[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Sat Apr 2 23:25:30 UTC 2016
The branch master has been updated
via aa05e7caea28d9a7142ae89a38f8fa962695c687 (commit)
via a517f7fcdc85000b682b91d4cb2ab602f6f7d050 (commit)
via a60e6a7af4191be89e67b925c4ee35a1f7cdd1d0 (commit)
via 3fe85096bd8258b2b92dbd67c79b1be70e993012 (commit)
via fbaedfdd4748bec057a39141faff6b396e25eac7 (commit)
via 6e9fa57c6ddde7df49983251373a05cd663aac22 (commit)
via 1258396d73cf937e4daaf2c35377011b9366f956 (commit)
from 25c78440d21c814705e0e50c6e567300936aa02b (commit)
- Log -----------------------------------------------------------------
commit aa05e7caea28d9a7142ae89a38f8fa962695c687
Author: Matt Caswell <matt at openssl.org>
Date: Sat Apr 2 23:08:14 2016 +0100
Rename get/set_app_data to get0/set0_app_data
Also fixed a style issue
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
commit a517f7fcdc85000b682b91d4cb2ab602f6f7d050
Author: Matt Caswell <matt at openssl.org>
Date: Sat Apr 2 19:41:41 2016 +0100
Various DSA opacity fixups
Numerous fixups based on feedback of the DSA opacity changes.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
commit a60e6a7af4191be89e67b925c4ee35a1f7cdd1d0
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 1 15:43:17 2016 +0100
make update
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
commit 3fe85096bd8258b2b92dbd67c79b1be70e993012
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 1 14:09:57 2016 +0100
Added DSA opacity to CHANGES
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
commit fbaedfdd4748bec057a39141faff6b396e25eac7
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 31 14:22:39 2016 +0100
Document functions added as a result of DSA opacity changes
A number of getters/setters have been added for examining DSA objects, as
well as a whole set of functions for creating and buildingup DSA_METHODs.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
commit 6e9fa57c6ddde7df49983251373a05cd663aac22
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 30 17:18:55 2016 +0100
Make DSA_METHOD opaque
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
commit 1258396d73cf937e4daaf2c35377011b9366f956
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 30 15:21:39 2016 +0100
Make the DSA structure opaque
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Stephen Henson <steve at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 5 ++
apps/dsa.c | 4 +-
apps/dsaparam.c | 15 ++--
apps/gendsa.c | 4 +-
apps/testdsa.h | 105 ++++++++++++++++------
apps/x509.c | 10 ++-
crypto/dsa/Makefile.in | 6 +-
crypto/dsa/build.info | 3 +-
crypto/dsa/dsa_ameth.c | 2 +-
crypto/dsa/dsa_asn1.c | 2 +-
crypto/dsa/dsa_key.c | 2 +-
crypto/dsa/dsa_lib.c | 73 +++++++++++++++-
crypto/dsa/dsa_locl.h | 49 +++++++++++
crypto/dsa/dsa_meth.c | 197 ++++++++++++++++++++++++++++++++++++++++++
crypto/dsa/dsa_ossl.c | 2 +-
crypto/dsa/dsa_sign.c | 2 +-
crypto/dsa/dsa_vrf.c | 2 +-
crypto/engine/eng_cryptodev.c | 105 ++++++++++++----------
crypto/pem/pvkfmt.c | 63 ++++++++++----
doc/crypto/DSA_get0_pqg.pod | 82 ++++++++++++++++++
doc/crypto/DSA_meth_new.pod | 184 +++++++++++++++++++++++++++++++++++++++
doc/crypto/DSA_set_method.pod | 47 +---------
engines/e_capi.c | 59 ++++++-------
include/openssl/dsa.h | 107 ++++++++++++-----------
test/dsatest.c | 12 +--
util/libcrypto.num | 36 ++++++++
26 files changed, 940 insertions(+), 238 deletions(-)
create mode 100644 crypto/dsa/dsa_meth.c
create mode 100644 doc/crypto/DSA_get0_pqg.pod
create mode 100644 doc/crypto/DSA_meth_new.pod
diff --git a/CHANGES b/CHANGES
index 8597b8a..5ac7ef5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]
+ *) Made DSA and DSA_METHOD opaque. The structures for managing DSA objects
+ have been moved out of the public header files. New functions for managing
+ these have been added.
+ [Matt Caswell]
+
*) Made BIO and BIO_METHOD opaque. The structures for managing BIOs have been
moved out of the public header files. New functions for managing these
have been added.
