Clean up {dh,dsa}_pub_encode()

This brings these two messy functions into more usual shape. There is a lot more that can be done in here. It is a step in the right direction. ok jsing
author: tb <> 2023-08-10 15:11:16 +0000
committer: tb <> 2023-08-10 15:11:16 +0000
commit: 613ea14100348433bc126c36a2fe25f5d35cd216 (patch)
tree: 8b2adeb365ee4ac1a769735df0410ecf7de69dc7 /src
parent: 94d6db7aae41374a07274a3db71eb29dfc627d30 (diff)
download: openbsd-613ea14100348433bc126c36a2fe25f5d35cd216.tar.gz
openbsd-613ea14100348433bc126c36a2fe25f5d35cd216.tar.bz2
openbsd-613ea14100348433bc126c36a2fe25f5d35cd216.zip
2 files changed, 54 insertions, 46 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 12f2db7b8e..3898db89f0 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.31 2023/08/10 09:43:51 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.32 2023/08/10 15:11:16 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -130,48 +130,49 @@ err:
 static int
 dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 {
-        DH *dh;
+        const DH *dh = pkey->pkey.dh;
-        int ptype;
+        ASN1_STRING *str = NULL;
-        unsigned char *penc = NULL;
+        int ptype = V_ASN1_SEQUENCE;
-        int penclen;
-        ASN1_STRING *str;
        ASN1_INTEGER *pub_key = NULL;
+        ASN1_OBJECT *aobj;
+        unsigned char *data = NULL, *penc = NULL;
+        int datalen = 0, penclen = 0;
-        dh=pkey->pkey.dh;
+        if ((datalen = i2d_DHparams(dh, &data)) <= 0) {
-        str = ASN1_STRING_new();
-        if (str == NULL) {
                DHerror(ERR_R_MALLOC_FAILURE);
+                datalen = 0;
                goto err;
        }
+        if ((str = ASN1_STRING_new()) == NULL) {
-        str->length = i2d_DHparams(dh, &str->data);
-        if (str->length <= 0) {
                DHerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        ptype = V_ASN1_SEQUENCE;
+        ASN1_STRING_set0(str, data, datalen);
+        data = NULL;
+        datalen = 0;
-        pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+        if ((pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL)) == NULL)
-        if (!pub_key)
                goto err;
+        if ((penclen = i2d_ASN1_INTEGER(pub_key, &penc)) <= 0) {
-        penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+                DHerror(ERR_R_MALLOC_FAILURE);
+                penclen = 0;
+                goto err;
+        }
        ASN1_INTEGER_free(pub_key);
+        pub_key = NULL;
-        if (penclen <= 0) {
+        if ((aobj = OBJ_nid2obj(EVP_PKEY_DH)) == NULL)
-                DHerror(ERR_R_MALLOC_FAILURE);
+                goto err;
+        if (!X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
                goto err;
-                }
-        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
+        return 1;
-            (void *)str, penc, penclen))
-                return 1;
-err:
+ err:
-        free(penc);
        ASN1_STRING_free(str);
+        ASN1_INTEGER_free(pub_key);
+        freezero(data, datalen);
+        freezero(penc, penclen);
        return 0;
 }
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index ad5aa09cd0..aab4588b5a 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.44 2023/08/10 09:43:51 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.45 2023/08/10 15:11:16 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -138,47 +138,54 @@ err:
 static int
 dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 {
-        DSA *dsa;
+        const DSA *dsa = pkey->pkey.dsa;
-        ASN1_INTEGER *pubint = NULL;
        ASN1_STRING *str = NULL;
        int ptype = V_ASN1_UNDEF;
-        unsigned char *penc = NULL;
+        ASN1_INTEGER *pub_key = NULL;
-        int penclen;
+        ASN1_OBJECT *aobj;
+        unsigned char *data = NULL, *penc = NULL;
