dsa_ameth.c revision 273149 
113999Svtewari/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
213999Svtewari * project 2006.
313999Svtewari */
413999Svtewari/* ====================================================================
513999Svtewari * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
613999Svtewari *
713999Svtewari * Redistribution and use in source and binary forms, with or without
813999Svtewari * modification, are permitted provided that the following conditions
913999Svtewari * are met:
1013999Svtewari *
1113999Svtewari * 1. Redistributions of source code must retain the above copyright
1213999Svtewari *    notice, this list of conditions and the following disclaimer.
1313999Svtewari *
1413999Svtewari * 2. Redistributions in binary form must reproduce the above copyright
1513999Svtewari *    notice, this list of conditions and the following disclaimer in
1613999Svtewari *    the documentation and/or other materials provided with the
1713999Svtewari *    distribution.
1813999Svtewari *
1913999Svtewari * 3. All advertising materials mentioning features or use of this
2013999Svtewari *    software must display the following acknowledgment:
2113999Svtewari *    "This product includes software developed by the OpenSSL Project
2213999Svtewari *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
2313999Svtewari *
2413999Svtewari * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
2513999Svtewari *    endorse or promote products derived from this software without
2613999Svtewari *    prior written permission. For written permission, please contact
2713999Svtewari *    licensing@OpenSSL.org.
2813999Svtewari *
2913999Svtewari * 5. Products derived from this software may not be called "OpenSSL"
3013999Svtewari *    nor may "OpenSSL" appear in their names without prior written
3113999Svtewari *    permission of the OpenSSL Project.
3213999Svtewari *
3313999Svtewari * 6. Redistributions of any form whatsoever must retain the following
3413999Svtewari *    acknowledgment:
3513999Svtewari *    "This product includes software developed by the OpenSSL Project
3613999Svtewari *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3713999Svtewari *
3813999Svtewari * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3913999Svtewari * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4013999Svtewari * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4113999Svtewari * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
4213999Svtewari * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4313999Svtewari * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4413999Svtewari * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4513999Svtewari * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4613999Svtewari * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4713999Svtewari * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4813999Svtewari * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4913999Svtewari * OF THE POSSIBILITY OF SUCH DAMAGE.
5013999Svtewari * ====================================================================
5113999Svtewari *
5213999Svtewari * This product includes cryptographic software written by Eric Young
5313999Svtewari * (eay@cryptsoft.com).  This product includes software written by Tim
5413999Svtewari * Hudson (tjh@cryptsoft.com).
5513999Svtewari *
5613999Svtewari */
5713999Svtewari
5813999Svtewari#include <stdio.h>
5913999Svtewari#include "cryptlib.h"
6013999Svtewari#include <openssl/x509.h>
6113999Svtewari#include <openssl/asn1.h>
6213999Svtewari#include <openssl/dsa.h>
6313999Svtewari#include <openssl/bn.h>
6413999Svtewari#ifndef OPENSSL_NO_CMS
6513999Svtewari#include <openssl/cms.h>
6613999Svtewari#endif
6713999Svtewari#include "asn1_locl.h"
