1 files changed, 205 insertions, 91 deletions
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 421e452db1..34b5b1d21c 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -62,41 +62,40 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
+#endif
 /* Extract a private key from a PKCS8 structure */
 EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 {
-        EVP_PKEY *pkey;
+        EVP_PKEY *pkey = NULL;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
-        RSA *rsa;
+        RSA *rsa = NULL;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
-        DSA *dsa;
+        DSA *dsa = NULL;
-        ASN1_INTEGER *dsapriv;
+        ASN1_INTEGER *privkey;
-        STACK *ndsa;
+        ASN1_TYPE *t1, *t2, *param = NULL;
-        BN_CTX *ctx;
+        STACK_OF(ASN1_TYPE) *ndsa = NULL;
+        BN_CTX *ctx = NULL;
        int plen;
 #endif
        X509_ALGOR *a;
        unsigned char *p;
+        const unsigned char *cp;
        int pkeylen;
        char obj_tmp[80];
-        switch (p8->broken) {
+        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
-                case PKCS8_OK:
+                p8->broken = PKCS8_OK;
                p = p8->pkey->value.octet_string->data;
                pkeylen = p8->pkey->value.octet_string->length;
-                break;
+        } else {
+                p8->broken = PKCS8_NO_OCTET;
-                case PKCS8_NO_OCTET:
                p = p8->pkey->value.sequence->data;
                pkeylen = p8->pkey->value.sequence->length;
-                break;
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-                return NULL;
-                break;
        }
        if (!(pkey = EVP_PKEY_new())) {
                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
@@ -105,81 +104,108 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
        a = p8->pkeyalg;
        switch (OBJ_obj2nid(a->algorithm))
        {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                case NID_rsaEncryption:
-                if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {
+                cp = p;
+                if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
                        return NULL;
                }
                EVP_PKEY_assign_RSA (pkey, rsa);
                break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                case NID_dsa:
                /* PKCS#8 DSA is weird: you just get a private key integer
                 * and parameters in the AlgorithmIdentifier the pubkey must
                 * be recalculated.
                 */
        
-                /* Check for broken Netscape Database DSA PKCS#8, UGH! */
+                /* Check for broken DSA PKCS#8, UGH! */
                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                    if(!(ndsa = ASN1_seq_unpack(p, pkeylen, 
+                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
-                                        (char *(*)())d2i_ASN1_INTEGER,
+                                                          d2i_ASN1_TYPE,
-                                                         ASN1_STRING_free))) {
+                                                          ASN1_TYPE_free))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
                    }
-                    if(sk_num(ndsa) != 2 ) {
+                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        sk_pop_free(ndsa, ASN1_STRING_free);
+                        goto dsaerr;
-                        return NULL;
                    }
-                    dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);
+                    /* Handle Two broken types:
-                    sk_pop_free(ndsa, ASN1_STRING_free);
+                     * SEQUENCE {parameters, priv_key}
-                } else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                     * SEQUENCE {pub_key, priv_key}
+                     */
+                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
+                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
+                    if(t1->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_EMBEDDED_PARAM;
+                        param = t1;
+                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_NS_DB;
+                        param = a->parameter;
+                    } else {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
+                    }
+                    if(t2->type != V_ASN1_INTEGER) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
+                    }
+                    privkey = t2->value.integer;
+                } else {
+                        if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                                goto dsaerr;
+                        }
+                        param = p8->pkeyalg->parameter;
                }
-                /* Retrieve parameters */
+                if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                if (a->parameter->type != V_ASN1_SEQUENCE) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);
+                        goto dsaerr;
-                        return NULL;
                }
-                p = a->parameter->value.sequence->data;