diff --git a/apps/dsa.c b/apps/dsa.c
index ed5bf01..1c841a3 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -243,8 +243,10 @@ int dsa_main(int argc, char **argv)
}
if (modulus) {
+ BIGNUM *pub_key = NULL;
+ DSA_get0_key(dsa, &pub_key, NULL);
BIO_printf(out, "Public Key=");
- BN_print(out, dsa->pub_key);
+ BN_print(out, pub_key);
BIO_printf(out, "\n");
}
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 7b9ca63..64e92ae 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -263,14 +263,19 @@ int dsaparam_main(int argc, char **argv)
}
if (C) {
- int len = BN_num_bytes(dsa->p);
- int bits_p = BN_num_bits(dsa->p);
+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ int len, bits_p;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ len = BN_num_bytes(p);
+ bits_p = BN_num_bits(p);
+
unsigned char *data = app_malloc(len + 20, "BN space");
BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
- print_bignum_var(bio_out, dsa->p, "dsap", len, data);
- print_bignum_var(bio_out, dsa->q, "dsaq", len, data);
- print_bignum_var(bio_out, dsa->g, "dsag", len, data);
+ print_bignum_var(bio_out, p, "dsap", len, data);
+ print_bignum_var(bio_out, q, "dsaq", len, data);
+ print_bignum_var(bio_out, g, "dsag", len, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 6769968..33166b7 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -101,6 +101,7 @@ int gendsa_main(int argc, char **argv)
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1, private = 0;
+ BIGNUM *p = NULL;
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -168,7 +169,8 @@ int gendsa_main(int argc, char **argv)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(dsa->p));
+ DSA_get0_pqg(dsa, &p, NULL, NULL);
+ BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
if (!DSA_generate_key(dsa))
goto end;
diff --git a/apps/testdsa.h b/apps/testdsa.h
index 4eb13d1..6519948 100644
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -92,18 +92,35 @@ static unsigned char dsa512_g[] = {
DSA *get_dsa512()
{
DSA *dsa;
+ BIGNUM *priv_key, *pub_key, *p, *q, *g;
if ((dsa = DSA_new()) == NULL)
return (NULL);
- dsa->priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL);
- dsa->pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL);
- dsa->p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL);
- dsa->q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL);
- dsa->g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
- || (dsa->q == NULL) || (dsa->g == NULL))
- return (NULL);
- return (dsa);
+ priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL);
+ pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL);
+ p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL);
+ q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL);
+ g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL);
+ if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+ || (g == NULL)) {
+ goto err;
+ }
+ if (!DSA_set0_pqg(dsa, p, q, g))
+ goto err;
+ p = q = g = NULL;
+
+ if (!DSA_set0_key(dsa, pub_key, priv_key))
+ goto err;
+
+ return dsa;
+ err:
+ DSA_free(dsa);
+ BN_free(priv_key);
+ BN_free(pub_key);
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ return NULL;
}
static unsigned char dsa1024_priv[] = {
@@ -161,18 +178,35 @@ static unsigned char dsa1024_g[] = {
DSA *get_dsa1024()
{
DSA *dsa;
+ BIGNUM *priv_key, *pub_key, *p, *q, *g;
if ((dsa = DSA_new()) == NULL)
return (NULL);
- dsa->priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL);
- dsa->pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL);
- dsa->p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL);
- dsa->q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL);
- dsa->g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
- || (dsa->q == NULL) || (dsa->g == NULL))
- return (NULL);
- return (dsa);
+ priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL);
+ pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL);
+ p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL);
+ q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL);
+ g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL);
+ if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+ || (g == NULL)) {
+ goto err;
+ }
+ if (!DSA_set0_pqg(dsa, p, q, g))
+ goto err;
+ p = q = g = NULL;
+
+ if (!DSA_set0_key(dsa, pub_key, priv_key))
+ goto err;
+
+ return dsa;
+ err:
+ DSA_free(dsa);
+ BN_free(priv_key);
+ BN_free(pub_key);
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ return NULL;
}
static unsigned char dsa2048_priv[] = {
@@ -263,18 +297,35 @@ static unsigned char dsa2048_g[] = {
DSA *get_dsa2048()
{
DSA *dsa;
+ BIGNUM *priv_key, *pub_key, *p, *q, *g;
if ((dsa = DSA_new()) == NULL)
return (NULL);
- dsa->priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL);
- dsa->pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL);
- dsa->p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL);
- dsa->q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL);
- dsa->g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
- || (dsa->q == NULL) || (dsa->g == NULL))
- return (NULL);
- return (dsa);
+ priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL);
+ pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL);
+ p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL);
+ q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL);
+ g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL);
+ if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+ || (g == NULL)) {
+ goto err;
+ }
+ if (!DSA_set0_pqg(dsa, p, q, g))
+ goto err;
+ p = q = g = NULL;
+
+ if (!DSA_set0_key(dsa, pub_key, priv_key))
+ goto err;
+
+ return dsa;
+ err:
+ DSA_free(dsa);
+ BN_free(priv_key);
+ BN_free(pub_key);
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ return NULL;
}
static const char rnd_seed[] =
diff --git a/apps/x509.c b/apps/x509.c
index 66dd2ff..00c0d97 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -734,11 +734,15 @@ int x509_main(int argc, char **argv)
else
#endif
#ifndef OPENSSL_NO_DSA
- if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA)
- BN_print(out, EVP_PKEY_get0_DSA(pkey)->pub_key);
- else
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
+ BIGNUM *dsapub = NULL;
+ DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
+ BN_print(out, dsapub);
+ } else
#endif
+ {
BIO_printf(out, "Wrong Algorithm type");
+ }
BIO_printf(out, "\n");
} else if (pubkey == i) {
EVP_PKEY *pkey;
diff --git a/crypto/dsa/Makefile.in b/crypto/dsa/Makefile.in
index 9f38d4e..145034e 100644
--- a/crypto/dsa/Makefile.in
+++ b/crypto/dsa/Makefile.in
@@ -16,9 +16,11 @@ GENERAL=Makefile
LIB=$(TOP)/libcrypto.a
LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
- dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
+ dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \
+ dsa_meth.c
LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
- dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o
+ dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o \
+ dsa_meth.o
SRC= $(LIBSRC)
diff --git a/crypto/dsa/build.info b/crypto/dsa/build.info
index 09cdd36..2e75985 100644
--- a/crypto/dsa/build.info
+++ b/crypto/dsa/build.info
@@ -1,4 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
- dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
+ dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \
+ dsa_meth.c
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index f0f28bd..54cdb3d 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -60,7 +60,7 @@
#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/asn1.h>
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
#include <openssl/bn.h>
#include <openssl/cms.h>
#include "internal/asn1_int.h"
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index c338b5f..1468fb1 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -58,7 +58,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/rand.h>
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 831c2b1..4415884 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -59,7 +59,7 @@
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
#include <openssl/rand.h>
static int dsa_builtin_keygen(DSA *dsa);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index fa8330f..4d5281a 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -60,7 +60,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
#include <openssl/asn1.h>
#include <openssl/engine.h>
#include <openssl/dh.h>
@@ -104,6 +104,11 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
return 1;
}
+const DSA_METHOD *DSA_get_method(DSA *d)
+{
+ return d->meth;
+}
+
DSA *DSA_new_method(ENGINE *engine)
{
DSA *ret;
@@ -280,3 +285,69 @@ DH *DSA_dup_DH(const DSA *r)
return NULL;
}
#endif
+
+void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g)
+{
+ if (p != NULL)
+ *p = d->p;
+ if (q != NULL)
+ *q = d->q;
+ if (g != NULL)
+ *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ if (p == NULL || q == NULL || g == NULL)
+ return 0;
+ BN_free(d->p);
+ BN_free(d->q);
+ BN_free(d->g);
+ d->p = p;
+ d->q = q;
+ d->g = g;
+
+ return 1;
+}
+
+void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key)
+{
+ if (pub_key != NULL)
+ *pub_key = d->pub_key;
+ if (priv_key != NULL)
+ *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+ /* Note that it is valid for priv_key to be NULL */
+ if (pub_key == NULL)
+ return 0;
+
+ BN_free(d->pub_key);
+ BN_free(d->priv_key);
+ d->pub_key = pub_key;
+ d->priv_key = priv_key;
+
+ return 1;
+}
+
+void DSA_clear_flags(DSA *d, int flags)
+{
+ d->flags &= ~flags;
+}
+
+int DSA_test_flags(const DSA *d, int flags)
+{
+ return d->flags & flags;
+}
+
+void DSA_set_flags(DSA *d, int flags)
+{
+ d->flags |= flags;
+}
+
+ENGINE *DSA_get0_engine(DSA *d)
+{
+ return d->engine;
+}
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
index 6182495..657fbff 100644
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -54,6 +54,55 @@
#include <openssl/dsa.h>
+struct dsa_st {
+ /*
+ * This first variable is used to pick up errors where a DSA is passed
+ * instead of of a EVP_PKEY
+ */
+ int pad;
+ long version;
+ BIGNUM *p;
+ BIGNUM *q; /* == 20 */
+ BIGNUM *g;
+ BIGNUM *pub_key; /* y public key */
+ BIGNUM *priv_key; /* x private key */
+ int flags;
+ /* Normally used to cache montgomery values */
+ BN_MONT_CTX *method_mont_p;
+ int references;
+ CRYPTO_EX_DATA ex_data;
+ const DSA_METHOD *meth;
+ /* functional reference if 'meth' is ENGINE-provided */
+ ENGINE *engine;
+ CRYPTO_RWLOCK *lock;
+};
+
+struct dsa_method {
+ char *name;
+ DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
+ int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+ int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+ int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+ /* Can be null */
+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int (*init) (DSA *dsa);
+ int (*finish) (DSA *dsa);
+ int flags;
+ void *app_data;
+ /* If this is non-NULL, it is used to generate DSA parameters */
+ int (*dsa_paramgen) (DSA *dsa, int bits,
+ const unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+ /* If this is non-NULL, it is used to generate DSA keys */
+ int (*dsa_keygen) (DSA *dsa);
+};
+
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in,
size_t seed_len, unsigned char *seed_out,
diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c
new file mode 100644
index 0000000..816e35e
--- /dev/null
+++ b/crypto/dsa/dsa_meth.c
@@ -0,0 +1,197 @@
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include "dsa_locl.h"
+#include <string.h>
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags)
+{
+ DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(DSA_METHOD));
+
+ if (dsam != NULL) {
+ dsam->name = OPENSSL_strdup(name);
+ dsam->flags = flags;
+ }
+
+ return dsam;
+}
+
+void DSA_meth_free(DSA_METHOD *dsam)
+{
+ if (dsam != NULL) {
+ if (dsam->name != NULL)
+ OPENSSL_free(dsam->name);
+ OPENSSL_free(dsam);
+ }
+}
+
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)
+{
+ DSA_METHOD *ret;
+
+ ret = OPENSSL_malloc(sizeof(DSA_METHOD));
+
+ if (ret != NULL) {
+ memcpy(ret, dsam, sizeof(*dsam));
+ ret->name = OPENSSL_strdup(dsam->name);
+ }
+
+ return ret;
+}
+
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam)
+{
+ return dsam->name;
+}
+
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
+{
+ OPENSSL_free(dsam->name);
+ dsam->name = OPENSSL_strdup(name);
+
+ return dsam->name != NULL;
+}
+
+int DSA_meth_get_flags(DSA_METHOD *dsam)
+{
+ return dsam->flags;
+}
+
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)
+{
+ dsam->flags = flags;
+ return 1;
+}
+
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam)
+{
+ return dsam->app_data;
+}
+
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data)
+{
+ dsam->app_data = app_data;
+ return 1;
+}
+
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+ (const unsigned char *, int, DSA *)
+{
+ return dsam->dsa_do_sign;
+}
+
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+ DSA_SIG *(*sign) (const unsigned char *, int, DSA *))
+{
+ dsam->dsa_do_sign = sign;
+ return 1;
+}
+
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+ (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)
+{
+ return dsam->dsa_sign_setup;
+}
+
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+ int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
+{
+ dsam->dsa_sign_setup = sign_setup;
+ return 1;
+}
+
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+ (const unsigned char *, int , DSA_SIG *, DSA *)
+{
+ return dsam->dsa_do_verify;
+}
+
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+ int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))
+{
+ dsam->dsa_do_verify = verify;
+ return 1;
+}
+
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+ (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