6813999Svtewari
6913999Svtewaristatic int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
7013999Svtewari	{
7113999Svtewari	const unsigned char *p, *pm;
7213999Svtewari	int pklen, pmlen;
7313999Svtewari	int ptype;
7413999Svtewari	void *pval;
7513999Svtewari	ASN1_STRING *pstr;
7613999Svtewari	X509_ALGOR *palg;
7713999Svtewari	ASN1_INTEGER *public_key = NULL;
7813999Svtewari
7913999Svtewari	DSA *dsa = NULL;
8013999Svtewari
8113999Svtewari	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
8213999Svtewari		return 0;
8313999Svtewari	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
8413999Svtewari
8513999Svtewari
8613999Svtewari	if (ptype == V_ASN1_SEQUENCE)
8713999Svtewari		{
8813999Svtewari		pstr = pval;
8913999Svtewari		pm = pstr->data;
9013999Svtewari		pmlen = pstr->length;
9113999Svtewari
9213999Svtewari		if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
9313999Svtewari			{
9413999Svtewari			DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
9513999Svtewari			goto err;
9613999Svtewari			}
9713999Svtewari
9813999Svtewari		}
9913999Svtewari	else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
10013999Svtewari		{
10113999Svtewari		if (!(dsa = DSA_new()))
10213999Svtewari			{
10313999Svtewari			DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
10413999Svtewari			goto err;
10513999Svtewari			}
10613999Svtewari		}
10713999Svtewari	else
10813999Svtewari		{
10913999Svtewari		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
11013999Svtewari		goto err;
11113999Svtewari		}
11213999Svtewari
11313999Svtewari	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
11413999Svtewari		{
11513999Svtewari		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
11613999Svtewari		goto err;
11713999Svtewari		}
11813999Svtewari
11913999Svtewari	if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
12013999Svtewari		{
12113999Svtewari		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
12213999Svtewari		goto err;
12313999Svtewari		}
12413999Svtewari
12513999Svtewari	ASN1_INTEGER_free(public_key);
12613999Svtewari	EVP_PKEY_assign_DSA(pkey, dsa);
12713999Svtewari	return 1;
12813999Svtewari
12913999Svtewari	err:
13013999Svtewari	if (public_key)
13113999Svtewari		ASN1_INTEGER_free(public_key);
13213999Svtewari	if (dsa)
13313999Svtewari		DSA_free(dsa);
13413999Svtewari	return 0;
13513999Svtewari
13613999Svtewari	}
13713999Svtewari
13813999Svtewaristatic int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
13913999Svtewari	{
14013999Svtewari	DSA *dsa;
14113999Svtewari	void *pval = NULL;
14213999Svtewari	int ptype;
14313999Svtewari	unsigned char *penc = NULL;
14413999Svtewari	int penclen;
14513999Svtewari
14613999Svtewari	dsa=pkey->pkey.dsa;
14713999Svtewari	if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
14813999Svtewari		{
14913999Svtewari		ASN1_STRING *str;
15013999Svtewari		str = ASN1_STRING_new();
15113999Svtewari		str->length = i2d_DSAparams(dsa, &str->data);
15213999Svtewari		if (str->length <= 0)
15313999Svtewari			{
15413999Svtewari			DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
15513999Svtewari			goto err;
156			}
157		pval = str;
158		ptype = V_ASN1_SEQUENCE;
159		}
160	else
161		ptype = V_ASN1_UNDEF;
162
163	dsa->write_params=0;
164
165	penclen = i2d_DSAPublicKey(dsa, &penc);
166
167	if (penclen <= 0)
168		{
169		DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
170		goto err;
171		}
172
173	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
174				ptype, pval, penc, penclen))
175		return 1;
176
177	err:
178	if (penc)
179		OPENSSL_free(penc);
180	if (pval)
181		ASN1_STRING_free(pval);
182
183	return 0;
184	}
185
186/* In PKCS#8 DSA: you just get a private key integer and parameters in the
187 * AlgorithmIdentifier the pubkey must be recalculated.
