/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <string.h>
#include <openssl/crypto.h>
-#include <openssl/core_numbers.h>
+#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include "internal/nelem.h"
#include "internal/sizes.h"
+#include "internal/cryptlib.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
#include "prov/provider_ctx.h"
#include "crypto/dsa.h"
+#include "prov/der_dsa.h"
static OSSL_OP_signature_newctx_fn dsa_newctx;
static OSSL_OP_signature_sign_init_fn dsa_signature_init;
typedef struct {
OPENSSL_CTX *libctx;
+ char *propq;
DSA *dsa;
/*
char mdname[OSSL_MAX_NAME_SIZE];
- /* The Algorithm Identifier of the combined signature agorithm */
- unsigned char aid[OSSL_MAX_ALGORITHM_ID_SIZE];
+ /* The Algorithm Identifier of the combined signature algorithm */
+ unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
+ unsigned char *aid;
size_t aid_len;
/* main digest */
return mdnid;
}
-static void *dsa_newctx(void *provctx)
+static void *dsa_newctx(void *provctx, const char *propq)
{
PROV_DSA_CTX *pdsactx = OPENSSL_zalloc(sizeof(PROV_DSA_CTX));
pdsactx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
pdsactx->flag_allow_md = 1;
+ if (propq != NULL && (pdsactx->propq = OPENSSL_strdup(propq)) == NULL) {
+ OPENSSL_free(pdsactx);
+ pdsactx = NULL;
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ }
return pdsactx;
}
static int dsa_setup_md(PROV_DSA_CTX *ctx,
const char *mdname, const char *mdprops)
{
+ if (mdprops == NULL)
+ mdprops = ctx->propq;
+
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
int md_nid = dsa_get_md_nid(md);
- size_t algorithmidentifier_len = 0;
- const unsigned char *algorithmidentifier;
-
- EVP_MD_free(ctx->md);
- ctx->md = NULL;
- ctx->mdname[0] = '\0';
-
- algorithmidentifier =
- dsa_algorithmidentifier_encoding(md_nid, &algorithmidentifier_len);
+ WPACKET pkt;
- if (algorithmidentifier == NULL) {
+ if (md == NULL || md_nid == NID_undef) {
EVP_MD_free(md);
return 0;
}
+ EVP_MD_CTX_free(ctx->mdctx);
+ EVP_MD_free(ctx->md);
+
+ /*
+ * TODO(3.0) Should we care about DER writing errors?
+ * All it really means is that for some reason, there's no
+ * AlgorithmIdentifier to be had, but the operation itself is
+ * still valid, just as long as it's not used to construct
+ * anything that needs an AlgorithmIdentifier.
+ */
+ ctx->aid_len = 0;
+ if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
+ && DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa,
+ md_nid)
+ && WPACKET_finish(&pkt)) {
+ WPACKET_get_total_written(&pkt, &ctx->aid_len);
+ ctx->aid = WPACKET_get_curr(&pkt);
+ }
+ WPACKET_cleanup(&pkt);
+
+ ctx->mdctx = NULL;
ctx->md = md;
OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
- memcpy(ctx->aid, algorithmidentifier, algorithmidentifier_len);
- ctx->aid_len = algorithmidentifier_len;
}
return 1;
}
if (mdsize != 0 && tbslen != mdsize)
return 0;
- ret = dsa_sign_int(pdsactx->libctx, 0, tbs, tbslen, sig, &sltmp,
- pdsactx->dsa);
+ ret = dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa);
if (ret <= 0)
return 0;
}
static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
- const char *props, void *vdsa)
+ void *vdsa)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (!dsa_signature_init(vpdsactx, vdsa))
return 0;
- if (!dsa_setup_md(pdsactx, mdname, props))
+ if (!dsa_setup_md(pdsactx, mdname, NULL))
return 0;
pdsactx->mdctx = EVP_MD_CTX_new();
static void dsa_freectx(void *vpdsactx)
{
- PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
-
- DSA_free(pdsactx->dsa);
- EVP_MD_CTX_free(pdsactx->mdctx);
- EVP_MD_free(pdsactx->md);
-
- OPENSSL_free(pdsactx);
+ PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx;
+
+ OPENSSL_free(ctx->propq);
+ EVP_MD_CTX_free(ctx->mdctx);
+ EVP_MD_free(ctx->md);
+ ctx->propq = NULL;
+ ctx->mdctx = NULL;
+ ctx->md = NULL;
+ ctx->mdsize = 0;
+ DSA_free(ctx->dsa);
+ OPENSSL_free(ctx);
}
static void *dsa_dupctx(void *vpdsactx)
static const OSSL_PARAM known_settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
OSSL_PARAM_END
};