static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p = NULL;
const void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
const X509_ALGOR *palg;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
eckey = eckey_type2param(ptype, pval);
if (!eckey)
goto ecliberr;
/* We have parameters now set private key */
if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
goto ecerr;
}
EVP_PKEY_assign_EC_KEY(pkey, eckey);
return 1;
ecliberr:
ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
ecerr:
EC_KEY_free(eckey);
return 0;
}
static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p;
int pklen;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
return 0;
return old_rsa_priv_decode(pkey, &p, pklen);
}
static int dh_priv_decode (EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
DH *dh = NULL;
if (!PKCS8_pkey_get0 (NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0 (NULL, &ptype, &pval, palg);
if (ptype != V_ASN1_SEQUENCE)
goto decerr;
if (!(privkey = d2i_ASN1_INTEGER (NULL, &p, pklen)))
goto decerr;
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if (!(dh = d2i_DHparams (NULL, &pm, pmlen)))
goto decerr;
/* We have parameters now set private key */
if (!(dh->priv_key = ASN1_INTEGER_to_BN (privkey, NULL)))
{
DHerr (DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
goto dherr;
}
/* Calculate public key */
if (!DH_generate_key (dh))
goto dherr;
EVP_PKEY_assign_DH (pkey, dh);
ASN1_INTEGER_free (privkey);
return 1;
decerr:
DHerr (DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
dherr:
DH_free (dh);
return 0;
}
/* ------------------ private key functions -----------------------------*/
static int priv_decode_gost( EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
{
const unsigned char *pkey_buf = NULL,*p=NULL;
int priv_len = 0;
BIGNUM *pk_num=NULL;
int ret =0;
X509_ALGOR *palg =NULL;
ASN1_OBJECT *palg_obj = NULL;
ASN1_INTEGER *priv_key=NULL;
if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf))
return 0;
p = pkey_buf;
if (!decode_gost_algor_params(pk,palg))
{
return 0;
}
if (V_ASN1_OCTET_STRING == *p)
{
/* New format - Little endian octet string */
unsigned char rev_buf[32];
int i;
ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len);
if (!s||s->length !=32)
{
GOSTerr(GOST_F_PRIV_DECODE_GOST,
EVP_R_DECODE_ERROR);
return 0;
}
for (i=0;i<32;i++)
{
rev_buf[31-i]=s->data[i];
}
ASN1_STRING_free(s);
pk_num = getbnfrombuf(rev_buf,32);
}
else
{
priv_key=d2i_ASN1_INTEGER(NULL,&p,priv_len);
if (!priv_key) return 0;
ret= ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL))!=NULL) ;
ASN1_INTEGER_free(priv_key);
if (!ret)
{
GOSTerr(GOST_F_PRIV_DECODE_GOST,
EVP_R_DECODE_ERROR);
return 0;
}
}
ret= gost_set_priv_key(pk,pk_num);
BN_free(pk_num);
return ret;
}
static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) {
const uint8_t *p;
int pklen;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
return 0;
}
RSA *rsa = RSA_private_key_from_bytes(p, pklen);
if (rsa == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_RSA_LIB);
return 0;
}
EVP_PKEY_assign_RSA(pkey, rsa);
return 1;
}
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
{
EVP_PKEY *pkey = NULL;
ASN1_OBJECT *algoid;
char obj_tmp[80];
if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
return NULL;
if (!(pkey = EVP_PKEY_new())) {
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
{
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
ERR_add_error_data(2, "TYPE=", obj_tmp);
goto error;
}
if (pkey->ameth->priv_decode)
{
if (!pkey->ameth->priv_decode(pkey, p8))
{
EVPerr(EVP_F_EVP_PKCS82PKEY,
EVP_R_PRIVATE_KEY_DECODE_ERROR);
goto error;
}
}
else
{
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
goto error;
}
return pkey;
error:
EVP_PKEY_free (pkey);
return NULL;
}
static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p;
RSA *rsa;
int pklen;
const X509_ALGOR *alg;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
return 0;
rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
if (rsa == NULL) {
RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
return 0;
}
if (!rsa_param_decode(rsa, alg)) {
RSA_free(rsa);
return 0;
}
