1 files changed, 183 insertions, 82 deletions
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 421e452db1..d5e6f5880f 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -62,19 +62,22 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
 /* Extract a private key from a PKCS8 structure */
 EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 {
-        EVP_PKEY *pkey;
+        EVP_PKEY *pkey = NULL;
 #ifndef NO_RSA
-        RSA *rsa;
+        RSA *rsa = NULL;
 #endif
 #ifndef NO_DSA
-        DSA *dsa;
+        DSA *dsa = NULL;
-        ASN1_INTEGER *dsapriv;
+        ASN1_INTEGER *privkey;
-        STACK *ndsa;
+        ASN1_TYPE *t1, *t2, *param = NULL;
-        BN_CTX *ctx;
+        STACK *ndsa = NULL;
+        BN_CTX *ctx = NULL;
        int plen;
 #endif
        X509_ALGOR *a;
@@ -82,21 +85,14 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
        int pkeylen;
        char obj_tmp[80];
-        switch (p8->broken) {
+        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
-                case PKCS8_OK:
+                p8->broken = PKCS8_OK;
                p = p8->pkey->value.octet_string->data;
                pkeylen = p8->pkey->value.octet_string->length;
-                break;
+        } else {
+                p8->broken = PKCS8_NO_OCTET;
-                case PKCS8_NO_OCTET:
                p = p8->pkey->value.sequence->data;
                pkeylen = p8->pkey->value.sequence->length;
-                break;
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-                return NULL;
-                break;
        }
        if (!(pkey = EVP_PKEY_new())) {
                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
@@ -121,65 +117,83 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
                 * be recalculated.
                 */
        
-                /* Check for broken Netscape Database DSA PKCS#8, UGH! */
+                /* Check for broken DSA PKCS#8, UGH! */
                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
                    if(!(ndsa = ASN1_seq_unpack(p, pkeylen, 
-                                        (char *(*)())d2i_ASN1_INTEGER,
+                                        (char *(*)())d2i_ASN1_TYPE,
-                                                         ASN1_STRING_free))) {
+                                                         ASN1_TYPE_free))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
                    }
                    if(sk_num(ndsa) != 2 ) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        sk_pop_free(ndsa, ASN1_STRING_free);
+                        goto dsaerr;
-                        return NULL;
                    }
-                    dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);
+                    /* Handle Two broken types:
-                    sk_pop_free(ndsa, ASN1_STRING_free);
+                     * SEQUENCE {parameters, priv_key}
-                } else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                     * SEQUENCE {pub_key, priv_key}
+                     */
+                     
+                    t1 = (ASN1_TYPE *)sk_value(ndsa, 0);
+                    t2 = (ASN1_TYPE *)sk_value(ndsa, 1);
+                    if(t1->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_EMBEDDED_PARAM;
+                        param = t1;
+                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_NS_DB;
+                        param = a->parameter;
+                    } else {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
-                }
+                    }
-                /* Retrieve parameters */
-                if (a->parameter->type != V_ASN1_SEQUENCE) {
+                    if(t2->type != V_ASN1_INTEGER) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
+                    }
+                    privkey = t2->value.integer;
+                } else if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
                }
-                p = a->parameter->value.sequence->data;
+                p = param->value.sequence->data;
-                plen = a->parameter->value.sequence->length;
+                plen = param->value.sequence->length;
                if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
+                        goto dsaerr;
                }
                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {
+                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                /* Calculate public key (ouch!) */
                if (!(dsa->pub_key = BN_new())) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                if (!(ctx = BN_CTX_new())) {
                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        DSA_free (dsa);
+                        goto dsaerr;
-                        return NULL;
                }
                        
                if (!BN_mod_exp(dsa->pub_key, dsa->g,
                                                 dsa->priv_key, dsa->p, ctx)) {
                        