+ BN_CTX *, BN_MONT_CTX *)
+{
+ return dsam->dsa_mod_exp;
+}
+
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+ int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
+ BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+ dsam->dsa_mod_exp = mod_exp;
+ return 1;
+}
+
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+ (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *)
+{
+ return dsam->bn_mod_exp;
+}
+
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+ int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+ dsam->bn_mod_exp = bn_mod_exp;
+ return 1;
+}
+
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)
+{
+ return dsam->init;
+}
+
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))
+{
+ dsam->init = init;
+ return 1;
+}
+
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)
+{
+ return dsam->finish;
+}
+
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))
+{
+ dsam->finish = finish;
+ return 1;
+}
+
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+ (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+ BN_GENCB *)
+{
+ return dsam->dsa_paramgen;
+}
+
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+ int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+ unsigned long *, BN_GENCB *))
+{
+ dsam->dsa_paramgen = paramgen;
+ return 1;
+}
+
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)
+{
+ return dsam->dsa_keygen;
+}
+
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
+{
+ dsam->dsa_keygen = keygen;
+ return 1;
+}
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 31a6d53..9285553 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -61,7 +61,7 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/sha.h>
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
#include <openssl/rand.h>
#include <openssl/asn1.h>
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index ca712cf..b9dcd5b 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -58,7 +58,7 @@
/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
#include "internal/cryptlib.h"
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
#include <openssl/rand.h>
#include <openssl/bn.h>
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 6724b75..6ce9968 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -58,7 +58,7 @@
/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
#include "internal/cryptlib.h"
-#include <openssl/dsa.h>
+#include "dsa_locl.h"
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index e5df8e7..bb2ce9e 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -84,6 +84,10 @@ struct dev_crypto_state {
static u_int32_t cryptodev_asymfeat = 0;
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD *cryptodev_dsa = NULL;
+#endif
+
static int get_asym_dev_crypto(void);
static int open_dev_crypto(void);
static int get_dev_crypto(void);
@@ -1172,6 +1176,10 @@ static int cryptodev_engine_destroy(ENGINE *e)
EVP_MD_meth_free(md5_md);
md5_md = NULL;
# endif
+#ifndef OPENSSL_NO_DSA
+ DSA_meth_free(cryptodev_dsa);
+ cryptodev_dsa = NULL;
+#endif
return 1;
}
@@ -1399,8 +1407,11 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
BN_CTX *ctx, BN_MONT_CTX *mont)
{
- BIGNUM *t2;
+ BIGNUM *t2, *dsag, *dsap, *dsapub_key;
int ret = 0;
+ const DSA_METHOD *meth;
+ int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *, BN_MONT_CTX *);
t2 = BN_new();
if (t2 == NULL)
@@ -1410,14 +1421,24 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
/* let t1 = g ^ u1 mod p */
ret = 0;
- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
+ DSA_get0_pqg(dsa, &dsap, NULL, &dsag);
+ DSA_get0_key(dsa, &dsapub_key, NULL);
+
+ meth = DSA_get_method(dsa);
+ if (meth == NULL)
+ goto err;
+ bn_mod_exp = DSA_meth_get_bn_mod_exp(meth);
+ if (bn_mod_exp == NULL)
+ goto err;
+
+ if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont))
goto err;
/* let t2 = y ^ u2 mod p */
- if (!dsa->meth->bn_mod_exp(dsa, t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+ if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
goto err;
/* let u1 = t1 * t2 mod p */
- if (!BN_mod_mul(u1, t1, t2, dsa->p, ctx))
+ if (!BN_mod_mul(u1, t1, t2, dsap, ctx))
goto err;
BN_copy(t1, u1);
@@ -1432,7 +1453,8 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa)
{
struct crypt_kop kop;
- BIGNUM *r = NULL, *s = NULL;
+ BIGNUM *r = NULL, *s = NULL, *dsap = NULL, *dsaq = NULL, *dsag = NULL;
+ BIGNUM *priv_key = NULL;
DSA_SIG *dsasig, *dsaret = NULL;
dsasig = DSA_SIG_new();
@@ -1446,22 +1468,23 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
kop.crk_param[0].crp_p = (caddr_t) dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
+ DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag);
+ DSA_get0_key(dsa, NULL, &priv_key);
+ if (bn2crparam(dsap, &kop.crk_param[1]))
goto err;
- if (bn2crparam(dsa->q, &kop.crk_param[2]))
+ if (bn2crparam(dsaq, &kop.crk_param[2]))
goto err;
- if (bn2crparam(dsa->g, &kop.crk_param[3]))
+ if (bn2crparam(dsag, &kop.crk_param[3]))
goto err;
- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+ if (bn2crparam(priv_key, &kop.crk_param[4]))
goto err;
kop.crk_iparams = 5;
- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
- BN_num_bytes(dsa->q), s) == 0) {
+ if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r,
+ BN_num_bytes(dsaq), s) == 0) {
dsaret = dsasig;
} else {
- const DSA_METHOD *meth = DSA_OpenSSL();
- dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+ dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
}
err:
if (dsaret != dsasig)
@@ -1477,7 +1500,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
{
struct crypt_kop kop;
int dsaret = 1;
- BIGNUM *pr, *ps;
+ BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_VERIFY;
@@ -1485,13 +1508,15 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
kop.crk_param[0].crp_p = (caddr_t) dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ if (bn2crparam(p, &kop.crk_param[1]))
goto err;
- if (bn2crparam(dsa->q, &kop.crk_param[2]))
+ if (bn2crparam(q, &kop.crk_param[2]))
goto err;
- if (bn2crparam(dsa->g, &kop.crk_param[3]))
+ if (bn2crparam(g, &kop.crk_param[3]))
goto err;
- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+ DSA_get0_key(dsa, &pub_key, NULL);
+ if (bn2crparam(pub_key, &kop.crk_param[4]))
goto err;
DSA_SIG_get0(&pr, &ps, sig);
if (bn2crparam(pr, &kop.crk_param[5]))
@@ -1507,28 +1532,13 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
if (0 != kop.crk_status)
dsaret = 0;
} else {
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+ dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa);
}
err:
kop.crk_param[0].crp_p = NULL;
zapparams(&kop);
return (dsaret);
}
-
-static DSA_METHOD cryptodev_dsa = {
- "cryptodev DSA method",
- NULL,
- NULL, /* dsa_sign_setup */
- NULL,
- NULL, /* dsa_mod_exp */
- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
-};
#endif
#ifndef OPENSSL_NO_DH
@@ -1670,18 +1680,23 @@ void engine_load_cryptodev_internal(void)
}