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
return 1;
}
static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p;
int plen;
ASN1_OCTET_STRING *oct = NULL;
const X509_ALGOR *palg;
int rv;
if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8))
return 0;
oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);
if (oct == NULL) {
p = NULL;
plen = 0;
} else {
p = ASN1_STRING_get0_data(oct);
plen = ASN1_STRING_length(oct);
}
rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
ASN1_OCTET_STRING_free(oct);
return rv;
}
static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
STACK_OF(ASN1_TYPE) *ndsa = NULL;
DSA *dsa = NULL;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
/* Check for broken DSA PKCS#8, UGH! */
if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
{
ASN1_TYPE *t1, *t2;
if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
goto decerr;
if (sk_ASN1_TYPE_num(ndsa) != 2)
goto decerr;
/* Handle Two broken types:
* SEQUENCE {parameters, priv_key}
* SEQUENCE {pub_key, priv_key}
*/
t1 = sk_ASN1_TYPE_value(ndsa, 0);
t2 = sk_ASN1_TYPE_value(ndsa, 1);
if (t1->type == V_ASN1_SEQUENCE)
{
p8->broken = PKCS8_EMBEDDED_PARAM;
pval = t1->value.ptr;
}
else if (ptype == V_ASN1_SEQUENCE)
p8->broken = PKCS8_NS_DB;
else
goto decerr;
if (t2->type != V_ASN1_INTEGER)
goto decerr;
privkey = t2->value.integer;
}
else
{
const unsigned char *q = p;
if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
goto decerr;
if (privkey->type == V_ASN1_NEG_INTEGER)
{
p8->broken = PKCS8_NEG_PRIVKEY;
ASN1_INTEGER_free(privkey);
if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
goto decerr;
}
if (ptype != V_ASN1_SEQUENCE)
goto decerr;
}
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
goto decerr;
/* We have parameters now set private key */
if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
{
DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
goto dsaerr;
}
/* Calculate public key */
if (!(dsa->pub_key = BN_new()))
{
DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
if (!(ctx = BN_CTX_new()))
{
DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
{
DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
goto dsaerr;
}
EVP_PKEY_assign_DSA(pkey, dsa);
BN_CTX_free (ctx);
if(ndsa)
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
else
ASN1_INTEGER_free(privkey);
return 1;
decerr:
DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
dsaerr:
BN_CTX_free (ctx);
if (privkey)
ASN1_INTEGER_free(privkey);
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
DSA_free(dsa);
return 0;
}
static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p = NULL;
void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
X509_ALGOR *palg;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
eckey = eckey_type2param(ptype, pval);
if (!eckey)
goto ecliberr;
/* We have parameters now set private key */
if (!d2i_ECPrivateKey(&eckey, &p, pklen))
{
ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
goto ecerr;
}
/* calculate public key (if necessary) */
if (EC_KEY_get0_public_key(eckey) == NULL)
{
const BIGNUM *priv_key;
const EC_GROUP *group;
EC_POINT *pub_key;
/* the public key was not included in the SEC1 private
* key => calculate the public key */
group = EC_KEY_get0_group(eckey);
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
{
ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
goto ecliberr;
}
if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
{
EC_POINT_free(pub_key);
ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
goto ecliberr;
}
priv_key = EC_KEY_get0_private_key(eckey);
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL))
{
EC_POINT_free(pub_key);
ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
goto ecliberr;
}
if (EC_KEY_set_public_key(eckey, pub_key) == 0)
{
EC_POINT_free(pub_key);
ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
goto ecliberr;
}
EC_POINT_free(pub_key);
}
EVP_PKEY_assign_EC_KEY(pkey, eckey);
return 1;
ecliberr:
ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
ecerr:
if (eckey)
EC_KEY_free(eckey);
return 0;
}
static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) {
