diff options
| author | David Benjamin <davidben@chromium.org> | 2016-01-28 10:58:06 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-02-17 02:54:38 +0300 |
| commit | 3cadf63c68c26c2f5df2f6f2a1358db4772f0163 (patch) | |
| tree | 0abcfdaece1851181e971b532845a68ca91ede7e | |
| parent | 985da09340a79cc35b26123e9b44870ab5dcc12f (diff) | |
Remove DSA write_params.
This imports upstream's ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 along
with a bugfix in 987157f6f63fa70dbeffca3c8bc62f26e9767ff2.
In an SPKI, a DSA key is only an INTEGER, with the group information in
the AlgorithmIdentifier. But a standalone DSAPublicKey is more complex
(and apparently made up by OpenSSL). OpenSSL implemented this with a
write_params boolean and making DSAPublicKey a CHOICE.
Instead, have p_dsa_asn1.c encode an INTEGER directly. d2i_DSAPublicKey
only parses the standalone form. (That code will be replaced later, but
first do this in preparation for rewriting the DSA ASN.1 code.)
Change-Id: I6fbe298d2723b9816806e9c196c724359b9ffd63
Reviewed-on: https://boringssl-review.googlesource.com/7021
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | crypto/dsa/dsa.c | 1 | ||||
| -rw-r--r-- | crypto/dsa/dsa_asn1.c | 14 | ||||
| -rw-r--r-- | crypto/evp/p_dsa_asn1.c | 10 | ||||
| -rw-r--r-- | include/openssl/dsa.h | 1 |
4 files changed, 10 insertions, 16 deletions
diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c index 1e446920..2a9524a3 100644 --- a/crypto/dsa/dsa.c +++ b/crypto/dsa/dsa.c @@ -94,7 +94,6 @@ DSA *DSA_new(void) { memset(dsa, 0, sizeof(DSA)); - dsa->write_params = 1; dsa->references = 1; CRYPTO_MUTEX_init(&dsa->method_mont_p_lock); diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index b6b3fa4d..4df561d6 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -126,22 +126,12 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams); - -/* DSA public key is a bit trickier... its effectively a CHOICE type decided by - * a field called write_params which can either write out just the public key - * as an INTEGER or the parameters and public key in a SEQUENCE. */ - -ASN1_SEQUENCE(dsa_pub_internal) = { +ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = { ASN1_SIMPLE(DSA, pub_key, BIGNUM), ASN1_SIMPLE(DSA, p, BIGNUM), ASN1_SIMPLE(DSA, q, BIGNUM), ASN1_SIMPLE(DSA, g, BIGNUM) -} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal); - -ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_EX_COMBINE(0, 0, dsa_pub_internal) -} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params); +} ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey); IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey); diff --git a/crypto/evp/p_dsa_asn1.c b/crypto/evp/p_dsa_asn1.c index a876eef4..bb68d20e 100644 --- a/crypto/evp/p_dsa_asn1.c +++ b/crypto/evp/p_dsa_asn1.c @@ -134,7 +134,6 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { int penclen; dsa = pkey->pkey.dsa; - dsa->write_params = 0; int ptype; if (dsa->p && dsa->q && dsa->g) { @@ -153,7 +152,14 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { ptype = V_ASN1_UNDEF; } - penclen = i2d_DSAPublicKey(dsa, &penc); + ASN1_INTEGER *pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL); + if (pubint == NULL) { + goto err; + } + + penclen = i2d_ASN1_INTEGER(pubint, &penc); + ASN1_INTEGER_free(pubint); + if (penclen <= 0) { OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 1cf8489d..df74bb78 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -315,7 +315,6 @@ OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *d, int idx); struct dsa_st { long version; - int write_params; BIGNUM *p; BIGNUM *q; /* == 20 */ BIGNUM *g; |