1 files changed, 79 insertions, 63 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 4a600b3bbd..cd4c130f10 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.33 2023/08/10 16:57:15 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.34 2023/08/11 11:32:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -78,53 +78,55 @@ int_dh_free(EVP_PKEY *pkey)
 static int
 dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 {
-        const unsigned char *p, *pm;
+        X509_ALGOR *algor;
-        int pklen, pmlen;
        int ptype;
        const void *pval;
-        const ASN1_STRING *pstr;
+        const ASN1_STRING *params;
-        X509_ALGOR *palg;
+        const unsigned char *key_der, *params_der, *p;
-        ASN1_INTEGER *public_key = NULL;
+        int key_len, params_len;
+        ASN1_INTEGER *key = NULL;
        DH *dh = NULL;
+        int ret = 0;
-        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        if (!X509_PUBKEY_get0_param(NULL, &key_der, &key_len, &algor, pubkey))
-                return 0;
+                goto err;
-        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+        X509_ALGOR_get0(NULL, &ptype, &pval, algor);
        if (ptype != V_ASN1_SEQUENCE) {
                DHerror(DH_R_PARAMETER_ENCODING_ERROR);
                goto err;
        }
-        pstr = pval;
+        params = pval;
-        pm = pstr->data;
+        params_der = params->data;
-        pmlen = pstr->length;
+        params_len = params->length;
-        if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
+        p = params_der;
+        if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
                DHerror(DH_R_DECODE_ERROR);
                goto err;
        }
+        p = key_der;
-        if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
+        if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
                DHerror(DH_R_DECODE_ERROR);
                goto err;
        }
+        if ((dh->pub_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) {
-        /* We have parameters now set public key */
-        if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
                DHerror(DH_R_BN_DECODE_ERROR);
                goto err;
        }
-        ASN1_INTEGER_free(public_key);
+        if (!EVP_PKEY_assign_DH(pkey, dh))
-        EVP_PKEY_assign_DH(pkey, dh);
+                goto err;
-        return 1;
+        dh = NULL;
+        ret = 1;
-err:
+ err:
-        if (public_key)
+        ASN1_INTEGER_free(key);
-                ASN1_INTEGER_free(public_key);
        DH_free(dh);
-        return 0;
+        return ret;
 }
 static int
@@ -188,52 +190,57 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 static int
 dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
 {
-        const unsigned char *p, *pm;
+        const X509_ALGOR *algor;
-        int pklen, pmlen;
        int ptype;
        const void *pval;
-        const ASN1_STRING *pstr;
+        const ASN1_STRING *params;
-        const X509_ALGOR *palg;
+        const unsigned char *key_der, *params_der, *p;
-        ASN1_INTEGER *privkey = NULL;
+        int key_len, params_len;
+        ASN1_INTEGER *key = NULL;
        DH *dh = NULL;
+        int ret = 0;
-        if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        if (!PKCS8_pkey_get0(NULL, &key_der, &key_len, &algor, p8))
-                return 0;
+                goto err;
+        X509_ALGOR_get0(NULL, &ptype, &pval, algor);
-        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-        if (ptype != V_ASN1_SEQUENCE)
+        if (ptype != V_ASN1_SEQUENCE) {
-                goto decerr;
+                DHerror(DH_R_PARAMETER_ENCODING_ERROR);
+                goto err;
+        }
-        if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+        params = pval;
-                goto decerr;
+        params_der = params->data;
+        params_len = params->length;
-        pstr = pval;
+        p = params_der;
-        pm = pstr->data;
