Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	lib/libcrypto/dh/dh_ameth.c	Lines:	86	179	48.0 %
Date:	2017-11-07	Branches:	34	90	37.8 %


/* $OpenBSD: dh_ameth.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>

#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/x509.h>

#include "asn1_locl.h"

static void
int_dh_free(EVP_PKEY *pkey)
{
	DH_free(pkey->pkey.dh);
}

static int
dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
	const unsigned char *p, *pm;
	int pklen, pmlen;
	int ptype;
	void *pval;
	ASN1_STRING *pstr;
	X509_ALGOR *palg;
	ASN1_INTEGER *public_key = NULL;
	DH *dh = NULL;

	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
		return 0;
	X509_ALGOR_get0(NULL, &ptype, &pval, palg);

	if (ptype != V_ASN1_SEQUENCE) {
		DHerror(DH_R_PARAMETER_ENCODING_ERROR);
		goto err;
	}

	pstr = pval;
	pm = pstr->data;
	pmlen = pstr->length;

	if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
		DHerror(DH_R_DECODE_ERROR);
		goto err;
	}

	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
		DHerror(DH_R_DECODE_ERROR);
		goto err;
	}

	/* We have parameters now set public key */
	if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
		DHerror(DH_R_BN_DECODE_ERROR);
		goto err;
	}

	ASN1_INTEGER_free(public_key);
	EVP_PKEY_assign_DH(pkey, dh);
	return 1;

err:
	if (public_key)
		ASN1_INTEGER_free(public_key);
	DH_free(dh);
	return 0;
}

static int
dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
	DH *dh;
	int ptype;
	unsigned char *penc = NULL;
	int penclen;
	ASN1_STRING *str;
	ASN1_INTEGER *pub_key = NULL;

	dh=pkey->pkey.dh;

	str = ASN1_STRING_new();
	if (str == NULL) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	str->length = i2d_DHparams(dh, &str->data);
	if (str->length <= 0) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ptype = V_ASN1_SEQUENCE;

	pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
	if (!pub_key)
		goto err;

	penclen = i2d_ASN1_INTEGER(pub_key, &penc);

	ASN1_INTEGER_free(pub_key);

	if (penclen <= 0) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
		}

	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
	    (void *)str, penc, penclen))
		return 1;

err:
	free(penc);
	ASN1_STRING_free(str);

	return 0;
}

/*
 * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
 * that the AlgorithmIdentifier contains the paramaters, the private key
 * is explcitly included and the pubkey must be recalculated.
 */

static int
dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
{
	const unsigned char *p, *pm;
	int pklen, pmlen;
	int ptype;
	void *pval;
	ASN1_STRING *pstr;
	X509_ALGOR *palg;
	ASN1_INTEGER *privkey = NULL;
	DH *dh = NULL;

	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
		return 0;

	X509_ALGOR_get0(NULL, &ptype, &pval, palg);

	if (ptype != V_ASN1_SEQUENCE)
		goto decerr;

	if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
		goto decerr;

	pstr = pval;
	pm = pstr->data;
	pmlen = pstr->length;
	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
		goto decerr;
	/* We have parameters now set private key */
	if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
		DHerror(DH_R_BN_ERROR);
		goto dherr;
	}
	/* Calculate public key */
	if (!DH_generate_key(dh))
		goto dherr;

	EVP_PKEY_assign_DH(pkey, dh);

	ASN1_INTEGER_free(privkey);

	return 1;

decerr:
	DHerror(EVP_R_DECODE_ERROR);
dherr:
	DH_free(dh);
	return 0;
}

static int
dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
	ASN1_STRING *params = NULL;
	ASN1_INTEGER *prkey = NULL;
	unsigned char *dp = NULL;
	int dplen;

	params = ASN1_STRING_new();

	if (!params) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}

	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
	if (params->length <= 0) {
		DHerror(ERR_R_MALLOC_FAILURE);
		goto err;
	}
	params->type = V_ASN1_SEQUENCE;

	/* Get private key into integer */
	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);

	if (!prkey) {
		DHerror(DH_R_BN_ERROR);
		goto err;
	}

	dplen = i2d_ASN1_INTEGER(prkey, &dp);

	ASN1_INTEGER_free(prkey);
	prkey = NULL;

