dsa_asn1.c
Go to the documentation of this file.
1 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2  * project 2000. */
3 /* ====================================================================
4  * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in
15  * the documentation and/or other materials provided with the
16  * distribution.
17  *
18  * 3. All advertising materials mentioning features or use of this
19  * software must display the following acknowledgment:
20  * "This product includes software developed by the OpenSSL Project
21  * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
22  *
23  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24  * endorse or promote products derived from this software without
25  * prior written permission. For written permission, please contact
26  * licensing@OpenSSL.org.
27  *
28  * 5. Products derived from this software may not be called "OpenSSL"
29  * nor may "OpenSSL" appear in their names without prior written
30  * permission of the OpenSSL Project.
31  *
32  * 6. Redistributions of any form whatsoever must retain the following
33  * acknowledgment:
34  * "This product includes software developed by the OpenSSL Project
35  * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
36  *
37  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48  * OF THE POSSIBILITY OF SUCH DAMAGE.
49  * ====================================================================
50  *
51  * This product includes cryptographic software written by Eric Young
52  * (eay@cryptsoft.com). This product includes software written by Tim
53  * Hudson (tjh@cryptsoft.com). */
54 
55 #include <openssl/dsa.h>
56 
57 #include <assert.h>
58 
59 #include <openssl/bn.h>
60 #include <openssl/bytestring.h>
61 #include <openssl/err.h>
62 #include <openssl/mem.h>
63 
64 #include "internal.h"
65 #include "../bytestring/internal.h"
66 
67 
68 #define OPENSSL_DSA_MAX_MODULUS_BITS 10000
69 
70 // This function is in dsa_asn1.c rather than dsa.c because it is reachable from
71 // |EVP_PKEY| parsers. This makes it easier for the static linker to drop most
72 // of the DSA implementation.
73 int dsa_check_parameters(const DSA *dsa) {
74  if (!dsa->p || !dsa->q || !dsa->g) {
75  OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS);
76  return 0;
77  }
78 
79  // Reject invalid parameters. In particular, signing will infinite loop if |g|
80  // is zero.
81  if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
82  OPENSSL_PUT_ERROR(DSA, DSA_R_INVALID_PARAMETERS);
83  return 0;
84  }
85 
86  // FIPS 186-4 allows only three different sizes for q.
87  unsigned q_bits = BN_num_bits(dsa->q);
88  if (q_bits != 160 && q_bits != 224 && q_bits != 256) {
89  OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE);
90  return 0;
91  }
92 
93  // Bound |dsa->p| to avoid a DoS vector. Note this limit is much larger than
94  // the one in FIPS 186-4, which only allows L = 1024, 2048, and 3072.
95  if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
96  OPENSSL_PUT_ERROR(DSA, DSA_R_MODULUS_TOO_LARGE);
97  return 0;
98  }
99 
100  return 1;
101 }
102 
103 static int parse_integer(CBS *cbs, BIGNUM **out) {
104  assert(*out == NULL);
105  *out = BN_new();
106  if (*out == NULL) {
107  return 0;
108  }
109  return BN_parse_asn1_unsigned(cbs, *out);
110 }
111 
112 static int marshal_integer(CBB *cbb, BIGNUM *bn) {
113  if (bn == NULL) {
114  // A DSA object may be missing some components.