                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        BN_CTX_free (ctx);
+                        goto dsaerr;
-                        DSA_free (dsa);
-                        return NULL;
                }
-                EVP_PKEY_assign_DSA (pkey, dsa);
+                EVP_PKEY_assign_DSA(pkey, dsa);
                BN_CTX_free (ctx);
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+                dsaerr:
+                BN_CTX_free (ctx);
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                DSA_free(dsa);
+                EVP_PKEY_free(pkey);
+                return NULL;
                break;
 #endif
                default:
@@ -193,30 +207,35 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
        return pkey;
 }
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+        return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
+}
 /* Turn a private key into a PKCS8 structure */
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 {
        PKCS8_PRIV_KEY_INFO *p8;
-#ifndef NO_DSA
-        ASN1_INTEGER *dpkey;
-        unsigned char *p, *q;
-        int len;
-#endif
        if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
+        p8->broken = broken;
        ASN1_INTEGER_set (p8->version, 0);
        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
+        p8->pkey->type = V_ASN1_OCTET_STRING;
        switch (EVP_PKEY_type(pkey->type)) {
 #ifndef NO_RSA
                case EVP_PKEY_RSA:
+                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
                p8->pkeyalg->parameter->type = V_ASN1_NULL;
                if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
@@ -229,36 +248,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
 #endif
 #ifndef NO_DSA
                case EVP_PKEY_DSA:
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+                if(!dsa_pkey2pkcs8(p8, pkey)) {
-                /* get paramaters and place in AlgorithmIdentifier */
-                len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-                if (!(p = Malloc(len))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        PKCS8_PRIV_KEY_INFO_free (p8);
                        return NULL;
                }
-                q = p;
-                i2d_DSAparams (pkey->pkey.dsa, &q);
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
-                ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
-                Free(p);
-                /* Get private key into an integer and pack */
-                if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                
-                if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        ASN1_INTEGER_free (dpkey);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                ASN1_INTEGER_free (dpkey);
                break;
 #endif
                default:
@@ -266,9 +260,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
+        RAND_add(p8->pkey->value.octet_string->data,
-        RAND_seed (p8->pkey->value.octet_string->data,
+                 p8->pkey->value.octet_string->length, 0);
-                                         p8->pkey->value.octet_string->length);
        return p8;
 }
@@ -295,4 +288,112 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
        }
 }
+#ifndef NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+        ASN1_STRING *params;
+        ASN1_INTEGER *prkey;
+        ASN1_TYPE *ttmp;
+        STACK *ndsa;
+        unsigned char *p, *q;
+        int len;
+        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+        if (!(p = Malloc(len))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                PKCS8_PRIV_KEY_INFO_free (p8);
+                return 0;
+        }
+        q = p;
+        i2d_DSAparams (pkey->pkey.dsa, &q);
+        params = ASN1_STRING_new();
+        ASN1_STRING_set(params, p, len);
+        Free(p);
+        /* Get private key into integer */
+        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                return 0;
+        }
+        switch(p8->broken) {
+                case PKCS8_OK:
+                case PKCS8_NO_OCTET:
+                if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
+                                         &p8->pkey->value.octet_string)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        M_ASN1_INTEGER_free (prkey);
+                        return 0;
+                }
+                M_ASN1_INTEGER_free (prkey);
+                p8->pkeyalg->parameter->value.sequence = params;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+                break;
+                case PKCS8_NS_DB:
+                p8->pkeyalg->parameter->value.sequence = params;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+                ndsa = sk_new_null();
+                ttmp = ASN1_TYPE_new();
+                if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+                        return 0;
+                }
+                ttmp->type = V_ASN1_INTEGER;
+                sk_push(ndsa, (char *)ttmp);
