* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/cms.h>
#include <openssl/core_names.h>
#include "internal/cryptlib.h"
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "internal/param_build.h"
-#include "dsa_locl.h"
+#include "crypto/asn1.h"
+#include "crypto/dsa.h"
+#include "crypto/evp.h"
+#include "openssl/param_build.h"
+#include "internal/ffc.h"
+#include "dsa_local.h"
static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
ASN1_OBJECT *aobj;
dsa = pkey->pkey.dsa;
- if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
+ if (pkey->save_parameters
+ && dsa->params.p != NULL
+ && dsa->params.q != NULL
+ && dsa->params.g != NULL) {
str = ASN1_STRING_new();
if (str == NULL) {
DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
}
BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
- if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+ if (!BN_mod_exp(dsa->pub_key, dsa->params.g, dsa->priv_key, dsa->params.p,
+ ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr;
}
unsigned char *dp = NULL;
int dplen;
- if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
+ if (pkey->pkey.dsa == NULL|| pkey->pkey.dsa->priv_key == NULL) {
DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
goto err;
}
/* Get private key into integer */
prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
- if (!prkey) {
+ if (prkey == NULL) {
DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
goto err;
}
{
DSA *dsa;
dsa = pkey->pkey.dsa;
- if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
- return 1;
- return 0;
+ return dsa == NULL
+ || dsa->params.p == NULL
+ || dsa->params.q == NULL
+ || dsa->params.g == NULL;
}
static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
- BIGNUM *a;
-
if (to->pkey.dsa == NULL) {
to->pkey.dsa = DSA_new();
if (to->pkey.dsa == NULL)
return 0;
}
-
- if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
- return 0;
- BN_free(to->pkey.dsa->p);
- to->pkey.dsa->p = a;
-
- if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+ if (!ffc_params_copy(&to->pkey.dsa->params, &from->pkey.dsa->params))
return 0;
- BN_free(to->pkey.dsa->q);
- to->pkey.dsa->q = a;
- if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
- return 0;
- BN_free(to->pkey.dsa->g);
- to->pkey.dsa->g = a;
to->pkey.dsa->dirty_cnt++;
return 1;
}
static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{
- if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
- BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
- BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
- return 0;
- else
- return 1;
+ return ffc_params_cmp(&a->pkey.dsa->params, &b->pkey.dsa->params, 1);
}
static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
- if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
- return 0;
- else
- return 1;
+ return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0;
}
static void int_dsa_free(EVP_PKEY *pkey)
int ret = 0;
const char *ktype = NULL;
const BIGNUM *priv_key, *pub_key;
+ int mod_len = 0;
+
+ if (x->params.p != NULL)
+ mod_len = DSA_bits(x);
if (ptype == 2)
priv_key = x->priv_key;
else
ktype = "DSA-Parameters";
- if (priv_key) {
+ if (priv_key != NULL) {
if (!BIO_indent(bp, off, 128))
goto err;
- if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
- <= 0)
+ if (BIO_printf(bp, "%s: (%d bit)\n", ktype, mod_len) <= 0)
+ goto err;
+ } else {
+ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
goto err;
}
goto err;
if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off))
- goto err;
- if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off))
- goto err;
- if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off))
+ if (!ffc_params_print(bp, &x->params, off))
goto err;
ret = 1;
err:
DSA_SIG *dsa_sig;
const unsigned char *p;
- if (!sig) {
+ if (sig == NULL) {
if (BIO_puts(bp, "\n") <= 0)
return 0;
else
}
p = sig->data;
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
- if (dsa_sig) {
+ if (dsa_sig != NULL) {
int rv = 0;
const BIGNUM *r, *s;
return pkey->pkey.dsa->dirty_cnt;
}
-static void *dsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
+static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
+ EVP_KEYMGMT *to_keymgmt)
{
- DSA *dsa = pk->pkey.dsa;
- OSSL_PARAM_BLD tmpl;
+ DSA *dsa = from->pkey.dsa;
+ OSSL_PARAM_BLD *tmpl;
const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa);
const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa);
const BIGNUM *priv_key = DSA_get0_priv_key(dsa);
OSSL_PARAM *params;
- void *provkey = NULL;
+ int selection = 0;
+ int rv = 0;
+
+ /*
+ * If the DSA method is foreign, then we can't be sure of anything, and
+ * can therefore not export or pretend to export.
+ */
+ if (DSA_get_method(dsa) != DSA_OpenSSL())
+ return 0;
if (p == NULL || q == NULL || g == NULL)
- return NULL;
+ return 0;
- ossl_param_bld_init(&tmpl);
- if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p)
- || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
- || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g))
- return NULL;
+ tmpl = OSSL_PARAM_BLD_new();
+ if (tmpl == NULL)
+ return 0;
- /*
- * This may be used to pass domain parameters only without any key data -
- * so "pub_key" is optional. We can never have a "priv_key" without a
- * corresponding "pub_key" though.
- */
+ if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
+ || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
+ || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
+ goto err;
+ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
if (pub_key != NULL) {
- if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY,
+ if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY,
pub_key))
- return NULL;
-
- if (priv_key != NULL) {
- if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY,
- priv_key))
- return NULL;
- }
+ goto err;
+ selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+ }
+ if (priv_key != NULL) {
+ if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
+ priv_key))
+ goto err;
+ selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
}
- params = ossl_param_bld_to_param(&tmpl);
+ if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
+ goto err;
/* We export, the provider imports */
- provkey = evp_keymgmt_importkey(keymgmt, params);
+ rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
+
+ OSSL_PARAM_BLD_free_params(params);
+err:
+ OSSL_PARAM_BLD_free(tmpl);
+ return rv;
+}
- ossl_param_bld_free(params);
- return provkey;
+static int dsa_pkey_import_from(const OSSL_PARAM params[], void *key)
+{
+ EVP_PKEY *pkey = key;
+ DSA *dsa = DSA_new();
+
+ if (dsa == NULL) {
+ ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (!ffc_fromdata(dsa_get0_params(dsa), params)
+ || !dsa_key_fromdata(dsa, params)
+ || !EVP_PKEY_assign_DSA(pkey, dsa)) {
+ DSA_free(dsa);
+ return 0;
+ }
+ return 1;
}
/* NB these are sorted in pkey_id order, lowest first */
NULL, NULL, NULL, NULL,
dsa_pkey_dirty_cnt,
- dsa_pkey_export_to
+ dsa_pkey_export_to,
+ dsa_pkey_import_from
}
};