+        int datalen = 0, penclen = 0;
-        dsa = pkey->pkey.dsa;
        if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
-                if ((str = ASN1_STRING_new()) == NULL) {
+                if ((datalen = i2d_DSAparams(dsa, &data)) <= 0) {
                        DSAerror(ERR_R_MALLOC_FAILURE);
+                        datalen = 0;
                        goto err;
                }
-                str->length = i2d_DSAparams(dsa, &str->data);
+                if ((str = ASN1_STRING_new()) == NULL) {
-                if (str->length <= 0) {
                        DSAerror(ERR_R_MALLOC_FAILURE);
                        goto err;
                }
+                ASN1_STRING_set0(str, data, datalen);
+                data = NULL;
+                datalen = 0;
                ptype = V_ASN1_SEQUENCE;
        }
-        if ((pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) {
+        if ((pub_key = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) {
                DSAerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
+        if ((penclen = i2d_ASN1_INTEGER(pub_key, &penc)) <= 0) {
-        penclen = i2d_ASN1_INTEGER(pubint, &penc);
-        ASN1_INTEGER_free(pubint);
-        if (penclen <= 0) {
                DSAerror(ERR_R_MALLOC_FAILURE);
+                penclen = 0;
                goto err;
        }
+        ASN1_INTEGER_free(pub_key);
+        pub_key = NULL;
-        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, str,
+        if ((aobj = OBJ_nid2obj(EVP_PKEY_DSA)) == NULL)
-            penc, penclen))
+                goto err;
-                return 1;
+        if (!X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
+                goto err;
+        return 1;
 err:
-        free(penc);
        ASN1_STRING_free(str);
+        ASN1_INTEGER_free(pub_key);
+        freezero(data, datalen);
+        freezero(penc, penclen);
        return 0;
 }
author	tb <>	2023-08-10 15:11:16 +0000
committer	tb <>	2023-08-10 15:11:16 +0000
commit	613ea14100348433bc126c36a2fe25f5d35cd216 (patch)
tree	8b2adeb365ee4ac1a769735df0410ecf7de69dc7 /src
parent	94d6db7aae41374a07274a3db71eb29dfc627d30 (diff)
download	openbsd-613ea14100348433bc126c36a2fe25f5d35cd216.tar.gz openbsd-613ea14100348433bc126c36a2fe25f5d35cd216.tar.bz2 openbsd-613ea14100348433bc126c36a2fe25f5d35cd216.zip

diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index 12f2db7b8e..3898db89f0 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_ameth.c,v 1.31 2023/08/10 09:43:51 tb Exp $ */	1	/* $OpenBSD: dh_ameth.c,v 1.32 2023/08/10 15:11:16 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -130,48 +130,49 @@ err:
130	static int	130	static int
131	dh_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)	131	dh_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)
132	{	132	{
133	DH *dh;	133	const DH *dh = pkey->pkey.dh;
134	int ptype;	134	ASN1_STRING *str = NULL;
135	unsigned char *penc = NULL;	135	int ptype = V_ASN1_SEQUENCE;
136	int penclen;
137	ASN1_STRING *str;
138	ASN1_INTEGER *pub_key = NULL;	136	ASN1_INTEGER *pub_key = NULL;
		137	ASN1_OBJECT *aobj;
		138	unsigned char data = NULL, penc = NULL;
		139	int datalen = 0, penclen = 0;
139		140
140	dh=pkey->pkey.dh;	141	if ((datalen = i2d_DHparams(dh, &data)) <= 0) {
141
142	str = ASN1_STRING_new();
143	if (str == NULL) {
144	DHerror(ERR_R_MALLOC_FAILURE);	142	DHerror(ERR_R_MALLOC_FAILURE);
		143	datalen = 0;
145	goto err;	144	goto err;
146	}	145	}
147		146	if ((str = ASN1_STRING_new()) == NULL) {
148	str->length = i2d_DHparams(dh, &str->data);
149	if (str->length <= 0) {
150	DHerror(ERR_R_MALLOC_FAILURE);	147	DHerror(ERR_R_MALLOC_FAILURE);
151	goto err;	148	goto err;
152	}	149	}
153	ptype = V_ASN1_SEQUENCE;	150	ASN1_STRING_set0(str, data, datalen);
		151	data = NULL;
		152	datalen = 0;
154		153
