GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/crypto/../../libssl/src/crypto/dsa/dsa_asn1.c Lines: 30 59 50.8 %
Date: 2016-12-06 Branches: 7 22 31.8 %

Line Branch Exec Source
1
/* $OpenBSD: dsa_asn1.c,v 1.16 2015/02/14 15:06:55 jsing Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 2000.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <stdio.h>
60
#include <string.h>
61
62
#include <openssl/asn1.h>
63
#include <openssl/asn1t.h>
64
#include <openssl/dsa.h>
65
#include <openssl/err.h>
66
67
/* Override the default new methods */
68
static int
69
sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
70
14
{
71
14
	if (operation == ASN1_OP_NEW_PRE) {
72
		DSA_SIG *sig;
73
74
		sig = malloc(sizeof(DSA_SIG));
75
		if (!sig) {
76
			DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
77
			return 0;
78
		}
79
		sig->r = NULL;
80
		sig->s = NULL;
81
		*pval = (ASN1_VALUE *)sig;
82
		return 2;
83
	}
84
14
	return 1;
85
}
86
87
static const ASN1_AUX DSA_SIG_aux = {
88
	.app_data = NULL,
89
	.flags = 0,
90
	.ref_offset = 0,
91
	.ref_lock = 0,
92
	.asn1_cb = sig_cb,
93
	.enc_offset = 0,
94
};
95
static const ASN1_TEMPLATE DSA_SIG_seq_tt[] = {
96
	{
97
		.flags = 0,
98
		.tag = 0,
99
		.offset = offsetof(DSA_SIG, r),
100
		.field_name = "r",
101
		.item = &CBIGNUM_it,
102
	},
103
	{
104
		.flags = 0,
105
		.tag = 0,
106
		.offset = offsetof(DSA_SIG, s),
107
		.field_name = "s",
108
		.item = &CBIGNUM_it,
109
	},
110
};
111
112
const ASN1_ITEM DSA_SIG_it = {
113
	.itype = ASN1_ITYPE_SEQUENCE,
114
	.utype = V_ASN1_SEQUENCE,
115
	.templates = DSA_SIG_seq_tt,
116
	.tcount = sizeof(DSA_SIG_seq_tt) / sizeof(ASN1_TEMPLATE),
117
	.funcs = &DSA_SIG_aux,
118
	.size = sizeof(DSA_SIG),
119
	.sname = "DSA_SIG",
120
};
121
122
123
DSA_SIG *
124
d2i_DSA_SIG(DSA_SIG **a, const unsigned char **in, long len)
125
2
{
126
2
	return (DSA_SIG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
127
	    &DSA_SIG_it);
128
}
129
130
int
131
i2d_DSA_SIG(const DSA_SIG *a, unsigned char **out)
132
4
{
133
4
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSA_SIG_it);
134
}
135
136
/* Override the default free and new methods */
137
static int
138
dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
139
{
140
	if (operation == ASN1_OP_NEW_PRE) {
141
		*pval = (ASN1_VALUE *)DSA_new();
142
		if (*pval)
143
			return 2;
144
		return 0;
145
	} else if (operation == ASN1_OP_FREE_PRE) {
146
		DSA_free((DSA *)*pval);
147
		*pval = NULL;
148
		return 2;
149
	}
150
	return 1;
151
}
152
153
static const ASN1_AUX DSAPrivateKey_aux = {
154
	.app_data = NULL,
155
	.flags = 0,
156
	.ref_offset = 0,
157
	.ref_lock = 0,
158
	.asn1_cb = dsa_cb,
159
	.enc_offset = 0,
160
};
161
static const ASN1_TEMPLATE DSAPrivateKey_seq_tt[] = {
162
	{
163
		.flags = 0,
164
		.tag = 0,
165
		.offset = offsetof(DSA, version),
166
		.field_name = "version",
167
		.item = &LONG_it,
168
	},
169
	{
170
		.flags = 0,
171
		.tag = 0,
172
		.offset = offsetof(DSA, p),
173
		.field_name = "p",
174
		.item = &BIGNUM_it,
175
	},
176
	{
177
		.flags = 0,
178
		.tag = 0,
179
		.offset = offsetof(DSA, q),
180
		.field_name = "q",