#ifndef OPENSSL_NO_DSA
- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN)
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+ cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL());
+ if (cryptodev_dsa != NULL) {
+ DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method");
+ DSA_meth_set_flags(cryptodev_dsa, 0);
+ if (ENGINE_set_DSA(engine, cryptodev_dsa)) {
+ if (cryptodev_asymfeat & CRF_DSA_SIGN)
+ DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp);
+ DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
+ }
+ if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+ DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify);
}
- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+ } else {
+ ENGINE_free(engine);
+ return;
}
#endif
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 117d2b7..e378b57 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -289,34 +289,48 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
DSA *dsa = NULL;
BN_CTX *ctx = NULL;
unsigned int nbyte;
+ BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL;
+ BIGNUM *pub_key = NULL;
+
nbyte = (bitlen + 7) >> 3;
dsa = DSA_new();
ret = EVP_PKEY_new();
if (dsa == NULL || ret == NULL)
goto memerr;
- if (!read_lebn(&p, nbyte, &dsa->p))
+ if (!read_lebn(&p, nbyte, &pbn))
goto memerr;
- if (!read_lebn(&p, 20, &dsa->q))
+
+ if (!read_lebn(&p, 20, &qbn))
goto memerr;
- if (!read_lebn(&p, nbyte, &dsa->g))
+
+ if (!read_lebn(&p, nbyte, &gbn))
goto memerr;
+
if (ispub) {
- if (!read_lebn(&p, nbyte, &dsa->pub_key))
+ if (!read_lebn(&p, nbyte, &pub_key))
goto memerr;
} else {
- if (!read_lebn(&p, 20, &dsa->priv_key))
+ if (!read_lebn(&p, 20, &priv_key))
goto memerr;
+
/* Calculate public key */
- if ((dsa->pub_key = BN_new()) == NULL)
+ pub_key = BN_new();
+ if (pub_key == NULL)
goto memerr;
if ((ctx = BN_CTX_new()) == NULL)
goto memerr;
- if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
+ if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx))
goto memerr;
+
BN_CTX_free(ctx);
}
+ if (!DSA_set0_pqg(dsa, pbn, qbn, gbn))
+ goto memerr;
+ pbn = qbn = gbn = NULL;
+ if (!DSA_set0_key(dsa, pub_key, priv_key))
+ goto memerr;
EVP_PKEY_set1_DSA(ret, dsa);
DSA_free(dsa);
@@ -326,6 +340,11 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
memerr:
PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
DSA_free(dsa);
+ BN_free(pbn);
+ BN_free(qbn);
+ BN_free(gbn);
+ BN_free(pub_key);
+ BN_free(priv_key);
EVP_PKEY_free(ret);
BN_CTX_free(ctx);
return NULL;
@@ -484,16 +503,20 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
{
int bitlen;
- bitlen = BN_num_bits(dsa->p);
- if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
- || (BN_num_bits(dsa->g) > bitlen))
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
+ bitlen = BN_num_bits(p);
+ if ((bitlen & 7) || (BN_num_bits(q) != 160)
+ || (BN_num_bits(g) > bitlen))
goto badkey;
if (ispub) {
- if (BN_num_bits(dsa->pub_key) > bitlen)
+ if (BN_num_bits(pub_key) > bitlen)
goto badkey;
*pmagic = MS_DSS1MAGIC;
} else {
- if (BN_num_bits(dsa->priv_key) > 160)
+ if (BN_num_bits(priv_key) > 160)
goto badkey;
*pmagic = MS_DSS2MAGIC;
}
@@ -555,14 +578,18 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
{
int nbyte;
- nbyte = BN_num_bytes(dsa->p);
- write_lebn(out, dsa->p, nbyte);
- write_lebn(out, dsa->q, 20);
- write_lebn(out, dsa->g, nbyte);
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
+ nbyte = BN_num_bytes(p);
+ write_lebn(out, p, nbyte);
+ write_lebn(out, q, 20);
+ write_lebn(out, g, nbyte);
if (ispub)
- write_lebn(out, dsa->pub_key, nbyte);
+ write_lebn(out, pub_key, nbyte);
else
- write_lebn(out, dsa->priv_key, 20);
+ write_lebn(out, priv_key, 20);
/* Set "invalid" for seed structure values */
memset(*out, 0xff, 24);
*out += 24;
diff --git a/doc/crypto/DSA_get0_pqg.pod b/doc/crypto/DSA_get0_pqg.pod
new file mode 100644
index 0000000..1c835f0
--- /dev/null
+++ b/doc/crypto/DSA_get0_pqg.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_clear_flags,
+DSA_test_flags, DSA_set_flags, DSA_get0_engine - Routines for getting and
+setting data in a DSA object
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
+ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key);
+ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+ void DSA_clear_flags(DSA *d, int flags);
+ int DSA_test_flags(const DSA *d, int flags);
+ void DSA_set_flags(DSA *d, int flags);
+ ENGINE *DSA_get0_engine(DSA *d);
+
+=head1 DESCRIPTION
+
+A DSA object contains the parameters B<p>, B<q> and B<g>. It also contains a
+public key (B<pub_key>) and (optionally) a private key (B<priv_key>).
+
+The B<p>, B<q> and B<g> parameters can be obtained by calling DSA_get0_pqg().
+If the parameters have not yet been set then B<*p>, B<*q> and B<*g> will be set
+to NULL. Otherwise they are set to pointers to their respective values. These
+point directly to the internal representations of the values and therefore
+should not be freed directly.
+
+The B<p>, B<q> and B<g> values can be set by calling DSA_set0_pqg() and passing
+the new values for B<p>, B<q> and B<g> as parameters to the function. Calling
+this function transfers the memory management of the values to the DSA object,
+and therefore the values that have been passed in should not be freed directly
+after this function has been called.
+
+To get the public and private key values use the DSA_get0_key() function. A
+pointer to the public key will be stored in B<*pub_key>, and a pointer to the
+private key will be stored in B<*priv_key>. Either may be NULL if they have not
+been set yet, although if the private key has been set then the public key must
+be. The values point to the internal representation of the public key and
+private key values. This memory should not be freed directly.
+
+The public and private key values can be set using DSA_set0_key(). The public
+key must always be non-NULL. The private key may be NULL. As for DSA_set0_pqg()
+this function transfers the memory management of the key values to the DSA
+object, and therefore they should not be freed directly after this function has
+been called.
+
+DSA_set_flags() sets the flags in the B<flags> parameter on the DSA object.
+Multiple flags can be passed in one go (bitwise ORed together). Any flags that
+are already set are left set. DSA_test_flags() tests to see whether the flags
+passed in the B<flags> parameter are currently set in the DSA object. Multiple
+flags can be tested in one go. All flags that are currently set are returned, or
+zero if none of the flags are set. DSA_clear_flags() clears the specified flags
+within the DSA object.
+
+DSA_get0_engine() returns a handle to the ENGINE that has been set for this DSA
+object, or NULL if no such ENGINE has been set.
+
+=head1 RETURN VALUES
+
+DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.
+
+DSA_test_flags() returns the current state of the flags in the DSA object.
