Google Git
Sign in
boringssl/boringssl.git/3cadf63c68c26c2f5df2f6f2a1358db4772f0163^!/.
commit
3cadf63c68c26c2f5df2f6f2a1358db4772f0163
[log]
author
David Benjamin <davidben@chromium.org>
Thu Jan 28 02:58:06 2016 -0500
committer
Adam Langley <agl@google.com>
Tue Feb 16 23:54:38 2016 +0000
tree
0abcfdaece1851181e971b532845a68ca91ede7e
parent
985da09340a79cc35b26123e9b44870ab5dcc12f [diff]
Remove DSA write_params.

This imports upstream's ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 along
with a bugfix in 987157f6f63fa70dbeffca3c8bc62f26e9767ff2.

In an SPKI, a DSA key is only an INTEGER, with the group information in
the AlgorithmIdentifier. But a standalone DSAPublicKey is more complex
(and apparently made up by OpenSSL). OpenSSL implemented this with a
write_params boolean and making DSAPublicKey a CHOICE.

Instead, have p_dsa_asn1.c encode an INTEGER directly. d2i_DSAPublicKey
only parses the standalone form. (That code will be replaced later, but
first do this in preparation for rewriting the DSA ASN.1 code.)

Change-Id: I6fbe298d2723b9816806e9c196c724359b9ffd63
Reviewed-on: https://boringssl-review.googlesource.com/7021
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c
index 1e44692..2a9524a 100644
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.c

@@ -94,7 +94,6 @@
 
   memset(dsa, 0, sizeof(DSA));
 
-  dsa->write_params = 1;
   dsa->references = 1;
 
   CRYPTO_MUTEX_init(&dsa->method_mont_p_lock);

diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index b6b3fa4..4df561d 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c

@@ -126,22 +126,12 @@
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams);
 
-
-/* DSA public key is a bit trickier... its effectively a CHOICE type decided by
- * a field called write_params which can either write out just the public key
- * as an INTEGER or the parameters and public key in a SEQUENCE. */
-
-ASN1_SEQUENCE(dsa_pub_internal) = {
+ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
 	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
 	ASN1_SIMPLE(DSA, p, BIGNUM),
 	ASN1_SIMPLE(DSA, q, BIGNUM),
 	ASN1_SIMPLE(DSA, g, BIGNUM)
-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal);
-
-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-	ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params);
+} ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey);
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey);
 

diff --git a/crypto/evp/p_dsa_asn1.c b/crypto/evp/p_dsa_asn1.c
index a876eef..bb68d20 100644
--- a/crypto/evp/p_dsa_asn1.c
+++ b/crypto/evp/p_dsa_asn1.c

@@ -134,7 +134,6 @@
   int penclen;
 
   dsa = pkey->pkey.dsa;
-  dsa->write_params = 0;
 
   int ptype;
   if (dsa->p && dsa->q && dsa->g) {
@@ -153,7 +152,14 @@
     ptype = V_ASN1_UNDEF;
   }
 
-  penclen = i2d_DSAPublicKey(dsa, &penc);
+  ASN1_INTEGER *pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
+  if (pubint == NULL) {
+    goto err;
+  }
+
+  penclen = i2d_ASN1_INTEGER(pubint, &penc);
+  ASN1_INTEGER_free(pubint);
+
   if (penclen <= 0) {
     OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
     goto err;

diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 1cf8489..df74bb7 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h

@@ -315,7 +315,6 @@
 
 struct dsa_st {
   long version;
-  int write_params;
   BIGNUM *p;
   BIGNUM *q; /* == 20 */
   BIGNUM *g;