181
		.item = &BIGNUM_it,
182
	},
183
	{
184
		.flags = 0,
185
		.tag = 0,
186
		.offset = offsetof(DSA, g),
187
		.field_name = "g",
188
		.item = &BIGNUM_it,
189
	},
190
	{
191
		.flags = 0,
192
		.tag = 0,
193
		.offset = offsetof(DSA, pub_key),
194
		.field_name = "pub_key",
195
		.item = &BIGNUM_it,
196
	},
197
	{
198
		.flags = 0,
199
		.tag = 0,
200
		.offset = offsetof(DSA, priv_key),
201
		.field_name = "priv_key",
202
		.item = &BIGNUM_it,
203
	},
204
};
205
206
const ASN1_ITEM DSAPrivateKey_it = {
207
	.itype = ASN1_ITYPE_SEQUENCE,
208
	.utype = V_ASN1_SEQUENCE,
209
	.templates = DSAPrivateKey_seq_tt,
210
	.tcount = sizeof(DSAPrivateKey_seq_tt) / sizeof(ASN1_TEMPLATE),
211
	.funcs = &DSAPrivateKey_aux,
212
	.size = sizeof(DSA),
213
	.sname = "DSA",
214
};
215
216
217
DSA *
218
d2i_DSAPrivateKey(DSA **a, const unsigned char **in, long len)
219
{
220
	return (DSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
221
	    &DSAPrivateKey_it);
222
}
223
224
int
225
i2d_DSAPrivateKey(const DSA *a, unsigned char **out)
226
{
227
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAPrivateKey_it);
228
}
229
230
static const ASN1_AUX DSAparams_aux = {
231
	.app_data = NULL,
232
	.flags = 0,
233
	.ref_offset = 0,
234
	.ref_lock = 0,
235
	.asn1_cb = dsa_cb,
236
	.enc_offset = 0,
237
};
238
static const ASN1_TEMPLATE DSAparams_seq_tt[] = {
239
	{
240
		.flags = 0,
241
		.tag = 0,
242
		.offset = offsetof(DSA, p),
243
		.field_name = "p",
244
		.item = &BIGNUM_it,
245
	},
246
	{
247
		.flags = 0,
248
		.tag = 0,
249
		.offset = offsetof(DSA, q),
250
		.field_name = "q",
251
		.item = &BIGNUM_it,
252
	},
253
	{
254
		.flags = 0,
255
		.tag = 0,
256
		.offset = offsetof(DSA, g),
257
		.field_name = "g",
258
		.item = &BIGNUM_it,
259
	},
260
};
261
262
const ASN1_ITEM DSAparams_it = {
263
	.itype = ASN1_ITYPE_SEQUENCE,
264
	.utype = V_ASN1_SEQUENCE,
265
	.templates = DSAparams_seq_tt,
266
	.tcount = sizeof(DSAparams_seq_tt) / sizeof(ASN1_TEMPLATE),
267
	.funcs = &DSAparams_aux,
268
	.size = sizeof(DSA),
269
	.sname = "DSA",
270
};
271
272
273
DSA *
274
d2i_DSAparams(DSA **a, const unsigned char **in, long len)
275
{
276
	return (DSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
277
	    &DSAparams_it);
278
}
279
280
int
281
i2d_DSAparams(const DSA *a, unsigned char **out)
282
{
283
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAparams_it);
284
}
285
286
/*
287
 * DSA public key is a bit trickier... its effectively a CHOICE type
288
 * decided by a field called write_params which can either write out
289
 * just the public key as an INTEGER or the parameters and public key
290
 * in a SEQUENCE
291
 */
292
293
static const ASN1_TEMPLATE dsa_pub_internal_seq_tt[] = {
294
	{
295
		.flags = 0,
296
		.tag = 0,
297
		.offset = offsetof(DSA, pub_key),
298
		.field_name = "pub_key",
299
		.item = &BIGNUM_it,
300
	},
301
	{
302
		.flags = 0,
303
		.tag = 0,
304
		.offset = offsetof(DSA, p),
305
		.field_name = "p",
306
		.item = &BIGNUM_it,
307
	},
308
	{
309
		.flags = 0,
310
		.tag = 0,
311
		.offset = offsetof(DSA, q),
312
		.field_name = "q",
313