+        if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
-        pmlen = pstr->length;
+                DHerror(DH_R_DECODE_ERROR);
-        if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+                goto err;
-                goto decerr;
+        }
-        /* We have parameters now set private key */
+        p = key_der;
-        if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+        if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
-                DHerror(DH_R_BN_ERROR);
+                DHerror(DH_R_DECODE_ERROR);
-                goto dherr;
+                goto err;
+        }
+        if ((dh->priv_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) {
+                DHerror(DH_R_BN_DECODE_ERROR);
+                goto err;
        }
-        /* Calculate public key */
        if (!DH_generate_key(dh))
-                goto dherr;
+                goto err;
-        EVP_PKEY_assign_DH(pkey, dh);
-        ASN1_INTEGER_free(privkey);
+        if (!EVP_PKEY_assign_DH(pkey, dh))
+                goto err;
+        dh = NULL;
-        return 1;
+        ret = 1;
-decerr:
+ err:
-        DHerror(EVP_R_DECODE_ERROR);
+        ASN1_INTEGER_free(key);
-dherr:
-        ASN1_INTEGER_free(privkey);
        DH_free(dh);
-        return 0;
+        return ret;
 }
 static int
@@ -293,14 +300,23 @@ dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 static int
 dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 {
-        DH *dh;
+        DH *dh = NULL;
+        int ret = 0;
-        if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
+        if ((dh = d2i_DHparams(NULL, pder, derlen)) == NULL) {
                DHerror(ERR_R_DH_LIB);
-                return 0;
+                goto err;
        }
-        EVP_PKEY_assign_DH(pkey, dh);
+        if (!EVP_PKEY_assign_DH(pkey, dh))
-        return 1;
+                goto err;
+        dh = NULL;
+        ret = 1;
+ err:
+        DH_free(dh);
+        return ret;
 }
 static int

diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index 4a600b3bbd..cd4c130f10 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_ameth.c,v 1.33 2023/08/10 16:57:15 tb Exp $ */	1	/* $OpenBSD: dh_ameth.c,v 1.34 2023/08/11 11:32:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -78,53 +78,55 @@ int_dh_free(EVP_PKEY *pkey)
78	static int	78	static int
79	dh_pub_decode(EVP_PKEY pkey, X509_PUBKEY pubkey)	79	dh_pub_decode(EVP_PKEY pkey, X509_PUBKEY pubkey)
80	{	80	{
81	const unsigned char p, pm;	81	X509_ALGOR *algor;
82	int pklen, pmlen;
83	int ptype;	82	int ptype;
84	const void *pval;	83	const void *pval;
85	const ASN1_STRING *pstr;	84	const ASN1_STRING *params;
86	X509_ALGOR *palg;	85	const unsigned char key_der, params_der, *p;
87	ASN1_INTEGER *public_key = NULL;	86	int key_len, params_len;
		87	ASN1_INTEGER *key = NULL;
88	DH *dh = NULL;	88	DH *dh = NULL;
		89	int ret = 0;
89		90
90	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))	91	if (!X509_PUBKEY_get0_param(NULL, &key_der, &key_len, &algor, pubkey))
91	return 0;	92	goto err;
92	X509_ALGOR_get0(NULL, &ptype, &pval, palg);	93	X509_ALGOR_get0(NULL, &ptype, &pval, algor);
93		94
94	if (ptype != V_ASN1_SEQUENCE) {	95	if (ptype != V_ASN1_SEQUENCE) {
95	DHerror(DH_R_PARAMETER_ENCODING_ERROR);	96	DHerror(DH_R_PARAMETER_ENCODING_ERROR);
96	goto err;	97	goto err;
97	}	98	}
98		99
99	pstr = pval;	100	params = pval;
100	pm = pstr->data;	101	params_der = params->data;
101	pmlen = pstr->length;	102	params_len = params->length;
102		103
103	if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {	104	p = params_der;
		105	if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
104	DHerror(DH_R_DECODE_ERROR);	106	DHerror(DH_R_DECODE_ERROR);
105	goto err;	107	goto err;
106	}	108	}
107		109	p = key_der;
108	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {	110	if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
109	DHerror(DH_R_DECODE_ERROR);	111	DHerror(DH_R_DECODE_ERROR);
110	goto err;	112	goto err;
111	}	113	}
