.octet_string->length);
        return p8;
 }
@@ -295,4 +288,112 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
        }
 }
+#ifndef NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+        ASN1_STRING *params;
+        ASN1_INTEGER *prkey;
+        ASN1_TYPE *ttmp;
+        STACK *ndsa;
+        unsigned char *p, *q;
+        int len;
+        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+        if (!(p = Malloc(len))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                PKCS8_PRIV_KEY_INFO_free (p8);
+                return 0;
+        }
+        q = p;
+        i2d_DSAparams (pkey->pkey.dsa, &q);
+        params = ASN1_STRING_new();
+        ASN1_STRING_set(params, p, len);
+        Free(p);
+        /* Get private key into integer */
+        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                return 0;
+        }
+        switch(p8->broken) {
+                case PKCS8_OK:
+                case PKCS8_NO_OCTET:
+                if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
+                                         &p8->pkey->value.octet_string)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        M_ASN1_INTEGER_free (prkey);
+                        return 0;
+                }
+                M_ASN1_INTEGER_free (prkey);
+                p8->pkeyalg->parameter->value.sequence = params;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+                break;
+                case PKCS8_NS_DB:
+                p8->pkeyalg->parameter->value.sequence = params;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+                ndsa = sk_new_null();
+                ttmp = ASN1_TYPE_new();
+                if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+                        return 0;
+                }
+                ttmp->type = V_ASN1_INTEGER;
+                sk_push(ndsa, (char *)ttmp);
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.integer = prkey;
+                ttmp->type = V_ASN1_INTEGER;
+                sk_push(ndsa, (char *)ttmp);
+                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+                if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        sk_pop_free(ndsa, ASN1_TYPE_free);
+                        M_ASN1_INTEGER_free(prkey);
+                        return 0;
+                }
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+                case PKCS8_EMBEDDED_PARAM:
+                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                ndsa = sk_new_null();
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.sequence = params;
+                ttmp->type = V_ASN1_SEQUENCE;
+                sk_push(ndsa, (char *)ttmp);
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.integer = prkey;
+                ttmp->type = V_ASN1_INTEGER;
+                sk_push(ndsa, (char *)ttmp);
+                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+                if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        sk_pop_free(ndsa, ASN1_TYPE_free);
+                        M_ASN1_INTEGER_free (prkey);
+                        return 0;
+                }
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+        }
+        return 1;
+}
+#endif
author	beck <>	2000-03-19 11:13:58 +0000
committer	beck <>	2000-03-19 11:13:58 +0000
commit	796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree	6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/evp/evp_pkey.c
parent	5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
download	openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2 openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip

diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 421e452db1..d5e6f5880f 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -62,19 +62,22 @@
62	#include <openssl/x509.h>	62	#include <openssl/x509.h>
63	#include <openssl/rand.h>	63	#include <openssl/rand.h>
64		64
		65	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8inf, EVP_PKEY pkey);
		66
65	/* Extract a private key from a PKCS8 structure */	67	/* Extract a private key from a PKCS8 structure */
66		68
67	EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)	69	EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
68	{	70	{
69	EVP_PKEY *pkey;	71	EVP_PKEY *pkey = NULL;
70	#ifndef NO_RSA	72	#ifndef NO_RSA
71	RSA *rsa;	73	RSA *rsa = NULL;
72	#endif	74	#endif
73	#ifndef NO_DSA	75	#ifndef NO_DSA
74	DSA *dsa;	76	DSA *dsa = NULL;
75	ASN1_INTEGER *dsapriv;	77	ASN1_INTEGER *privkey;
76	STACK *ndsa;	78	ASN1_TYPE t1, t2, *param = NULL;
77	BN_CTX *ctx;	79	STACK *ndsa = NULL;
		80	BN_CTX *ctx = NULL;
78	int plen;	81	int plen;
79	#endif	82	#endif
80	X509_ALGOR *a;	83	X509_ALGOR *a;
@@ -82,21 +85,14 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
82	int pkeylen;	85	int pkeylen;
83	char obj_tmp[80];	86	char obj_tmp[80];
84		87
85	switch (p8->broken) {	88	if(p8->pkey->type == V_ASN1_OCTET_STRING) {
86	case PKCS8_OK:	89	p8->broken = PKCS8_OK;
87	p = p8->pkey->value.octet_string->data;	90	p = p8->pkey->value.octet_string->data;
88	pkeylen = p8->pkey->value.octet_string->length;	91	pkeylen = p8->pkey->value.octet_string->length;
89	break;	92	} else {
90		93	p8->broken = PKCS8_NO_OCTET;
91	case PKCS8_NO_OCTET:
92	p = p8->pkey->value.sequence->data;	94	p = p8->pkey->value.sequence->data;
93	pkeylen = p8->pkey->value.sequence->length;	95	pkeylen = p8->pkey->value.sequence->length;
94	break;
95
96	default:
97	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
98	return NULL;
99	break;
100	}	96	}
101	if (!(pkey = EVP_PKEY_new())) {	97	if (!(pkey = EVP_PKEY_new())) {
102	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	98	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
@@ -121,65 +117,83 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
121	* be recalculated.	117	* be recalculated.