		.item = &BIGNUM_it,
314
	},
315
	{
316
		.flags = 0,
317
		.tag = 0,
318
		.offset = offsetof(DSA, g),
319
		.field_name = "g",
320
		.item = &BIGNUM_it,
321
	},
322
};
323
324
const ASN1_ITEM dsa_pub_internal_it = {
325
	.itype = ASN1_ITYPE_SEQUENCE,
326
	.utype = V_ASN1_SEQUENCE,
327
	.templates = dsa_pub_internal_seq_tt,
328
	.tcount = sizeof(dsa_pub_internal_seq_tt) / sizeof(ASN1_TEMPLATE),
329
	.funcs = NULL,
330
	.size = sizeof(DSA),
331
	.sname = "DSA",
332
};
333
334
static const ASN1_AUX DSAPublicKey_aux = {
335
	.app_data = NULL,
336
	.flags = 0,
337
	.ref_offset = 0,
338
	.ref_lock = 0,
339
	.asn1_cb = dsa_cb,
340
	.enc_offset = 0,
341
};
342
static const ASN1_TEMPLATE DSAPublicKey_ch_tt[] = {
343
	{
344
		.flags = 0,
345
		.tag = 0,
346
		.offset = offsetof(DSA, pub_key),
347
		.field_name = "pub_key",
348
		.item = &BIGNUM_it,
349
	},
350
	{
351
		.flags = 0 | ASN1_TFLG_COMBINE,
352
		.tag = 0,
353
		.offset = 0,
354
		.field_name = NULL,
355
		.item = &dsa_pub_internal_it,
356
	},
357
};
358
359
const ASN1_ITEM DSAPublicKey_it = {
360
	.itype = ASN1_ITYPE_CHOICE,
361
	.utype = offsetof(DSA, write_params),
362
	.templates = DSAPublicKey_ch_tt,
363
	.tcount = sizeof(DSAPublicKey_ch_tt) / sizeof(ASN1_TEMPLATE),
364
	.funcs = &DSAPublicKey_aux,
365
	.size = sizeof(DSA),
366
	.sname = "DSA",
367
};
368
369
370
DSA *
371
d2i_DSAPublicKey(DSA **a, const unsigned char **in, long len)
372
{
373
	return (DSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
374
	    &DSAPublicKey_it);
375
}
376
377
int
378
i2d_DSAPublicKey(const DSA *a, unsigned char **out)
379
{
380
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAPublicKey_it);
381
}
382
383
DSA *
384
DSAparams_dup(DSA *dsa)
385
{
386
	return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
387
}
388
389
int
390
DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
391
    unsigned int *siglen, DSA *dsa)
392
2
{
393
	DSA_SIG *s;
394
395
2
	s = DSA_do_sign(dgst, dlen, dsa);
396
2
	if (s == NULL) {
397
		*siglen = 0;
398
		return 0;
399
	}
400
2
	*siglen = i2d_DSA_SIG(s,&sig);
401
2
	DSA_SIG_free(s);
402
2
	return 1;
403
}
404
405
/*
406
 * data has already been hashed (probably with SHA or SHA-1).
407
 * returns
408
 *      1: correct signature
409
 *      0: incorrect signature
410
 *     -1: error
411
 */
412
int
413
DSA_verify(int type, const unsigned char *dgst, int dgst_len,
414
    const unsigned char *sigbuf, int siglen, DSA *dsa)
415
2
{
416
	DSA_SIG *s;
417
2
	unsigned char *der = NULL;
418
2
	const unsigned char *p = sigbuf;
419
2
	int derlen = -1;
420
2
	int ret = -1;
421
422
2
	s = DSA_SIG_new();
423
2
	if (s == NULL)
424
		return ret;
425
2
	if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
426
		goto err;
427
	/* Ensure signature uses DER and doesn't have trailing garbage */
428
2
	derlen = i2d_DSA_SIG(s, &der);
429

2
	if (derlen != siglen || memcmp(sigbuf, der, derlen))
430
		goto err;
431
2
	ret = DSA_do_verify(dgst, dgst_len, s, dsa);
432
2
err:
433
2
	if (derlen > 0) {
434
2
		explicit_bzero(der, derlen);
435
2
		free(der);
436
	}
437
2
	DSA_SIG_free(s);
438
2
	return ret;
439
}