112		114	if ((dh->pub_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) {
113	/* We have parameters now set public key */
114	if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
115	DHerror(DH_R_BN_DECODE_ERROR);	115	DHerror(DH_R_BN_DECODE_ERROR);
116	goto err;	116	goto err;
117	}	117	}
118		118
119	ASN1_INTEGER_free(public_key);	119	if (!EVP_PKEY_assign_DH(pkey, dh))
120	EVP_PKEY_assign_DH(pkey, dh);	120	goto err;
121	return 1;	121	dh = NULL;
		122
		123	ret = 1;
122		124
123	err:	125	err:
124	if (public_key)	126	ASN1_INTEGER_free(key);
125	ASN1_INTEGER_free(public_key);
126	DH_free(dh);	127	DH_free(dh);
127	return 0;	128
		129	return ret;
128	}	130	}
129		131
130	static int	132	static int
@@ -188,52 +190,57 @@ dh_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)
188	static int	190	static int
189	dh_priv_decode(EVP_PKEY pkey, const PKCS8_PRIV_KEY_INFO p8)	191	dh_priv_decode(EVP_PKEY pkey, const PKCS8_PRIV_KEY_INFO p8)
190	{	192	{
191	const unsigned char p, pm;	193	const X509_ALGOR *algor;
192	int pklen, pmlen;
193	int ptype;	194	int ptype;
194	const void *pval;	195	const void *pval;
195	const ASN1_STRING *pstr;	196	const ASN1_STRING *params;
196	const X509_ALGOR *palg;	197	const unsigned char key_der, params_der, *p;
197	ASN1_INTEGER *privkey = NULL;	198	int key_len, params_len;
		199	ASN1_INTEGER *key = NULL;
198	DH *dh = NULL;	200	DH *dh = NULL;
		201	int ret = 0;
199		202
200	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))	203	if (!PKCS8_pkey_get0(NULL, &key_der, &key_len, &algor, p8))
201	return 0;	204	goto err;
202		205	X509_ALGOR_get0(NULL, &ptype, &pval, algor);
203	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
204		206
205	if (ptype != V_ASN1_SEQUENCE)	207	if (ptype != V_ASN1_SEQUENCE) {
206	goto decerr;	208	DHerror(DH_R_PARAMETER_ENCODING_ERROR);
		209	goto err;
		210	}
207		211
208	if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))	212	params = pval;
209	goto decerr;	213	params_der = params->data;
		214	params_len = params->length;
210		215
211	pstr = pval;	216	p = params_der;
212	pm = pstr->data;	217	if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
213	pmlen = pstr->length;	218	DHerror(DH_R_DECODE_ERROR);
214	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))	219	goto err;
215	goto decerr;	220	}
216	/* We have parameters now set private key */	221	p = key_der;
217	if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {	222	if ((key = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
218	DHerror(DH_R_BN_ERROR);	223	DHerror(DH_R_DECODE_ERROR);
219	goto dherr;	224	goto err;
		225	}
		226	if ((dh->priv_key = ASN1_INTEGER_to_BN(key, NULL)) == NULL) {
		227	DHerror(DH_R_BN_DECODE_ERROR);
		228	goto err;
220	}	229	}
221	/* Calculate public key */
222	if (!DH_generate_key(dh))	230	if (!DH_generate_key(dh))
223	goto dherr;	231	goto err;
224
225	EVP_PKEY_assign_DH(pkey, dh);
226		232
227	ASN1_INTEGER_free(privkey);	233	if (!EVP_PKEY_assign_DH(pkey, dh))
		234	goto err;
		235	dh = NULL;
228		236
229	return 1;	237	ret = 1;
230		238
231	decerr:	239	err:
232	DHerror(EVP_R_DECODE_ERROR);	240	ASN1_INTEGER_free(key);
233	dherr:
234	ASN1_INTEGER_free(privkey);
235	DH_free(dh);	241	DH_free(dh);
236	return 0;	242
		243	return ret;
237	}	244	}
238		245
239	static int	246	static int
@@ -293,14 +300,23 @@ dh_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)
293	static int	300	static int
294	dh_param_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)	301	dh_param_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
295	{	302	{
296	DH *dh;	303	DH *dh = NULL;
		304	int ret = 0;
297		305
298	if (!(dh = d2i_DHparams(NULL, pder, derlen))) {	306	if ((dh = d2i_DHparams(NULL, pder, derlen)) == NULL) {
299	DHerror(ERR_R_DH_LIB);	307	DHerror(ERR_R_DH_LIB);
300	return 0;	308	goto err;
301	}	309	}
302	EVP_PKEY_assign_DH(pkey, dh);	310	if (!EVP_PKEY_assign_DH(pkey, dh))
303	return 1;	311	goto err;
		312	dh = NULL;
		313
		314	ret = 1;
		315
		316	err:
		317	DH_free(dh);
		318
		319	return ret;
304	}	320	}
305		321
306	static int	322	static int