	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
	    V_ASN1_SEQUENCE, params, dp, dplen))
		goto err;

	return 1;

err:
	free(dp);
	ASN1_STRING_free(params);
	ASN1_INTEGER_free(prkey);
	return 0;
}

static void
update_buflen(const BIGNUM *b, size_t *pbuflen)
{
	size_t i;

	if (!b)
		return;
	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
		*pbuflen = i;
}

static int
dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	DH *dh;

	if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
		DHerror(ERR_R_DH_LIB);
		return 0;
	}
	EVP_PKEY_assign_DH(pkey, dh);
	return 1;
}

static int
dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
	return i2d_DHparams(pkey->pkey.dh, pder);
}

static int
do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype)
{
	unsigned char *m = NULL;
	int reason = ERR_R_BUF_LIB, ret = 0;
	size_t buf_len = 0;
	const char *ktype = NULL;
	BIGNUM *priv_key, *pub_key;

	if (ptype == 2)
		priv_key = x->priv_key;
	else
		priv_key = NULL;

	if (ptype > 0)
		pub_key = x->pub_key;
	else
		pub_key = NULL;

	update_buflen(x->p, &buf_len);

	if (buf_len == 0) {
		reason = ERR_R_PASSED_NULL_PARAMETER;
		goto err;
	}

	update_buflen(x->g, &buf_len);
	update_buflen(pub_key, &buf_len);
	update_buflen(priv_key, &buf_len);

	if (ptype == 2)
		ktype = "PKCS#3 DH Private-Key";
	else if (ptype == 1)
		ktype = "PKCS#3 DH Public-Key";
	else
		ktype = "PKCS#3 DH Parameters";

	m= malloc(buf_len + 10);
	if (m == NULL) {
		reason = ERR_R_MALLOC_FAILURE;
		goto err;
	}

	BIO_indent(bp, indent, 128);
	if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
		goto err;
	indent += 4;

	if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
		goto err;
	if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
		goto err;

	if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
		goto err;
	if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
		goto err;
	if (x->length != 0) {
		BIO_indent(bp, indent, 128);
		if (BIO_printf(bp, "recommended-private-length: %d bits\n",
		    (int)x->length) <= 0)
			goto err;
	}

	ret = 1;
	if (0) {
err:
		DHerror(reason);
	}
	free(m);
	return(ret);
}

static int
int_dh_size(const EVP_PKEY *pkey)
{
	return DH_size(pkey->pkey.dh);
}

static int
dh_bits(const EVP_PKEY *pkey)
{
	return BN_num_bits(pkey->pkey.dh->p);
}

static int
dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{
	if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
	    BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
		return 0;
	else
		return 1;
}

static int
dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
	BIGNUM *a;

	if ((a = BN_dup(from->pkey.dh->p)) == NULL)
		return 0;
	BN_free(to->pkey.dh->p);
	to->pkey.dh->p = a;

	if ((a = BN_dup(from->pkey.dh->g)) == NULL)
		return 0;
	BN_free(to->pkey.dh->g);
	to->pkey.dh->g = a;

	return 1;
}

static int
dh_missing_parameters(const EVP_PKEY *a)
{
	if (!a->pkey.dh->p || !a->pkey.dh->g)
		return 1;
	return 0;
}

static int
dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
	if (dh_cmp_parameters(a, b) == 0)
		return 0;
	if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
		return 0;
	else
		return 1;
}

static int
dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
{
	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
}

static int
dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
{
	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
}

static int
dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
{
	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
}

int
DHparams_print(BIO *bp, const DH *x)
{
	return do_dh_print(bp, x, 4, NULL, 0);
}

const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
	.pkey_id = EVP_PKEY_DH,
	.pkey_base_id = EVP_PKEY_DH,

	.pem_str = "DH",
	.info = "OpenSSL PKCS#3 DH method",

	.pub_decode = dh_pub_decode,
	.pub_encode = dh_pub_encode,
	.pub_cmp = dh_pub_cmp,
	.pub_print = dh_public_print,

	.priv_decode = dh_priv_decode,
	.priv_encode = dh_priv_encode,
	.priv_print = dh_private_print,

	.pkey_size = int_dh_size,
	.pkey_bits = dh_bits,

	.param_decode = dh_param_decode,
	.param_encode = dh_param_encode,
	.param_missing = dh_missing_parameters,
	.param_copy = dh_copy_parameters,
	.param_cmp = dh_cmp_parameters,
	.param_print = dh_param_print,

	.pkey_free = int_dh_free,
};