+                cp = p = param->value.sequence->data;
-                plen = a->parameter->value.sequence->length;
+                plen = param->value.sequence->length;
-                if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
+                if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
                }
                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {
+                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                /* Calculate public key (ouch!) */
                if (!(dsa->pub_key = BN_new())) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                if (!(ctx = BN_CTX_new())) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                        
                if (!BN_mod_exp(dsa->pub_key, dsa->g,
                                                 dsa->priv_key, dsa->p, ctx)) {
                        
                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        BN_CTX_free (ctx);
+                        goto dsaerr;
-                        DSA_free (dsa);
-                        return NULL;
                }
-                EVP_PKEY_assign_DSA (pkey, dsa);
+                EVP_PKEY_assign_DSA(pkey, dsa);
                BN_CTX_free (ctx);
+                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                else ASN1_INTEGER_free(privkey);
+                break;
+                dsaerr:
+                BN_CTX_free (ctx);
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                DSA_free(dsa);
+                EVP_PKEY_free(pkey);
+                return NULL;
                break;
 #endif
                default:
@@ -193,30 +219,35 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
        return pkey;
 }
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+        return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
+}
 /* Turn a private key into a PKCS8 structure */
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 {
        PKCS8_PRIV_KEY_INFO *p8;
-#ifndef NO_DSA
-        ASN1_INTEGER *dpkey;
-        unsigned char *p, *q;
-        int len;
-#endif
        if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
+        p8->broken = broken;
        ASN1_INTEGER_set (p8->version, 0);
        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
+        p8->pkey->type = V_ASN1_OCTET_STRING;
        switch (EVP_PKEY_type(pkey->type)) {
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                case EVP_PKEY_RSA:
+                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
                p8->pkeyalg->parameter->type = V_ASN1_NULL;
                if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
@@ -227,38 +258,13 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
                }
                break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                case EVP_PKEY_DSA:
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+                if(!dsa_pkey2pkcs8(p8, pkey)) {
-                /* get paramaters and place in AlgorithmIdentifier */
-                len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-                if (!(p = Malloc(len))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                q = p;
-                i2d_DSAparams (pkey->pkey.dsa, &q);
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
-                ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
-                Free(p);
-                /* Get private key into an integer and pack */
-                if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
                        PKCS8_PRIV_KEY_INFO_free (p8);
                        return NULL;
                }
-                
-                if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        ASN1_INTEGER_free (dpkey);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                ASN1_INTEGER_free (dpkey);
                break;
 #endif
                default:
@@ -266,9 +272,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
+        RAND_add(p8->pkey->value.octet_string->data,
-        RAND_seed (p8->pkey->value.octet_string->data,
+                 p8->pkey->value.octet_string->length, 0);
-                                         p8->pkey->value.octet_string->length);
        return p8;
 }
@@ -295,4 +300,113 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
        }
 }
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+        ASN1_STRING *params;
+        ASN1_INTEGER *prkey;
+        ASN1_TYPE *ttmp;
+        STACK_OF(ASN1_TYPE) *ndsa;
+        unsigned char *p, *q;
+        int len;
+        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+        if (!(p = OPENSSL_malloc(len))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                PKCS8_PRIV_KEY_INFO_free (p8);
+                return 0;
+        }
+        q = p;
+        i2d_DSAparams (pkey->pkey.dsa, &q);
+        params = ASN1_STRING_new();
+        ASN1_STRING_set(params, p, len);
+        OPENSSL_free(p);
+        /* Get private key into integer */
+        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                return 0;
+        }
+        switch(p8->broken) {
+                case PKCS8_OK:
+                case PKCS8_NO_OCTET:
+                if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
+                                         &p8->pkey->value.octet_string)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        M_ASN1_INTEGER_free (prkey);
+                        return 0;
+                }
+                M_ASN1_INTEGER_free (prkey);
+                p8->pkeyalg->parameter->value.sequence = params;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+                break;
+                case PKCS8_NS_DB:
+                p8->pkeyalg->parameter->value.sequence = params;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+                ndsa = sk_ASN1_TYPE_new_null();
+                ttmp = ASN1_TYPE_new();
+                if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+                        return 0;
+                }
+                ttmp->type = V_ASN1_INTEGER;
+                sk_ASN1_TYPE_push(ndsa, ttmp);
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.integer = prkey;
+                ttmp->type = V_ASN1_INTEGER;
+                sk_ASN1_TYPE_push(ndsa, ttmp);
+                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                        M_ASN1_INTEGER_free(prkey);
+                        return 0;
+                }
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+                case PKCS8_EMBEDDED_PARAM:
+                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                ndsa = sk_ASN1_TYPE_new_null();
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.sequence = params;
+                ttmp->type = V_ASN1_SEQUENCE;
+                sk_ASN1_TYPE_push(ndsa, ttmp);
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.integer = prkey;
+                ttmp->type = V_ASN1_INTEGER;
+                sk_ASN1_TYPE_push(ndsa, ttmp);
+                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                        M_ASN1_INTEGER_free (prkey);
+                        return 0;
+                }
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+        }
+        return 1;
+}
+#endif

diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 421e452db1..34b5b1d21c 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -62,41 +62,40 @@
62	#include <openssl/x509.h>	62	#include <openssl/x509.h>
63	#include <openssl/rand.h>	63	#include <openssl/rand.h>
64		64
		65	#ifndef OPENSSL_NO_DSA
		66	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8inf, EVP_PKEY pkey);
		67	#endif
		68
65	/* Extract a private key from a PKCS8 structure */	69	/* Extract a private key from a PKCS8 structure */
66		70
67	EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)	71	EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
68	{	72	{
69	EVP_PKEY *pkey;	73	EVP_PKEY *pkey = NULL;
70	#ifndef NO_RSA	74	#ifndef OPENSSL_NO_RSA
71	RSA *rsa;	75	RSA *rsa = NULL;
72	#endif	76	#endif
73	#ifndef NO_DSA	77	#ifndef OPENSSL_NO_DSA
74	DSA *dsa;	78	DSA *dsa = NULL;
75	ASN1_INTEGER *dsapriv;	79	ASN1_INTEGER *privkey;
76	STACK *ndsa;	80	ASN1_TYPE t1, t2, *param = NULL;
77	BN_CTX *ctx;	81	STACK_OF(ASN1_TYPE) *ndsa = NULL;
		82	BN_CTX *ctx = NULL;
78	int plen;	83	int plen;
79	#endif	84	#endif
80	X509_ALGOR *a;	85	X509_ALGOR *a;
81	unsigned char *p;	86	unsigned char *p;
		87	const unsigned char *cp;
82	int pkeylen;	88	int pkeylen;
83	char obj_tmp[80];	89	char obj_tmp[80];
84		90
85	switch (p8->broken) {	91	if(p8->pkey->type == V_ASN1_OCTET_STRING) {
86	case PKCS8_OK:	92	p8->broken = PKCS8_OK;
87	p = p8->pkey->value.octet_string->data;	93	p = p8->pkey->value.octet_string->data;
88	pkeylen = p8->pkey->value.octet_string->length;	94	pkeylen = p8->pkey->value.octet_string->length;
89	break;	95	} else {
90		96	p8->broken = PKCS8_NO_OCTET;
91	case PKCS8_NO_OCTET:
92	p = p8->pkey->value.sequence->data;	97	p = p8->pkey->value.sequence->data;
93	pkeylen = p8->pkey->value.sequence->length;	98	pkeylen = p8->pkey->value.sequence->length;
94	break;
95
96	default:
97	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
98	return NULL;
99	break;
100	}	99	}
101	if (!(pkey = EVP_PKEY_new())) {	100	if (!(pkey = EVP_PKEY_new())) {
102	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	101	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
@@ -105,81 +104,108 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
105	a = p8->pkeyalg;	104	a = p8->pkeyalg;
106	switch (OBJ_obj2nid(a->algorithm))	105	switch (OBJ_obj2nid(a->algorithm))
107	{	106	{
108	#ifndef NO_RSA	107	#ifndef OPENSSL_NO_RSA
109	case NID_rsaEncryption:	108	case NID_rsaEncryption:
110	if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {	109	cp = p;
		110	if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
111	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	111	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
112	return NULL;	112	return NULL;
113	}	113	}
114	EVP_PKEY_assign_RSA (pkey, rsa);	114	EVP_PKEY_assign_RSA (pkey, rsa);
115	break;	115	break;
116	#endif	116	#endif
117	#ifndef NO_DSA	117	#ifndef OPENSSL_NO_DSA
118	case NID_dsa:	118	case NID_dsa:
119	/* PKCS#8 DSA is weird: you just get a private key integer	119	/* PKCS#8 DSA is weird: you just get a private key integer
120	* and parameters in the AlgorithmIdentifier the pubkey must	120	* and parameters in the AlgorithmIdentifier the pubkey must
121	* be recalculated.	121	* be recalculated.