188 */
189
190static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
191	{
192	const unsigned char *p, *pm;
193	int pklen, pmlen;
194	int ptype;
195	void *pval;
196	ASN1_STRING *pstr;
197	X509_ALGOR *palg;
198	ASN1_INTEGER *privkey = NULL;
199	BN_CTX *ctx = NULL;
200
201	STACK_OF(ASN1_TYPE) *ndsa = NULL;
202	DSA *dsa = NULL;
203
204	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
205		return 0;
206	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
207
208	/* Check for broken DSA PKCS#8, UGH! */
209	if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
210		{
211		ASN1_TYPE *t1, *t2;
212	    	if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
213			goto decerr;
214		if (sk_ASN1_TYPE_num(ndsa) != 2)
215			goto decerr;
216		/* Handle Two broken types:
217	    	 * SEQUENCE {parameters, priv_key}
218		 * SEQUENCE {pub_key, priv_key}
219		 */
220
221		t1 = sk_ASN1_TYPE_value(ndsa, 0);
222		t2 = sk_ASN1_TYPE_value(ndsa, 1);
223		if (t1->type == V_ASN1_SEQUENCE)
224			{
225			p8->broken = PKCS8_EMBEDDED_PARAM;
226			pval = t1->value.ptr;
227			}
228		else if (ptype == V_ASN1_SEQUENCE)
229			p8->broken = PKCS8_NS_DB;
230		else
231			goto decerr;
232
233		if (t2->type != V_ASN1_INTEGER)
234			goto decerr;
235
236		privkey = t2->value.integer;
237		}
238	else
239		{
240		const unsigned char *q = p;
241		if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
242			goto decerr;
243		if (privkey->type == V_ASN1_NEG_INTEGER)
244			{
245			p8->broken = PKCS8_NEG_PRIVKEY;
246			ASN1_INTEGER_free(privkey);
247			if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
248				goto decerr;
249			}
250		if (ptype != V_ASN1_SEQUENCE)
251			goto decerr;
252		}
253
254	pstr = pval;
255	pm = pstr->data;
256	pmlen = pstr->length;
257	if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
258		goto decerr;
259	/* We have parameters now set private key */
260	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
261		{
262		DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
263		goto dsaerr;
264		}
265	/* Calculate public key */
266	if (!(dsa->pub_key = BN_new()))
267		{
268		DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
269		goto dsaerr;
270		}
271	if (!(ctx = BN_CTX_new()))
272		{
273		DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
274		goto dsaerr;
275		}
276
277	if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
278		{
279		DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
280		goto dsaerr;
281		}
282
283	EVP_PKEY_assign_DSA(pkey, dsa);
284	BN_CTX_free (ctx);
285	if(ndsa)
286		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
287	else
288		ASN1_INTEGER_free(privkey);
289
290	return 1;
291
292	decerr:
293	DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
294	dsaerr:
295	BN_CTX_free (ctx);
296	if (privkey)
297		ASN1_INTEGER_free(privkey);
298	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
299	DSA_free(dsa);
300	return 0;
301	}
302
303static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
304{
305	ASN1_STRING *params = NULL;
306	ASN1_INTEGER *prkey = NULL;
307	unsigned char *dp = NULL;
308	int dplen;
309
310	if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key)
311		{
312		DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_MISSING_PARAMETERS);
313		goto err;
314		}
315
316	params = ASN1_STRING_new();
317
318	if (!params)
319		{
320		DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
321		goto err;
322		}
323
324	params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
325	if (params->length <= 0)
326		{
327		DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
328		goto err;
329		}
330	params->type = V_ASN1_SEQUENCE;
331
332	/* Get private key into integer */
333	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
334
335	if (!prkey)
336		{
337		DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
338		goto err;
339		}
340
341	dplen = i2d_ASN1_INTEGER(prkey, &dp);
342
343	ASN1_INTEGER_free(prkey);
344
345	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
346				V_ASN1_SEQUENCE, params, dp, dplen))
347		goto err;
348
349	return 1;
350
351err:
352	if (dp != NULL)
