1 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   2  * project 2006.
   3  */
   4 /* ====================================================================
   5  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  *
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, this list of conditions and the following disclaimer.
  13  *
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in
  16  *    the documentation and/or other materials provided with the
  17  *    distribution.
  18  *
  19  * 3. All advertising materials mentioning features or use of this
  20  *    software must display the following acknowledgment:
  21  *    "This product includes software developed by the OpenSSL Project
  22  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  23  *
  24  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  25  *    endorse or promote products derived from this software without
  26  *    prior written permission. For written permission, please contact
  27  *    licensing@OpenSSL.org.
  28  *
  29  * 5. Products derived from this software may not be called "OpenSSL"
  30  *    nor may "OpenSSL" appear in their names without prior written
  31  *    permission of the OpenSSL Project.
  32  *
  33  * 6. Redistributions of any form whatsoever must retain the following
  34  *    acknowledgment:
  35  *    "This product includes software developed by the OpenSSL Project
  36  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  37  *
  38  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  39  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  40  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  41  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  42  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  43  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  44  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  45  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  46  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  47  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  48  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  49  * OF THE POSSIBILITY OF SUCH DAMAGE.
  50  * ====================================================================
  51  *
  52  * This product includes cryptographic software written by Eric Young
  53  * (eay@cryptsoft.com).  This product includes software written by Tim
  54  * Hudson (tjh@cryptsoft.com).
  55  *
  56  */
  57 
  58 #include <stdio.h>
  59 #include "cryptlib.h"
  60 #include <openssl/x509.h>
  61 #include <openssl/asn1.h>
  62 #include <openssl/dsa.h>
  63 #include <openssl/bn.h>
  64 #ifndef OPENSSL_NO_CMS
  65 #include <openssl/cms.h>
  66 #endif
  67 #include "asn1_locl.h"
  68 
  69 static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
  70         {
  71         const unsigned char *p, *pm;
  72         int pklen, pmlen;
  73         int ptype;
  74         void *pval;
  75         ASN1_STRING *pstr;
  76         X509_ALGOR *palg;
  77         ASN1_INTEGER *public_key = NULL;
  78 
  79         DSA *dsa = NULL;
  80 
  81         if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
  82                 return 0;
  83         X509_ALGOR_get0(NULL, &ptype, &pval, palg);
  84 
  85 
  86         if (ptype == V_ASN1_SEQUENCE)
  87                 {
  88                 pstr = pval;
  89                 pm = pstr->data;
  90                 pmlen = pstr->length;
  91 
  92                 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
  93                         {
  94                         DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
  95                         goto err;
  96                         }
  97 
  98                 }
  99         else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
 100                 {
 101                 if (!(dsa = DSA_new()))
 102                         {
 103                         DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
 104                         goto err;
 105                         }
 106                 }
 107         else
 108                 {
 109                 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
 110                 goto err;
 111                 }
 112 
 113         if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
 114                 {
 115                 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
 116                 goto err;
 117                 }
 118 
 119         if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
 120                 {
 121                 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
 122                 goto err;
 123                 }
 124 
 125         ASN1_INTEGER_free(public_key);
 126         EVP_PKEY_assign_DSA(pkey, dsa);
 127         return 1;
 128 
 129         err:
 130         if (public_key)
 131                 ASN1_INTEGER_free(public_key);
 132         if (dsa)
 133                 DSA_free(dsa);
 134         return 0;
 135 
 136         }
 137 
 138 static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 139         {
 140         DSA *dsa;
 141         void *pval = NULL;
 142         int ptype;
 143         unsigned char *penc = NULL;
 144         int penclen;
 145 
 146         dsa=pkey->pkey.dsa;
 147         if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
 148                 {
 149                 ASN1_STRING *str;
 150                 str = ASN1_STRING_new();
 151                 str->length = i2d_DSAparams(dsa, &str->data);
 152                 if (str->length <= 0)
 153                         {
 154                         DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
 155                         goto err;
 156                         }
 157                 pval = str;
 158                 ptype = V_ASN1_SEQUENCE;
 159                 }
 160         else
 161                 ptype = V_ASN1_UNDEF;
 162 
 163         dsa->write_params=0;
 164 
 165         penclen = i2d_DSAPublicKey(dsa, &penc);
 166 
 167         if (penclen <= 0)
 168                 {
 169                 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
 170                 goto err;
 171                 }
 172 
 173         if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
 174                                 ptype, pval, penc, penclen))
 175                 return 1;
 176 
 177         err:
 178         if (penc)
 179                 OPENSSL_free(penc);
 180         if (pval)
 181                 ASN1_STRING_free(pval);
 182 
 183         return 0;
 184         }
 185 
 186 /* In PKCS#8 DSA: you just get a private key integer and parameters in the
 187  * AlgorithmIdentifier the pubkey must be recalculated.