const uint8_t *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
/* In PKCS#8 DSA: you just get a private key integer and parameters in the
* AlgorithmIdentifier the pubkey must be recalculated. */
STACK_OF(ASN1_TYPE) *ndsa = NULL;
DSA *dsa = NULL;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) {
return 0;
}
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
/* Check for broken DSA PKCS#8, UGH! */
if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
ASN1_TYPE *t1, *t2;
ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen);
if (ndsa == NULL) {
goto decerr;
}
if (sk_ASN1_TYPE_num(ndsa) != 2) {
goto decerr;
}
/* Handle Two broken types:
* SEQUENCE {parameters, priv_key}
* SEQUENCE {pub_key, priv_key}. */
t1 = sk_ASN1_TYPE_value(ndsa, 0);
t2 = sk_ASN1_TYPE_value(ndsa, 1);
if (t1->type == V_ASN1_SEQUENCE) {
p8->broken = PKCS8_EMBEDDED_PARAM;
pval = t1->value.ptr;
} else if (ptype == V_ASN1_SEQUENCE) {
p8->broken = PKCS8_NS_DB;
} else {
goto decerr;
}
if (t2->type != V_ASN1_INTEGER) {
goto decerr;
}
privkey = t2->value.integer;
} else {
const uint8_t *q = p;
privkey = d2i_ASN1_INTEGER(NULL, &p, pklen);
if (privkey == NULL) {
goto decerr;
}
if (privkey->type == V_ASN1_NEG_INTEGER) {
p8->broken = PKCS8_NEG_PRIVKEY;
ASN1_INTEGER_free(privkey);
privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen);
if (privkey == NULL) {
goto decerr;
}
}
if (ptype != V_ASN1_SEQUENCE) {
goto decerr;
}
}
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
dsa = d2i_DSAparams(NULL, &pm, pmlen);
if (dsa == NULL) {
goto decerr;
}
/* We have parameters. Now set private key */
dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL);
if (dsa->priv_key == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN);
goto dsaerr;
}
/* Calculate public key. */
dsa->pub_key = BN_new();
if (dsa->pub_key == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN);
goto dsaerr;
}
EVP_PKEY_assign_DSA(pkey, dsa);
BN_CTX_free(ctx);
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
ASN1_INTEGER_free(privkey);
return 1;
decerr:
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
dsaerr:
BN_CTX_free(ctx);
ASN1_INTEGER_free(privkey);
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
DSA_free(dsa);
return 0;
}
static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
const void *pval;
const ASN1_STRING *pstr;
const X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
DSA *dsa = NULL;
int ret = 0;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
goto decerr;
if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
goto decerr;
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
goto decerr;
/* We have parameters now set private key */
if ((dsa->priv_key = BN_secure_new()) == NULL
|| !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr;
}
/* Calculate public key */
if ((dsa->pub_key = BN_new()) == NULL) {
DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
if ((ctx = BN_CTX_new()) == NULL) {
DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr;
}
EVP_PKEY_assign_DSA(pkey, dsa);
ret = 1;
goto done;
decerr:
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
dsaerr:
DSA_free(dsa);
done:
BN_CTX_free(ctx);
ASN1_STRING_clear_free(privkey);
return ret;
}
static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
{
const unsigned char *pkey_buf = NULL, *p = NULL;
int priv_len = 0;
BIGNUM *pk_num = NULL;
int ret = 0;
X509_ALGOR *palg = NULL;
ASN1_OBJECT *palg_obj = NULL;
ASN1_INTEGER *priv_key = NULL;
int expected_key_len = 32;
if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
return 0;
p = pkey_buf;
if (!decode_gost_algor_params(pk, palg)) {
return 0;
}
expected_key_len = pkey_bits_gost(pk) > 0 ? pkey_bits_gost(pk) / 8 : 0;
if (expected_key_len == 0) {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
if (priv_len % expected_key_len == 0) {
/* Key is not wrapped but masked */
pk_num = unmask_priv_key(pk, pkey_buf, expected_key_len,
priv_len / expected_key_len - 1);
} else if (V_ASN1_OCTET_STRING == *p) {
/* New format - Little endian octet string */
ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
if (!s || ((s->length != 32) && (s->length != 64))) {
ASN1_STRING_free(s);