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.integer = prkey;
+                ttmp->type = V_ASN1_INTEGER;
+                sk_push(ndsa, (char *)ttmp);
+                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+                if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        sk_pop_free(ndsa, ASN1_TYPE_free);
+                        M_ASN1_INTEGER_free(prkey);
+                        return 0;
+                }
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+                case PKCS8_EMBEDDED_PARAM:
+                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                ndsa = sk_new_null();
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.sequence = params;
+                ttmp->type = V_ASN1_SEQUENCE;
+                sk_push(ndsa, (char *)ttmp);
+                ttmp = ASN1_TYPE_new();
+                ttmp->value.integer = prkey;
+                ttmp->type = V_ASN1_INTEGER;
+                sk_push(ndsa, (char *)ttmp);
+                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+                if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        sk_pop_free(ndsa, ASN1_TYPE_free);
+                        M_ASN1_INTEGER_free (prkey);
+                        return 0;
+                }
+                sk_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+        }
+        return 1;
+}
+#endif

diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 421e452db1..d5e6f5880f 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -62,19 +62,22 @@
62	#include <openssl/x509.h>	62	#include <openssl/x509.h>
63	#include <openssl/rand.h>	63	#include <openssl/rand.h>
64		64
		65	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8inf, EVP_PKEY pkey);
		66
65	/* Extract a private key from a PKCS8 structure */	67	/* Extract a private key from a PKCS8 structure */
66		68
67	EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)	69	EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
68	{	70	{
69	EVP_PKEY *pkey;	71	EVP_PKEY *pkey = NULL;
70	#ifndef NO_RSA	72	#ifndef NO_RSA
71	RSA *rsa;	73	RSA *rsa = NULL;
72	#endif	74	#endif
73	#ifndef NO_DSA	75	#ifndef NO_DSA
74	DSA *dsa;	76	DSA *dsa = NULL;
75	ASN1_INTEGER *dsapriv;	77	ASN1_INTEGER *privkey;
76	STACK *ndsa;	78	ASN1_TYPE t1, t2, *param = NULL;
77	BN_CTX *ctx;	79	STACK *ndsa = NULL;
		80	BN_CTX *ctx = NULL;
78	int plen;	81	int plen;
79	#endif	82	#endif
80	X509_ALGOR *a;	83	X509_ALGOR *a;
@@ -82,21 +85,14 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
82	int pkeylen;	85	int pkeylen;
83	char obj_tmp[80];	86	char obj_tmp[80];
84		87
85	switch (p8->broken) {	88	if(p8->pkey->type == V_ASN1_OCTET_STRING) {
86	case PKCS8_OK:	89	p8->broken = PKCS8_OK;
87	p = p8->pkey->value.octet_string->data;	90	p = p8->pkey->value.octet_string->data;
88	pkeylen = p8->pkey->value.octet_string->length;	91	pkeylen = p8->pkey->value.octet_string->length;
89	break;	92	} else {
90		93	p8->broken = PKCS8_NO_OCTET;
91	case PKCS8_NO_OCTET:
92	p = p8->pkey->value.sequence->data;	94	p = p8->pkey->value.sequence->data;
93	pkeylen = p8->pkey->value.sequence->length;	95	pkeylen = p8->pkey->value.sequence->length;
94	break;
95
96	default:
97	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
98	return NULL;
99	break;
100	}	96	}
101	if (!(pkey = EVP_PKEY_new())) {	97	if (!(pkey = EVP_PKEY_new())) {
102	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	98	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
@@ -121,65 +117,83 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
121	* be recalculated.	117	* be recalculated.
122	*/	118	*/
123		119
124	/* Check for broken Netscape Database DSA PKCS#8, UGH! */	120	/* Check for broken DSA PKCS#8, UGH! */
125	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {	121	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {
126	if(!(ndsa = ASN1_seq_unpack(p, pkeylen,	122	if(!(ndsa = ASN1_seq_unpack(p, pkeylen,
127	(char ()())d2i_ASN1_INTEGER,	123	(char ()())d2i_ASN1_TYPE,
128	ASN1_STRING_free))) {	124	ASN1_TYPE_free))) {
129	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	125	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
130	return NULL;	126	goto dsaerr;
131	}	127	}
132	if(sk_num(ndsa) != 2 ) {	128	if(sk_num(ndsa) != 2 ) {
133	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	129	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
134	sk_pop_free(ndsa, ASN1_STRING_free);	130	goto dsaerr;
135	return NULL;
136	}	131	}
137	dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);	132	/* Handle Two broken types:
138	sk_pop_free(ndsa, ASN1_STRING_free);	133	* SEQUENCE {parameters, priv_key}
139	} else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {	134	* SEQUENCE {pub_key, priv_key}
		135	*/
		136
		137	t1 = (ASN1_TYPE *)sk_value(ndsa, 0);
		138	t2 = (ASN1_TYPE *)sk_value(ndsa, 1);
		139	if(t1->type == V_ASN1_SEQUENCE) {
		140	p8->broken = PKCS8_EMBEDDED_PARAM;
		141	param = t1;
		142	} else if(a->parameter->type == V_ASN1_SEQUENCE) {
		143	p8->broken = PKCS8_NS_DB;
		144	param = a->parameter;
		145	} else {