 188  */
 189 
 190 static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
 191         {
 192         const unsigned char *p, *pm;
 193         int pklen, pmlen;
 194         int ptype;
 195         void *pval;
 196         ASN1_STRING *pstr;
 197         X509_ALGOR *palg;
 198         ASN1_INTEGER *privkey = NULL;
 199         BN_CTX *ctx = NULL;
 200 
 201         STACK_OF(ASN1_TYPE) *ndsa = NULL;
 202         DSA *dsa = NULL;
 203 
 204         if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
 205                 return 0;
 206         X509_ALGOR_get0(NULL, &ptype, &pval, palg);
 207 
 208         /* Check for broken DSA PKCS#8, UGH! */
 209         if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
 210                 {
 211                 ASN1_TYPE *t1, *t2;
 212                 if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
 213                         goto decerr;
 214                 if (sk_ASN1_TYPE_num(ndsa) != 2)
 215                         goto decerr;
 216                 /* Handle Two broken types:
 217                  * SEQUENCE {parameters, priv_key}
 218                  * SEQUENCE {pub_key, priv_key}
 219                  */
 220 
 221                 t1 = sk_ASN1_TYPE_value(ndsa, 0);
 222                 t2 = sk_ASN1_TYPE_value(ndsa, 1);
 223                 if (t1->type == V_ASN1_SEQUENCE)
 224                         {
 225                         p8->broken = PKCS8_EMBEDDED_PARAM;
 226                         pval = t1->value.ptr;
 227                         }
 228                 else if (ptype == V_ASN1_SEQUENCE)
 229                         p8->broken = PKCS8_NS_DB;
 230                 else
 231                         goto decerr;
 232 
 233                 if (t2->type != V_ASN1_INTEGER)
 234                         goto decerr;
 235 
 236                 privkey = t2->value.integer;
 237                 }
 238         else
 239                 {
 240                 const unsigned char *q = p;
 241                 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
 242                         goto decerr;
 243                 if (privkey->type == V_ASN1_NEG_INTEGER)
 244                         {
 245                         p8->broken = PKCS8_NEG_PRIVKEY;
 246                         ASN1_INTEGER_free(privkey);
 247                         if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
 248                                 goto decerr;
 249                         }
 250                 if (ptype != V_ASN1_SEQUENCE)
 251                         goto decerr;
 252                 }
 253 
 254         pstr = pval;
 255         pm = pstr->data;
 256         pmlen = pstr->length;
 257         if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
 258                 goto decerr;
 259         /* We have parameters now set private key */
 260         if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
 261                 {
 262                 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
 263                 goto dsaerr;
 264                 }
 265         /* Calculate public key */
 266         if (!(dsa->pub_key = BN_new()))
 267                 {
 268                 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
 269                 goto dsaerr;
 270                 }
 271         if (!(ctx = BN_CTX_new()))
 272                 {
 273                 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
 274                 goto dsaerr;
 275                 }
 276 
 277         if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
 278                 {
 279                 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
 280                 goto dsaerr;
 281                 }
 282 
 283         EVP_PKEY_assign_DSA(pkey, dsa);
 284         BN_CTX_free (ctx);
 285         if(ndsa)
 286                 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
 287         else
 288                 ASN1_INTEGER_free(privkey);
 289 
 290         return 1;
 291 
 292         decerr:
 293         DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
 294         dsaerr:
 295         BN_CTX_free (ctx);
 296         if (privkey)
 297                 ASN1_INTEGER_free(privkey);
 298         sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
 299         DSA_free(dsa);
 300         return 0;
 301         }
 302 
 303 static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 304 {
 305         ASN1_STRING *params = NULL;
 306         ASN1_INTEGER *prkey = NULL;
 307         unsigned char *dp = NULL;
 308         int dplen;
