diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-01-12 11:32:12 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-01-12 11:32:12 +1000 |
| commit | e683582bf37de45a9512aea7ff33b9a3ebdf07f4 (patch) | |
| tree | 3a8c7e4f3ae908816ef57c15e56b619daa1430ac /crypto/dsa/dsa_lib.c | |
| parent | e0e68f9e34585084038fba768fb2eecb5dd1ddf3 (diff) | |
Add dsa signature alg to fips provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10615)
Diffstat (limited to 'crypto/dsa/dsa_lib.c')
| -rw-r--r-- | crypto/dsa/dsa_lib.c | 294 |
1 files changed, 144 insertions, 150 deletions
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 4670c433c5..2a97c0852c 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -15,12 +15,140 @@ #include <openssl/asn1.h> #include <openssl/engine.h> #include <openssl/dh.h> +#include "crypto/dsa.h" + +#ifndef FIPS_MODE DSA *DSA_new(void) { return DSA_new_method(NULL); } +int DSA_set_ex_data(DSA *d, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); +} + +void *DSA_get_ex_data(DSA *d, int idx) +{ + return CRYPTO_get_ex_data(&d->ex_data, idx); +} + +int DSA_security_bits(const DSA *d) +{ + if (d->p && d->q) + return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q)); + return -1; +} + +#ifndef OPENSSL_NO_DH +DH *DSA_dup_DH(const DSA *r) +{ + /* + * DSA has p, q, g, optional pub_key, optional priv_key. DH has p, + * optional length, g, optional pub_key, optional priv_key, optional q. + */ + + DH *ret = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; + + if (r == NULL) + goto err; + ret = DH_new(); + if (ret == NULL) + goto err; + if (r->p != NULL || r->g != NULL || r->q != NULL) { + if (r->p == NULL || r->g == NULL || r->q == NULL) { + /* Shouldn't happen */ + goto err; + } + p = BN_dup(r->p); + g = BN_dup(r->g); + q = BN_dup(r->q); + if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g)) + goto err; + p = g = q = NULL; + } + + if (r->pub_key != NULL) { + pub_key = BN_dup(r->pub_key); + if (pub_key == NULL) + goto err; + if (r->priv_key != NULL) { + priv_key = BN_dup(r->priv_key); + if (priv_key == NULL) + goto err; + } + if (!DH_set0_key(ret, pub_key, priv_key)) + goto err; + } else if (r->priv_key != NULL) { + /* Shouldn't happen */ + goto err; + } + + return ret; + + err: + BN_free(p); + BN_free(g); + BN_free(q); + BN_free(pub_key); + BN_free(priv_key); + DH_free(ret); + return NULL; +} +#endif + +const BIGNUM *DSA_get0_p(const DSA *d) +{ + return d->p; +} + +const BIGNUM *DSA_get0_q(const DSA *d) +{ + return d->q; +} + +const BIGNUM *DSA_get0_g(const DSA *d) +{ + return d->g; +} + +const BIGNUM *DSA_get0_pub_key(const DSA *d) +{ + return d->pub_key; +} + +const BIGNUM *DSA_get0_priv_key(const DSA *d) +{ + return d->priv_key; +} + +void DSA_clear_flags(DSA *d, int flags) +{ + d->flags &= ~flags; +} + +int DSA_test_flags(const DSA *d, int flags) +{ + return d->flags & flags; +} + +void DSA_set_flags(DSA *d, int flags) +{ + d->flags |= flags; +} + +ENGINE *DSA_get0_engine(DSA *d) +{ + return d->engine; +} + +int DSA_bits(const DSA *dsa) +{ + return BN_num_bits(dsa->p); +} + int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) { /* @@ -40,13 +168,15 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) meth->init(dsa); return 1; } +#endif /* FIPS_MODE */ + const DSA_METHOD *DSA_get_method(DSA *d) { return d->meth; } -DSA *DSA_new_method(ENGINE *engine) +static DSA *dsa_new_method(OPENSSL_CTX *libctx, ENGINE *engine) { DSA *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -64,7 +194,7 @@ DSA *DSA_new_method(ENGINE *engine) } ret->meth = DSA_get_default_method(); -#ifndef OPENSSL_NO_ENGINE +#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */ if (engine) { if (!ENGINE_init(engine)) { @@ -85,7 +215,7 @@ DSA *DSA_new_method(ENGINE *engine) ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data)) + if (!crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data)) goto err; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { @@ -100,6 +230,16 @@ DSA *DSA_new_method(ENGINE *engine) return NULL; } +DSA *DSA_new_method(ENGINE *engine) +{ + return dsa_new_method(NULL, engine); +} + +DSA *dsa_new(OPENSSL_CTX *libctx) +{ + return dsa_new_method(libctx, NULL); +} + void DSA_free(DSA *r) { int i; @@ -115,7 +255,7 @@ void DSA_free(DSA *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE +#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) ENGINE_finish(r->engine); #endif @@ -143,103 +283,6 @@ int DSA_up_ref(DSA *r) return ((i > 1) ? 1 : 0); } -int DSA_size(const DSA *r) -{ - int ret, i; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. However, - * i2d_ASN1_INTEGER() will not look beyond - * the first byte, as long as the second - * parameter is NULL. */ - - i = BN_num_bits(r->q); - bs.length = (i + 7) / 8; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - i += i; /* r and s */ - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); - return ret; -} - -int DSA_set_ex_data(DSA *d, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&d->ex_data, idx, arg); -} - -void *DSA_get_ex_data(DSA *d, int idx) -{ - return CRYPTO_get_ex_data(&d->ex_data, idx); -} - -int DSA_security_bits(const DSA *d) -{ - if (d->p && d->q) - return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q)); - return -1; -} - -#ifndef OPENSSL_NO_DH -DH *DSA_dup_DH(const DSA *r) -{ - /* - * DSA has p, q, g, optional pub_key, optional priv_key. DH has p, - * optional length, g, optional pub_key, optional priv_key, optional q. - */ - - DH *ret = NULL; - BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; - - if (r == NULL) - goto err; - ret = DH_new(); - if (ret == NULL) - goto err; - if (r->p != NULL || r->g != NULL || r->q != NULL) { - if (r->p == NULL || r->g == NULL || r->q == NULL) { - /* Shouldn't happen */ - goto err; - } - p = BN_dup(r->p); - g = BN_dup(r->g); - q = BN_dup(r->q); - if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g)) - goto err; - p = g = q = NULL; - } - - if (r->pub_key != NULL) { - pub_key = BN_dup(r->pub_key); - if (pub_key == NULL) - goto err; - if (r->priv_key != NULL) { - priv_key = BN_dup(r->priv_key); - if (priv_key == NULL) - goto err; - } - if (!DH_set0_key(ret, pub_key, priv_key)) - goto err; - } else if (r->priv_key != NULL) { - /* Shouldn't happen */ - goto err; - } - - return ret; - - err: - BN_free(p); - BN_free(g); - BN_free(q); - BN_free(pub_key); - BN_free(priv_key); - DH_free(ret); - return NULL; -} -#endif - void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { @@ -309,52 +352,3 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } -const BIGNUM *DSA_get0_p(const DSA *d) -{ - return d->p; -} - -const BIGNUM *DSA_get0_q(const DSA *d) -{ - return d->q; -} - -const BIGNUM *DSA_get0_g(const DSA *d) -{ - return d->g; -} - -const BIGNUM *DSA_get0_pub_key(const DSA *d) -{ - return d->pub_key; -} - -const BIGNUM *DSA_get0_priv_key(const DSA *d) -{ - return d->priv_key; -} - -void DSA_clear_flags(DSA *d, int flags) -{ - d->flags &= ~flags; -} - -int DSA_test_flags(const DSA *d, int flags) -{ - return d->flags & flags; -} - -void DSA_set_flags(DSA *d, int flags) -{ - d->flags |= flags; -} - -ENGINE *DSA_get0_engine(DSA *d) -{ - return d->engine; -} - -int DSA_bits(const DSA *dsa) -{ - return BN_num_bits(dsa->p); -} |