122	*/	122	*/
123		123
124	/* Check for broken Netscape Database DSA PKCS#8, UGH! */	124	/* Check for broken DSA PKCS#8, UGH! */
125	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {	125	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {
126	if(!(ndsa = ASN1_seq_unpack(p, pkeylen,	126	if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
127	(char ()())d2i_ASN1_INTEGER,	127	d2i_ASN1_TYPE,
128	ASN1_STRING_free))) {	128	ASN1_TYPE_free))) {
129	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	129	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
130	return NULL;	130	goto dsaerr;
131	}	131	}
132	if(sk_num(ndsa) != 2 ) {	132	if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
133	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	133	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
134	sk_pop_free(ndsa, ASN1_STRING_free);	134	goto dsaerr;
135	return NULL;
136	}	135	}
137	dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);	136	/* Handle Two broken types:
138	sk_pop_free(ndsa, ASN1_STRING_free);	137	* SEQUENCE {parameters, priv_key}
139	} else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {	138	* SEQUENCE {pub_key, priv_key}
		139	*/
		140
		141	t1 = sk_ASN1_TYPE_value(ndsa, 0);
		142	t2 = sk_ASN1_TYPE_value(ndsa, 1);
		143	if(t1->type == V_ASN1_SEQUENCE) {
		144	p8->broken = PKCS8_EMBEDDED_PARAM;
		145	param = t1;
		146	} else if(a->parameter->type == V_ASN1_SEQUENCE) {
		147	p8->broken = PKCS8_NS_DB;
		148	param = a->parameter;
		149	} else {
140	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	150	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
141	return NULL;	151	goto dsaerr;
		152	}
		153
		154	if(t2->type != V_ASN1_INTEGER) {
		155	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
		156	goto dsaerr;
		157	}
		158	privkey = t2->value.integer;
		159	} else {
		160	if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
		161	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
		162	goto dsaerr;
		163	}
		164	param = p8->pkeyalg->parameter;
142	}	165	}
143	/* Retrieve parameters */	166	if (!param \|\| (param->type != V_ASN1_SEQUENCE)) {
144	if (a->parameter->type != V_ASN1_SEQUENCE) {	167	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
145	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);	168	goto dsaerr;
146	return NULL;
147	}	169	}
148	p = a->parameter->value.sequence->data;	170	cp = p = param->value.sequence->data;
149	plen = a->parameter->value.sequence->length;	171	plen = param->value.sequence->length;
150	if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {	172	if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
151	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	173	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
152	return NULL;	174	goto dsaerr;
153	}	175	}
154	/* We have parameters now set private key */	176	/* We have parameters now set private key */
155	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {	177	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
156	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);	178	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
157	DSA_free (dsa);	179	goto dsaerr;
158	return NULL;
159	}	180	}
160	/* Calculate public key (ouch!) */	181	/* Calculate public key (ouch!) */
161	if (!(dsa->pub_key = BN_new())) {	182	if (!(dsa->pub_key = BN_new())) {
162	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	183	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
163	DSA_free (dsa);	184	goto dsaerr;
164	return NULL;
165	}	185	}
166	if (!(ctx = BN_CTX_new())) {	186	if (!(ctx = BN_CTX_new())) {
167	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	187	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
168	DSA_free (dsa);	188	goto dsaerr;
169	return NULL;
170	}	189	}
171		190
172	if (!BN_mod_exp(dsa->pub_key, dsa->g,	191	if (!BN_mod_exp(dsa->pub_key, dsa->g,
173	dsa->priv_key, dsa->p, ctx)) {	192	dsa->priv_key, dsa->p, ctx)) {
174		193
175	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);	194	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
