/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/asn1.h>
-#include "dsa_locl.h"
#include <openssl/bn.h>
#include <openssl/cms.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include <openssl/core_names.h>
+#include "internal/cryptlib.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "internal/param_build.h"
+#include "dsa_local.h"
static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
goto err;
}
+ dsa->dirty_cnt++;
ASN1_INTEGER_free(public_key);
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
int penclen;
ASN1_STRING *str = NULL;
ASN1_INTEGER *pubint = NULL;
+ ASN1_OBJECT *aobj;
dsa = pkey->pkey.dsa;
if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
goto err;
}
- if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
- ptype, str, penc, penclen))
+ aobj = OBJ_nid2obj(EVP_PKEY_DSA);
+ if (aobj == NULL)
+ goto err;
+
+ if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
return 1;
err:
* AlgorithmIdentifier the pubkey must be recalculated.
*/
-static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
const void *pval;
const ASN1_STRING *pstr;
- X509_ALGOR *palg;
+ const X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
goto dsaerr;
}
+ BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr;
}
+ dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
ret = 1;
unsigned char *dp = NULL;
int dplen;
- if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
+ if (pkey->pkey.dsa == NULL|| pkey->pkey.dsa->priv_key == NULL) {
DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
goto err;
}
/* Get private key into integer */
prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
- if (!prkey) {
+ if (prkey == NULL) {
DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
goto err;
}
static int int_dsa_size(const EVP_PKEY *pkey)
{
- return (DSA_size(pkey->pkey.dsa));
+ return DSA_size(pkey->pkey.dsa);
}
static int dsa_bits(const EVP_PKEY *pkey)
return 0;
BN_free(to->pkey.dsa->g);
to->pkey.dsa->g = a;
+ to->pkey.dsa->dirty_cnt++;
return 1;
}
int ret = 0;
const char *ktype = NULL;
const BIGNUM *priv_key, *pub_key;
+ int mod_len = 0;
+
+ if (x->p != NULL)
+ mod_len = BN_num_bits(x->p);
if (ptype == 2)
priv_key = x->priv_key;
if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
<= 0)
goto err;
+ } else {
+ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
+ goto err;
}
if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
goto err;
ret = 1;
err:
- return (ret);
+ return ret;
}
static int dsa_param_decode(EVP_PKEY *pkey,
DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
return 0;
}
+ dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
}
DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
return 0;
}
+ dsa->dirty_cnt++;
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
}
DSA_SIG_free(dsa_sig);
return rv;
}
+ if (BIO_puts(bp, "\n") <= 0)
+ return 0;
return X509_signature_dump(bp, sig, indent);
}
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
- return 2;
+ return 1;
default:
return -2;
}
+static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
+{
+ return pkey->pkey.dsa->dirty_cnt;
+}
+
+static void *dsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
+ int want_domainparams)
+{
+ DSA *dsa = pk->pkey.dsa;
+ OSSL_PARAM_BLD tmpl;
+ const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa);
+ const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa);
+ const BIGNUM *priv_key = DSA_get0_priv_key(dsa);
+ OSSL_PARAM *params;
+ void *provdata = NULL;
+
+ if (p == NULL || q == NULL || g == NULL)
+ return NULL;
+
+ ossl_param_bld_init(&tmpl);
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p)
+ || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
+ || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g))
+ return NULL;
+
+ if (!want_domainparams) {
+ /* A key must at least have a public part. */
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY,
+ pub_key))
+ return NULL;
+
+ if (priv_key != NULL) {
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY,
+ priv_key))
+ return NULL;
+ }
+ }
+
+ params = ossl_param_bld_to_param(&tmpl);
+
+ /* We export, the provider imports */
+ provdata = want_domainparams
+ ? evp_keymgmt_importdomparams(keymgmt, params)
+ : evp_keymgmt_importkey(keymgmt, params);
+
+ ossl_param_bld_free(params);
+ return provdata;
+}
+
/* NB these are sorted in pkey_id order, lowest first */
const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
int_dsa_free,
dsa_pkey_ctrl,
old_dsa_priv_decode,
- old_dsa_priv_encode}
+ old_dsa_priv_encode,
+
+ NULL, NULL, NULL,
+ NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+
+ dsa_pkey_dirty_cnt,
+ dsa_pkey_export_to
+ }
};