Remove DSA negative integer workaround code.

Remove DSA private key code which tolerates broken implementations which use negative integers. Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-02-18 13:18:48 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2016-02-19 18:54:50 +0000
commit: dfb10af92e9663ce4eefaa1d6b678817fa85344d (patch)
tree: 08240404ae4796b622225c4126b0669c7affad2a /crypto/dsa
parent: ab4a81f69ec88d06c9d8de15326b9296d7f498ed (diff)
1 files changed, 2 insertions, 10 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 459a733b98..5c45078e0c 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -183,7 +183,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 
 static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
 {
-    const unsigned char *p, *q, *pm;
+    const unsigned char *p, *pm;
     int pklen, pmlen;
     int ptype;
     void *pval;
@@ -200,17 +200,9 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
         return 0;
     X509_ALGOR_get0(NULL, &ptype, &pval, palg);
 
-    q = p;
-
     if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
         goto decerr;
-    if (privkey->type == V_ASN1_NEG_INTEGER) {
-        p8->broken = PKCS8_NEG_PRIVKEY;
-        ASN1_STRING_clear_free(privkey);
-        if ((privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)) == NULL)
-            goto decerr;
-    }
-    if (ptype != V_ASN1_SEQUENCE)
+    if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
         goto decerr;
 
     pstr = pval;
author	Dr. Stephen Henson <steve@openssl.org>	2016-02-18 13:18:48 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2016-02-19 18:54:50 +0000
commit	dfb10af92e9663ce4eefaa1d6b678817fa85344d (patch)
tree	08240404ae4796b622225c4126b0669c7affad2a /crypto/dsa
parent	ab4a81f69ec88d06c9d8de15326b9296d7f498ed (diff)