 309 
 310         params = ASN1_STRING_new();
 311 
 312         if (!params)
 313                 {
 314                 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
 315                 goto err;
 316                 }
 317 
 318         params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
 319         if (params->length <= 0)
 320                 {
 321                 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
 322                 goto err;
 323                 }
 324         params->type = V_ASN1_SEQUENCE;
 325 
 326         /* Get private key into integer */
 327         prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
 328 
 329         if (!prkey)
 330                 {
 331                 DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
 332                 goto err;
 333                 }
 334 
 335         dplen = i2d_ASN1_INTEGER(prkey, &dp);
 336 
 337         ASN1_INTEGER_free(prkey);
 338 
 339         if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
 340                                 V_ASN1_SEQUENCE, params, dp, dplen))
 341                 goto err;
 342 
 343         return 1;
 344 
 345 err:
 346         if (dp != NULL)
 347                 OPENSSL_free(dp);
 348         if (params != NULL)
 349                 ASN1_STRING_free(params);
 350         if (prkey != NULL)
 351                 ASN1_INTEGER_free(prkey);
 352         return 0;
 353 }
 354 
 355 static int int_dsa_size(const EVP_PKEY *pkey)
 356         {
 357         return(DSA_size(pkey->pkey.dsa));
 358         }
 359 
 360 static int dsa_bits(const EVP_PKEY *pkey)
 361         {
 362         return BN_num_bits(pkey->pkey.dsa->p);
 363         }
 364 
 365 static int dsa_missing_parameters(const EVP_PKEY *pkey)
 366         {
 367         DSA *dsa;
 368         dsa=pkey->pkey.dsa;
 369         if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
 370                         return 1;
 371         return 0;
 372         }
 373 
 374 static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 375         {
 376         BIGNUM *a;
 377 
 378         if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
 379                 return 0;
 380         if (to->pkey.dsa->p != NULL)
 381                 BN_free(to->pkey.dsa->p);
 382         to->pkey.dsa->p=a;
 383 
 384         if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
 385                 return 0;
 386         if (to->pkey.dsa->q != NULL)
 387                 BN_free(to->pkey.dsa->q);
 388         to->pkey.dsa->q=a;
 389 
 390         if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
 391                 return 0;
 392         if (to->pkey.dsa->g != NULL)
 393                 BN_free(to->pkey.dsa->g);
 394         to->pkey.dsa->g=a;
 395         return 1;
 396         }
 397 
 398 static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 399         {
 400         if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
 401                 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
 402                 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
 403                 return 0;
 404         else
 405                 return 1;
 406         }
 407 
 408 static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 409         {
 410         if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
 411                 return 0;
 412         else
 413                 return 1;
 414         }
 415 
 416 static void int_dsa_free(EVP_PKEY *pkey)
 417         {
 418         DSA_free(pkey->pkey.dsa);
 419         }
 420 
 421 static void update_buflen(const BIGNUM *b, size_t *pbuflen)
 422         {
 423         size_t i;
 424         if (!b)
 425                 return;
 426         if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
 427                         *pbuflen = i;
 428         }
 429 
 430 static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
 431         {
 432         unsigned char *m=NULL;
 433         int ret=0;
 434         size_t buf_len=0;
 435         const char *ktype = NULL;
 436 
 437         const BIGNUM *priv_key, *pub_key;
 438 
 439         if (ptype == 2)
 440                 priv_key = x->priv_key;
 441         else
 442                 priv_key = NULL;
 443 
 444         if (ptype > 0)
 445                 pub_key = x->pub_key;
 446         else
 447                 pub_key = NULL;
 448 
 449         if (ptype == 2)
 450                 ktype = "Private-Key";
 451         else if (ptype == 1)
 452                 ktype = "Public-Key";
 453         else