115  OPENSSL_PUT_ERROR(DSA, ERR_R_PASSED_NULL_PARAMETER);
116  return 0;
117  }
118  return BN_marshal_asn1(cbb, bn);
119 }
120 
121 DSA_SIG *DSA_SIG_parse(CBS *cbs) {
122  DSA_SIG *ret = DSA_SIG_new();
123  if (ret == NULL) {
124  return NULL;
125  }
126  CBS child;
127  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
128  !parse_integer(&child, &ret->r) ||
129  !parse_integer(&child, &ret->s) ||
130  CBS_len(&child) != 0) {
131  OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
132  DSA_SIG_free(ret);
133  return NULL;
134  }
135  return ret;
136 }
137 
138 int DSA_SIG_marshal(CBB *cbb, const DSA_SIG *sig) {
139  CBB child;
140  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||
141  !marshal_integer(&child, sig->r) ||
142  !marshal_integer(&child, sig->s) ||
143  !CBB_flush(cbb)) {
144  OPENSSL_PUT_ERROR(DSA, DSA_R_ENCODE_ERROR);
145  return 0;
146  }
147  return 1;
148 }
149 
150 DSA *DSA_parse_public_key(CBS *cbs) {
151  DSA *ret = DSA_new();
152  if (ret == NULL) {
153  return NULL;
154  }
155  CBS child;
156  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
157  !parse_integer(&child, &ret->pub_key) ||
158  !parse_integer(&child, &ret->p) ||
159  !parse_integer(&child, &ret->q) ||
160  !parse_integer(&child, &ret->g) ||
161  CBS_len(&child) != 0) {
162  OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
163  goto err;
164  }
165  if (!dsa_check_parameters(ret)) {
166  goto err;
167  }
168  return ret;
169 
170 err:
171  DSA_free(ret);
172  return NULL;
173 }
174 
175 int DSA_marshal_public_key(CBB *cbb, const DSA *dsa) {
176  CBB child;
177  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||
178  !marshal_integer(&child, dsa->pub_key) ||
179  !marshal_integer(&child, dsa->p) ||
180  !marshal_integer(&child, dsa->q) ||
181  !marshal_integer(&child, dsa->g) ||
182  !CBB_flush(cbb)) {
183  OPENSSL_PUT_ERROR(DSA, DSA_R_ENCODE_ERROR);
184  return 0;
185  }
186  return 1;
187 }
188 
189 DSA *DSA_parse_parameters(CBS *cbs) {
190  DSA *ret = DSA_new();
191  if (ret == NULL) {
192  return NULL;
193  }
194  CBS child;
195  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
196  !parse_integer(&child, &ret->p) ||
197  !parse_integer(&child, &ret->q) ||
198  !parse_integer(&child, &ret->g) ||
199  CBS_len(&child) != 0) {
200  OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
201  goto err;
202  }
203  if (!dsa_check_parameters(ret)) {
204  goto err;
205  }
206  return ret;
207 
208 err:
209  DSA_free(ret);
210  return NULL;
211 }
212 
213 int DSA_marshal_parameters(CBB *cbb, const DSA *dsa) {
214  CBB child;
215  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||
216  !marshal_integer(&child, dsa->p) ||
217  !marshal_integer(&child, dsa->q) ||
218  !marshal_integer(&child, dsa->g) ||
219  !CBB_flush(cbb)) {
220  OPENSSL_PUT_ERROR(DSA, DSA_R_ENCODE_ERROR);
221  return 0;
222  }
223  return 1;
224 }
225 
226 DSA *DSA_parse_private_key(CBS *cbs) {
227  DSA *ret = DSA_new();
228  if (ret == NULL) {
229  return NULL;
230  }
231 
232  CBS child;
233  uint64_t version;
234  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