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: dh_ameth.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */
2			/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3			* project 2006.
4			*/
5			/* ====================================================================
6			* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without
9			* modification, are permitted provided that the following conditions
10			* are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright
13			* notice, this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this
21			* software must display the following acknowledgment:
22			* "This product includes software developed by the OpenSSL Project
23			* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24			*
25			* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* licensing@OpenSSL.org.
29			*
30			* 5. Products derived from this software may not be called "OpenSSL"
31			* nor may "OpenSSL" appear in their names without prior written
32			* permission of the OpenSSL Project.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			* "This product includes software developed by the OpenSSL Project
37			* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			* ====================================================================
52			*
53			* This product includes cryptographic software written by Eric Young
54			* (eay@cryptsoft.com). This product includes software written by Tim
55			* Hudson (tjh@cryptsoft.com).
56			*
57			*/
58
59			#include <stdio.h>
60
61			#include <openssl/asn1.h>
62			#include <openssl/bn.h>
63			#include <openssl/dh.h>
64			#include <openssl/err.h>
65			#include <openssl/x509.h>
66
67			#include "asn1_locl.h"
68
69			static void
70			int_dh_free(EVP_PKEY *pkey)
71			{
72		20	DH_free(pkey->pkey.dh);
73		10	}
74
75			static int
76			dh_pub_decode(EVP_PKEY pkey, X509_PUBKEY pubkey)
77			{
78			const unsigned char p, pm;
79			int pklen, pmlen;
80			int ptype;
81			void *pval;
82			ASN1_STRING *pstr;
83			X509_ALGOR *palg;
84			ASN1_INTEGER *public_key = NULL;
85			DH *dh = NULL;
86
87			if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
88			return 0;
89			X509_ALGOR_get0(NULL, &ptype, &pval, palg);
90
91			if (ptype != V_ASN1_SEQUENCE) {
92			DHerror(DH_R_PARAMETER_ENCODING_ERROR);
93			goto err;
94			}
95
96			pstr = pval;
97			pm = pstr->data;
98			pmlen = pstr->length;
99
100			if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
101			DHerror(DH_R_DECODE_ERROR);
102			goto err;
103			}
104
105			if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
106			DHerror(DH_R_DECODE_ERROR);
107			goto err;
108			}
109
110			/* We have parameters now set public key */
111			if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
112			DHerror(DH_R_BN_DECODE_ERROR);
113			goto err;
114			}
115
116			ASN1_INTEGER_free(public_key);
117			EVP_PKEY_assign_DH(pkey, dh);
118			return 1;
119
120			err:
121			if (public_key)
122			ASN1_INTEGER_free(public_key);
123			DH_free(dh);
124			return 0;
125			}
126
127			static int
128			dh_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)
129			{
130			DH *dh;
131			int ptype;
132			unsigned char *penc = NULL;
133			int penclen;
134			ASN1_STRING *str;
135			ASN1_INTEGER *pub_key = NULL;
136
137			dh=pkey->pkey.dh;
138
139			str = ASN1_STRING_new();
140			if (str == NULL) {
141			DHerror(ERR_R_MALLOC_FAILURE);
142			goto err;
143			}
144
145			str->length = i2d_DHparams(dh, &str->data);
146			if (str->length <= 0) {
147			DHerror(ERR_R_MALLOC_FAILURE);
148			goto err;
149			}
150			ptype = V_ASN1_SEQUENCE;
151
152			pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
153			if (!pub_key)
154			goto err;
155
156			penclen = i2d_ASN1_INTEGER(pub_key, &penc);
157
158			ASN1_INTEGER_free(pub_key);
159
160			if (penclen <= 0) {
161			DHerror(ERR_R_MALLOC_FAILURE);
162			goto err;
163			}
164
165			if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
166			(void *)str, penc, penclen))
