X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fasn1%2Fx_pubkey.c;h=91c2756116111e8e17fe1021e4f70b2b4b90bdf6;hb=4636341b0593da7d1dd8df416c5ee4184b594992;hp=68ddeb43f20f94077683f4201adacf7d35e4c9d4;hpb=254ef80db19a6f6610ef07535efd699cef7aa855;p=oweals%2Fopenssl.git

diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 68ddeb43f2..91c2756116 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -60,6 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -81,8 +87,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 	{
-	int ok=0;
-	X509_PUBKEY *pk;
+	X509_PUBKEY *pk=NULL;
 	X509_ALGOR *a;
 	ASN1_OBJECT *o;
 	unsigned char *s,*p = NULL;
@@ -105,7 +110,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
-			a->parameter=ASN1_TYPE_new();
+			if (!(a->parameter=ASN1_TYPE_new()))
+				{
+				X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
 			a->parameter->type=V_ASN1_NULL;
 			}
 		}
@@ -118,25 +127,46 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		dsa=pkey->pkey.dsa;
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
-		i=i2d_DSAparams(dsa,NULL);
-		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
+		if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
+			goto err;
+		if (!(p=(unsigned char *)OPENSSL_malloc(i)))
+			{
+			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
-		a->parameter=ASN1_TYPE_new();
+		if (!(a->parameter=ASN1_TYPE_new()))
+			{
+			OPENSSL_free(p);
+			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
 		a->parameter->type=V_ASN1_SEQUENCE;
-		a->parameter->value.sequence=ASN1_STRING_new();
-		ASN1_STRING_set(a->parameter->value.sequence,p,i);
+		if (!(a->parameter->value.sequence=ASN1_STRING_new()))
+			{
+			OPENSSL_free(p);
+			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+			{
+			OPENSSL_free(p);
+			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
 		OPENSSL_free(p);
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	else if (pkey->type == EVP_PKEY_ECDSA)
+#ifndef OPENSSL_NO_EC
+	else if (pkey->type == EVP_PKEY_EC)
 		{
 		int nid=0;
 		unsigned char *pp;
-		ECDSA *ecdsa;
+		EC_KEY *ec_key;
+		const EC_GROUP *group;
 		
-		ecdsa = pkey->pkey.ecdsa;
+		ec_key = pkey->pkey.ec;
 		ASN1_TYPE_free(a->parameter);
 
 		if ((a->parameter = ASN1_TYPE_new()) == NULL)
@@ -145,8 +175,9 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			goto err;
 			}
 
-		if (EC_GROUP_get_asn1_flag(ecdsa->group)
-                     && (nid = EC_GROUP_get_nid(ecdsa->group)))
+		group = EC_KEY_get0_group(ec_key);
+		if (EC_GROUP_get_asn1_flag(group)
+                     && (nid = EC_GROUP_get_curve_name(group)))
 			{
 			/* just set the OID */
 			a->parameter->type = V_ASN1_OBJECT;
@@ -154,9 +185,9 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 			}
 		else /* explicit parameters */
 			{
-			if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0)
+			if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
 				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
+				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
 				goto err;
 				}
 			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
@@ -165,9 +196,9 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 				goto err;
 				}	
 			pp = p;
-			if (!i2d_ECDSAParameters(ecdsa, &pp))
+			if (!i2d_ECParameters(ec_key, &pp))
 				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
+				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
 				OPENSSL_free(p);
 				goto err;
 				}
@@ -197,8 +228,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		}
 	p=s;
 	i2d_PublicKey(pkey,&p);
-	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
-	/* Set number of unused bits to zero */
+	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
+		{
+		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+  	/* Set number of unused bits to zero */
 	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 
@@ -213,12 +248,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		X509_PUBKEY_free(*x);
 
 	*x=pk;
-	pk=NULL;
 
-	ok=1;
+	return 1;
 err:
 	if (pk != NULL) X509_PUBKEY_free(pk);
-	return(ok);
+	return 0;
 	}
 