122	*/	118	*/
123		119
124	/* Check for broken Netscape Database DSA PKCS#8, UGH! */	120	/* Check for broken DSA PKCS#8, UGH! */
125	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {	121	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {
126	if(!(ndsa = ASN1_seq_unpack(p, pkeylen,	122	if(!(ndsa = ASN1_seq_unpack(p, pkeylen,
127	(char ()())d2i_ASN1_INTEGER,	123	(char ()())d2i_ASN1_TYPE,
128	ASN1_STRING_free))) {	124	ASN1_TYPE_free))) {
129	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	125	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
130	return NULL;	126	goto dsaerr;
131	}	127	}
132	if(sk_num(ndsa) != 2 ) {	128	if(sk_num(ndsa) != 2 ) {
133	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	129	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
134	sk_pop_free(ndsa, ASN1_STRING_free);	130	goto dsaerr;
135	return NULL;
136	}	131	}
137	dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);	132	/* Handle Two broken types:
138	sk_pop_free(ndsa, ASN1_STRING_free);	133	* SEQUENCE {parameters, priv_key}
139	} else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {	134	* SEQUENCE {pub_key, priv_key}
		135	*/
		136
		137	t1 = (ASN1_TYPE *)sk_value(ndsa, 0);
		138	t2 = (ASN1_TYPE *)sk_value(ndsa, 1);
		139	if(t1->type == V_ASN1_SEQUENCE) {
		140	p8->broken = PKCS8_EMBEDDED_PARAM;
		141	param = t1;
		142	} else if(a->parameter->type == V_ASN1_SEQUENCE) {
		143	p8->broken = PKCS8_NS_DB;
		144	param = a->parameter;
		145	} else {
140	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	146	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
141	return NULL;	147	goto dsaerr;
142	}	148	}
143	/* Retrieve parameters */	149
144	if (a->parameter->type != V_ASN1_SEQUENCE) {	150	if(t2->type != V_ASN1_INTEGER) {
145	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);	151	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
146	return NULL;	152	goto dsaerr;
		153	}
		154	privkey = t2->value.integer;
		155	} else if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
		156	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
		157	goto dsaerr;
147	}	158	}
148	p = a->parameter->value.sequence->data;	159	p = param->value.sequence->data;
149	plen = a->parameter->value.sequence->length;	160	plen = param->value.sequence->length;
150	if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {	161	if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
151	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	162	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
152	return NULL;	163	goto dsaerr;
153	}	164	}
154	/* We have parameters now set private key */	165	/* We have parameters now set private key */
155	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {	166	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
156	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);	167	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
157	DSA_free (dsa);	168	goto dsaerr;
158	return NULL;
159	}	169	}
160	/* Calculate public key (ouch!) */	170	/* Calculate public key (ouch!) */
161	if (!(dsa->pub_key = BN_new())) {	171	if (!(dsa->pub_key = BN_new())) {
162	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	172	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
163	DSA_free (dsa);	173	goto dsaerr;
164	return NULL;
165	}	174	}
166	if (!(ctx = BN_CTX_new())) {	175	if (!(ctx = BN_CTX_new())) {
167	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	176	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
168	DSA_free (dsa);	177	goto dsaerr;
169	return NULL;
170	}	178	}
171		179
172	if (!BN_mod_exp(dsa->pub_key, dsa->g,	180	if (!BN_mod_exp(dsa->pub_key, dsa->g,
173	dsa->priv_key, dsa->p, ctx)) {	181	dsa->priv_key, dsa->p, ctx)) {
174		182
175	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);	183	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
176	BN_CTX_free (ctx);	184	goto dsaerr;
177	DSA_free (dsa);