167			return 1;
168
169			err:
170			free(penc);
171			ASN1_STRING_free(str);
172
173			return 0;
174			}
175
176			/*
177			* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
178			* that the AlgorithmIdentifier contains the paramaters, the private key
179			* is explcitly included and the pubkey must be recalculated.
180			*/
181
182			static int
183			dh_priv_decode(EVP_PKEY pkey, PKCS8_PRIV_KEY_INFO p8)
184			{
185		4	const unsigned char p, pm;
186		2	int pklen, pmlen;
187		2	int ptype;
188		2	void *pval;
189			ASN1_STRING *pstr;
190		2	X509_ALGOR *palg;
191			ASN1_INTEGER *privkey = NULL;
192			DH *dh = NULL;
193
194	✗✓	2	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
195			return 0;
196
197		2	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
198
199	✓✗	2	if (ptype != V_ASN1_SEQUENCE)
200			goto decerr;
201
202	✓✗	2	if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
203			goto decerr;
204
205		2	pstr = pval;
206		2	pm = pstr->data;
207		2	pmlen = pstr->length;
208	✓✗	2	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
209			goto decerr;
210			/* We have parameters now set private key */
211	✗✓	2	if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
212			DHerror(DH_R_BN_ERROR);
213			goto dherr;
214			}
215			/* Calculate public key */
216	✓✗	2	if (!DH_generate_key(dh))
217			goto dherr;
218
219		2	EVP_PKEY_assign_DH(pkey, dh);
220
221		2	ASN1_INTEGER_free(privkey);
222
223		2	return 1;
224
225			decerr:
226			DHerror(EVP_R_DECODE_ERROR);
227			dherr:
228			DH_free(dh);
229			return 0;
230		2	}
231
232			static int
233			dh_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)
234			{
235			ASN1_STRING *params = NULL;
236			ASN1_INTEGER *prkey = NULL;
237		8	unsigned char *dp = NULL;
238			int dplen;
239
240		4	params = ASN1_STRING_new();
241
242	✗✓	4	if (!params) {
243			DHerror(ERR_R_MALLOC_FAILURE);
244			goto err;
245			}
246
247		4	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
248	✗✓	4	if (params->length <= 0) {
249			DHerror(ERR_R_MALLOC_FAILURE);
250			goto err;
251			}
252		4	params->type = V_ASN1_SEQUENCE;
253
254			/* Get private key into integer */
255		4	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
256
257	✗✓	4	if (!prkey) {
258			DHerror(DH_R_BN_ERROR);
259			goto err;
260			}
261
262		4	dplen = i2d_ASN1_INTEGER(prkey, &dp);
263
264		4	ASN1_INTEGER_free(prkey);
265			prkey = NULL;
266
267	✓✗	8	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
268		4	V_ASN1_SEQUENCE, params, dp, dplen))
269			goto err;
270
271		4	return 1;
272
273			err:
274			free(dp);
275			ASN1_STRING_free(params);
276			ASN1_INTEGER_free(prkey);
277			return 0;
278		4	}
279
280			static void
281			update_buflen(const BIGNUM b, size_t pbuflen)
282			{
283			size_t i;
284
285	✓✓	64	if (!b)
286		12	return;
287	✓✓	20	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
288		8	*pbuflen = i;
289		52	}
290
291			static int
292			dh_param_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
293			{
294			DH *dh;
295
296	✗✓	8	if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
297			DHerror(ERR_R_DH_LIB);
298			return 0;
299			}
300		4	EVP_PKEY_assign_DH(pkey, dh);
301		4	return 1;
302		4	}
303
304			static int
305			dh_param_encode(const EVP_PKEY pkey, unsigned char *pder)
306			{
307		16	return i2d_DHparams(pkey->pkey.dh, pder);
308			}
309
310			static int
311			do_dh_print(BIO bp, const DH x, int indent, ASN1_PCTX *ctx, int ptype)
312			{
313			unsigned char *m = NULL;
314			int reason = ERR_R_BUF_LIB, ret = 0;
315		16	size_t buf_len = 0;
316			const char *ktype = NULL;
317			BIGNUM priv_key, pub_key;
318
319	✓✓	8	if (ptype == 2)
320		2	priv_key = x->priv_key;
321			else
322			priv_key = NULL;
323
324	✓✓	8	if (ptype > 0)
325		2	pub_key = x->pub_key;
326			else
327			pub_key = NULL;
328
329		8	update_buflen(x->p, &buf_len);
330
331	✗✓	8	if (buf_len == 0) {
332			reason = ERR_R_PASSED_NULL_PARAMETER;
333			goto err;
334			}
335
336		8	update_buflen(x->g, &buf_len);
