Browse Source

Make DSA_METHOD opaque

Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
master
Matt Caswell 6 years ago
parent
commit
6e9fa57c6d
14 changed files with 476 additions and 153 deletions
  1. +3
    -1
      apps/dsa.c
  2. +10
    -5
      apps/dsaparam.c
  3. +3
    -1
      apps/gendsa.c
  4. +7
    -3
      apps/x509.c
  5. +4
    -2
      crypto/dsa/Makefile.in
  6. +2
    -1
      crypto/dsa/build.info
  7. +18
    -20
      crypto/dsa/dsa_lib.c
  8. +26
    -0
      crypto/dsa/dsa_locl.h
  9. +243
    -0
      crypto/dsa/dsa_meth.c
  10. +60
    -45
      crypto/engine/eng_cryptodev.c
  11. +19
    -11
      crypto/pem/pvkfmt.c
  12. +26
    -29
      engines/e_capi.c
  13. +50
    -32
      include/openssl/dsa.h
  14. +5
    -3
      test/dsatest.c

+ 3
- 1
apps/dsa.c View File

@ -243,8 +243,10 @@ int dsa_main(int argc, char **argv)
}
if (modulus) {
BIGNUM *pub_key = NULL;
DSA_get0_key(dsa, &pub_key, NULL);
BIO_printf(out, "Public Key=");
BN_print(out, DSA_get0_pub_key(dsa));
BN_print(out, pub_key);
BIO_printf(out, "\n");
}


+ 10
- 5
apps/dsaparam.c View File

@ -263,14 +263,19 @@ int dsaparam_main(int argc, char **argv)
}
if (C) {
int len = BN_num_bytes(DSA_get0_p(dsa));
int bits_p = BN_num_bits(DSA_get0_p(dsa));
BIGNUM *p = NULL, *q = NULL, *g = NULL;
int len, bits_p;
DSA_get0_pqg(dsa, &p, &q, &g);
len = BN_num_bytes(p);
bits_p = BN_num_bits(p);
unsigned char *data = app_malloc(len + 20, "BN space");
BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
print_bignum_var(bio_out, DSA_get0_p(dsa), "dsap", len, data);
print_bignum_var(bio_out, DSA_get0_q(dsa), "dsaq", len, data);
print_bignum_var(bio_out, DSA_get0_g(dsa), "dsag", len, data);
print_bignum_var(bio_out, p, "dsap", len, data);
print_bignum_var(bio_out, q, "dsaq", len, data);
print_bignum_var(bio_out, g, "dsag", len, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"


+ 3
- 1
apps/gendsa.c View File

@ -101,6 +101,7 @@ int gendsa_main(int argc, char **argv)
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1, private = 0;
BIGNUM *p = NULL;
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
@ -168,7 +169,8 @@ int gendsa_main(int argc, char **argv)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(DSA_get0_p(dsa)));
DSA_get0_pqg(dsa, &p, NULL, NULL);
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
if (!DSA_generate_key(dsa))
goto end;


+ 7
- 3
apps/x509.c View File

@ -734,11 +734,15 @@ int x509_main(int argc, char **argv)
else
#endif
#ifndef OPENSSL_NO_DSA
if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA)
BN_print(out, DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey)));
else
if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
BIGNUM *dsapub = NULL;
DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
BN_print(out, dsapub);
} else
#endif
{
BIO_printf(out, "Wrong Algorithm type");
}
BIO_printf(out, "\n");
} else if (pubkey == i) {
EVP_PKEY *pkey;


+ 4
- 2
crypto/dsa/Makefile.in View File

@ -16,9 +16,11 @@ GENERAL=Makefile
LIB=$(TOP)/libcrypto.a
LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \
dsa_meth.c
LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o
dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o \
dsa_meth.o
SRC= $(LIBSRC)