353		OPENSSL_free(dp);
354	if (params != NULL)
355		ASN1_STRING_free(params);
356	if (prkey != NULL)
357		ASN1_INTEGER_free(prkey);
358	return 0;
359}
360
361static int int_dsa_size(const EVP_PKEY *pkey)
362	{
363	return(DSA_size(pkey->pkey.dsa));
364	}
365
366static int dsa_bits(const EVP_PKEY *pkey)
367	{
368	return BN_num_bits(pkey->pkey.dsa->p);
369	}
370
371static int dsa_missing_parameters(const EVP_PKEY *pkey)
372	{
373	DSA *dsa;
374	dsa=pkey->pkey.dsa;
375	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
376			return 1;
377	return 0;
378	}
379
380static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
381	{
382	BIGNUM *a;
383
384	if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
385		return 0;
386	if (to->pkey.dsa->p != NULL)
387		BN_free(to->pkey.dsa->p);
388	to->pkey.dsa->p=a;
389
390	if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
391		return 0;
392	if (to->pkey.dsa->q != NULL)
393		BN_free(to->pkey.dsa->q);
394	to->pkey.dsa->q=a;
395
396	if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
397		return 0;
398	if (to->pkey.dsa->g != NULL)
399		BN_free(to->pkey.dsa->g);
400	to->pkey.dsa->g=a;
401	return 1;
402	}
403
404static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
405	{
406	if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
407		BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
408		BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
409		return 0;
410	else
411		return 1;
412	}
413
414static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
415	{
416	if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
417		return 0;
418	else
419		return 1;
420	}
421
422static void int_dsa_free(EVP_PKEY *pkey)
423	{
424	DSA_free(pkey->pkey.dsa);
425	}
426
427static void update_buflen(const BIGNUM *b, size_t *pbuflen)
428	{
429	size_t i;
430	if (!b)
431		return;
432	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
433			*pbuflen = i;
434	}
435
436static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
437	{
438	unsigned char *m=NULL;
439	int ret=0;
440	size_t buf_len=0;
441	const char *ktype = NULL;
442
443	const BIGNUM *priv_key, *pub_key;
444
445	if (ptype == 2)
446		priv_key = x->priv_key;
447	else
448		priv_key = NULL;
449
450	if (ptype > 0)
451		pub_key = x->pub_key;
452	else
453		pub_key = NULL;
454
455	if (ptype == 2)
456		ktype = "Private-Key";
457	else if (ptype == 1)
458		ktype = "Public-Key";
459	else
460		ktype = "DSA-Parameters";
461
462	update_buflen(x->p, &buf_len);
463	update_buflen(x->q, &buf_len);
464	update_buflen(x->g, &buf_len);
465	update_buflen(priv_key, &buf_len);
466	update_buflen(pub_key, &buf_len);
467
468	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
469	if (m == NULL)
470		{
471		DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
472		goto err;
473		}
474
475	if (priv_key)
476		{
477		if(!BIO_indent(bp,off,128))
478		   goto err;
479		if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
480			<= 0) goto err;
481		}
482
483	if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
484		goto err;
485	if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
486		goto err;
487	if (!ASN1_bn_print(bp,"P:   ",x->p,m,off)) goto err;
488	if (!ASN1_bn_print(bp,"Q:   ",x->q,m,off)) goto err;
489	if (!ASN1_bn_print(bp,"G:   ",x->g,m,off)) goto err;
490	ret=1;
491err:
492	if (m != NULL) OPENSSL_free(m);
493	return(ret);
494	}
495
496static int dsa_param_decode(EVP_PKEY *pkey,
497					const unsigned char **pder, int derlen)
498	{
499	DSA *dsa;
500	if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
501		{
502		DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
503		return 0;
504		}
505	EVP_PKEY_assign_DSA(pkey, dsa);
506	return 1;
507	}
508
509static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
510	{
511	return i2d_DSAparams(pkey->pkey.dsa, pder);
512	}
513
514static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
515							ASN1_PCTX *ctx)
516	{
517	return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
518	}
519
520static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
521							ASN1_PCTX *ctx)
522	{