+
+DSA_get0_engine() returns the ENGINE set for the DSA object or NULL if no ENGINE
+has been set.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<DSA_new(3)>, L<DSA_generate_parameters(3)>, L<DSA_generate_key(3)>,
+L<DSA_dup_DH(3)>, L<DSA_do_sign(3)>, L<DSA_set_method(3)>, L<DSA_SIG_new(3)>,
+L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_meth_new(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL version 1.1.0.
+
+=cut
diff --git a/doc/crypto/DSA_meth_new.pod b/doc/crypto/DSA_meth_new.pod
new file mode 100644
index 0000000..84584f1
--- /dev/null
+++ b/doc/crypto/DSA_meth_new.pod
@@ -0,0 +1,184 @@
+=pod
+
+=head1 NAME
+
+DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name,
+DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags,
+DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign,
+DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup,
+DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp,
+DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp,
+DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish,
+DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen,
+DSA_meth_set_keygen - Routines to build up DSA methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_METHOD *DSA_meth_new(const char *name, int flags);
+ void DSA_meth_free(DSA_METHOD *dsam);
+ DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
+ const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+ int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+ int DSA_meth_get_flags(DSA_METHOD *dsam);
+ int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+ void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+ int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+ DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+ (const unsigned char *, int, DSA *);
+ int DSA_meth_set_sign(DSA_METHOD *dsam,
+ DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+ int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+ (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+ int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+ int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+ int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+ (const unsigned char *, int , DSA_SIG *, DSA *);
+ int DSA_meth_set_verify(DSA_METHOD *dsam,
+ int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+ int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+ (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+ BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+ int (*mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
+ BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont));
+ int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+ (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *mont);
+ int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont));
+ int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+ int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+ int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+ int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+ (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+ BN_GENCB *);
+ int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+ int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+ unsigned long *, BN_GENCB *));
+ int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
+=head1 DESCRIPTION
+
+The B<DSA_METHOD> type is a structure used for the provision of custom DSA
+implementations. It provides a set of of functions used by OpenSSL for the
+implementation of the various DSA capabilities. See the L<dsa> page for more
+information.
+
+DSA_meth_new() creates a new B<DSA_METHOD> structure. It should be given a
+unique B<name> and a set of B<flags>. The B<name> should be a NULL terminated
+string, which will be duplicated and stored in the B<DSA_METHOD> object. It is
+the callers responsibility to free the original string. The flags will be used
+during the construction of a new B<DSA> object based on this B<DSA_METHOD>. Any
+new B<DSA> object will have those flags set by default.
+
+DSA_meth_dup() creates a duplicate copy of the B<DSA_METHOD> object passed as a
+parameter. This might be useful for creating a new B<DSA_METHOD> based on an
+existing one, but with some differences.
+
+DSA_meth_free() destroys a B<DSA_METHOD> structure and frees up any memory
+associated with it.
+
+DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This
+is a pointer to the internal name string and so should not be freed by the
+caller. DSA_meth_set1_name() sets the name of the DSA_METHOD to B<name>. The
+string is duplicated and the copy is stored in the DSA_METHOD structure, so the
+caller remains responsible for freeing the memory associated with the name.
+
+DSA_meth_get_flags() returns the current value of the flags associated with this
+DSA_METHOD. DSA_meth_set_flags() provides the ability to set these flags.
+
+The functions DSA_meth_get0_app_data() and DSA_meth_set0_app_data() provide the
+ability to associate implementation specific data with the DSA_METHOD. It is
+the application's responsibility to free this data before the DSA_METHOD is
+freed via a call to DSA_meth_free().
+
+DSA_meth_get_sign() and DSA_meth_set_sign() get and set the function used for
+creating a DSA signature respectively. This function will be
+called in response to the application calling DSA_do_sign() (or DSA_sign()). The
+parameters for the function have the same meaning as for DSA_do_sign().
+
+DSA_meth_get_sign_setup() and DSA_meth_set_sign_setup() get and set the function
+used for precalculating the DSA signature values B<k^-1> and B<r>. This function
+will be called in response to the application calling DSA_sign_setup(). The
+parameters for the function have the same meaning as for DSA_sign_setup().
+
+DSA_meth_get_verify() and DSA_meth_set_verify() get and set the function used
+for verifying a DSA signature respectively. This function will be called in
+response to the application calling DSA_do_verify() (or DSA_verify()). The
+parameters for the function have the same meaning as for DSA_do_verify().
+
+DSA_meth_get_mod_exp() and DSA_meth_set_mod_exp() get and set the function used
+for computing the following value:
+
+ rr = a1^p1 * a2^p2 mod m
+
+This function will be called by the default OpenSSL method during verification
+of a DSA signature. The result is stored in the B<rr> parameter. This function
+may be NULL.
+
+DSA_meth_get_bn_mod_exp() and DSA_meth_set_bn_mod_exp() get and set the function
+used for computing the following value:
+
+ r = a ^ p mod m
+
+This function will be called by the default OpenSSL function for
+DSA_sign_setup(). The result is stored in the B<r> parameter. This function
+may be NULL.
+
+DSA_meth_get_init() and DSA_meth_set_init() get and set the function used
+for creating a new DSA instance respectively. This function will be
+called in response to the application calling DSA_new() (if the current default
+DSA_METHOD is this one) or DSA_new_method(). The DSA_new() and DSA_new_method()
+functions will allocate the memory for the new DSA object, and a pointer to this
+newly allocated structure will be passed as a parameter to the function. This
+function may be NULL.
+
+DSA_meth_get_finish() and DSA_meth_set_finish() get and set the function used
+for destroying an instance of a DSA object respectively. This function will be
+called in response to the application calling DSA_free(). A pointer to the DSA
+to be destroyed is passed as a parameter. The destroy function should be used
+for DSA implementation specific clean up. The memory for the DSA itself should
+not be freed by this function. This function may be NULL.
+
+DSA_meth_get_paramgen() and DSA_meth_set_paramgen() get and set the function
+used for generating DSA parameters respectively. This function will be called in
+response to the application calling DSA_generate_parameters_ex() (or
+DSA_generate_parameters()). The parameters for the function have the same
+meaning as for DSA_generate_parameters_ex().
