X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_lib.c;h=b78fadd46792b8be65cc95073f8f6ae76503a843;hp=2abdd08c9066f29aca7fa2ccd40cf00642c6d875;hb=1d97c8435171a7af575f73c526d79e1ef0ee5960;hpb=cf1b7d96647d55e533f779e476e3d4371f40445a

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 2abdd08c90..b78fadd467 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -63,100 +63,91 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
 
-const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
-static const DSA_METHOD *default_DSA_method;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
+static const DSA_METHOD *default_DSA_method = NULL;
 
-void DSA_set_default_openssl_method(const DSA_METHOD *meth)
-{
-	ENGINE *e;
-	/* We'll need to notify the "openssl" ENGINE of this
-	 * change too. We won't bother locking things down at
-	 * our end as there was never any locking in these
-	 * functions! */
-	if(default_DSA_method != meth)
-		{
-		default_DSA_method = meth;
-		e = ENGINE_by_id("openssl");
-		if(e)
-			{
-			ENGINE_set_DSA(e, meth);
-			ENGINE_free(e);
-			}
-		}
-}
+void DSA_set_default_method(const DSA_METHOD *meth)
+	{
+	default_DSA_method = meth;
+	}
 
-const DSA_METHOD *DSA_get_default_openssl_method(void)
-{
-	if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
+const DSA_METHOD *DSA_get_default_method(void)
+	{
+	if(!default_DSA_method)
+		default_DSA_method = DSA_OpenSSL();
 	return default_DSA_method;
-}
+	}
 
 DSA *DSA_new(void)
-{
+	{
 	return DSA_new_method(NULL);
-}
+	}
 
-#if 0
-DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
-{
-        DSA_METHOD *mtmp;
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+	if (dsa->engine)
+		{
+		ENGINE_finish(dsa->engine);
+		dsa->engine = NULL;
+		}
+#endif
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
-        return mtmp;
-}
-#else
-int DSA_set_method(DSA *dsa, ENGINE *engine)
-	{
-	ENGINE *mtmp;
-	const DSA_METHOD *meth;
-	mtmp = dsa->engine;
-	meth = ENGINE_get_DSA(mtmp);
-	if (!ENGINE_init(engine))
-		return 0;
-	if (meth->finish) meth->finish(dsa);
-	dsa->engine = engine;
-	meth = ENGINE_get_DSA(engine);
-	if (meth->init) meth->init(dsa);
-	/* SHOULD ERROR CHECK THIS!!! */
-	ENGINE_finish(mtmp);
-	return 1;
+        return 1;
 	}
-#endif
-
 
-#if 0
-DSA *DSA_new_method(DSA_METHOD *meth)
-#else
 DSA *DSA_new_method(ENGINE *engine)
-#endif
 	{
-	const DSA_METHOD *meth;
 	DSA *ret;
 
 	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
 	if (ret == NULL)
 		{
-		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+		DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(engine)
+	ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
 		ret->engine = engine;
+		}
 	else
+		ret->engine = ENGINE_get_default_DSA();
+	if(ret->engine)
 		{
-		if((ret->engine=ENGINE_get_default_DSA()) == NULL)
+		ret->meth = ENGINE_get_DSA(ret->engine);
+		if(!ret->meth)
 			{
+			DSAerr(DSA_F_DSA_NEW_METHOD,
+				ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
 			OPENSSL_free(ret);
 			return NULL;
 			}
 		}
-	meth = ENGINE_get_DSA(ret->engine);
+#endif
+
 	ret->pad=0;
 	ret->version=0;
 	ret->write_params=1;
@@ -172,11 +163,15 @@ DSA *DSA_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 
 	ret->references=1;
-	ret->flags=meth->flags;
-	CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
-	if ((meth->init != NULL) && !meth->init(ret))
+	ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
-		CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
+#ifndef OPENSSL_NO_ENGINE
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
+#endif
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
@@ -186,7 +181,6 @@ DSA *DSA_new_method(ENGINE *engine)
 
 void DSA_free(DSA *r)
 	{
-	const DSA_METHOD *meth;
 	int i;
 
 	if (r == NULL) return;
@@ -204,11 +198,14 @@ void DSA_free(DSA *r)
 		}
 #endif
 
-	meth = ENGINE_get_DSA(r->engine);
-	if(meth->finish) meth->finish(r);
-	ENGINE_finish(r->engine);
+	if(r->meth->finish)
+		r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+	if(r->engine)
+		ENGINE_finish(r->engine);
+#endif
 
-	CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->q != NULL) BN_clear_free(r->q);
@@ -220,11 +217,30 @@ void DSA_free(DSA *r)
 	OPENSSL_free(r);
 	}
 
+int DSA_up_ref(DSA *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+	REF_PRINT("DSA",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "DSA_up_ref, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
+	}
+
 int DSA_size(const DSA *r)
 	{
 	int ret,i;
 	ASN1_INTEGER bs;
-	unsigned char buf[4];
+	unsigned char buf[4];	/* 4 bytes looks really small.
+				   However, i2d_ASN1_INTEGER() will not look
+				   beyond the first byte, as long as the second
+				   parameter is NULL. */
 
 	i=BN_num_bits(r->q);
 	bs.length=(i+7)/8;
@@ -242,9 +258,8 @@ int DSA_size(const DSA *r)
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-	dsa_meth_num++;
-	return(CRYPTO_get_ex_new_index(dsa_meth_num-1,
-		&dsa_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+				new_func, dup_func, free_func);
         }
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
@@ -257,11 +272,17 @@ void *DSA_get_ex_data(DSA *d, int idx)
 	return(CRYPTO_get_ex_data(&d->ex_data,idx));
 	}
 
+int DSA_security_bits(const DSA *d)
+	{
+	return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+	}
+
 #ifndef OPENSSL_NO_DH
 DH *DSA_dup_DH(const DSA *r)
 	{
 	/* DSA has p, q, g, optional pub_key, optional priv_key.
-	 * DH has p, optional length, g, optional pub_key, optional priv_key.
+	 * DH has p, optional length, g, optional pub_key, optional priv_key,
+	 * optional q.
 	 */ 
 
 	DH *ret = NULL;
@@ -275,7 +296,11 @@ DH *DSA_dup_DH(const DSA *r)
 		if ((ret->p = BN_dup(r->p)) == NULL)
 			goto err;
 	if (r->q != NULL)
+		{
 		ret->length = BN_num_bits(r->q);
+		if ((ret->q = BN_dup(r->q)) == NULL)
+			goto err;
+		}
 	if (r->g != NULL)
 		if ((ret->g = BN_dup(r->g)) == NULL)
 			goto err;