/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/asn1.h>
-#include "dsa_locl.h"
#include <openssl/bn.h>
#include <openssl/cms.h>
+#include <openssl/core_names.h>
+#include "internal/cryptlib.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
+#include "internal/param_build.h"
+#include "dsa_locl.h"
static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
- void *pval;
- ASN1_STRING *pstr;
+ const void *pval;
+ const ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
goto err;
}
+ dsa->dirty_cnt++;
ASN1_INTEGER_free(public_key);
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
int penclen;
ASN1_STRING *str = NULL;
ASN1_INTEGER *pubint = NULL;
+ ASN1_OBJECT *aobj;
dsa = pkey->pkey.dsa;
if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
goto err;
}
- if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
- ptype, str, penc, penclen))
+ aobj = OBJ_nid2obj(EVP_PKEY_DSA);
+ if (aobj == NULL)
+ goto err;
+
+ if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
return 1;
err:
* AlgorithmIdentifier the pubkey must be recalculated.
*/
-static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
- void *pval;
- ASN1_STRING *pstr;
- X509_ALGOR *palg;
+ const void *pval;
+ const ASN1_STRING *pstr;
+ const X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
goto dsaerr;
}
+ BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr;
}
+ dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
ret = 1;
static int int_dsa_size(const EVP_PKEY *pkey)
{
- return (DSA_size(pkey->pkey.dsa));
+ return DSA_size(pkey->pkey.dsa);
}
static int dsa_bits(const EVP_PKEY *pkey)
{
- return BN_num_bits(pkey->pkey.dsa->p);
+ return DSA_bits(pkey->pkey.dsa);
}
static int dsa_security_bits(const EVP_PKEY *pkey)
{
DSA *dsa;
dsa = pkey->pkey.dsa;
- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
return 1;
return 0;
}
return 0;
BN_free(to->pkey.dsa->g);
to->pkey.dsa->g = a;
+ to->pkey.dsa->dirty_cnt++;
return 1;
}
goto err;
ret = 1;
err:
- return (ret);
+ return ret;
}
static int dsa_param_decode(EVP_PKEY *pkey,
DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
return 0;
}
+ dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
}
DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
return 0;
}
+ dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
}
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig) {
int rv = 0;
- BIGNUM *r, *s;
+ const BIGNUM *r, *s;
- DSA_SIG_get0(&r, &s, dsa_sig);
+ DSA_SIG_get0(dsa_sig, &r, &s);
if (BIO_write(bp, "\n", 1) != 1)
goto err;
DSA_SIG_free(dsa_sig);
return rv;
}
+ if (BIO_puts(bp, "\n") <= 0)
+ return 0;
return X509_signature_dump(bp, sig, indent);
}
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
- return 2;
+ return 1;
default:
return -2;
}
+static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
+{
+ return pkey->pkey.dsa->dirty_cnt;
+}
+
+static void *dsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
+{
+ DSA *dsa = pk->pkey.dsa;
+ OSSL_PARAM_BLD tmpl;
+ const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa);
+ const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa);
+ const BIGNUM *priv_key = DSA_get0_priv_key(dsa);
+ OSSL_PARAM *params;
+ void *provkey = NULL;
+
+ if (p == NULL || q == NULL || g == NULL)
+ return NULL;
+
+ ossl_param_bld_init(&tmpl);
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p)
+ || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
+ || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g))
+ return NULL;
+
+ /*
+ * This may be used to pass domain parameters only without any key data -
+ * so "pub_key" is optional. We can never have a "priv_key" without a
+ * corresponding "pub_key" though.
+ */
+ if (pub_key != NULL) {
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY,
+ pub_key))
+ return NULL;
+
+ if (priv_key != NULL) {
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY,
+ priv_key))
+ return NULL;
+ }
+ }
+
+ params = ossl_param_bld_to_param(&tmpl);
+
+ /* We export, the provider imports */
+ provkey = evp_keymgmt_importkey(keymgmt, params);
+
+ ossl_param_bld_free(params);
+ return provkey;
+}
+
/* NB these are sorted in pkey_id order, lowest first */
-const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
{
EVP_PKEY_DSA2,
int_dsa_free,
dsa_pkey_ctrl,
old_dsa_priv_decode,
- old_dsa_priv_encode}
+ old_dsa_priv_encode,
+
+ NULL, NULL, NULL,
+ NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+
+ dsa_pkey_dirty_cnt,
+ dsa_pkey_export_to
+ }
};