+ 2
- 1
crypto/dsa/build.info View File

@ -1,4 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \
dsa_meth.c

+ 18
- 20
crypto/dsa/dsa_lib.c View File

@ -104,6 +104,11 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
return 1;
}
const DSA_METHOD *DSA_get_method(DSA *d)
{
return d->meth;
}
DSA *DSA_new_method(ENGINE *engine)
{
DSA *ret;
@ -281,19 +286,14 @@ DH *DSA_dup_DH(const DSA *r)
}
#endif
BIGNUM *DSA_get0_p(const DSA *d)
{
return d->p;
}
BIGNUM *DSA_get0_q(const DSA *d)
void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g)
{
return d->q;
}
BIGNUM *DSA_get0_g(const DSA *d)
{
return d->g;
if (p != NULL)
*p = d->p;
if (q != NULL)
*q = d->q;
if (g != NULL)
*g = d->g;
}
int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
@ -310,17 +310,15 @@ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
return 1;
}
BIGNUM *DSA_get0_priv_key(const DSA *d)
{
return d->priv_key;
}
BIGNUM *DSA_get0_pub_key(const DSA *d)
void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key)
{
return d->pub_key;
if (pub_key != NULL)
*pub_key = d->pub_key;
if (priv_key != NULL)
*priv_key = d->priv_key;
}
void DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
{
/* Note that it is valid for priv_key to be NULL */
if (pub_key == NULL)


+ 26
- 0
crypto/dsa/dsa_locl.h View File

@ -77,6 +77,32 @@ struct dsa_st {
CRYPTO_RWLOCK *lock;
};
struct dsa_method {
char *name;
DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp);
int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont);
/* Can be null */
int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int (*init) (DSA *dsa);
int (*finish) (DSA *dsa);
int flags;
void *app_data;
/* If this is non-NULL, it is used to generate DSA parameters */
int (*dsa_paramgen) (DSA *dsa, int bits,
const unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
/* If this is non-NULL, it is used to generate DSA keys */
int (*dsa_keygen) (DSA *dsa);
};
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in,
size_t seed_len, unsigned char *seed_out,


+ 243
- 0
crypto/dsa/dsa_meth.c View File

@ -0,0 +1,243 @@
/* ====================================================================
* Copyright (c) 2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "dsa_locl.h"
#include <string.h>
DSA_METHOD *DSA_meth_new(const char *name, int flags)
{
DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(DSA_METHOD));
if (dsam != NULL) {
dsam->name = OPENSSL_strdup(name);
dsam->flags = flags;
}
return dsam;
}
void DSA_meth_free(DSA_METHOD *dsam)
{
if (dsam != NULL) {
if (dsam->name != NULL)
OPENSSL_free(dsam->name);
OPENSSL_free(dsam);
}
}
DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth)
{
DSA_METHOD *ret;
ret = OPENSSL_malloc(sizeof(DSA_METHOD));
if (ret != NULL) {
memcpy(ret, meth, sizeof(*meth));
ret->name = OPENSSL_strdup(meth->name);
}
return ret;
}
const char *DSA_meth_get_name(const DSA_METHOD *dsam)
{
return dsam->name;
}
int DSA_meth_set_name(DSA_METHOD *dsam, const char *name)
{
OPENSSL_free(dsam->name);
dsam->name = OPENSSL_strdup(name);
return dsam->name != NULL;
}
int DSA_meth_get_flags(DSA_METHOD *dsam)
{
return dsam->flags;
}
int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)
{
dsam->flags = flags;
return 1;
}
void *DSA_meth_get_app_data(const DSA_METHOD *dsam)
{
return dsam->app_data;
}
int DSA_meth_set_app_data(DSA_METHOD *dsam, void *app_data)
{
dsam->app_data = app_data;
return 1;
}
DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
(const unsigned char *, int, DSA *)
{
return dsam->dsa_do_sign;
}
int DSA_meth_set_sign(DSA_METHOD *dsam,
DSA_SIG *(*sign) (const unsigned char *, int, DSA *))
{
dsam->dsa_do_sign = sign;
return 1;
}
int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
(DSA *, BN_CTX *, BIGNUM **, BIGNUM **)
{
return dsam->dsa_sign_setup;
}
int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
{
dsam->dsa_sign_setup = sign_setup;
return 1;
}
int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
(const unsigned char *, int , DSA_SIG *, DSA *)
{
return dsam->dsa_do_verify;
}
int DSA_meth_set_verify(DSA_METHOD *dsam,
int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))
{
dsam->dsa_do_verify = verify;
return 1;
}
int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
BN_CTX *, BN_MONT_CTX *)
{
return dsam->dsa_mod_exp;
}
int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
BIGNUM *, BN_CTX *, BN_MONT_CTX *))
{
dsam->dsa_mod_exp = mod_exp;
return 1;
}
int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
BN_MONT_CTX *)
{
return dsam->bn_mod_exp;
}
int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
{
dsam->bn_mod_exp = bn_mod_exp;
return 1;
}
int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)
{
return dsam->init;
}
int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))
{
dsam->init = init;
return 1;
}
int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)
{
return dsam->finish;
}
int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))
{
dsam->finish = finish;
return 1;
}
int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
(DSA *, int, const unsigned char *, int, int *, unsigned long *,
BN_GENCB *)
{
return dsam->dsa_paramgen;
}
int DSA_meth_set_paramgen(DSA_METHOD *dsam,
int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
unsigned long *, BN_GENCB *))
{
dsam->dsa_paramgen = paramgen;
return 1;
}
int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)
{
return dsam->dsa_keygen;
}
int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
{
dsam->dsa_keygen = keygen;
return 1;
}