155	pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);	154	if ((pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL)) == NULL)
156	if (!pub_key)
157	goto err;	155	goto err;
158		156	if ((penclen = i2d_ASN1_INTEGER(pub_key, &penc)) <= 0) {
159	penclen = i2d_ASN1_INTEGER(pub_key, &penc);	157	DHerror(ERR_R_MALLOC_FAILURE);
160		158	penclen = 0;
		159	goto err;
		160	}
161	ASN1_INTEGER_free(pub_key);	161	ASN1_INTEGER_free(pub_key);
		162	pub_key = NULL;
162		163
163	if (penclen <= 0) {	164	if ((aobj = OBJ_nid2obj(EVP_PKEY_DH)) == NULL)
164	DHerror(ERR_R_MALLOC_FAILURE);	165	goto err;
		166	if (!X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
165	goto err;	167	goto err;
166	}
167		168
168	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,	169	return 1;
169	(void *)str, penc, penclen))
170	return 1;
171		170
172	err:	171	err:
173	free(penc);
174	ASN1_STRING_free(str);	172	ASN1_STRING_free(str);
		173	ASN1_INTEGER_free(pub_key);
		174	freezero(data, datalen);
		175	freezero(penc, penclen);
175		176
176	return 0;	177	return 0;
177	}	178	}


diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index ad5aa09cd0..aab4588b5a 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_ameth.c,v 1.44 2023/08/10 09:43:51 tb Exp $ */	1	/* $OpenBSD: dsa_ameth.c,v 1.45 2023/08/10 15:11:16 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -138,47 +138,54 @@ err:
138	static int	138	static int
139	dsa_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)	139	dsa_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)
140	{	140	{
141	DSA *dsa;	141	const DSA *dsa = pkey->pkey.dsa;
142	ASN1_INTEGER *pubint = NULL;
143	ASN1_STRING *str = NULL;	142	ASN1_STRING *str = NULL;
144	int ptype = V_ASN1_UNDEF;	143	int ptype = V_ASN1_UNDEF;
145	unsigned char *penc = NULL;	144	ASN1_INTEGER *pub_key = NULL;
146	int penclen;	145	ASN1_OBJECT *aobj;
		146	unsigned char data = NULL, penc = NULL;
		147	int datalen = 0, penclen = 0;
147		148
148	dsa = pkey->pkey.dsa;
149	if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {	149	if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
150	if ((str = ASN1_STRING_new()) == NULL) {	150	if ((datalen = i2d_DSAparams(dsa, &data)) <= 0) {
151	DSAerror(ERR_R_MALLOC_FAILURE);	151	DSAerror(ERR_R_MALLOC_FAILURE);
		152	datalen = 0;
152	goto err;	153	goto err;
153	}	154	}
154	str->length = i2d_DSAparams(dsa, &str->data);	155	if ((str = ASN1_STRING_new()) == NULL) {
155	if (str->length <= 0) {
156	DSAerror(ERR_R_MALLOC_FAILURE);	156	DSAerror(ERR_R_MALLOC_FAILURE);
157	goto err;	157	goto err;
158	}	158	}
		159	ASN1_STRING_set0(str, data, datalen);
		160	data = NULL;
		161	datalen = 0;
159	ptype = V_ASN1_SEQUENCE;	162	ptype = V_ASN1_SEQUENCE;
160	}	163	}
161		164
162	if ((pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) {	165	if ((pub_key = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) {
163	DSAerror(ERR_R_MALLOC_FAILURE);	166	DSAerror(ERR_R_MALLOC_FAILURE);
164	goto err;	167	goto err;
165	}	168	}
166		169	if ((penclen = i2d_ASN1_INTEGER(pub_key, &penc)) <= 0) {
167	penclen = i2d_ASN1_INTEGER(pubint, &penc);
168	ASN1_INTEGER_free(pubint);
169
170	if (penclen <= 0) {
171	DSAerror(ERR_R_MALLOC_FAILURE);	170	DSAerror(ERR_R_MALLOC_FAILURE);
		171	penclen = 0;
172	goto err;	172	goto err;
173	}	173	}
		174	ASN1_INTEGER_free(pub_key);
		175	pub_key = NULL;
174		176
175	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, str,	177	if ((aobj = OBJ_nid2obj(EVP_PKEY_DSA)) == NULL)
176	penc, penclen))	178	goto err;
177	return 1;	179	if (!X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
		180	goto err;
		181
		182	return 1;
178		183
179	err:	184	err:
180	free(penc);
181	ASN1_STRING_free(str);	185	ASN1_STRING_free(str);
		186	ASN1_INTEGER_free(pub_key);
		187	freezero(data, datalen);
		188	freezero(penc, penclen);
182		189
183	return 0;	190	return 0;
184	}	191	}