 454                 ktype = "DSA-Parameters";
 455 
 456         update_buflen(x->p, &buf_len);
 457         update_buflen(x->q, &buf_len);
 458         update_buflen(x->g, &buf_len);
 459         update_buflen(priv_key, &buf_len);
 460         update_buflen(pub_key, &buf_len);
 461 
 462         m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 463         if (m == NULL)
 464                 {
 465                 DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
 466                 goto err;
 467                 }
 468 
 469         if (priv_key)
 470                 {
 471                 if(!BIO_indent(bp,off,128))
 472                    goto err;
 473                 if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
 474                         <= 0) goto err;
 475                 }
 476 
 477         if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
 478                 goto err;
 479         if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
 480                 goto err;
 481         if (!ASN1_bn_print(bp,"P:   ",x->p,m,off)) goto err;
 482         if (!ASN1_bn_print(bp,"Q:   ",x->q,m,off)) goto err;
 483         if (!ASN1_bn_print(bp,"G:   ",x->g,m,off)) goto err;
 484         ret=1;
 485 err:
 486         if (m != NULL) OPENSSL_free(m);
 487         return(ret);
 488         }
 489 
 490 static int dsa_param_decode(EVP_PKEY *pkey,
 491                                         const unsigned char **pder, int derlen)
 492         {
 493         DSA *dsa;
 494         if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
 495                 {
 496                 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
 497                 return 0;
 498                 }
 499         EVP_PKEY_assign_DSA(pkey, dsa);
 500         return 1;
 501         }
 502 
 503 static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
 504         {
 505         return i2d_DSAparams(pkey->pkey.dsa, pder);
 506         }
 507 
 508 static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
 509                                                         ASN1_PCTX *ctx)
 510         {
 511         return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
 512         }
 513 
 514 static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
 515                                                         ASN1_PCTX *ctx)
 516         {
 517         return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
 518         }
 519 
 520 
 521 static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
 522                                                         ASN1_PCTX *ctx)
 523         {
 524         return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
 525         }
 526 
 527 static int old_dsa_priv_decode(EVP_PKEY *pkey,
 528                                         const unsigned char **pder, int derlen)
 529         {
 530         DSA *dsa;
 531         if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
 532                 {
 533                 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
 534                 return 0;
 535                 }
 536         EVP_PKEY_assign_DSA(pkey, dsa);
 537         return 1;
 538         }
 539 
 540 static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
 541         {
 542         return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
 543         }
 544 
 545 static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
 546                                         const ASN1_STRING *sig,
 547                                         int indent, ASN1_PCTX *pctx)
 548         {
 549         DSA_SIG *dsa_sig;
 550         const unsigned char *p;
 551         if (!sig)
 552                 {
 553                 if (BIO_puts(bp, "\n") <= 0)
 554                         return 0;
 555                 else
 556                         return 1;
 557                 }
 558         p = sig->data;
 559         dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
 560         if (dsa_sig)
 561                 {
 562                 int rv = 0;
 563                 size_t buf_len = 0;
 564                 unsigned char *m=NULL;
 565                 update_buflen(dsa_sig->r, &buf_len);
 566                 update_buflen(dsa_sig->s, &buf_len);
 567                 m = OPENSSL_malloc(buf_len+10);
 568                 if (m == NULL)
 569                         {
 570                         DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
 571                         goto err;
 572                         }
 573 
 574                 if (BIO_write(bp, "\n", 1) != 1)