+ 60
- 45
crypto/engine/eng_cryptodev.c View File

@ -84,6 +84,10 @@ struct dev_crypto_state {
static u_int32_t cryptodev_asymfeat = 0;
#ifndef OPENSSL_NO_DSA
static DSA_METHOD *cryptodev_dsa = NULL;
#endif
static int get_asym_dev_crypto(void);
static int open_dev_crypto(void);
static int get_dev_crypto(void);
@ -1172,6 +1176,10 @@ static int cryptodev_engine_destroy(ENGINE *e)
EVP_MD_meth_free(md5_md);
md5_md = NULL;
# endif
#ifndef OPENSSL_NO_DSA
DSA_meth_free(cryptodev_dsa);
cryptodev_dsa = NULL;
#endif
return 1;
}
@ -1399,8 +1407,11 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
BN_CTX *ctx, BN_MONT_CTX *mont)
{
BIGNUM *t2;
BIGNUM *t2, *dsag, *dsap, *dsapub_key;
int ret = 0;
const DSA_METHOD *meth;
int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *,
BN_CTX *, BN_MONT_CTX *);
t2 = BN_new();
if (t2 == NULL)
@ -1410,14 +1421,24 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
/* let t1 = g ^ u1 mod p */
ret = 0;
if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
DSA_get0_pqg(dsa, &dsap, NULL, &dsag);
DSA_get0_key(dsa, &dsapub_key, NULL);
meth = DSA_get_method(dsa);
if (meth == NULL)
goto err;
bn_mod_exp = DSA_meth_get_bn_mod_exp(meth);
if (bn_mod_exp == NULL)
goto err;
if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont))
goto err;
/* let t2 = y ^ u2 mod p */
if (!dsa->meth->bn_mod_exp(dsa, t2, dsa->pub_key, u2, dsa->p, ctx, mont))
if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
goto err;
/* let u1 = t1 * t2 mod p */
if (!BN_mod_mul(u1, t1, t2, dsa->p, ctx))
if (!BN_mod_mul(u1, t1, t2, dsap, ctx))
goto err;
BN_copy(t1, u1);
@ -1432,7 +1453,8 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa)
{
struct crypt_kop kop;
BIGNUM *r = NULL, *s = NULL;
BIGNUM *r = NULL, *s = NULL, *dsap = NULL, *dsaq = NULL, *dsag = NULL;
BIGNUM *priv_key = NULL;
DSA_SIG *dsasig, *dsaret = NULL;
dsasig = DSA_SIG_new();
@ -1446,22 +1468,23 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
kop.crk_param[0].crp_p = (caddr_t) dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag);
DSA_get0_key(dsa, NULL, &priv_key);
if (bn2crparam(dsap, &kop.crk_param[1]))
goto err;
if (bn2crparam(dsa->q, &kop.crk_param[2]))
if (bn2crparam(dsaq, &kop.crk_param[2]))
goto err;
if (bn2crparam(dsa->g, &kop.crk_param[3]))
if (bn2crparam(dsag, &kop.crk_param[3]))
goto err;
if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
if (bn2crparam(priv_key, &kop.crk_param[4]))
goto err;
kop.crk_iparams = 5;
if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
BN_num_bytes(dsa->q), s) == 0) {
if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r,
BN_num_bytes(dsaq), s) == 0) {
dsaret = dsasig;
} else {
const DSA_METHOD *meth = DSA_OpenSSL();
dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
}
err:
if (dsaret != dsasig)
@ -1477,7 +1500,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
{
struct crypt_kop kop;
int dsaret = 1;
BIGNUM *pr, *ps;
BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_VERIFY;
@ -1485,13 +1508,15 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
kop.crk_param[0].crp_p = (caddr_t) dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
DSA_get0_pqg(dsa, &p, &q, &g);
if (bn2crparam(p, &kop.crk_param[1]))
goto err;
if (bn2crparam(dsa->q, &kop.crk_param[2]))
if (bn2crparam(q, &kop.crk_param[2]))
goto err;
if (bn2crparam(dsa->g, &kop.crk_param[3]))
if (bn2crparam(g, &kop.crk_param[3]))
goto err;
if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
DSA_get0_key(dsa, &pub_key, NULL);
if (bn2crparam(pub_key, &kop.crk_param[4]))
goto err;
DSA_SIG_get0(&pr, &ps, sig);
if (bn2crparam(pr, &kop.crk_param[5]))
@ -1507,28 +1532,13 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
if (0 != kop.crk_status)
dsaret = 0;
} else {
const DSA_METHOD *meth = DSA_OpenSSL();
dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa);
}
err:
kop.crk_param[0].crp_p = NULL;
zapparams(&kop);
return (dsaret);
}
static DSA_METHOD cryptodev_dsa = {
"cryptodev DSA method",
NULL,
NULL, /* dsa_sign_setup */
NULL,
NULL, /* dsa_mod_exp */
NULL,
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
#endif
#ifndef OPENSSL_NO_DH
@ -1670,18 +1680,23 @@ void engine_load_cryptodev_internal(void)
}
#ifndef OPENSSL_NO_DSA
if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
const DSA_METHOD *meth = DSA_OpenSSL();
memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
if (cryptodev_asymfeat & CRF_DSA_SIGN)
cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL());
if (cryptodev_dsa != NULL) {
DSA_meth_set_name(cryptodev_dsa, "cryptodev DSA method");
DSA_meth_set_flags(cryptodev_dsa, 0);
if (ENGINE_set_DSA(engine, cryptodev_dsa)) {
if (cryptodev_asymfeat & CRF_DSA_SIGN)
DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
if (cryptodev_asymfeat & CRF_MOD_EXP) {
DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp);
DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
}
if (cryptodev_asymfeat & CRF_DSA_VERIFY)
DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify);
}
if (cryptodev_asymfeat & CRF_DSA_VERIFY)
cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
} else {
ENGINE_free(engine);
return;
}
#endif