235  !CBS_get_asn1_uint64(&child, &version)) {
236  OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
237  goto err;
238  }
239 
240  if (version != 0) {
241  OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_VERSION);
242  goto err;
243  }
244 
245  if (!parse_integer(&child, &ret->p) ||
246  !parse_integer(&child, &ret->q) ||
247  !parse_integer(&child, &ret->g) ||
248  !parse_integer(&child, &ret->pub_key) ||
249  !parse_integer(&child, &ret->priv_key) ||
250  CBS_len(&child) != 0) {
251  OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
252  goto err;
253  }
254  if (!dsa_check_parameters(ret)) {
255  goto err;
256  }
257  return ret;
258 
259 err:
260  DSA_free(ret);
261  return NULL;
262 }
263 
264 int DSA_marshal_private_key(CBB *cbb, const DSA *dsa) {
265  CBB child;
266  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||
267  !CBB_add_asn1_uint64(&child, 0 /* version */) ||
268  !marshal_integer(&child, dsa->p) ||
269  !marshal_integer(&child, dsa->q) ||
270  !marshal_integer(&child, dsa->g) ||
271  !marshal_integer(&child, dsa->pub_key) ||
272  !marshal_integer(&child, dsa->priv_key) ||
273  !CBB_flush(cbb)) {
274  OPENSSL_PUT_ERROR(DSA, DSA_R_ENCODE_ERROR);
275  return 0;
276  }
277  return 1;
278 }
279 
280 DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp, long len) {
281  if (len < 0) {
282  return NULL;
283  }
284  CBS cbs;
285  CBS_init(&cbs, *inp, (size_t)len);
286  DSA_SIG *ret = DSA_SIG_parse(&cbs);
287  if (ret == NULL) {
288  return NULL;
289  }
290  if (out_sig != NULL) {
291  DSA_SIG_free(*out_sig);
292  *out_sig = ret;
293  }
294  *inp = CBS_data(&cbs);
295  return ret;
296 }
297 
298 int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp) {
299  CBB cbb;
300  if (!CBB_init(&cbb, 0) ||
301  !DSA_SIG_marshal(&cbb, in)) {
302  CBB_cleanup(&cbb);
303  return -1;
304  }
305  return CBB_finish_i2d(&cbb, outp);
306 }
307 
308 DSA *d2i_DSAPublicKey(DSA **out, const uint8_t **inp, long len) {
309  if (len < 0) {
310  return NULL;
311  }
312  CBS cbs;
313  CBS_init(&cbs, *inp, (size_t)len);
314  DSA *ret = DSA_parse_public_key(&cbs);
315  if (ret == NULL) {
316  return NULL;
317  }
318  if (out != NULL) {
319  DSA_free(*out);
320  *out = ret;
321  }
322  *inp = CBS_data(&cbs);
323  return ret;
324 }
325 
326 int i2d_DSAPublicKey(const DSA *in, uint8_t **outp) {
327  CBB cbb;
328  if (!CBB_init(&cbb, 0) ||
329  !DSA_marshal_public_key(&cbb, in)) {
330  CBB_cleanup(&cbb);
331  return -1;
332  }
333  return CBB_finish_i2d(&cbb, outp);
334 }
335 
336 DSA *d2i_DSAPrivateKey(DSA **out, const uint8_t **inp, long len) {
337  if (len < 0) {
338  return NULL;
339  }
340  CBS cbs;
341  CBS_init(&cbs, *inp, (size_t)len);
342  DSA *ret = DSA_parse_private_key(&cbs);
343  if (ret == NULL) {
344  return NULL;
345  }
346  if (out != NULL) {
347  DSA_free(*out);
348  *out = ret;
349  }
350  *inp = CBS_data(&cbs);
351  return ret;
352 }
353 
354 int i2d_DSAPrivateKey(const DSA *in, uint8_t **outp) {
355  CBB cbb;
356  if (!CBB_init(&cbb, 0) ||
357  !DSA_marshal_private_key(&cbb, in)) {
358  CBB_cleanup(&cbb);
359  return -1;
360  }
361  return CBB_finish_i2d(&cbb, outp);
362 }