337		8	update_buflen(pub_key, &buf_len);
338		8	update_buflen(priv_key, &buf_len);
339
340	✓✓	8	if (ptype == 2)
341		2	ktype = "PKCS#3 DH Private-Key";
342	✗✓	6	else if (ptype == 1)
343			ktype = "PKCS#3 DH Public-Key";
344			else
345			ktype = "PKCS#3 DH Parameters";
346
347		8	m= malloc(buf_len + 10);
348	✗✓	8	if (m == NULL) {
349			reason = ERR_R_MALLOC_FAILURE;
350			goto err;
351			}
352
353		8	BIO_indent(bp, indent, 128);
354	✓✗	8	if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
355			goto err;
356		8	indent += 4;
357
358	✓✗	8	if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
359			goto err;
360	✓✗	8	if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
361			goto err;
362
363	✓✗	8	if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
364			goto err;
365	✓✗	8	if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
366			goto err;
367	✗✓	8	if (x->length != 0) {
368			BIO_indent(bp, indent, 128);
369			if (BIO_printf(bp, "recommended-private-length: %d bits\n",
370			(int)x->length) <= 0)
371			goto err;
372			}
373
374			ret = 1;
375		8	if (0) {
376			err:
377			DHerror(reason);
378			}
379		8	free(m);
380		8	return(ret);
381		8	}
382
383			static int
384			int_dh_size(const EVP_PKEY *pkey)
385			{
386			return DH_size(pkey->pkey.dh);
387			}
388
389			static int
390			dh_bits(const EVP_PKEY *pkey)
391			{
392			return BN_num_bits(pkey->pkey.dh->p);
393			}
394
395			static int
396			dh_cmp_parameters(const EVP_PKEY a, const EVP_PKEY b)
397			{
398			if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) \|\|
399			BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
400			return 0;
401			else
402			return 1;
403			}
404
405			static int
406			dh_copy_parameters(EVP_PKEY to, const EVP_PKEY from)
407			{
408			BIGNUM *a;
409
410	✗✓	4	if ((a = BN_dup(from->pkey.dh->p)) == NULL)
411			return 0;
412		2	BN_free(to->pkey.dh->p);
413		2	to->pkey.dh->p = a;
414
415	✗✓	2	if ((a = BN_dup(from->pkey.dh->g)) == NULL)
416			return 0;
417		2	BN_free(to->pkey.dh->g);
418		2	to->pkey.dh->g = a;
419
420		2	return 1;
421		2	}
422
423			static int
424			dh_missing_parameters(const EVP_PKEY *a)
425			{
426	✓✗✗✓	6	if (!a->pkey.dh->p \|\| !a->pkey.dh->g)
427			return 1;
428		2	return 0;
429		2	}
430
431			static int
432			dh_pub_cmp(const EVP_PKEY a, const EVP_PKEY b)
433			{
434			if (dh_cmp_parameters(a, b) == 0)
435			return 0;
436			if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
437			return 0;
438			else
439			return 1;
440			}
441
442			static int
443			dh_param_print(BIO bp, const EVP_PKEY pkey, int indent, ASN1_PCTX *ctx)
444			{
445		4	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
446			}
447
448			static int
449			dh_public_print(BIO bp, const EVP_PKEY pkey, int indent, ASN1_PCTX *ctx)
450			{
451			return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
452			}
453
454			static int
455			dh_private_print(BIO bp, const EVP_PKEY pkey, int indent, ASN1_PCTX *ctx)
456			{
457		4	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
458			}
459
460			int
461			DHparams_print(BIO bp, const DH x)
462			{
463		8	return do_dh_print(bp, x, 4, NULL, 0);
464			}
465
466			const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
467			.pkey_id = EVP_PKEY_DH,
468			.pkey_base_id = EVP_PKEY_DH,
469
470			.pem_str = "DH",
471			.info = "OpenSSL PKCS#3 DH method",
472
473			.pub_decode = dh_pub_decode,
474			.pub_encode = dh_pub_encode,
475			.pub_cmp = dh_pub_cmp,
476			.pub_print = dh_public_print,
477
478			.priv_decode = dh_priv_decode,
479			.priv_encode = dh_priv_encode,
480			.priv_print = dh_private_print,
481
482			.pkey_size = int_dh_size,
483			.pkey_bits = dh_bits,
484
485			.param_decode = dh_param_decode,
486			.param_encode = dh_param_encode,
487			.param_missing = dh_missing_parameters,
488			.param_copy = dh_copy_parameters,
489			.param_cmp = dh_cmp_parameters,
490			.param_print = dh_param_print,
491
492			.pkey_free = int_dh_free,
493			};