178	return NULL;
179	}	185	}
180		186
181	EVP_PKEY_assign_DSA (pkey, dsa);	187	EVP_PKEY_assign_DSA(pkey, dsa);
182	BN_CTX_free (ctx);	188	BN_CTX_free (ctx);
		189	sk_pop_free(ndsa, ASN1_TYPE_free);
		190	break;
		191	dsaerr:
		192	BN_CTX_free (ctx);
		193	sk_pop_free(ndsa, ASN1_TYPE_free);
		194	DSA_free(dsa);
		195	EVP_PKEY_free(pkey);
		196	return NULL;
183	break;	197	break;
184	#endif	198	#endif
185	default:	199	default:
@@ -193,30 +207,35 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
193	return pkey;	207	return pkey;
194	}	208	}
195		209
		210	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
		211	{
		212	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
		213	}
		214
196	/* Turn a private key into a PKCS8 structure */	215	/* Turn a private key into a PKCS8 structure */
197		216
198	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)	217	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8_broken(EVP_PKEY pkey, int broken)
199	{	218	{
200	PKCS8_PRIV_KEY_INFO *p8;	219	PKCS8_PRIV_KEY_INFO *p8;
201	#ifndef NO_DSA	220
202	ASN1_INTEGER *dpkey;
203	unsigned char p, q;
204	int len;
205	#endif
206	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	221	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
207	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);	222	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
208	return NULL;	223	return NULL;
209	}	224	}
		225	p8->broken = broken;
210	ASN1_INTEGER_set (p8->version, 0);	226	ASN1_INTEGER_set (p8->version, 0);
211	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {	227	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
212	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);	228	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
213	PKCS8_PRIV_KEY_INFO_free (p8);	229	PKCS8_PRIV_KEY_INFO_free (p8);
214	return NULL;	230	return NULL;
215	}	231	}
		232	p8->pkey->type = V_ASN1_OCTET_STRING;
216	switch (EVP_PKEY_type(pkey->type)) {	233	switch (EVP_PKEY_type(pkey->type)) {
217	#ifndef NO_RSA	234	#ifndef NO_RSA
218	case EVP_PKEY_RSA:	235	case EVP_PKEY_RSA:
219		236
		237	if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
		238
220	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);	239	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
221	p8->pkeyalg->parameter->type = V_ASN1_NULL;	240	p8->pkeyalg->parameter->type = V_ASN1_NULL;
222	if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,	241	if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
@@ -229,36 +248,11 @@ PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
229	#endif	248	#endif
230	#ifndef NO_DSA	249	#ifndef NO_DSA
231	case EVP_PKEY_DSA:	250	case EVP_PKEY_DSA:
232	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);	251	if(!dsa_pkey2pkcs8(p8, pkey)) {
233
234	/* get paramaters and place in AlgorithmIdentifier */
235	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
236	if (!(p = Malloc(len))) {
237	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
238	PKCS8_PRIV_KEY_INFO_free (p8);	252	PKCS8_PRIV_KEY_INFO_free (p8);
239	return NULL;	253	return NULL;
240	}	254	}
241	q = p;	255
242	i2d_DSAparams (pkey->pkey.dsa, &q);
243	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
244	p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
245	ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
246	Free(p);
247	/* Get private key into an integer and pack */
248	if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
249	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
250	PKCS8_PRIV_KEY_INFO_free (p8);
251	return NULL;
252	}
253
254	if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
255	&p8->pkey->value.octet_string)) {
256	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
257	ASN1_INTEGER_free (dpkey);
258	PKCS8_PRIV_KEY_INFO_free (p8);
259	return NULL;
260	}
261	ASN1_INTEGER_free (dpkey);
262	break;	256	break;
263	#endif	257	#endif
