1 /* $OpenBSD: dsa_ameth.c,v 1.37 2022/06/27 12:36:05 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5 /* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60
61 #include <openssl/opensslconf.h>
62
63 #include <openssl/asn1.h>
64 #include <openssl/bn.h>
65 #include <openssl/cms.h>
66 #include <openssl/dsa.h>
67 #include <openssl/err.h>
68 #include <openssl/x509.h>
69
70 #include "asn1_locl.h"
71 #include "bn_lcl.h"
72 #include "dsa_locl.h"
73 #include "evp_locl.h"
74
75 static int
dsa_pub_decode(EVP_PKEY * pkey,X509_PUBKEY * pubkey)76 dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
77 {
78 const unsigned char *p, *pm;
79 int pklen, pmlen;
80 int ptype;
81 const void *pval;
82 const ASN1_STRING *pstr;
83 X509_ALGOR *palg;
84 ASN1_INTEGER *public_key = NULL;
85
86 DSA *dsa = NULL;
87
88 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
89 return 0;
90 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
91
92 if (ptype == V_ASN1_SEQUENCE) {
93 pstr = pval;
94 pm = pstr->data;
95 pmlen = pstr->length;
96
97 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
98 DSAerror(DSA_R_DECODE_ERROR);
99 goto err;
100 }
101 } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
102 if (!(dsa = DSA_new())) {
103 DSAerror(ERR_R_MALLOC_FAILURE);
104 goto err;
105 }
106 } else {
107 DSAerror(DSA_R_PARAMETER_ENCODING_ERROR);
108 goto err;
109 }
110
111 if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
112 DSAerror(DSA_R_DECODE_ERROR);
113 goto err;
114 }
115
116 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
117 DSAerror(DSA_R_BN_DECODE_ERROR);
118 goto err;
119 }
120
121 ASN1_INTEGER_free(public_key);
122 EVP_PKEY_assign_DSA(pkey, dsa);
123 return 1;
124
125 err:
126 if (public_key)
127 ASN1_INTEGER_free(public_key);
128 DSA_free(dsa);
129 return 0;
130 }
131
132 static int
dsa_pub_encode(X509_PUBKEY * pk,const EVP_PKEY * pkey)133 dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
134 {
135 DSA *dsa;
136 ASN1_INTEGER *pubint = NULL;
137 ASN1_STRING *str = NULL;
138 int ptype = V_ASN1_UNDEF;
139 unsigned char *penc = NULL;
140 int penclen;
141
142 dsa = pkey->pkey.dsa;
143 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
144 if ((str = ASN1_STRING_new()) == NULL) {
145 DSAerror(ERR_R_MALLOC_FAILURE);
146 goto err;
147 }
148 str->length = i2d_DSAparams(dsa, &str->data);
149 if (str->length <= 0) {
150 DSAerror(ERR_R_MALLOC_FAILURE);
151 goto err;
152 }
153 ptype = V_ASN1_SEQUENCE;
154 }
155
156 if ((pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) {
157 DSAerror(ERR_R_MALLOC_FAILURE);
158 goto err;
159 }
160
161 penclen = i2d_ASN1_INTEGER(pubint, &penc);
162 ASN1_INTEGER_free(pubint);
163
164 if (penclen <= 0) {
165 DSAerror(ERR_R_MALLOC_FAILURE);
166 goto err;
167 }
168
169 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, str,
170 penc, penclen))
171 return 1;
172
173 err:
174 free(penc);
175 ASN1_STRING_free(str);
176
177 return 0;
178 }
179
180 /* In PKCS#8 DSA: you just get a private key integer and parameters in the
181 * AlgorithmIdentifier the pubkey must be recalculated.
