diff options
-rw-r--r-- | crypto/x509/x_pubkey.c | 24 | ||||
-rw-r--r-- | include/crypto/x509.h | 3 | ||||
-rw-r--r-- | providers/implementations/encode_decode/decode_der2key.c | 2 |
3 files changed, 28 insertions, 1 deletions
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 89184fc910..6726cac857 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -748,6 +748,30 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) return key; } +/* Called from decoders; disallows provided DSA keys without parameters. */ +DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) +{ + DSA *key = NULL; + const unsigned char *data; + const BIGNUM *p, *q, *g; + + data = *pp; + key = d2i_DSA_PUBKEY(NULL, &data, length); + if (key == NULL) + return NULL; + DSA_get0_pqg(key, &p, &q, &g); + if (p == NULL || q == NULL || g == NULL) { + DSA_free(key); + return NULL; + } + *pp = data; + if (a != NULL) { + DSA_free(*a); + *a = key; + } + return key; +} + int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp) { EVP_PKEY *pktmp; diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 876d58b382..596db8c163 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -339,6 +339,9 @@ void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub); RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length); int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp); +# ifndef OPENSSL_NO_DSA +DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif /* OPENSSL_NO_DSA */ # ifndef OPENSSL_NO_DH DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length); int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp); diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 6ea8cc0550..9fb447f579 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -375,7 +375,7 @@ static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); } -# define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY +# define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY # define dsa_free (free_key_fn *)DSA_free # define dsa_check NULL |