 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
@@ -226,7 +260,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	EVP_PKEY *ret=NULL;
 	long j;
 	int type;
-	unsigned char *p;
+	const unsigned char *p;
 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
 	const unsigned char *cp;
 	X509_ALGOR *a;
@@ -277,24 +311,25 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 		ret->save_parameters=1;
 		}
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	else if (ret->type == EVP_PKEY_ECDSA)
+#ifndef OPENSSL_NO_EC
+	else if (ret->type == EVP_PKEY_EC)
 		{
 		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
 			/* type == V_ASN1_SEQUENCE => we have explicit parameters
                          * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
 			 */
-			if ((ret->pkey.ecdsa= ECDSA_new()) == NULL)
+			if ((ret->pkey.ec= EC_KEY_new()) == NULL)
 				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+				X509err(X509_F_X509_PUBKEY_GET, 
+					ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
 			cp = p = a->parameter->value.sequence->data;
 			j = a->parameter->value.sequence->length;
-			if (!d2i_ECDSAParameters(&ret->pkey.ecdsa, &cp, (long)j))
+			if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
 				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_ECDSA_LIB);
+				X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
 				goto err;
 				}
 			}
@@ -303,17 +338,21 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 			/* type == V_ASN1_OBJECT => the parameters are given
 			 * by an asn1 OID
 			 */
-			ECDSA *ecdsa;
-			if (ret->pkey.ecdsa == NULL)
-				ret->pkey.ecdsa = ECDSA_new();
-			ecdsa = ret->pkey.ecdsa;
-			if (ecdsa->group)
-				EC_GROUP_free(ecdsa->group);
-			if ((ecdsa->group = EC_GROUP_new_by_name(
-                             OBJ_obj2nid(a->parameter->value.object))) == NULL)
+			EC_KEY   *ec_key;
+			EC_GROUP *group;
+
+			if (ret->pkey.ec == NULL)
+				ret->pkey.ec = EC_KEY_new();
+			ec_key = ret->pkey.ec;
+			if (ec_key == NULL)
+				goto err;
+			group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
+			if (group == NULL)
+				goto err;
+			EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+			if (EC_KEY_set_group(ec_key, group) == 0)
 				goto err;
-			EC_GROUP_set_asn1_flag(ecdsa->group, 
-						OPENSSL_EC_NAMED_CURVE);
+			EC_GROUP_free(group);
 			}
 			/* the case implicitlyCA is currently not implemented */
 		ret->save_parameters = 1;
@@ -322,7 +361,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 
 	p=key->public_key->data;
         j=key->public_key->length;
-        if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL)
+        if (!d2i_PublicKey(type, &ret, &p, (long)j))
 		{
 		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
 		goto err;
@@ -341,7 +380,7 @@ err:
  * and encode or decode as X509_PUBKEY
  */
 
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
 	     long length)
 	{
 	X509_PUBKEY *xpk;
@@ -374,12 +413,12 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
  * keys
  */
 #ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
 	     long length)
 	{
 	EVP_PKEY *pkey;
 	RSA *key;
-	unsigned char *q;
+	const unsigned char *q;
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
 	if (!pkey) return NULL;
@@ -414,12 +453,12 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 #endif
 
 #ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
 	     long length)
 	{
 	EVP_PKEY *pkey;
 	DSA *key;
-	unsigned char *q;
+	const unsigned char *q;
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
 	if (!pkey) return NULL;
@@ -453,38 +492,38 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 	}
 #endif
 
-#ifndef OPENSSL_NO_ECDSA
-ECDSA *d2i_ECDSA_PUBKEY(ECDSA **a, unsigned char **pp, long length)
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
 	{
 	EVP_PKEY *pkey;
-	ECDSA *key;
-	unsigned char *q;
+	EC_KEY *key;
+	const unsigned char *q;
 	q = *pp;
 	pkey = d2i_PUBKEY(NULL, &q, length);
 	if (!pkey) return(NULL);
-	key = EVP_PKEY_get1_ECDSA(pkey);
+	key = EVP_PKEY_get1_EC_KEY(pkey);
 	EVP_PKEY_free(pkey);
 	if (!key)  return(NULL);
 	*pp = q;
 	if (a)
 		{
-		ECDSA_free(*a);
+		EC_KEY_free(*a);
 		*a = key;
 		}
 	return(key);
 	}
 
-int i2d_ECDSA_PUBKEY(ECDSA *a, unsigned char **pp)
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
 	{
 	EVP_PKEY *pktmp;
 	int ret;
 	if (!a)	return(0);
 	if ((pktmp = EVP_PKEY_new()) == NULL)
 		{
-		ASN1err(ASN1_F_I2D_ECDSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+		ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
 		return(0);
 		}
-	EVP_PKEY_set1_ECDSA(pktmp, a);
+	EVP_PKEY_set1_EC_KEY(pktmp, a);
 	ret = i2d_PUBKEY(pktmp, pp);
 	EVP_PKEY_free(pktmp);
 	return(ret);