182 */
183 static int
dsa_priv_decode(EVP_PKEY * pkey,const PKCS8_PRIV_KEY_INFO * p8)184 dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
185 {
186 const unsigned char *p, *pm;
187 int pklen, pmlen;
188 int ptype;
189 const void *pval;
190 const ASN1_STRING *pstr;
191 const X509_ALGOR *palg;
192 ASN1_INTEGER *privkey = NULL;
193 BN_CTX *ctx = NULL;
194 DSA *dsa = NULL;
195
196 int ret = 0;
197
198 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
199 return 0;
200 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
201 if (ptype != V_ASN1_SEQUENCE)
202 goto decerr;
203
204 if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
205 goto decerr;
206 if (privkey->type == V_ASN1_NEG_INTEGER)
207 goto decerr;
208
209 pstr = pval;
210 pm = pstr->data;
211 pmlen = pstr->length;
212 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
213 goto decerr;
214 /* We have parameters now set private key */
215 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
216 DSAerror(DSA_R_BN_ERROR);
217 goto dsaerr;
218 }
219 /* Calculate public key */
220 if (!(dsa->pub_key = BN_new())) {
221 DSAerror(ERR_R_MALLOC_FAILURE);
222 goto dsaerr;
223 }
224 if (!(ctx = BN_CTX_new())) {
225 DSAerror(ERR_R_MALLOC_FAILURE);
226 goto dsaerr;
227 }
228
229 if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
230 DSAerror(DSA_R_BN_ERROR);
231 goto dsaerr;
232 }
233
234 if (!EVP_PKEY_assign_DSA(pkey, dsa))
235 goto decerr;
236
237 ret = 1;
238 goto done;
239
240 decerr:
241 DSAerror(DSA_R_DECODE_ERROR);
242 dsaerr:
243 DSA_free(dsa);
244 done:
245 BN_CTX_free(ctx);
246 ASN1_INTEGER_free(privkey);
247 return ret;
248 }
249
250 static int
dsa_priv_encode(PKCS8_PRIV_KEY_INFO * p8,const EVP_PKEY * pkey)251 dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
252 {
253 ASN1_STRING *params = NULL;
254 ASN1_INTEGER *prkey = NULL;
255 unsigned char *dp = NULL;
256 int dplen;
257
258 params = ASN1_STRING_new();
259 if (!params) {
260 DSAerror(ERR_R_MALLOC_FAILURE);
261 goto err;
262 }
263
264 params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data);
265 if (params->length <= 0) {
266 DSAerror(ERR_R_MALLOC_FAILURE);
267 goto err;
268 }
269 params->type = V_ASN1_SEQUENCE;
270
271 /* Get private key into integer */
272 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
273 if (!prkey) {
274 DSAerror(DSA_R_BN_ERROR);
275 goto err;
276 }
277
278 dplen = i2d_ASN1_INTEGER(prkey, &dp);
279
280 ASN1_INTEGER_free(prkey);
281 prkey = NULL;
282
283 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE,
284 params, dp, dplen))
285 goto err;
286
287 return 1;
288
289 err:
290 free(dp);
291 ASN1_STRING_free(params);
292 ASN1_INTEGER_free(prkey);
293 return 0;
294 }
295
296 static int
int_dsa_size(const EVP_PKEY * pkey)297 int_dsa_size(const EVP_PKEY *pkey)
298 {
299 return DSA_size(pkey->pkey.dsa);
300 }
301
302 static int
dsa_bits(const EVP_PKEY * pkey)303 dsa_bits(const EVP_PKEY *pkey)
304 {
305 return BN_num_bits(pkey->pkey.dsa->p);
306 }
307
308 static int
dsa_security_bits(const EVP_PKEY * pkey)309 dsa_security_bits(const EVP_PKEY *pkey)
310 {
311 return DSA_security_bits(pkey->pkey.dsa);
312 }
313
314 static int
dsa_missing_parameters(const EVP_PKEY * pkey)315 dsa_missing_parameters(const EVP_PKEY *pkey)
316 {
317 DSA *dsa;
318
319 dsa = pkey->pkey.dsa;
320 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
321 return 1;
322 return 0;
323 }
324
325 static int
dsa_copy_parameters(EVP_PKEY * to,const EVP_PKEY * from)326 dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
327 {
328 BIGNUM *a;
329
330 if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
331 return 0;
332 BN_free(to->pkey.dsa->p);
333 to->pkey.dsa->p = a;
334
335 if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
336 return 0;
337 BN_free(to->pkey.dsa->q);
338 to->pkey.dsa->q = a;
339
340 if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
341 return 0;
342 BN_free(to->pkey.dsa->g);
343 to->pkey.dsa->g = a;
344 return 1;
345 }
346
347 static int
dsa_cmp_parameters(const EVP_PKEY * a,const EVP_PKEY * b)348 dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
349 {
350 if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
351 BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
352 BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