+ 19
- 11
crypto/pem/pvkfmt.c View File

@ -503,16 +503,20 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
{
int bitlen;
bitlen = BN_num_bits(DSA_get0_p(dsa));
if ((bitlen & 7) || (BN_num_bits(DSA_get0_q(dsa)) != 160)
|| (BN_num_bits(DSA_get0_g(dsa)) > bitlen))
BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
bitlen = BN_num_bits(p);
if ((bitlen & 7) || (BN_num_bits(q) != 160)
|| (BN_num_bits(g) > bitlen))
goto badkey;
if (ispub) {
if (BN_num_bits(DSA_get0_pub_key(dsa)) > bitlen)
if (BN_num_bits(pub_key) > bitlen)
goto badkey;
*pmagic = MS_DSS1MAGIC;
} else {
if (BN_num_bits(DSA_get0_priv_key(dsa)) > 160)
if (BN_num_bits(priv_key) > 160)
goto badkey;
*pmagic = MS_DSS2MAGIC;
}
@ -574,14 +578,18 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
{
int nbyte;
nbyte = BN_num_bytes(DSA_get0_p(dsa));
write_lebn(out, DSA_get0_p(dsa), nbyte);
write_lebn(out, DSA_get0_q(dsa), 20);
write_lebn(out, DSA_get0_g(dsa), nbyte);
BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
nbyte = BN_num_bytes(p);
write_lebn(out, p, nbyte);
write_lebn(out, q, 20);
write_lebn(out, g, nbyte);
if (ispub)
write_lebn(out, DSA_get0_pub_key(dsa), nbyte);
write_lebn(out, pub_key, nbyte);
else
write_lebn(out, DSA_get0_priv_key(dsa), 20);
write_lebn(out, priv_key, 20);
/* Set "invalid" for seed structure values */
memset(*out, 0xff, 24);
*out += 24;