264	default:	258	default:
@@ -266,9 +260,8 @@ PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
266	PKCS8_PRIV_KEY_INFO_free (p8);	260	PKCS8_PRIV_KEY_INFO_free (p8);
267	return NULL;	261	return NULL;
268	}	262	}
269	p8->pkey->type = V_ASN1_OCTET_STRING;	263	RAND_add(p8->pkey->value.octet_string->data,
270	RAND_seed (p8->pkey->value.octet_string->data,	264	p8->pkey->value.octet_string->length, 0);
271	p8->pkey->value.octet_string->length);
272	return p8;	265	return p8;
273	}	266	}
274		267
@@ -295,4 +288,112 @@ PKCS8_PRIV_KEY_INFO PKCS8_set_broken(PKCS8_PRIV_KEY_INFO p8, int broken)
295	}	288	}
296	}	289	}
297		290
		291	#ifndef NO_DSA
		292	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8, EVP_PKEY pkey)
		293	{
		294	ASN1_STRING *params;
		295	ASN1_INTEGER *prkey;
		296	ASN1_TYPE *ttmp;
		297	STACK *ndsa;
		298	unsigned char p, q;
		299	int len;
		300	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
		301	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
		302	if (!(p = Malloc(len))) {
		303	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		304	PKCS8_PRIV_KEY_INFO_free (p8);
		305	return 0;
		306	}
		307	q = p;
		308	i2d_DSAparams (pkey->pkey.dsa, &q);
		309	params = ASN1_STRING_new();
		310	ASN1_STRING_set(params, p, len);
		311	Free(p);
		312	/* Get private key into integer */
		313	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
		314	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
		315	return 0;
		316	}
		317
		318	switch(p8->broken) {
298		319
		320	case PKCS8_OK:
		321	case PKCS8_NO_OCTET:
		322
		323	if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
		324	&p8->pkey->value.octet_string)) {
		325	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		326	M_ASN1_INTEGER_free (prkey);
		327	return 0;
		328	}
		329
		330	M_ASN1_INTEGER_free (prkey);
		331	p8->pkeyalg->parameter->value.sequence = params;
		332	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		333
		334	break;
		335
		336	case PKCS8_NS_DB:
		337
		338	p8->pkeyalg->parameter->value.sequence = params;
		339	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		340	ndsa = sk_new_null();
		341	ttmp = ASN1_TYPE_new();
		342	if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
		343	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
		344	PKCS8_PRIV_KEY_INFO_free(p8);
		345	return 0;
		346	}
		347	ttmp->type = V_ASN1_INTEGER;
		348	sk_push(ndsa, (char *)ttmp);
		349
		350	ttmp = ASN1_TYPE_new();
		351	ttmp->value.integer = prkey;
		352	ttmp->type = V_ASN1_INTEGER;
		353	sk_push(ndsa, (char *)ttmp);
		354
		355	p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
		356
		357	if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
		358	&p8->pkey->value.octet_string->data,
		359	&p8->pkey->value.octet_string->length)) {
		360
		361	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		362	sk_pop_free(ndsa, ASN1_TYPE_free);
		363	M_ASN1_INTEGER_free(prkey);
		364	return 0;
		365	}
		366	sk_pop_free(ndsa, ASN1_TYPE_free);
		367	break;
		368
		369	case PKCS8_EMBEDDED_PARAM:
		370
		371	p8->pkeyalg->parameter->type = V_ASN1_NULL;
		372	ndsa = sk_new_null();
		373	ttmp = ASN1_TYPE_new();
		374	ttmp->value.sequence = params;
		375	ttmp->type = V_ASN1_SEQUENCE;
		376	sk_push(ndsa, (char *)ttmp);
		377
		378	ttmp = ASN1_TYPE_new();
		379	ttmp->value.integer = prkey;
		380	ttmp->type = V_ASN1_INTEGER;
		381	sk_push(ndsa, (char *)ttmp);
		382
		383	p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
		384
		385	if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
		386	&p8->pkey->value.octet_string->data,
		387	&p8->pkey->value.octet_string->length)) {
		388
		389	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		390	sk_pop_free(ndsa, ASN1_TYPE_free);
		391	M_ASN1_INTEGER_free (prkey);
		392	return 0;
		393	}
		394	sk_pop_free(ndsa, ASN1_TYPE_free);
		395	break;
		396	}
		397	return 1;
		398	}
		399	#endif