140	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	146	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
141	return NULL;	147	goto dsaerr;
142	}	148	}
143	/* Retrieve parameters */	149
144	if (a->parameter->type != V_ASN1_SEQUENCE) {	150	if(t2->type != V_ASN1_INTEGER) {
145	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);	151	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
146	return NULL;	152	goto dsaerr;
		153	}
		154	privkey = t2->value.integer;
		155	} else if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
		156	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
		157	goto dsaerr;
147	}	158	}
148	p = a->parameter->value.sequence->data;	159	p = param->value.sequence->data;
149	plen = a->parameter->value.sequence->length;	160	plen = param->value.sequence->length;
150	if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {	161	if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
151	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);	162	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
152	return NULL;	163	goto dsaerr;
153	}	164	}
154	/* We have parameters now set private key */	165	/* We have parameters now set private key */
155	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {	166	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
156	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);	167	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
157	DSA_free (dsa);	168	goto dsaerr;
158	return NULL;
159	}	169	}
160	/* Calculate public key (ouch!) */	170	/* Calculate public key (ouch!) */
161	if (!(dsa->pub_key = BN_new())) {	171	if (!(dsa->pub_key = BN_new())) {
162	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	172	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
163	DSA_free (dsa);	173	goto dsaerr;
164	return NULL;
165	}	174	}
166	if (!(ctx = BN_CTX_new())) {	175	if (!(ctx = BN_CTX_new())) {
167	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);	176	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
168	DSA_free (dsa);	177	goto dsaerr;
169	return NULL;
170	}	178	}
171		179
172	if (!BN_mod_exp(dsa->pub_key, dsa->g,	180	if (!BN_mod_exp(dsa->pub_key, dsa->g,
173	dsa->priv_key, dsa->p, ctx)) {	181	dsa->priv_key, dsa->p, ctx)) {
174		182
175	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);	183	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
176	BN_CTX_free (ctx);	184	goto dsaerr;
177	DSA_free (dsa);
178	return NULL;
179	}	185	}
180		186
181	EVP_PKEY_assign_DSA (pkey, dsa);	187	EVP_PKEY_assign_DSA(pkey, dsa);
182	BN_CTX_free (ctx);	188	BN_CTX_free (ctx);
		189	sk_pop_free(ndsa, ASN1_TYPE_free);
		190	break;
		191	dsaerr:
		192	BN_CTX_free (ctx);
		193	sk_pop_free(ndsa, ASN1_TYPE_free);
		194	DSA_free(dsa);
		195	EVP_PKEY_free(pkey);
		196	return NULL;
183	break;	197	break;
184	#endif	198	#endif
185	default:	199	default:
@@ -193,30 +207,35 @@ EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
193	return pkey;	207	return pkey;
194	}	208	}
195		209
		210	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
		211	{
		212	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
		213	}
		214
196	/* Turn a private key into a PKCS8 structure */	215	/* Turn a private key into a PKCS8 structure */
197		216
198	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)	217	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8_broken(EVP_PKEY pkey, int broken)
199	{	218	{
200	PKCS8_PRIV_KEY_INFO *p8;	219	PKCS8_PRIV_KEY_INFO *p8;
201	#ifndef NO_DSA	220
202	ASN1_INTEGER *dpkey;
203	unsigned char p, q;
204	int len;
205	#endif
206	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	221	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
207	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);	222	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
208	return NULL;	223	return NULL;
209	}	224	}
		225	p8->broken = broken;
210	ASN1_INTEGER_set (p8->version, 0);	226	ASN1_INTEGER_set (p8->version, 0);
211	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {	227	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
212	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);	228	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
213	PKCS8_PRIV_KEY_INFO_free (p8);	229	PKCS8_PRIV_KEY_INFO_free (p8);
214	return NULL;	230	return NULL;
215	}	231	}
		232	p8->pkey->type = V_ASN1_OCTET_STRING;
216	switch (EVP_PKEY_type(pkey->type)) {	233	switch (EVP_PKEY_type(pkey->type)) {
217	#ifndef NO_RSA	234	#ifndef NO_RSA
218	case EVP_PKEY_RSA:	235	case EVP_PKEY_RSA:
219		236
		237	if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
		238
220	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);	239	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
221	p8->pkeyalg->parameter->type = V_ASN1_NULL;	240	p8->pkeyalg->parameter->type = V_ASN1_NULL;
222	if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,	241	if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
@@ -229,36 +248,11 @@ PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
229	#endif	248	#endif
230	#ifndef NO_DSA	249	#ifndef NO_DSA
231	case EVP_PKEY_DSA:	250	case EVP_PKEY_DSA:
232	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);	251	if(!dsa_pkey2pkcs8(p8, pkey)) {
233
234	/* get paramaters and place in AlgorithmIdentifier */
235	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
236	if (!(p = Malloc(len))) {
237	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
238	PKCS8_PRIV_KEY_INFO_free (p8);	252	PKCS8_PRIV_KEY_INFO_free (p8);
239	return NULL;	253	return NULL;
240	}	254	}
241	q = p;	255
242	i2d_DSAparams (pkey->pkey.dsa, &q);
243	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
244	p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
245	ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
246	Free(p);
247	/* Get private key into an integer and pack */
248	if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
249	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
250	PKCS8_PRIV_KEY_INFO_free (p8);
251	return NULL;
252	}
253
254	if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
255	&p8->pkey->value.octet_string)) {
256	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
257	ASN1_INTEGER_free (dpkey);
258	PKCS8_PRIV_KEY_INFO_free (p8);
259	return NULL;
260	}
261	ASN1_INTEGER_free (dpkey);
262	break;	256	break;
263	#endif	257	#endif
264	default:	258	default:
@@ -266,9 +260,8 @@ PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
266	PKCS8_PRIV_KEY_INFO_free (p8);	260	PKCS8_PRIV_KEY_INFO_free (p8);
267	return NULL;	261	return NULL;
268	}	262	}
269	p8->pkey->type = V_ASN1_OCTET_STRING;	263	RAND_add(p8->pkey->value.octet_string->data,
270	RAND_seed (p8->pkey->value.octet_string->data,	264	p8->pkey->value.octet_string->length, 0);
271	p8->pkey->value.octet_string->length);
272	return p8;	265	return p8;
273	}	266	}
274		267
@@ -295,4 +288,112 @@ PKCS8_PRIV_KEY_INFO PKCS8_set_broken(PKCS8_PRIV_KEY_INFO p8, int broken)
295	}	288	}
296	}	289	}
297		290
		291	#ifndef NO_DSA
		292	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8, EVP_PKEY pkey)
		293	{
		294	ASN1_STRING *params;
		295	ASN1_INTEGER *prkey;
		296	ASN1_TYPE *ttmp;
		297	STACK *ndsa;
		298	unsigned char p, q;
		299	int len;
		300	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
		301	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
		302	if (!(p = Malloc(len))) {
		303	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		304	PKCS8_PRIV_KEY_INFO_free (p8);
		305	return 0;
		306	}
		307	q = p;
		308	i2d_DSAparams (pkey->pkey.dsa, &q);
		309	params = ASN1_STRING_new();
		310	ASN1_STRING_set(params, p, len);
		311	Free(p);
		312	/* Get private key into integer */
		313	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
		314	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
		315	return 0;
		316	}
		317
		318	switch(p8->broken) {
298		319
		320	case PKCS8_OK:
		321	case PKCS8_NO_OCTET:
		322
		323	if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
		324	&p8->pkey->value.octet_string)) {
		325	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		326	M_ASN1_INTEGER_free (prkey);
		327	return 0;
		328	}
		329
		330	M_ASN1_INTEGER_free (prkey);
		331	p8->pkeyalg->parameter->value.sequence = params;
		332	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		333
		334	break;
		335
		336	case PKCS8_NS_DB:
		337
		338	p8->pkeyalg->parameter->value.sequence = params;
		339	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
		340	ndsa = sk_new_null();
		341	ttmp = ASN1_TYPE_new();
		342	if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
		343	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
		344	PKCS8_PRIV_KEY_INFO_free(p8);
		345	return 0;
		346	}
		347	ttmp->type = V_ASN1_INTEGER;
		348	sk_push(ndsa, (char *)ttmp);
		349
		350	ttmp = ASN1_TYPE_new();
		351	ttmp->value.integer = prkey;
		352	ttmp->type = V_ASN1_INTEGER;
		353	sk_push(ndsa, (char *)ttmp);
		354
		355	p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
		356
		357	if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
		358	&p8->pkey->value.octet_string->data,
		359	&p8->pkey->value.octet_string->length)) {
		360
		361	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		362	sk_pop_free(ndsa, ASN1_TYPE_free);
		363	M_ASN1_INTEGER_free(prkey);
		364	return 0;
		365	}
		366	sk_pop_free(ndsa, ASN1_TYPE_free);
		367	break;
		368
		369	case PKCS8_EMBEDDED_PARAM:
		370
		371	p8->pkeyalg->parameter->type = V_ASN1_NULL;
		372	ndsa = sk_new_null();
		373	ttmp = ASN1_TYPE_new();
		374	ttmp->value.sequence = params;
		375	ttmp->type = V_ASN1_SEQUENCE;
		376	sk_push(ndsa, (char *)ttmp);
		377
		378	ttmp = ASN1_TYPE_new();
		379	ttmp->value.integer = prkey;
		380	ttmp->type = V_ASN1_INTEGER;
		381	sk_push(ndsa, (char *)ttmp);
		382
		383	p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
		384
		385	if (!ASN1_seq_pack(ndsa, i2d_ASN1_TYPE,
		386	&p8->pkey->value.octet_string->data,
		387	&p8->pkey->value.octet_string->length)) {
		388
		389	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
		390	sk_pop_free(ndsa, ASN1_TYPE_free);
		391	M_ASN1_INTEGER_free (prkey);
		392	return 0;
		393	}
		394	sk_pop_free(ndsa, ASN1_TYPE_free);
		395	break;
		396	}
		397	return 1;
		398	}
		399	#endif