523	return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
524	}
525
526
527static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
528							ASN1_PCTX *ctx)
529	{
530	return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
531	}
532
533static int old_dsa_priv_decode(EVP_PKEY *pkey,
534					const unsigned char **pder, int derlen)
535	{
536	DSA *dsa;
537	if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
538		{
539		DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
540		return 0;
541		}
542	EVP_PKEY_assign_DSA(pkey, dsa);
543	return 1;
544	}
545
546static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
547	{
548	return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
549	}
550
551static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
552					const ASN1_STRING *sig,
553					int indent, ASN1_PCTX *pctx)
554	{
555	DSA_SIG *dsa_sig;
556	const unsigned char *p;
557	if (!sig)
558		{
559		if (BIO_puts(bp, "\n") <= 0)
560			return 0;
561		else
562			return 1;
563		}
564	p = sig->data;
565	dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
566	if (dsa_sig)
567		{
568		int rv = 0;
569		size_t buf_len = 0;
570		unsigned char *m=NULL;
571		update_buflen(dsa_sig->r, &buf_len);
572		update_buflen(dsa_sig->s, &buf_len);
573		m = OPENSSL_malloc(buf_len+10);
574		if (m == NULL)
575			{
576			DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
577			goto err;
578			}
579
580		if (BIO_write(bp, "\n", 1) != 1)
581			goto err;
582
583		if (!ASN1_bn_print(bp,"r:   ",dsa_sig->r,m,indent))
584			goto err;
585		if (!ASN1_bn_print(bp,"s:   ",dsa_sig->s,m,indent))
586			goto err;
587		rv = 1;
588		err:
589		if (m)
590			OPENSSL_free(m);
591		DSA_SIG_free(dsa_sig);
592		return rv;
593		}
594	return X509_signature_dump(bp, sig, indent);
595	}
596
597static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
598	{
599	switch (op)
600		{
601		case ASN1_PKEY_CTRL_PKCS7_SIGN:
602		if (arg1 == 0)
603			{
604			int snid, hnid;
605			X509_ALGOR *alg1, *alg2;
606			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
607			if (alg1 == NULL || alg1->algorithm == NULL)
608				return -1;
609			hnid = OBJ_obj2nid(alg1->algorithm);
610			if (hnid == NID_undef)
611				return -1;
612			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
613				return -1;
614			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
615			}
616		return 1;
617#ifndef OPENSSL_NO_CMS
618		case ASN1_PKEY_CTRL_CMS_SIGN:
619		if (arg1 == 0)
620			{
621			int snid, hnid;
622			X509_ALGOR *alg1, *alg2;
623			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
624			if (alg1 == NULL || alg1->algorithm == NULL)
625				return -1;
626			hnid = OBJ_obj2nid(alg1->algorithm);
627			if (hnid == NID_undef)
628				return -1;
629			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
630				return -1;
631			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
632			}
633		return 1;
634#endif
635
636		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
637		*(int *)arg2 = NID_sha1;
638		return 2;
639
640		default:
641		return -2;
642
643		}
644
645	}
646
647/* NB these are sorted in pkey_id order, lowest first */
648
649const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
650	{
651
652		{
653		EVP_PKEY_DSA2,
654		EVP_PKEY_DSA,
655		ASN1_PKEY_ALIAS
656		},
657
658		{
659		EVP_PKEY_DSA1,
660		EVP_PKEY_DSA,
661		ASN1_PKEY_ALIAS
662		},
663
664		{
665		EVP_PKEY_DSA4,
666		EVP_PKEY_DSA,
667		ASN1_PKEY_ALIAS
668		},
669
670		{
671		EVP_PKEY_DSA3,
672		EVP_PKEY_DSA,
673		ASN1_PKEY_ALIAS
674		},
675
676		{
677		EVP_PKEY_DSA,
678		EVP_PKEY_DSA,
679		0,
680
681		"DSA",
682		"OpenSSL DSA method",
683
684		dsa_pub_decode,
685		dsa_pub_encode,
686		dsa_pub_cmp,
687		dsa_pub_print,
688
689		dsa_priv_decode,
690		dsa_priv_encode,
691		dsa_priv_print,
692
693		int_dsa_size,
694		dsa_bits,
695
696		dsa_param_decode,
697		dsa_param_encode,
698		dsa_missing_parameters,
699		dsa_copy_parameters,
700		dsa_cmp_parameters,
701		dsa_param_print,
702		dsa_sig_print,
703
704		int_dsa_free,
705		dsa_pkey_ctrl,
706		old_dsa_priv_decode,
707		old_dsa_priv_encode
708		}
709	};
710