363 
364 DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len) {
365  if (len < 0) {
366  return NULL;
367  }
368  CBS cbs;
369  CBS_init(&cbs, *inp, (size_t)len);
370  DSA *ret = DSA_parse_parameters(&cbs);
371  if (ret == NULL) {
372  return NULL;
373  }
374  if (out != NULL) {
375  DSA_free(*out);
376  *out = ret;
377  }
378  *inp = CBS_data(&cbs);
379  return ret;
380 }
381 
382 int i2d_DSAparams(const DSA *in, uint8_t **outp) {
383  CBB cbb;
384  if (!CBB_init(&cbb, 0) ||
385  !DSA_marshal_parameters(&cbb, in)) {
386  CBB_cleanup(&cbb);
387  return -1;
388  }
389  return CBB_finish_i2d(&cbb, outp);
390 }
CBS_get_asn1_uint64
#define CBS_get_asn1_uint64
Definition: boringssl_prefix_symbols.h:1066
DSA_marshal_public_key
int DSA_marshal_public_key(CBB *cbb, const DSA *dsa)
Definition: dsa_asn1.c:175
bn.h
CBB_flush
#define CBB_flush
Definition: boringssl_prefix_symbols.h:1045
CBB_init
#define CBB_init
Definition: boringssl_prefix_symbols.h:1047
gen_build_yaml.out
dictionary out
Definition: src/benchmark/gen_build_yaml.py:24
DSA_SIG_parse
DSA_SIG * DSA_SIG_parse(CBS *cbs)
Definition: dsa_asn1.c:121
cbs_st
Definition: bytestring.h:39
CBB_cleanup
#define CBB_cleanup
Definition: boringssl_prefix_symbols.h:1039
marshal_integer
static int marshal_integer(CBB *cbb, BIGNUM *bn)
Definition: dsa_asn1.c:112
DSA_SIG_st::s
BIGNUM * s
Definition: dsa.h:182
DSA_SIG_free
#define DSA_SIG_free
Definition: boringssl_prefix_symbols.h:1258
DSA_marshal_parameters
int DSA_marshal_parameters(CBB *cbb, const DSA *dsa)
Definition: dsa_asn1.c:213
CBS_data
#define CBS_data
Definition: boringssl_prefix_symbols.h:1057
regen-readme.inp
inp
Definition: regen-readme.py:11
i2d_DSAPublicKey
int i2d_DSAPublicKey(const DSA *in, uint8_t **outp)
Definition: dsa_asn1.c:326
OPENSSL_PUT_ERROR
#define OPENSSL_PUT_ERROR(library, reason)
Definition: err.h:423
error_ref_leak.err
err
Definition: error_ref_leak.py:35
DSA_parse_public_key
DSA * DSA_parse_public_key(CBS *cbs)
Definition: dsa_asn1.c:150
CBS_len
#define CBS_len
Definition: boringssl_prefix_symbols.h:1089
CBS_get_asn1
#define CBS_get_asn1
Definition: boringssl_prefix_symbols.h:1061
version
Definition: version.py:1
DSA_SIG_marshal
int DSA_SIG_marshal(CBB *cbb, const DSA_SIG *sig)
Definition: dsa_asn1.c:138
cbs
const CBS * cbs
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:107
OPENSSL_DSA_MAX_MODULUS_BITS
#define OPENSSL_DSA_MAX_MODULUS_BITS
Definition: dsa_asn1.c:68
CBS_init
#define CBS_init
Definition: boringssl_prefix_symbols.h:1085
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
DSA_R_MODULUS_TOO_LARGE
#define DSA_R_MODULUS_TOO_LARGE
Definition: dsa.h:436
DSA_new
#define DSA_new
Definition: boringssl_prefix_symbols.h:1284
DSA_R_BAD_Q_VALUE
#define DSA_R_BAD_Q_VALUE
Definition: dsa.h:434
bytestring.h
DSA_SIG_st::r
BIGNUM * r
Definition: dsa.h:182
internal.h
in
const char * in
Definition: third_party/abseil-cpp/absl/strings/internal/str_format/parser_test.cc:391
i2d_DSAparams
int i2d_DSAparams(const DSA *in, uint8_t **outp)
Definition: dsa_asn1.c:382
ERR_R_PASSED_NULL_PARAMETER
#define ERR_R_PASSED_NULL_PARAMETER
Definition: err.h:373
dsa_st::p