+
+DSA_meth_get_keygen() and DSA_meth_set_keygen() get and set the function
+used for generating a new DSA key pair respectively. This function will be
+called in response to the application calling DSA_generate_key(). The parameter
+for the function has the same meaning as for DSA_generate_key().
+
+=head1 RETURN VALUES
+
+DSA_meth_new() and DSA_meth_dup() return the newly allocated DSA_METHOD object
+or NULL on failure.
+
+DSA_meth_get0_name() and DSA_meth_get_flags() return the name and flags
+associated with the DSA_METHOD respectively.
+
+All other DSA_meth_get_*() functions return the appropriate function pointer
+that has been set in the DSA_METHOD, or NULL if no such pointer has yet been
+set.
+
+DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or
+0 on failure.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<DSA_new(3)>, L<DSA_generate_parameters(3)>, L<DSA_generate_key(3)>,
+L<DSA_dup_DH(3)>, L<DSA_do_sign(3)>, L<DSA_set_method(3)>, L<DSA_SIG_new3)>,
+L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_get0_pqg(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL version 1.1.0.
+
+=cut
diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod
index 632aadb..1d56cca 100644
--- a/doc/crypto/DSA_set_method.pod
+++ b/doc/crypto/DSA_set_method.pod
@@ -47,55 +47,14 @@ be released during the change. It is possible to have DSA keys that only
work with certain DSA_METHOD implementations (eg. from an ENGINE module
that supports embedded hardware-protected keys), and in such cases
attempting to change the DSA_METHOD for the key can have unexpected
-results.
+results. See L<DSA_meth_new> for information on constructing custom DSA_METHOD
+objects;
DSA_new_method() allocates and initializes a DSA structure so that B<engine>
will be used for the DSA operations. If B<engine> is NULL, the default engine
for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
controlled by DSA_set_default_method() is used.
-=head1 THE DSA_METHOD STRUCTURE
-
-struct
- {
- /* name of the implementation */
- const char *name;
-
- /* sign */
- DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
- DSA *dsa);
-
- /* pre-compute k^-1 and r */
- int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp);
-
- /* verify */
- int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-
- /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
- implementations) */
- int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
- BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-
- /* compute r = a ^ p mod m (May be NULL for some implementations) */
- int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
- /* called at DSA_new */
- int (*init)(DSA *DSA);
-
- /* called at DSA_free */
- int (*finish)(DSA *DSA);
-
- int flags;
-
- char *app_data; /* ?? */
-
- } DSA_METHOD;
-
=head1 RETURN VALUES
DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
@@ -113,6 +72,6 @@ fails. Otherwise it returns a pointer to the newly allocated structure.
=head1 SEE ALSO
-L<dsa(3)>, L<DSA_new(3)>
+L<dsa(3)>, L<DSA_new(3)>, L<DSA_meth_new(3)>
=cut
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 58283e5..f44acc9 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -447,20 +447,7 @@ static RSA_METHOD capi_rsa_method = {
0 /* rsa_verify */
};
-static DSA_METHOD capi_dsa_method = {
- "CryptoAPI DSA method",
- capi_dsa_do_sign, /* dsa_do_sign */
- 0, /* dsa_sign_setup */
- 0, /* dsa_do_verify */
- 0, /* dsa_mod_exp */
- 0, /* bn_mod_exp */
- 0, /* init */
- capi_dsa_free, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- 0, /* dsa_paramgen */
- 0 /* dsa_keygen */
-};
+static DSA_METHOD *capi_dsa_method = NULL;
static int use_aes_csp = 0;
@@ -489,9 +476,16 @@ static int capi_init(ENGINE *e)
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
- capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
- capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
- capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+ if ( !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign)
+ || !DSA_meth_set_verify(capi_dsa_method,
+ DSA_meth_get_verify(ossl_dsa_meth))
+ || !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free)
+ || !DSA_meth_set_mod_exp(capi_dsa_method,
+ DSA_meth_get_mod_exp(ossl_dsa_meth))
+ || !DSA_meth_set_bn_mod_exp(capi_dsa_method,
+ DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
+ goto memerr;
+ }
}
ctx = capi_ctx_new();
@@ -535,6 +529,8 @@ static int capi_init(ENGINE *e)
static int capi_destroy(ENGINE *e)
{
+ DSA_meth_free(capi_dsa_method);
+ capi_dsa_method = NULL;
ERR_unload_CAPI_strings();
return 1;
}
@@ -564,6 +560,9 @@ struct CAPI_KEY_st {
static int bind_capi(ENGINE *e)
{
+ capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
+ if (capi_dsa_method == NULL)
+ return 0;
if (!ENGINE_set_id(e, engine_capi_id)
|| !ENGINE_set_name(e, engine_capi_name)
|| !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
@@ -571,7 +570,7 @@ static int bind_capi(ENGINE *e)
|| !ENGINE_set_finish_function(e, capi_finish)
|| !ENGINE_set_destroy_function(e, capi_destroy)
|| !ENGINE_set_RSA(e, &capi_rsa_method)
- || !ENGINE_set_DSA(e, &capi_dsa_method)
+ || !ENGINE_set_DSA(e, capi_dsa_method)
|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)
|| !ENGINE_set_load_ssl_client_cert_function(e,
capi_load_ssl_client_cert)
@@ -716,6 +715,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
DSSPUBKEY *dp;
DWORD dsa_plen;
unsigned char *btmp;
+ BIGNUM *p, *q, *g, *pub_key;
dp = (DSSPUBKEY *) (bh + 1);
if (dp->magic != 0x31535344) {
char magstr[10];
@@ -730,23 +730,24 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
dkey = DSA_new_method(eng);
if (!dkey)
goto memerr;
- dkey->p = BN_new();
- dkey->q = BN_new();
- dkey->g = BN_new();
- dkey->pub_key = BN_new();
- if (dkey->p == NULL || dkey->q == NULL || dkey->g == NULL
- || dkey->pub_key == NULL)
+ p = BN_new();
+ q = BN_new();
+ g = BN_new();
+ pub_key = BN_new();
+ if (p == NULL || q == NULL || g == NULL || pub_key == NULL)
goto memerr;
- if (!lend_tobn(dkey->p, btmp, dsa_plen))
+ DSA_set0_pqg(dkey, p, q, g);
+ DSA_set0_key(dkey, pub_key, NULL);
+ if (!lend_tobn(p, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
- if (!lend_tobn(dkey->q, btmp, 20))
+ if (!lend_tobn(q, btmp, 20))
goto memerr;
btmp += 20;
- if (!lend_tobn(dkey->g, btmp, dsa_plen))
+ if (!lend_tobn(g, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
- if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
+ if (!lend_tobn(pub_key, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
@@ -985,7 +986,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
CAPI_CTX *ctx;
unsigned char csigbuf[40];
- ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
+ ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 240a1af..1b04584 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -74,8 +74,8 @@ extern "C" {
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
