dsa_lib.c 7.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360
  1. /*
  2. * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DSA low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <openssl/bn.h>
  15. #include <openssl/engine.h>
  16. #include "internal/cryptlib.h"
  17. #include "internal/refcount.h"
  18. #include "crypto/dsa.h"
  19. #include "crypto/dh.h" /* required by DSA_dup_DH() */
  20. #include "dsa_local.h"
  21. static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx);
  22. #ifndef FIPS_MODULE
  23. int DSA_set_ex_data(DSA *d, int idx, void *arg)
  24. {
  25. return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
  26. }
  27. void *DSA_get_ex_data(const DSA *d, int idx)
  28. {
  29. return CRYPTO_get_ex_data(&d->ex_data, idx);
  30. }
  31. # ifndef OPENSSL_NO_DH
  32. DH *DSA_dup_DH(const DSA *r)
  33. {
  34. /*
  35. * DSA has p, q, g, optional pub_key, optional priv_key.
  36. * DH has p, optional length, g, optional pub_key,
  37. * optional priv_key, optional q.
  38. */
  39. DH *ret = NULL;
  40. BIGNUM *pub_key = NULL, *priv_key = NULL;
  41. if (r == NULL)
  42. goto err;
  43. ret = DH_new();
  44. if (ret == NULL)
  45. goto err;
  46. if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params))
  47. goto err;
  48. if (r->pub_key != NULL) {
  49. pub_key = BN_dup(r->pub_key);
  50. if (pub_key == NULL)
  51. goto err;
  52. if (r->priv_key != NULL) {
  53. priv_key = BN_dup(r->priv_key);
  54. if (priv_key == NULL)
  55. goto err;
  56. }
  57. if (!DH_set0_key(ret, pub_key, priv_key))
  58. goto err;
  59. } else if (r->priv_key != NULL) {
  60. /* Shouldn't happen */
  61. goto err;
  62. }
  63. return ret;
  64. err:
  65. BN_free(pub_key);
  66. BN_free(priv_key);
  67. DH_free(ret);
  68. return NULL;
  69. }
  70. # endif /* OPENSSL_NO_DH */
  71. void DSA_clear_flags(DSA *d, int flags)
  72. {
  73. d->flags &= ~flags;
  74. }
  75. int DSA_test_flags(const DSA *d, int flags)
  76. {
  77. return d->flags & flags;
  78. }
  79. void DSA_set_flags(DSA *d, int flags)
  80. {
  81. d->flags |= flags;
  82. }
  83. ENGINE *DSA_get0_engine(DSA *d)
  84. {
  85. return d->engine;
  86. }
  87. int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
  88. {
  89. /*
  90. * NB: The caller is specifically setting a method, so it's not up to us
  91. * to deal with which ENGINE it comes from.
  92. */
  93. const DSA_METHOD *mtmp;
  94. mtmp = dsa->meth;
  95. if (mtmp->finish)
  96. mtmp->finish(dsa);
  97. #ifndef OPENSSL_NO_ENGINE
  98. ENGINE_finish(dsa->engine);
  99. dsa->engine = NULL;
  100. #endif
  101. dsa->meth = meth;
  102. if (meth->init)
  103. meth->init(dsa);
  104. return 1;
  105. }
  106. #endif /* FIPS_MODULE */
  107. const DSA_METHOD *DSA_get_method(DSA *d)
  108. {
  109. return d->meth;
  110. }
  111. static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
  112. {
  113. DSA *ret = OPENSSL_zalloc(sizeof(*ret));
  114. if (ret == NULL) {
  115. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  116. return NULL;
  117. }
  118. ret->references = 1;
  119. ret->lock = CRYPTO_THREAD_lock_new();
  120. if (ret->lock == NULL) {
  121. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  122. OPENSSL_free(ret);
  123. return NULL;
  124. }
  125. ret->libctx = libctx;
  126. ret->meth = DSA_get_default_method();
  127. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  128. ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
  129. if (engine) {
  130. if (!ENGINE_init(engine)) {
  131. ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
  132. goto err;
  133. }
  134. ret->engine = engine;
  135. } else
  136. ret->engine = ENGINE_get_default_DSA();
  137. if (ret->engine) {
  138. ret->meth = ENGINE_get_DSA(ret->engine);
  139. if (ret->meth == NULL) {
  140. ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
  141. goto err;
  142. }
  143. }
  144. #endif
  145. ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
  146. #ifndef FIPS_MODULE
  147. if (!ossl_crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret,
  148. &ret->ex_data))
  149. goto err;
  150. #endif