BIGNUM * p
Definition: dsa.h:400
DSA_free
#define DSA_free
Definition: boringssl_prefix_symbols.h:1269
DSA_R_DECODE_ERROR
#define DSA_R_DECODE_ERROR
Definition: dsa.h:439
conf.version
string version
Definition: doc/python/sphinx/conf.py:36
DSA_marshal_private_key
int DSA_marshal_private_key(CBB *cbb, const DSA *dsa)
Definition: dsa_asn1.c:264
dsa_st::q
BIGNUM * q
Definition: dsa.h:401
uint64_t
unsigned __int64 uint64_t
Definition: stdint-msvc2008.h:90
CBB_add_asn1
#define CBB_add_asn1
Definition: boringssl_prefix_symbols.h:1019
err.h
dsa.h
googletest-filter-unittest.child
child
Definition: bloaty/third_party/googletest/googletest/test/googletest-filter-unittest.py:62
dsa_st::priv_key
BIGNUM * priv_key
Definition: dsa.h:405
BN_is_zero
#define BN_is_zero
Definition: boringssl_prefix_symbols.h:940
i2d_DSAPrivateKey
int i2d_DSAPrivateKey(const DSA *in, uint8_t **outp)
Definition: dsa_asn1.c:354
DSA_R_ENCODE_ERROR
#define DSA_R_ENCODE_ERROR
Definition: dsa.h:440
DSA_SIG_st
Definition: dsa.h:181
i2d_DSA_SIG
int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp)
Definition: dsa_asn1.c:298
d2i_DSA_SIG
DSA_SIG * d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp, long len)
Definition: dsa_asn1.c:280
d2i_DSAPrivateKey
DSA * d2i_DSAPrivateKey(DSA **out, const uint8_t **inp, long len)
Definition: dsa_asn1.c:336
BN_num_bits
#define BN_num_bits
Definition: boringssl_prefix_symbols.h:974
DSA_R_INVALID_PARAMETERS
#define DSA_R_INVALID_PARAMETERS
Definition: dsa.h:441
DSA_SIG_new
#define DSA_SIG_new
Definition: boringssl_prefix_symbols.h:1261
bignum_st
Definition: bn.h:957
d2i_DSAparams
DSA * d2i_DSAparams(DSA **out, const uint8_t **inp, long len)
Definition: dsa_asn1.c:364
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
dsa_check_parameters
int dsa_check_parameters(const DSA *dsa)
Definition: dsa_asn1.c:73
dsa_st
Definition: dsa.h:398
CBB_finish_i2d
#define CBB_finish_i2d
Definition: boringssl_prefix_symbols.h:1044
dsa_st::g
BIGNUM * g
Definition: dsa.h:402
BN_parse_asn1_unsigned
#define BN_parse_asn1_unsigned
Definition: boringssl_prefix_symbols.h:978
DSA_parse_parameters
DSA * DSA_parse_parameters(CBS *cbs)
Definition: dsa_asn1.c:189
dsa_st::pub_key
BIGNUM * pub_key
Definition: dsa.h:404
mem.h
len
int len
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:46
BN_marshal_asn1
#define BN_marshal_asn1
Definition: boringssl_prefix_symbols.h:944
DSA_R_BAD_VERSION
#define DSA_R_BAD_VERSION
Definition: dsa.h:438
CBS_ASN1_SEQUENCE
#define CBS_ASN1_SEQUENCE
Definition: bytestring.h:214
DSA_parse_private_key
DSA * DSA_parse_private_key(CBS *cbs)
Definition: dsa_asn1.c:226
parse_integer
static int parse_integer(CBS *cbs, BIGNUM **out)
Definition: dsa_asn1.c:103
DSA_R_MISSING_PARAMETERS
#define DSA_R_MISSING_PARAMETERS
Definition: dsa.h:435
d2i_DSAPublicKey
DSA * d2i_DSAPublicKey(DSA **out, const uint8_t **inp, long len)
Definition: dsa_asn1.c:308
BN_new
#define BN_new
Definition: boringssl_prefix_symbols.h:971
CBB_add_asn1_uint64
#define CBB_add_asn1_uint64
Definition: boringssl_prefix_symbols.h:1024
cbb_st
Definition: bytestring.h:375

grpc
Author(s):
autogenerated on Thu Mar 13 2025 02:59:13