mark all block comments that need format preserving so that
[openssl.git] / crypto / dsa / dsa_lib.c
index b31b946..b78fadd 100644 (file)
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
 
 
-const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 
-static DSA_METHOD *default_DSA_method;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
+static const DSA_METHOD *default_DSA_method = NULL;
 
 
-void DSA_set_default_openssl_method(DSA_METHOD *meth)
-{
-       ENGINE *e;
-       /* We'll need to notify the "openssl" ENGINE of this
-        * change too. We won't bother locking things down at
-        * our end as there was never any locking in these
-        * functions! */
-       if(default_DSA_method != meth)
-               {
-               default_DSA_method = meth;
-               e = ENGINE_by_id("openssl");
-               if(e)
-                       {
-                       ENGINE_set_DSA(e, meth);
-                       ENGINE_free(e);
-                       }
-               }
-}
+void DSA_set_default_method(const DSA_METHOD *meth)
+       {
+       default_DSA_method = meth;
+       }
 
 
-DSA_METHOD *DSA_get_default_openssl_method(void)
-{
-       if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
+const DSA_METHOD *DSA_get_default_method(void)
+       {
+       if(!default_DSA_method)
+               default_DSA_method = DSA_OpenSSL();
        return default_DSA_method;
        return default_DSA_method;
-}
+       }
 
 DSA *DSA_new(void)
 
 DSA *DSA_new(void)
-{
+       {
        return DSA_new_method(NULL);
        return DSA_new_method(NULL);
-}
+       }
 
 
-#if 0
-DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
-{
-        DSA_METHOD *mtmp;
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+       {
+       /* NB: The caller is specifically setting a method, so it's not up to us
+        * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+       if (dsa->engine)
+               {
+               ENGINE_finish(dsa->engine);
+               dsa->engine = NULL;
+               }
+#endif
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
-        return mtmp;
-}
-#else
-int DSA_set_method(DSA *dsa, ENGINE *engine)
-       {
-       ENGINE *mtmp;
-       DSA_METHOD *meth;
-       mtmp = dsa->engine;
-       meth = ENGINE_get_DSA(mtmp);
-       if (!ENGINE_init(engine))
-               return 0;
-       if (meth->finish) meth->finish(dsa);
-       dsa->engine = engine;
-       meth = ENGINE_get_DSA(engine);
-       if (meth->init) meth->init(dsa);
-       /* SHOULD ERROR CHECK THIS!!! */
-       ENGINE_finish(mtmp);
-       return 1;
+        return 1;
        }
        }
-#endif
 
 
-
-#if 0
-DSA *DSA_new_method(DSA_METHOD *meth)
-#else
 DSA *DSA_new_method(ENGINE *engine)
 DSA *DSA_new_method(ENGINE *engine)
-#endif
        {
        {
-       DSA_METHOD *meth;
        DSA *ret;
 
        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
        if (ret == NULL)
                {
        DSA *ret;
 
        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
        if (ret == NULL)
                {
-               DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+               DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
                return(NULL);
                }
-       if(engine)
+       ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+       if (engine)
+               {
+               if (!ENGINE_init(engine))
+                       {
+                       DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                       OPENSSL_free(ret);
+                       return NULL;
+                       }
                ret->engine = engine;
                ret->engine = engine;
+               }
        else
        else
+               ret->engine = ENGINE_get_default_DSA();
+       if(ret->engine)
                {
                {
-               if((ret->engine=ENGINE_get_default_DSA()) == NULL)
+               ret->meth = ENGINE_get_DSA(ret->engine);
+               if(!ret->meth)
                        {
                        {
+                       DSAerr(DSA_F_DSA_NEW_METHOD,
+                               ERR_R_ENGINE_LIB);
+                       ENGINE_finish(ret->engine);
                        OPENSSL_free(ret);
                        return NULL;
                        }
                }
                        OPENSSL_free(ret);
                        return NULL;
                        }
                }
-       meth = ENGINE_get_DSA(ret->engine);
+#endif
+
        ret->pad=0;
        ret->version=0;
        ret->write_params=1;
        ret->pad=0;
        ret->version=0;
        ret->write_params=1;
@@ -172,21 +163,24 @@ DSA *DSA_new_method(ENGINE *engine)
        ret->method_mont_p=NULL;
 
        ret->references=1;
        ret->method_mont_p=NULL;
 