353 return 0;
354 else
355 return 1;
356 }
357
358 static int
dsa_pub_cmp(const EVP_PKEY * a,const EVP_PKEY * b)359 dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
360 {
361 if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
362 return 0;
363 else
364 return 1;
365 }
366
367 static void
int_dsa_free(EVP_PKEY * pkey)368 int_dsa_free(EVP_PKEY *pkey)
369 {
370 DSA_free(pkey->pkey.dsa);
371 }
372
373 static void
update_buflen(const BIGNUM * b,size_t * pbuflen)374 update_buflen(const BIGNUM *b, size_t *pbuflen)
375 {
376 size_t i;
377
378 if (!b)
379 return;
380 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
381 *pbuflen = i;
382 }
383
384 static int
do_dsa_print(BIO * bp,const DSA * x,int off,int ptype)385 do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
386 {
387 unsigned char *m = NULL;
388 int ret = 0;
389 size_t buf_len = 0;
390 const char *ktype = NULL;
391 const BIGNUM *priv_key, *pub_key;
392
393 if (ptype == 2)
394 priv_key = x->priv_key;
395 else
396 priv_key = NULL;
397
398 if (ptype > 0)
399 pub_key = x->pub_key;
400 else
401 pub_key = NULL;
402
403 if (ptype == 2)
404 ktype = "Private-Key";
405 else if (ptype == 1)
406 ktype = "Public-Key";
407 else
408 ktype = "DSA-Parameters";
409
410 update_buflen(x->p, &buf_len);
411 update_buflen(x->q, &buf_len);
412 update_buflen(x->g, &buf_len);
413 update_buflen(priv_key, &buf_len);
414 update_buflen(pub_key, &buf_len);
415
416 m = malloc(buf_len + 10);
417 if (m == NULL) {
418 DSAerror(ERR_R_MALLOC_FAILURE);
419 goto err;
420 }
421
422 if (priv_key) {
423 if (!BIO_indent(bp, off, 128))
424 goto err;
425 if (BIO_printf(bp, "%s: (%d bit)\n", ktype,
426 BN_num_bits(x->p)) <= 0)
427 goto err;
428 }
429
430 if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
431 goto err;
432 if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
433 goto err;
434 if (!ASN1_bn_print(bp, "P: ", x->p, m, off))
435 goto err;
436 if (!ASN1_bn_print(bp, "Q: ", x->q, m, off))
437 goto err;
438 if (!ASN1_bn_print(bp, "G: ", x->g, m, off))
439 goto err;
440 ret = 1;
441 err:
442 free(m);
443 return ret;
444 }
445
446 static int
dsa_param_decode(EVP_PKEY * pkey,const unsigned char ** pder,int derlen)447 dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
448 {
449 DSA *dsa;
450
451 if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
452 DSAerror(ERR_R_DSA_LIB);
453 return 0;
454 }
455 EVP_PKEY_assign_DSA(pkey, dsa);
456 return 1;
457 }
458
459 static int
dsa_param_encode(const EVP_PKEY * pkey,unsigned char ** pder)460 dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
461 {
462 return i2d_DSAparams(pkey->pkey.dsa, pder);
463 }
464
465 static int
dsa_param_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)466 dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
467 {
468 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
469 }
470
471 static int
dsa_pub_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)472 dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
473 {
474 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
475 }
476
477 static int
dsa_priv_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)478 dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
479 {
480 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
481 }
482
483 static int
old_dsa_priv_decode(EVP_PKEY * pkey,const unsigned char ** pder,int derlen)484 old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
485 {
486 DSA *dsa;
487 BN_CTX *ctx = NULL;
488 BIGNUM *j, *p1, *newp1, *powg;
489 int qbits;
490
491 if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
492 DSAerror(ERR_R_DSA_LIB);
493 return 0;
494 }
495
496 /* FIPS 186-3 allows only three different sizes for q. */
497 qbits = BN_num_bits(dsa->q);
498 if (qbits != 160 && qbits != 224 && qbits != 256) {
499 DSAerror(DSA_R_BAD_Q_VALUE);
500 goto err;
501 }
502 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
503 DSAerror(DSA_R_MODULUS_TOO_LARGE);
504 goto err;
505 }
506
507 /* Check that 1 < g < p. */
508 if (BN_cmp(dsa->g, BN_value_one()) <= 0 ||
509 BN_cmp(dsa->g, dsa->p) >= 0) {
510 DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */
511 goto err;
512 }
513
514 ctx = BN_CTX_new();
515 if (ctx == NULL)
516 goto err;
517
518 /*
519 * Check that p and q are consistent with each other.