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
pk_num = hashsum2bn(s->data, s->length);
ASN1_STRING_free(s);
} else if (V_ASN1_INTEGER == *p) {
priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
if (!priv_key) {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
pk_num = ASN1_INTEGER_to_BN(priv_key, NULL);
ASN1_INTEGER_free(priv_key);
} else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) {
MASKED_GOST_KEY *mgk = NULL;
mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
if (!mgk) {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
priv_len = mgk->masked_priv_key->length;
if (priv_len % expected_key_len) {
MASKED_GOST_KEY_free(mgk);
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
pk_num = unmask_priv_key(pk, mgk->masked_priv_key->data,
expected_key_len,
priv_len / expected_key_len - 1);
MASKED_GOST_KEY_free(mgk);
} else {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
if (pk_num == NULL) {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
ret = gost_set_priv_key(pk, pk_num);
BN_free(pk_num);
return ret;
}
static int
priv_decode_gost01(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
{
const unsigned char *pkey_buf = NULL, *p = NULL;
int priv_len = 0;
BIGNUM *pk_num = NULL;
int ret = 0;
X509_ALGOR *palg = NULL;
ASN1_OBJECT *palg_obj = NULL;
ASN1_INTEGER *priv_key = NULL;
GOST_KEY *ec;
int ptype = V_ASN1_UNDEF;
ASN1_STRING *pval = NULL;
if (PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf) == 0)
return 0;
(void)EVP_PKEY_assign_GOST(pk, NULL);
X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
if (ptype != V_ASN1_SEQUENCE) {
GOSTerr(GOST_F_PUB_DECODE_GOST01,
GOST_R_BAD_KEY_PARAMETERS_FORMAT);
return 0;
}
p = pval->data;
if (decode_gost01_algor_params(pk, &p, pval->length) == 0)
return 0;
p = pkey_buf;
if (V_ASN1_OCTET_STRING == *p) {
/* New format - Little endian octet string */
unsigned char rev_buf[32];
int i;
ASN1_OCTET_STRING *s =
d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
if (s == NULL || s->length != 32) {
GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
ASN1_STRING_free(s);
return 0;
}
for (i = 0; i < 32; i++) {
rev_buf[31 - i] = s->data[i];
}
ASN1_STRING_free(s);
pk_num = BN_bin2bn(rev_buf, 32, NULL);
} else {
priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
if (priv_key == NULL)
return 0;
ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
ASN1_INTEGER_free(priv_key);
if (ret == 0) {
GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
return 0;
}
}
ec = pk->pkey.gost;
if (ec == NULL) {
ec = GOST_KEY_new();
if (ec == NULL) {
BN_free(pk_num);
return 0;
}
if (EVP_PKEY_assign_GOST(pk, ec) == 0) {
BN_free(pk_num);
GOST_KEY_free(ec);
return 0;
}
}
if (GOST_KEY_set_private_key(ec, pk_num) == 0) {
BN_free(pk_num);
return 0;
}
ret = 0;
if (EVP_PKEY_missing_parameters(pk) == 0)
ret = gost2001_compute_public(ec) != 0;
BN_free(pk_num);
return ret;
}
static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) {
const uint8_t *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
/* In PKCS#8 DSA: you just get a private key integer and parameters in the
* AlgorithmIdentifier the pubkey must be recalculated. */
DSA *dsa = NULL;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) {
return 0;
}
privkey = d2i_ASN1_INTEGER(NULL, &p, pklen);
if (privkey == NULL || privkey->type == V_ASN1_NEG_INTEGER) {
goto decerr;
}
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (ptype != V_ASN1_SEQUENCE) {
goto decerr;
}
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
dsa = d2i_DSAparams(NULL, &pm, pmlen);
if (dsa == NULL) {
goto decerr;
}
/* We have parameters. Now set private key */
dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL);
if (dsa->priv_key == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN);
goto dsaerr;
}
/* Calculate public key. */
dsa->pub_key = BN_new();
if (dsa->pub_key == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN);
goto dsaerr;
}
EVP_PKEY_assign_DSA(pkey, dsa);
BN_CTX_free(ctx);
ASN1_INTEGER_free(privkey);
return 1;
decerr:
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
dsaerr:
BN_CTX_free(ctx);
ASN1_INTEGER_free(privkey);
DSA_free(dsa);
return 0;
}