176	BN_CTX_free (ctx);	195	goto dsaerr;
177	DSA_free (dsa);
178	return NULL;
179	}	196	}
180		197
181	EVP_PKEY_assign_DSA (pkey, dsa);	198	EVP_PKEY_assign_DSA(pkey, dsa);
182	BN_CTX_free (ctx);	199	BN_CTX_free (ctx);
		200	if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		201	else ASN1_INTEGER_free(privkey);
		202	break;
		203	dsaerr:
		204	BN_CTX_free (ctx);
		205	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		206	DSA_free(dsa);
		207	EVP_PKEY_free(pkey);
		208	return NULL;
183	break;	209	break;
184	#endif	210	#endif
185	default:	211	default:
@@ -193,30 +219,35 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
193	return pkey;	219	return pkey;
194	}	220	}
195		221
		222	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
		223	{
		224	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
		225	}
		226
196	/* Turn a private key into a PKCS8 structure */	227	/* Turn a private key into a PKCS8 structure */
197		228
198	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)	229	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8_broken(EVP_PKEY pkey, int broken)
199	{	230	{
200	PKCS8_PRIV_KEY_INFO *p8;	231	PKCS8_PRIV_KEY_INFO *p8;
201	#ifndef NO_DSA	232
202	ASN1_INTEGER *dpkey;
203	unsigned char p, q;
204	int len;
205	#endif
206	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	233	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
207	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);	234	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
208	return NULL;	235	return NULL;
209	}	236	}
		237	p8->broken = broken;
210	ASN1_INTEGER_set (p8->version, 0);	238	ASN1_INTEGER_set (p8->version, 0);
211	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {	239	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
212	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);	240	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
213	PKCS8_PRIV_KEY_INFO_free (p8);	241	PKCS8_PRIV_KEY_INFO_free (p8);
214	return NULL;	242	return NULL;
215	}	243	}
		244	p8->pkey->type = V_ASN1_OCTET_STRING;
216	switch (EVP_PKEY_type(pkey->type)) {	245	switch (EVP_PKEY_type(pkey->type)) {
217	#ifndef NO_RSA	246	#ifndef OPENSSL_NO_RSA
218	case EVP_PKEY_RSA:	247	case EVP_PKEY_RSA:
219		248
		249	if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
		250
220	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);	251	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
221	p8->pkeyalg->parameter->type = V_ASN1_NULL;	252	p8->pkeyalg->parameter->type = V_ASN1_NULL;
222	if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,	253	if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
@@ -227,38 +258,13 @@ PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
227	}	258	}
228	break;	259	break;
229	#endif	260	#endif
230	#ifndef NO_DSA	261	#ifndef OPENSSL_NO_DSA
231	case EVP_PKEY_DSA:	262	case EVP_PKEY_DSA:
232	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);	263	if(!dsa_pkey2pkcs8(p8, pkey)) {
233
234	/* get paramaters and place in AlgorithmIdentifier */
235	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
236	if (!(p = Malloc(len))) {
237	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
238	PKCS8_PRIV_KEY_INFO_free (p8);
239	return NULL;
240	}
241	q = p;
242	i2d_DSAparams (pkey->pkey.dsa, &q);
243	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
244	p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
245	ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
246	Free(p);
247	/* Get private key into an integer and pack */
248	if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
249	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
250	PKCS8_PRIV_KEY_INFO_free (p8);	264	PKCS8_PRIV_KEY_INFO_free (p8);
251	return NULL;	265	return NULL;
252	}	266	}
253		267
254	if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
255	&p8->pkey->value.octet_string)) {
256	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
257	ASN1_INTEGER_free (dpkey);
258	PKCS8_PRIV_KEY_INFO_free (p8);
259	return NULL;
260	}
261	ASN1_INTEGER_free (dpkey);
262	break;	268	break;