+ 26
- 29
engines/e_capi.c View File

@ -447,20 +447,7 @@ static RSA_METHOD capi_rsa_method = {
0 /* rsa_verify */
};
static DSA_METHOD capi_dsa_method = {
"CryptoAPI DSA method",
capi_dsa_do_sign, /* dsa_do_sign */
0, /* dsa_sign_setup */
0, /* dsa_do_verify */
0, /* dsa_mod_exp */
0, /* bn_mod_exp */
0, /* init */
capi_dsa_free, /* finish */
0, /* flags */
NULL, /* app_data */
0, /* dsa_paramgen */
0 /* dsa_keygen */
};
static DSA_METHOD *capi_dsa_method = NULL;
static int use_aes_csp = 0;
@ -489,9 +476,12 @@ static int capi_init(ENGINE *e)
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign);
DSA_meth_set_verify(capi_dsa_method, DSA_meth_get_verify(ossl_dsa_meth));
DSA_meth_set_finish(capi_dsa_method, capi_dsa_free);
DSA_meth_set_mod_exp(capi_dsa_method, DSA_meth_get_mod_exp(ossl_dsa_meth));
DSA_meth_set_bn_mod_exp(capi_dsa_method,
DSA_meth_get_bn_mod_exp(ossl_dsa_meth));
}
ctx = capi_ctx_new();
@ -535,6 +525,8 @@ static int capi_init(ENGINE *e)
static int capi_destroy(ENGINE *e)
{
DSA_meth_free(capi_dsa_method);
capi_dsa_method = NULL;
ERR_unload_CAPI_strings();
return 1;
}
@ -564,6 +556,9 @@ struct CAPI_KEY_st {
static int bind_capi(ENGINE *e)
{
capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
if (capi_dsa_method == NULL)
return 0;
if (!ENGINE_set_id(e, engine_capi_id)
|| !ENGINE_set_name(e, engine_capi_name)
|| !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
@ -571,7 +566,7 @@ static int bind_capi(ENGINE *e)
|| !ENGINE_set_finish_function(e, capi_finish)
|| !ENGINE_set_destroy_function(e, capi_destroy)
|| !ENGINE_set_RSA(e, &capi_rsa_method)
|| !ENGINE_set_DSA(e, &capi_dsa_method)
|| !ENGINE_set_DSA(e, capi_dsa_method)
|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)
|| !ENGINE_set_load_ssl_client_cert_function(e,
capi_load_ssl_client_cert)
@ -716,6 +711,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
DSSPUBKEY *dp;
DWORD dsa_plen;
unsigned char *btmp;
BIGNUM *p, *q, *g, *pub_key;
dp = (DSSPUBKEY *) (bh + 1);
if (dp->magic != 0x31535344) {
char magstr[10];
@ -730,23 +726,24 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
dkey = DSA_new_method(eng);
if (!dkey)
goto memerr;
dkey->p = BN_new();
dkey->q = BN_new();
dkey->g = BN_new();
dkey->pub_key = BN_new();
if (dkey->p == NULL || dkey->q == NULL || dkey->g == NULL
|| dkey->pub_key == NULL)
p = BN_new();
q = BN_new();
g = BN_new();
pub_key = BN_new();
if (p == NULL || q == NULL || g == NULL || pub_key == NULL)
goto memerr;
if (!lend_tobn(dkey->p, btmp, dsa_plen))
DSA_set0_pqg(dkey, p, q, g);
DSA_set0_key(dkey, pub_key, NULL);
if (!lend_tobn(p, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
if (!lend_tobn(dkey->q, btmp, 20))
if (!lend_tobn(q, btmp, 20))
goto memerr;
btmp += 20;
if (!lend_tobn(dkey->g, btmp, dsa_plen))
if (!lend_tobn(g, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
if (!lend_tobn(pub_key, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
@ -985,7 +982,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
CAPI_CTX *ctx;
unsigned char csigbuf[40];
ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");