  151. if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
  152. ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
  153. goto err;
  154. }
  155. return ret;
  156. err:
  157. DSA_free(ret);
  158. return NULL;
  159. }
  160. DSA *DSA_new_method(ENGINE *engine)
  161. {
  162. return dsa_new_intern(engine, NULL);
  163. }
  164. DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx)
  165. {
  166. return dsa_new_intern(NULL, libctx);
  167. }
  168. #ifndef FIPS_MODULE
  169. DSA *DSA_new(void)
  170. {
  171. return dsa_new_intern(NULL, NULL);
  172. }
  173. #endif
  174. void DSA_free(DSA *r)
  175. {
  176. int i;
  177. if (r == NULL)
  178. return;
  179. CRYPTO_DOWN_REF(&r->references, &i, r->lock);
  180. REF_PRINT_COUNT("DSA", r);
  181. if (i > 0)
  182. return;
  183. REF_ASSERT_ISNT(i < 0);
  184. if (r->meth != NULL && r->meth->finish != NULL)
  185. r->meth->finish(r);
  186. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  187. ENGINE_finish(r->engine);
  188. #endif
  189. #ifndef FIPS_MODULE
  190. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
  191. #endif
  192. CRYPTO_THREAD_lock_free(r->lock);
  193. ossl_ffc_params_cleanup(&r->params);
  194. BN_clear_free(r->pub_key);
  195. BN_clear_free(r->priv_key);
  196. OPENSSL_free(r);
  197. }
  198. int DSA_up_ref(DSA *r)
  199. {
  200. int i;
  201. if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
  202. return 0;
  203. REF_PRINT_COUNT("DSA", r);
  204. REF_ASSERT_ISNT(i < 2);
  205. return ((i > 1) ? 1 : 0);
  206. }
  207. void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx)
  208. {
  209. d->libctx = libctx;
  210. }
  211. void DSA_get0_pqg(const DSA *d,
  212. const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
  213. {
  214. ossl_ffc_params_get0_pqg(&d->params, p, q, g);
  215. }
  216. int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
  217. {
  218. /* If the fields p, q and g in d are NULL, the corresponding input
  219. * parameters MUST be non-NULL.
  220. */
  221. if ((d->params.p == NULL && p == NULL)
  222. || (d->params.q == NULL && q == NULL)
  223. || (d->params.g == NULL && g == NULL))
  224. return 0;
  225. ossl_ffc_params_set0_pqg(&d->params, p, q, g);
  226. d->dirty_cnt++;
  227. return 1;
  228. }
  229. const BIGNUM *DSA_get0_p(const DSA *d)
  230. {
  231. return d->params.p;
  232. }
  233. const BIGNUM *DSA_get0_q(const DSA *d)
  234. {
  235. return d->params.q;
  236. }
  237. const BIGNUM *DSA_get0_g(const DSA *d)
  238. {
  239. return d->params.g;
  240. }
  241. const BIGNUM *DSA_get0_pub_key(const DSA *d)
  242. {
  243. return d->pub_key;
  244. }
  245. const BIGNUM *DSA_get0_priv_key(const DSA *d)
  246. {
  247. return d->priv_key;
  248. }
  249. void DSA_get0_key(const DSA *d,
  250. const BIGNUM **pub_key, const BIGNUM **priv_key)
  251. {
  252. if (pub_key != NULL)
  253. *pub_key = d->pub_key;
  254. if (priv_key != NULL)
  255. *priv_key = d->priv_key;
  256. }
  257. int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
  258. {
  259. if (pub_key != NULL) {
  260. BN_free(d->pub_key);
  261. d->pub_key = pub_key;
  262. }
  263. if (priv_key != NULL) {
  264. BN_free(d->priv_key);
  265. d->priv_key = priv_key;
  266. }
  267. d->dirty_cnt++;
  268. return 1;
  269. }
  270. int DSA_security_bits(const DSA *d)
  271. {
  272. if (d->params.p != NULL && d->params.q != NULL)
  273. return BN_security_bits(BN_num_bits(d->params.p),
  274. BN_num_bits(d->params.q));
  275. return -1;
  276. }
  277. int DSA_bits(const DSA *dsa)
  278. {
  279. if (dsa->params.p != NULL)
  280. return BN_num_bits(dsa->params.p);
  281. return -1;
  282. }
  283. FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa)
  284. {
  285. return &dsa->params;
  286. }
  287. int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
  288. {
  289. int ret;
  290. FFC_PARAMS *ffc;
  291. if (dsa == NULL)
  292. return 0;
  293. ffc = ossl_dsa_get0_params(dsa);
  294. if (ffc == NULL)
  295. return 0;
  296. ret = ossl_ffc_params_fromdata(ffc, params);
  297. if (ret)
  298. dsa->dirty_cnt++;
  299. return ret;
  300. }