520 */
521
522 j = BN_CTX_get(ctx);
523 p1 = BN_CTX_get(ctx);
524 newp1 = BN_CTX_get(ctx);
525 powg = BN_CTX_get(ctx);
526 if (j == NULL || p1 == NULL || newp1 == NULL || powg == NULL)
527 goto err;
528 /* p1 = p - 1 */
529 if (BN_sub(p1, dsa->p, BN_value_one()) == 0)
530 goto err;
531 /* j = (p - 1) / q */
532 if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0)
533 goto err;
534 /* q * j should == p - 1 */
535 if (BN_mul(newp1, dsa->q, j, ctx) == 0)
536 goto err;
537 if (BN_cmp(newp1, p1) != 0) {
538 DSAerror(DSA_R_BAD_Q_VALUE);
539 goto err;
540 }
541
542 /*
543 * Check that g generates a multiplicative subgroup of order q.
544 * We only check that g^q == 1, so the order is a divisor of q.
545 * Once we know that q is prime, this is enough.
546 */
547
548 if (!BN_mod_exp_ct(powg, dsa->g, dsa->q, dsa->p, ctx))
549 goto err;
550 if (BN_cmp(powg, BN_value_one()) != 0) {
551 DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */
552 goto err;
553 }
554
555 /*
556 * Check that q is not a composite number.
557 */
558
559 if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) {
560 DSAerror(DSA_R_BAD_Q_VALUE);
561 goto err;
562 }
563
564 BN_CTX_free(ctx);
565
566 EVP_PKEY_assign_DSA(pkey, dsa);
567 return 1;
568
569 err:
570 BN_CTX_free(ctx);
571 DSA_free(dsa);
572 return 0;
573 }
574
575 static int
old_dsa_priv_encode(const EVP_PKEY * pkey,unsigned char ** pder)576 old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
577 {
578 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
579 }
580
581 static int
dsa_sig_print(BIO * bp,const X509_ALGOR * sigalg,const ASN1_STRING * sig,int indent,ASN1_PCTX * pctx)582 dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
583 int indent, ASN1_PCTX *pctx)
584 {
585 DSA_SIG *dsa_sig;
586 const unsigned char *p;
587
588 if (!sig) {
589 if (BIO_puts(bp, "\n") <= 0)
590 return 0;
591 else
592 return 1;
593 }
594 p = sig->data;
595 dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
596 if (dsa_sig) {
597 int rv = 0;
598 size_t buf_len = 0;
599 unsigned char *m = NULL;
600
601 update_buflen(dsa_sig->r, &buf_len);
602 update_buflen(dsa_sig->s, &buf_len);
603 m = malloc(buf_len + 10);
604 if (m == NULL) {
605 DSAerror(ERR_R_MALLOC_FAILURE);
606 goto err;
607 }
608
609 if (BIO_write(bp, "\n", 1) != 1)
610 goto err;
611
612 if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent))
613 goto err;
614 if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent))
615 goto err;
616 rv = 1;
617 err:
618 free(m);
619 DSA_SIG_free(dsa_sig);
620 return rv;
621 }
622 return X509_signature_dump(bp, sig, indent);
623 }
624
625 static int
dsa_pkey_ctrl(EVP_PKEY * pkey,int op,long arg1,void * arg2)626 dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
627 {
