X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fasn1%2Fx_pubkey.c;h=91c2756116111e8e17fe1021e4f70b2b4b90bdf6;hb=4636341b0593da7d1dd8df416c5ee4184b594992;hp=01698dd21730b32cadfb86477950188918740f49;hpb=f7a397cc8d0cf336907a7e05f7a9a94c3cd12877;p=oweals%2Fopenssl.git diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 01698dd217..91c2756116 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -60,6 +60,12 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif /* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -81,8 +87,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { - int ok=0; - X509_PUBKEY *pk; + X509_PUBKEY *pk=NULL; X509_ALGOR *a; ASN1_OBJECT *o; unsigned char *s,*p = NULL; @@ -105,7 +110,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) (a->parameter->type != V_ASN1_NULL)) { ASN1_TYPE_free(a->parameter); - a->parameter=ASN1_TYPE_new(); + if (!(a->parameter=ASN1_TYPE_new())) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } a->parameter->type=V_ASN1_NULL; } } @@ -118,14 +127,34 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) dsa=pkey->pkey.dsa; dsa->write_params=0; ASN1_TYPE_free(a->parameter); - i=i2d_DSAparams(dsa,NULL); - if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; + if ((i=i2d_DSAparams(dsa,NULL)) <= 0) + goto err; + if (!(p=(unsigned char *)OPENSSL_malloc(i))) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } pp=p; i2d_DSAparams(dsa,&pp); - a->parameter=ASN1_TYPE_new(); + if (!(a->parameter=ASN1_TYPE_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } a->parameter->type=V_ASN1_SEQUENCE; - a->parameter->value.sequence=ASN1_STRING_new(); - ASN1_STRING_set(a->parameter->value.sequence,p,i); + if (!(a->parameter->value.sequence=ASN1_STRING_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } OPENSSL_free(p); } #endif @@ -134,9 +163,10 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { int nid=0; unsigned char *pp; - EC_KEY *eckey; + EC_KEY *ec_key; + const EC_GROUP *group; - eckey = pkey->pkey.eckey; + ec_key = pkey->pkey.ec; ASN1_TYPE_free(a->parameter); if ((a->parameter = ASN1_TYPE_new()) == NULL) @@ -145,8 +175,9 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) goto err; } - if (EC_GROUP_get_asn1_flag(eckey->group) - && (nid = EC_GROUP_get_nid(eckey->group))) + group = EC_KEY_get0_group(ec_key); + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) { /* just set the OID */ a->parameter->type = V_ASN1_OBJECT; @@ -154,7 +185,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) } else /* explicit parameters */ { - if ((i = i2d_ECParameters(eckey, NULL)) == 0) + if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); goto err; @@ -165,7 +196,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) goto err; } pp = p; - if (!i2d_ECParameters(eckey, &pp)) + if (!i2d_ECParameters(ec_key, &pp)) { X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); OPENSSL_free(p); @@ -197,8 +228,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) } p=s; i2d_PublicKey(pkey,&p); - if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; - /* Set number of unused bits to zero */ + if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + /* Set number of unused bits to zero */ pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; @@ -213,12 +248,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) X509_PUBKEY_free(*x); *x=pk; - pk=NULL; - ok=1; + return 1; err: if (pk != NULL) X509_PUBKEY_free(pk); - return(ok); + return 0; } EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) @@ -226,7 +260,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) EVP_PKEY *ret=NULL; long j; int type; - unsigned char *p; + const unsigned char *p; #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) const unsigned char *cp; X509_ALGOR *a; @@ -285,7 +319,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) /* type == V_ASN1_SEQUENCE => we have explicit parameters * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) */ - if ((ret->pkey.eckey= EC_KEY_new()) == NULL) + if ((ret->pkey.ec= EC_KEY_new()) == NULL) { X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); @@ -293,7 +327,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) } cp = p = a->parameter->value.sequence->data; j = a->parameter->value.sequence->length; - if (!d2i_ECParameters(&ret->pkey.eckey, &cp, (long)j)) + if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) { X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); goto err; @@ -304,17 +338,21 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) /* type == V_ASN1_OBJECT => the parameters are given * by an asn1 OID */ - EC_KEY *eckey; - if (ret->pkey.eckey == NULL) - ret->pkey.eckey = EC_KEY_new(); - eckey = ret->pkey.eckey; - if (eckey->group) - EC_GROUP_free(eckey->group); - if ((eckey->group = EC_GROUP_new_by_nid( - OBJ_obj2nid(a->parameter->value.object))) == NULL) + EC_KEY *ec_key; + EC_GROUP *group; + + if (ret->pkey.ec == NULL) + ret->pkey.ec = EC_KEY_new(); + ec_key = ret->pkey.ec; + if (ec_key == NULL) + goto err; + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); + if (group == NULL) + goto err; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(ec_key, group) == 0) goto err; - EC_GROUP_set_asn1_flag(eckey->group, - OPENSSL_EC_NAMED_CURVE); + EC_GROUP_free(group); } /* the case implicitlyCA is currently not implemented */ ret->save_parameters = 1; @@ -342,7 +380,7 @@ err: * and encode or decode as X509_PUBKEY */ -EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) { X509_PUBKEY *xpk; @@ -375,12 +413,12 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) * keys */ #ifndef OPENSSL_NO_RSA -RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) { EVP_PKEY *pkey; RSA *key; - unsigned char *q; + const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); if (!pkey) return NULL; @@ -415,12 +453,12 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) #endif #ifndef OPENSSL_NO_DSA -DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) { EVP_PKEY *pkey; DSA *key; - unsigned char *q; + const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); if (!pkey) return NULL; @@ -455,11 +493,11 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) #endif #ifndef OPENSSL_NO_EC -EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, unsigned char **pp, long length) +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) { EVP_PKEY *pkey; EC_KEY *key; - unsigned char *q; + const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); if (!pkey) return(NULL);