dsa_lib.c 7.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DSA low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <openssl/bn.h>
  15. #ifndef FIPS_MODULE
  16. # include <openssl/engine.h>
  17. #endif
  18. #include "internal/cryptlib.h"
  19. #include "internal/refcount.h"
  20. #include "crypto/dsa.h"
  21. #include "crypto/dh.h" /* required by DSA_dup_DH() */
  22. #include "dsa_local.h"
  23. static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx);
  24. #ifndef FIPS_MODULE
  25. int DSA_set_ex_data(DSA *d, int idx, void *arg)
  26. {
  27. return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
  28. }
  29. void *DSA_get_ex_data(const DSA *d, int idx)
  30. {
  31. return CRYPTO_get_ex_data(&d->ex_data, idx);
  32. }
  33. # ifndef OPENSSL_NO_DH
  34. DH *DSA_dup_DH(const DSA *r)
  35. {
  36. /*
  37. * DSA has p, q, g, optional pub_key, optional priv_key.
  38. * DH has p, optional length, g, optional pub_key,
  39. * optional priv_key, optional q.
  40. */
  41. DH *ret = NULL;
  42. BIGNUM *pub_key = NULL, *priv_key = NULL;
  43. if (r == NULL)
  44. goto err;
  45. ret = DH_new();
  46. if (ret == NULL)
  47. goto err;
  48. if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params))
  49. goto err;
  50. if (r->pub_key != NULL) {
  51. pub_key = BN_dup(r->pub_key);
  52. if (pub_key == NULL)
  53. goto err;
  54. if (r->priv_key != NULL) {
  55. priv_key = BN_dup(r->priv_key);
  56. if (priv_key == NULL)
  57. goto err;
  58. }
  59. if (!DH_set0_key(ret, pub_key, priv_key))
  60. goto err;
  61. } else if (r->priv_key != NULL) {
  62. /* Shouldn't happen */
  63. goto err;
  64. }
  65. return ret;
  66. err:
  67. BN_free(pub_key);
  68. BN_free(priv_key);
  69. DH_free(ret);
  70. return NULL;
  71. }
  72. # endif /* OPENSSL_NO_DH */
  73. void DSA_clear_flags(DSA *d, int flags)
  74. {
  75. d->flags &= ~flags;
  76. }
  77. int DSA_test_flags(const DSA *d, int flags)
  78. {
  79. return d->flags & flags;
  80. }
  81. void DSA_set_flags(DSA *d, int flags)
  82. {
  83. d->flags |= flags;
  84. }
  85. ENGINE *DSA_get0_engine(DSA *d)
  86. {
  87. return d->engine;
  88. }
  89. int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
  90. {
  91. /*
  92. * NB: The caller is specifically setting a method, so it's not up to us
  93. * to deal with which ENGINE it comes from.
  94. */
  95. const DSA_METHOD *mtmp;
  96. mtmp = dsa->meth;
  97. if (mtmp->finish)
  98. mtmp->finish(dsa);
  99. #ifndef OPENSSL_NO_ENGINE
  100. ENGINE_finish(dsa->engine);
  101. dsa->engine = NULL;
  102. #endif
  103. dsa->meth = meth;
  104. if (meth->init)
  105. meth->init(dsa);
  106. return 1;
  107. }
  108. #endif /* FIPS_MODULE */
  109. const DSA_METHOD *DSA_get_method(DSA *d)
  110. {
  111. return d->meth;
  112. }
  113. static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
  114. {
  115. DSA *ret = OPENSSL_zalloc(sizeof(*ret));
  116. if (ret == NULL)
  117. return NULL;
  118. ret->lock = CRYPTO_THREAD_lock_new();
  119. if (ret->lock == NULL) {
  120. ERR_raise(ERR_LIB_DSA, ERR_R_CRYPTO_LIB);
  121. OPENSSL_free(ret);
  122. return NULL;
  123. }
  124. if (!CRYPTO_NEW_REF(&ret->references, 1)) {
  125. CRYPTO_THREAD_lock_free(ret->lock);
  126. OPENSSL_free(ret);
  127. return NULL;
  128. }
  129. ret->libctx = libctx;
  130. ret->meth = DSA_get_default_method();
  131. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  132. ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
  133. if (engine) {
  134. if (!ENGINE_init(engine)) {
  135. ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
  136. goto err;
  137. }
  138. ret->engine = engine;
  139. } else
  140. ret->engine = ENGINE_get_default_DSA();
  141. if (ret->engine) {
  142. ret->meth = ENGINE_get_DSA(ret->engine);
  143. if (ret->meth == NULL) {
  144. ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
  145. goto err;
  146. }
  147. }
  148. #endif
  149. ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
  150. #ifndef FIPS_MODULE
  151. if (!ossl_crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret,
  152. &ret->ex_data))