263	#endif	269	#endif
264	default:	270	default:
@@ -266,9 +272,8 @@ PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
266	PKCS8_PRIV_KEY_INFO_free (p8);	272	PKCS8_PRIV_KEY_INFO_free (p8);
267	return NULL;	273	return NULL;
268	}	274	}
269	p8->pkey->type = V_ASN1_OCTET_STRING;	275	RAND_add(p8->pkey->value.octet_string->data,
270	RAND_seed (p8->pkey->value.octet_string->data,	276	p8->pkey->value.octet_string->length, 0);
271	p8->pkey->value.octet_string->length);
272	return p8;	277	return p8;
273	}	278	}
274		279
@@ -295,4 +300,113 @@ PKCS8_PRIV_KEY_INFO PKCS8_set_broken(PKCS8_PRIV_KEY_INFO p8, int broken)
295	}	300	}
296	}	301	}
297		302
		303	#ifndef OPENSSL_NO_DSA
		304	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8, EVP_PKEY pkey)
		305	{
		306	ASN1_STRING *params;
		307	ASN1_INTEGER *prkey;
		308	ASN1_TYPE *ttmp;
		309	STACK_OF(ASN1_TYPE) *ndsa;
		310	unsigned char p, q;
		311	int len;
		312
		313	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
		314	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
		315	if (!(p = OPENSSL_malloc(len))) {
		316	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		317	PKCS8_PRIV_KEY_INFO_free (p8);
		318	return 0;
		319	}
		320	q = p;
		321	i2d_DSAparams (pkey->pkey.dsa, &q);
		322	params = ASN1_STRING_new();
		323	ASN1_STRING_set(params, p, len);
		324	OPENSSL_free(p);
		325	/* Get private key into integer */
		326	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
		327	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
		328	return 0;
		329	}
		330
		331	switch(p8->broken) {
		332
		333	case PKCS8_OK:
		334	case PKCS8_NO_OCTET:
		335
		336	if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
		337	&p8->pkey->value.octet_string)) {
		338	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		339	M_ASN1_INTEGER_free (prkey);
		340	return 0;
		341	}
		342
		343	M_ASN1_INTEGER_free (prkey);
		344	p8->pkeyalg->parameter->value.sequence = params;
		345	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		346
		347	break;
		348
		349	case PKCS8_NS_DB:
		350
		351	p8->pkeyalg->parameter->value.sequence = params;
		352	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		353	ndsa = sk_ASN1_TYPE_new_null();
		354	ttmp = ASN1_TYPE_new();
		355	if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
		356	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
		357	PKCS8_PRIV_KEY_INFO_free(p8);
		358	return 0;
		359	}
		360	ttmp->type = V_ASN1_INTEGER;
		361	sk_ASN1_TYPE_push(ndsa, ttmp);
		362
		363	ttmp = ASN1_TYPE_new();
		364	ttmp->value.integer = prkey;
		365	ttmp->type = V_ASN1_INTEGER;
		366	sk_ASN1_TYPE_push(ndsa, ttmp);
		367
		368	p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
		369
		370	if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
		371	&p8->pkey->value.octet_string->data,
		372	&p8->pkey->value.octet_string->length)) {
		373
		374	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		375	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		376	M_ASN1_INTEGER_free(prkey);
		377	return 0;
		378	}
		379	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		380	break;
298		381
		382	case PKCS8_EMBEDDED_PARAM:
		383
		384	p8->pkeyalg->parameter->type = V_ASN1_NULL;
		385	ndsa = sk_ASN1_TYPE_new_null();
		386	ttmp = ASN1_TYPE_new();
		387	ttmp->value.sequence = params;
		388	ttmp->type = V_ASN1_SEQUENCE;
		389	sk_ASN1_TYPE_push(ndsa, ttmp);
		390
		391	ttmp = ASN1_TYPE_new();
		392	ttmp->value.integer = prkey;
		393	ttmp->type = V_ASN1_INTEGER;
		394	sk_ASN1_TYPE_push(ndsa, ttmp);
		395
		396	p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
		397
		398	if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
		399	&p8->pkey->value.octet_string->data,
		400	&p8->pkey->value.octet_string->length)) {
		401
		402	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		403	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		404	M_ASN1_INTEGER_free (prkey);
		405	return 0;
		406	}
		407	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
		408	break;
		409	}
		410	return 1;
		411	}
		412	#endif