 575                         goto err;
 576 
 577                 if (!ASN1_bn_print(bp,"r:   ",dsa_sig->r,m,indent))
 578                         goto err;
 579                 if (!ASN1_bn_print(bp,"s:   ",dsa_sig->s,m,indent))
 580                         goto err;
 581                 rv = 1;
 582                 err:
 583                 if (m)
 584                         OPENSSL_free(m);
 585                 DSA_SIG_free(dsa_sig);
 586                 return rv;
 587                 }
 588         return X509_signature_dump(bp, sig, indent);
 589         }
 590 
 591 static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 592         {
 593         switch (op)
 594                 {
 595                 case ASN1_PKEY_CTRL_PKCS7_SIGN:
 596                 if (arg1 == 0)
 597                         {
 598                         int snid, hnid;
 599                         X509_ALGOR *alg1, *alg2;
 600                         PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
 601                         if (alg1 == NULL || alg1->algorithm == NULL)
 602                                 return -1;
 603                         hnid = OBJ_obj2nid(alg1->algorithm);
 604                         if (hnid == NID_undef)
 605                                 return -1;
 606                         if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
 607                                 return -1;
 608                         X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
 609                         }
 610                 return 1;
 611 #ifndef OPENSSL_NO_CMS
 612                 case ASN1_PKEY_CTRL_CMS_SIGN:
 613                 if (arg1 == 0)
 614                         {
 615                         int snid, hnid;
 616                         X509_ALGOR *alg1, *alg2;
 617                         CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
 618                         if (alg1 == NULL || alg1->algorithm == NULL)
 619                                 return -1;
 620                         hnid = OBJ_obj2nid(alg1->algorithm);
 621                         if (hnid == NID_undef)
 622                                 return -1;
 623                         if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
 624                                 return -1;
 625                         X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
 626                         }
 627                 return 1;
 628 #endif
 629 
 630                 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
 631                 *(int *)arg2 = NID_sha1;
 632                 return 2;
 633 
 634                 default:
 635                 return -2;
 636 
 637                 }
 638 
 639         }
 640 
 641 /* NB these are sorted in pkey_id order, lowest first */
 642 
 643 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
 644         {
 645 
 646                 {
 647                 EVP_PKEY_DSA2,
 648                 EVP_PKEY_DSA,
 649                 ASN1_PKEY_ALIAS
 650                 },
 651 
 652                 {
 653                 EVP_PKEY_DSA1,
 654                 EVP_PKEY_DSA,
 655                 ASN1_PKEY_ALIAS
 656                 },
 657 
 658                 {
 659                 EVP_PKEY_DSA4,
 660                 EVP_PKEY_DSA,
 661                 ASN1_PKEY_ALIAS
 662                 },
 663 
 664                 {
 665                 EVP_PKEY_DSA3,
 666                 EVP_PKEY_DSA,
 667                 ASN1_PKEY_ALIAS
 668                 },
 669 
 670                 {
 671                 EVP_PKEY_DSA,
 672                 EVP_PKEY_DSA,
 673                 0,
 674 
 675                 "DSA",
 676                 "OpenSSL DSA method",
 677 
 678                 dsa_pub_decode,
 679                 dsa_pub_encode,
 680                 dsa_pub_cmp,
 681                 dsa_pub_print,
 682 
 683                 dsa_priv_decode,
 684                 dsa_priv_encode,
 685                 dsa_priv_print,
 686 
 687                 int_dsa_size,
 688                 dsa_bits,
 689 
 690                 dsa_param_decode,
 691                 dsa_param_encode,
 692                 dsa_missing_parameters,
 693                 dsa_copy_parameters,
 694                 dsa_cmp_parameters,
 695                 dsa_param_print,
 696                 dsa_sig_print,
 697 
 698                 int_dsa_free,
 699                 dsa_pkey_ctrl,
 700                 old_dsa_priv_decode,
 701                 old_dsa_priv_encode
 702                 }
 703         };