+ 50
- 32
include/openssl/dsa.h View File

@ -74,8 +74,8 @@ extern "C" {
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
# include <openssl/opensslconf.h>
# include <openssl/bn.h>
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# include <openssl/dh.h>
# endif
@ -117,32 +117,6 @@ extern "C" {
typedef struct DSA_SIG_st DSA_SIG;
struct dsa_method {
const char *name;
DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp);
int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont);
/* Can be null */
int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int (*init) (DSA *dsa);
int (*finish) (DSA *dsa);
int flags;
char *app_data;
/* If this is non-NULL, it is used to generate DSA parameters */
int (*dsa_paramgen) (DSA *dsa, int bits,
const unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
/* If this is non-NULL, it is used to generate DSA keys */
int (*dsa_keygen) (DSA *dsa);
};
# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@ -166,6 +140,7 @@ const DSA_METHOD *DSA_OpenSSL(void);
void DSA_set_default_method(const DSA_METHOD *);
const DSA_METHOD *DSA_get_default_method(void);
int DSA_set_method(DSA *dsa, const DSA_METHOD *);
const DSA_METHOD *DSA_get_method(DSA *d);
DSA *DSA_new(void);
DSA *DSA_new_method(ENGINE *engine);
@ -241,18 +216,61 @@ DH *DSA_dup_DH(const DSA *r);
# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
BIGNUM *DSA_get0_p(const DSA *d);
BIGNUM *DSA_get0_q(const DSA *d);
BIGNUM *DSA_get0_g(const DSA *d);
void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
BIGNUM *DSA_get0_priv_key(const DSA *d);
BIGNUM *DSA_get0_pub_key(const DSA *d);
void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key);
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
void DSA_clear_flags(DSA *d, int flags);
int DSA_test_flags(const DSA *d, int flags);
void DSA_set_flags(DSA *d, int flags);
ENGINE *DSA_get0_engine(DSA *d);
DSA_METHOD *DSA_meth_new(const char *name, int flags);
void DSA_meth_free(DSA_METHOD *dsam);
DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
const char *DSA_meth_get_name(const DSA_METHOD *dsam);
int DSA_meth_set_name(DSA_METHOD *dsam, const char *name);
int DSA_meth_get_flags(DSA_METHOD *dsam);
int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
void *DSA_meth_get_app_data(const DSA_METHOD *dsam);
int DSA_meth_set_app_data(DSA_METHOD *dsam, void *app_data);
DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
(const unsigned char *, int, DSA *);
int DSA_meth_set_sign(DSA_METHOD *dsam,
DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
(DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
(const unsigned char *, int , DSA_SIG *, DSA *);
int DSA_meth_set_verify(DSA_METHOD *dsam,
int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
BN_CTX *, BN_MONT_CTX *);
int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
BIGNUM *, BN_CTX *, BN_MONT_CTX *));
int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
BN_MONT_CTX *);
int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
(DSA *, int, const unsigned char *, int, int *, unsigned long *,
BN_GENCB *);
int DSA_meth_set_paramgen(DSA_METHOD *dsam,
int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
unsigned long *, BN_GENCB *));
int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes


+ 5
- 3
test/dsatest.c View File

@ -133,6 +133,7 @@ int main(int argc, char **argv)
unsigned long h;
unsigned char sig[256];
unsigned int siglen;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
@ -172,21 +173,22 @@ int main(int argc, char **argv)
goto end;
}
i = BN_bn2bin(DSA_get0_q(dsa), buf);
DSA_get0_pqg(dsa, &p, &q, &g);
i = BN_bn2bin(q, buf);
j = sizeof(out_q);
if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
BIO_printf(bio_err, "q value is wrong\n");
goto end;
}
i = BN_bn2bin(DSA_get0_p(dsa), buf);
i = BN_bn2bin(p, buf);
j = sizeof(out_p);
if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
BIO_printf(bio_err, "p value is wrong\n");
goto end;
}
i = BN_bn2bin(DSA_get0_g(dsa), buf);
i = BN_bn2bin(g, buf);
j = sizeof(out_g);
if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
BIO_printf(bio_err, "g value is wrong\n");


Loading…
Cancel
Save