        ret->references=1;
-       ret->flags=meth->flags;
-       if ((meth->init != NULL) && !meth->init(ret))
+       ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+       if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
                {
+#ifndef OPENSSL_NO_ENGINE
+               if (ret->engine)
+                       ENGINE_finish(ret->engine);
+#endif
+               CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
                }
                OPENSSL_free(ret);
                ret=NULL;
                }
-       else
-               CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
        
        return(ret);
        }
 
 void DSA_free(DSA *r)
        {
        
        return(ret);
        }
 
 void DSA_free(DSA *r)
        {
-       DSA_METHOD *meth;
        int i;
 
        if (r == NULL) return;
        int i;
 
        if (r == NULL) return;
@@ -204,11 +198,14 @@ void DSA_free(DSA *r)
                }
 #endif
 
                }
 #endif
 
-       CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
+       if(r->meth->finish)
+               r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+       if(r->engine)
+               ENGINE_finish(r->engine);
+#endif
 
 
-       meth = ENGINE_get_DSA(r->engine);
-       if(meth->finish) meth->finish(r);
-       ENGINE_finish(r->engine);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->q != NULL) BN_clear_free(r->q);
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->q != NULL) BN_clear_free(r->q);
@@ -220,11 +217,30 @@ void DSA_free(DSA *r)
        OPENSSL_free(r);
        }
 
        OPENSSL_free(r);
        }
 
-int DSA_size(DSA *r)
+int DSA_up_ref(DSA *r)
+       {
+       int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+       REF_PRINT("DSA",r);
+#endif
+#ifdef REF_CHECK
+       if (i < 2)
+               {
+               fprintf(stderr, "DSA_up_ref, bad reference count\n");
+               abort();
+               }
+#endif
+       return ((i > 1) ? 1 : 0);
+       }
+
+int DSA_size(const DSA *r)
        {
        int ret,i;
        ASN1_INTEGER bs;
        {
        int ret,i;
        ASN1_INTEGER bs;
-       unsigned char buf[4];
+       unsigned char buf[4];   /* 4 bytes looks really small.
+                                  However, i2d_ASN1_INTEGER() will not look
+                                  beyond the first byte, as long as the second
+                                  parameter is NULL. */
 
        i=BN_num_bits(r->q);
        bs.length=(i+7)/8;
 
        i=BN_num_bits(r->q);
        bs.length=(i+7)/8;
@@ -242,9 +258,8 @@ int DSA_size(DSA *r)
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-       dsa_meth_num++;
-       return(CRYPTO_get_ex_new_index(dsa_meth_num-1,
-               &dsa_meth,argl,argp,new_func,dup_func,free_func));
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+                               new_func, dup_func, free_func);
         }
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
         }
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
@@ -257,11 +272,17 @@ void *DSA_get_ex_data(DSA *d, int idx)
        return(CRYPTO_get_ex_data(&d->ex_data,idx));
        }
 
        return(CRYPTO_get_ex_data(&d->ex_data,idx));
        }
 
-#ifndef NO_DH
-DH *DSA_dup_DH(DSA *r)
+int DSA_security_bits(const DSA *d)
+       {
+       return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+       }
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
        {
        /* DSA has p, q, g, optional pub_key, optional priv_key.
        {
        /* DSA has p, q, g, optional pub_key, optional priv_key.
-        * DH has p, optional length, g, optional pub_key, optional priv_key.
+        * DH has p, optional length, g, optional pub_key, optional priv_key,
+        * optional q.
         */ 
 
        DH *ret = NULL;
         */ 
 
        DH *ret = NULL;
@@ -275,7 +296,11 @@ DH *DSA_dup_DH(DSA *r)
                if ((ret->p = BN_dup(r->p)) == NULL)
                        goto err;
        if (r->q != NULL)
                if ((ret->p = BN_dup(r->p)) == NULL)
                        goto err;
        if (r->q != NULL)
+               {
                ret->length = BN_num_bits(r->q);
                ret->length = BN_num_bits(r->q);
+               if ((ret->q = BN_dup(r->q)) == NULL)
+                       goto err;
+               }
        if (r->g != NULL)
                if ((ret->g = BN_dup(r->g)) == NULL)
                        goto err;
        if (r->g != NULL)
                if ((ret->g = BN_dup(r->g)) == NULL)
                        goto err;