628 switch (op) {
629 case ASN1_PKEY_CTRL_PKCS7_SIGN:
630 if (arg1 == 0) {
631 int snid, hnid;
632 X509_ALGOR *alg1, *alg2;
633
634 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
635 if (alg1 == NULL || alg1->algorithm == NULL)
636 return -1;
637 hnid = OBJ_obj2nid(alg1->algorithm);
638 if (hnid == NID_undef)
639 return -1;
640 if (!OBJ_find_sigid_by_algs(&snid, hnid,
641 EVP_PKEY_id(pkey)))
642 return -1;
643 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
644 0);
645 }
646 return 1;
647
648 #ifndef OPENSSL_NO_CMS
649 case ASN1_PKEY_CTRL_CMS_SIGN:
650 if (arg1 == 0) {
651 int snid, hnid;
652 X509_ALGOR *alg1, *alg2;
653
654 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
655 if (alg1 == NULL || alg1->algorithm == NULL)
656 return -1;
657 hnid = OBJ_obj2nid(alg1->algorithm);
658 if (hnid == NID_undef)
659 return -1;
660 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
661 return -1;
662 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
663 }
664 return 1;
665
666 case ASN1_PKEY_CTRL_CMS_RI_TYPE:
667 *(int *)arg2 = CMS_RECIPINFO_NONE;
668 return 1;
669 #endif
670
671 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
672 *(int *)arg2 = NID_sha1;
673 return 2;
674
675 default:
676 return -2;
677 }
678 }
679
680 /* NB these are sorted in pkey_id order, lowest first */
681
682 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
683 {
684 .pkey_id = EVP_PKEY_DSA2,
685 .pkey_base_id = EVP_PKEY_DSA,
686 .pkey_flags = ASN1_PKEY_ALIAS
687 },
688
689 {
690 .pkey_id = EVP_PKEY_DSA1,
691 .pkey_base_id = EVP_PKEY_DSA,
692 .pkey_flags = ASN1_PKEY_ALIAS
693 },
694
695 {
696 .pkey_id = EVP_PKEY_DSA4,
697 .pkey_base_id = EVP_PKEY_DSA,
698 .pkey_flags = ASN1_PKEY_ALIAS
699 },
700
701 {
702 .pkey_id = EVP_PKEY_DSA3,
703 .pkey_base_id = EVP_PKEY_DSA,
704 .pkey_flags = ASN1_PKEY_ALIAS
705 },
706
707 {
708 .pkey_id = EVP_PKEY_DSA,
709 .pkey_base_id = EVP_PKEY_DSA,
710
711 .pem_str = "DSA",
712 .info = "OpenSSL DSA method",
713
714 .pub_decode = dsa_pub_decode,
715 .pub_encode = dsa_pub_encode,
716 .pub_cmp = dsa_pub_cmp,
717 .pub_print = dsa_pub_print,
718
719 .priv_decode = dsa_priv_decode,
720 .priv_encode = dsa_priv_encode,
721 .priv_print = dsa_priv_print,
722
723 .pkey_size = int_dsa_size,
724 .pkey_bits = dsa_bits,
725 .pkey_security_bits = dsa_security_bits,
726
727 .param_decode = dsa_param_decode,
728 .param_encode = dsa_param_encode,
729 .param_missing = dsa_missing_parameters,
730 .param_copy = dsa_copy_parameters,
731 .param_cmp = dsa_cmp_parameters,
732 .param_print = dsa_param_print,
733 .sig_print = dsa_sig_print,
734
735 .pkey_free = int_dsa_free,
736 .pkey_ctrl = dsa_pkey_ctrl,
737 .old_priv_decode = old_dsa_priv_decode,
738 .old_priv_encode = old_dsa_priv_encode
739 }
740 };
741