  153. goto err;
  154. #endif
  155. ossl_ffc_params_init(&ret->params);
  156. if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
  157. ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
  158. goto err;
  159. }
  160. return ret;
  161. err:
  162. DSA_free(ret);
  163. return NULL;
  164. }
  165. DSA *DSA_new_method(ENGINE *engine)
  166. {
  167. return dsa_new_intern(engine, NULL);
  168. }
  169. DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx)
  170. {
  171. return dsa_new_intern(NULL, libctx);
  172. }
  173. #ifndef FIPS_MODULE
  174. DSA *DSA_new(void)
  175. {
  176. return dsa_new_intern(NULL, NULL);
  177. }
  178. #endif
  179. void DSA_free(DSA *r)
  180. {
  181. int i;
  182. if (r == NULL)
  183. return;
  184. CRYPTO_DOWN_REF(&r->references, &i);
  185. REF_PRINT_COUNT("DSA", r);
  186. if (i > 0)
  187. return;
  188. REF_ASSERT_ISNT(i < 0);
  189. if (r->meth != NULL && r->meth->finish != NULL)
  190. r->meth->finish(r);
  191. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  192. ENGINE_finish(r->engine);
  193. #endif
  194. #ifndef FIPS_MODULE
  195. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
  196. #endif
  197. CRYPTO_THREAD_lock_free(r->lock);
  198. CRYPTO_FREE_REF(&r->references);
  199. ossl_ffc_params_cleanup(&r->params);
  200. BN_clear_free(r->pub_key);
  201. BN_clear_free(r->priv_key);
  202. OPENSSL_free(r);
  203. }
  204. int DSA_up_ref(DSA *r)
  205. {
  206. int i;
  207. if (CRYPTO_UP_REF(&r->references, &i) <= 0)
  208. return 0;
  209. REF_PRINT_COUNT("DSA", r);
  210. REF_ASSERT_ISNT(i < 2);
  211. return ((i > 1) ? 1 : 0);
  212. }
  213. void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx)
  214. {
  215. d->libctx = libctx;
  216. }
  217. void DSA_get0_pqg(const DSA *d,
  218. const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
  219. {
  220. ossl_ffc_params_get0_pqg(&d->params, p, q, g);
  221. }
  222. int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
  223. {
  224. /* If the fields p, q and g in d are NULL, the corresponding input
  225. * parameters MUST be non-NULL.
  226. */
  227. if ((d->params.p == NULL && p == NULL)
  228. || (d->params.q == NULL && q == NULL)
  229. || (d->params.g == NULL && g == NULL))
  230. return 0;
  231. ossl_ffc_params_set0_pqg(&d->params, p, q, g);
  232. d->dirty_cnt++;
  233. return 1;
  234. }
  235. const BIGNUM *DSA_get0_p(const DSA *d)
  236. {
  237. return d->params.p;
  238. }
  239. const BIGNUM *DSA_get0_q(const DSA *d)
  240. {
  241. return d->params.q;
  242. }
  243. const BIGNUM *DSA_get0_g(const DSA *d)
  244. {
  245. return d->params.g;
  246. }
  247. const BIGNUM *DSA_get0_pub_key(const DSA *d)
  248. {
  249. return d->pub_key;
  250. }
  251. const BIGNUM *DSA_get0_priv_key(const DSA *d)
  252. {
  253. return d->priv_key;
  254. }
  255. void DSA_get0_key(const DSA *d,
  256. const BIGNUM **pub_key, const BIGNUM **priv_key)
  257. {
  258. if (pub_key != NULL)
  259. *pub_key = d->pub_key;
  260. if (priv_key != NULL)
  261. *priv_key = d->priv_key;
  262. }
  263. int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
  264. {
  265. if (pub_key != NULL) {
  266. BN_free(d->pub_key);
  267. d->pub_key = pub_key;
  268. }
  269. if (priv_key != NULL) {
  270. BN_free(d->priv_key);
  271. d->priv_key = priv_key;
  272. }
  273. d->dirty_cnt++;
  274. return 1;
  275. }
  276. int DSA_security_bits(const DSA *d)
  277. {
  278. if (d->params.p != NULL && d->params.q != NULL)
  279. return BN_security_bits(BN_num_bits(d->params.p),
  280. BN_num_bits(d->params.q));
  281. return -1;
  282. }
  283. int DSA_bits(const DSA *dsa)
  284. {
  285. if (dsa->params.p != NULL)
  286. return BN_num_bits(dsa->params.p);
  287. return -1;
  288. }
  289. FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa)
  290. {
  291. return &dsa->params;
  292. }
  293. int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
  294. {
  295. int ret;
  296. FFC_PARAMS *ffc = ossl_dsa_get0_params(dsa);
  297. ret = ossl_ffc_params_fromdata(ffc, params);
  298. if (ret)
  299. dsa->dirty_cnt++;
  300. return ret;
  301. }