# include <openssl/opensslconf.h>
+# include <openssl/bn.h>
# if OPENSSL_API_COMPAT < 0x10100000L
-# include <openssl/bn.h>
# include <openssl/dh.h>
# endif
@@ -117,55 +117,6 @@ extern "C" {
typedef struct DSA_SIG_st DSA_SIG;
-struct dsa_method {
- const char *name;
- DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
- int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp);
- int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
- int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
- BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *in_mont);
- /* Can be null */
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
- int flags;
- char *app_data;
- /* If this is non-NULL, it is used to generate DSA parameters */
- int (*dsa_paramgen) (DSA *dsa, int bits,
- const unsigned char *seed, int seed_len,
- int *counter_ret, unsigned long *h_ret,
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen) (DSA *dsa);
-};
-
-struct dsa_st {
- /*
- * This first variable is used to pick up errors where a DSA is passed
- * instead of of a EVP_PKEY
- */
- int pad;
- long version;
- BIGNUM *p;
- BIGNUM *q; /* == 20 */
- BIGNUM *g;
- BIGNUM *pub_key; /* y public key */
- BIGNUM *priv_key; /* x private key */
- int flags;
- /* Normally used to cache montgomery values */
- BN_MONT_CTX *method_mont_p;
- int references;
- CRYPTO_EX_DATA ex_data;
- const DSA_METHOD *meth;
- /* functional reference if 'meth' is ENGINE-provided */
- ENGINE *engine;
- CRYPTO_RWLOCK *lock;
-};
-
# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@@ -189,6 +140,7 @@ const DSA_METHOD *DSA_OpenSSL(void);
void DSA_set_default_method(const DSA_METHOD *);
const DSA_METHOD *DSA_get_default_method(void);
int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+const DSA_METHOD *DSA_get_method(DSA *d);
DSA *DSA_new(void);
DSA *DSA_new_method(ENGINE *engine);
@@ -264,6 +216,61 @@ DH *DSA_dup_DH(const DSA *r);
# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
+void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+void DSA_meth_free(DSA_METHOD *dsam);
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+int DSA_meth_get_flags(DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+ (const unsigned char *, int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+ DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+ (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+ int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+ (const unsigned char *, int , DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+ int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+ (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
+ BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+ int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
+ BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+ (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+ int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+ (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+ BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+ int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+ unsigned long *, BN_GENCB *));
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/test/dsatest.c b/test/dsatest.c
index 27996ac..1945f35 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -133,6 +133,7 @@ int main(int argc, char **argv)
unsigned long h;
unsigned char sig[256];
unsigned int siglen;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
@@ -172,34 +173,35 @@ int main(int argc, char **argv)
goto end;
}
- i = BN_bn2bin(dsa->q, buf);
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ i = BN_bn2bin(q, buf);
j = sizeof(out_q);
if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
BIO_printf(bio_err, "q value is wrong\n");
goto end;
}
- i = BN_bn2bin(dsa->p, buf);
+ i = BN_bn2bin(p, buf);
j = sizeof(out_p);
if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
BIO_printf(bio_err, "p value is wrong\n");
goto end;
}
- i = BN_bn2bin(dsa->g, buf);
+ i = BN_bn2bin(g, buf);
j = sizeof(out_g);
if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
BIO_printf(bio_err, "g value is wrong\n");
goto end;
}
- dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_set_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret = 1;
- dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_clear_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 7e704d3..53ba278 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4086,3 +4086,39 @@ BIO_meth_get_destroy 3951 1_1_0 EXIST::FUNCTION:
BIO_meth_get_read 3952 1_1_0 EXIST::FUNCTION:
BIO_set_retry_reason 3953 1_1_0 EXIST::FUNCTION:
BIO_meth_free 3954 1_1_0 EXIST::FUNCTION:
+DSA_meth_set_bn_mod_exp 3955 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_init 3956 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_free 3957 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_mod_exp 3958 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_sign 3959 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_finish 3960 1_1_0 EXIST::FUNCTION:DSA
+DSA_set_flags 3961 1_1_0 EXIST::FUNCTION:DSA
+DSA_get0_pqg 3962 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_app_data 3963 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_keygen 3964 1_1_0 EXIST::FUNCTION:DSA
+DSA_clear_flags 3965 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get0_name 3966 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_paramgen 3967 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_sign 3968 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_paramgen 3969 1_1_0 EXIST::FUNCTION:DSA
+DSA_test_flags 3970 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_app_data 3971 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set1_name 3972 1_1_0 EXIST::FUNCTION:DSA
+DSA_get0_key 3973 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_mod_exp 3974 1_1_0 EXIST::FUNCTION:DSA
+DSA_set0_pqg 3975 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_flags 3976 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_verify 3977 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_verify 3978 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_finish 3979 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_keygen 3980 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_dup 3981 1_1_0 EXIST::FUNCTION:DSA
+DSA_set0_key 3982 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_init 3983 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_sign_setup 3984 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_bn_mod_exp 3985 1_1_0 EXIST::FUNCTION:DSA
+DSA_get_method 3986 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_new 3987 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_set_flags 3988 1_1_0 EXIST::FUNCTION:DSA
+DSA_meth_get_sign_setup 3989 1_1_0 EXIST::FUNCTION:DSA
+DSA_get0_engine 3990 1_1_0 EXIST::FUNCTION:DSA
More information about the openssl-commits
mailing list