crypto/dsa/dsa_lib.c

   1 /*
   2  * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11  * DSA low level APIs are deprecated for public use, but still ok for
  12  * internal use.
  13  */
  14 #include "internal/deprecated.h"
  15
  16 #include <openssl/bn.h>
  17 #include <openssl/engine.h>
  18 #include "internal/cryptlib.h"
  19 #include "internal/refcount.h"
  20 #include "crypto/dsa.h"
  21 #include "crypto/dh.h" /* required by DSA_dup_DH() */
  22 #include "dsa_local.h"
  23
  24 static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx);
  25
  26 #ifndef FIPS_MODULE
  27
  28 int DSA_set_ex_data(DSA *d, int idx, void *arg)
  29 {
  30     return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
  31 }
  32
  33 void *DSA_get_ex_data(const DSA *d, int idx)
  34 {
  35     return CRYPTO_get_ex_data(&d->ex_data, idx);
  36 }
  37
  38 # ifndef OPENSSL_NO_DH
  39 DH *DSA_dup_DH(const DSA *r)
  40 {
  41     /*
  42      * DSA has p, q, g, optional pub_key, optional priv_key.
  43      * DH has p, optional length, g, optional pub_key,
  44      * optional priv_key, optional q.
  45      */
  46     DH *ret = NULL;
  47     BIGNUM *pub_key = NULL, *priv_key = NULL;
  48
  49     if (r == NULL)
  50         goto err;
  51     ret = DH_new();
  52     if (ret == NULL)
  53         goto err;
  54
  55     if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params))
  56         goto err;
  57
  58     if (r->pub_key != NULL) {
  59         pub_key = BN_dup(r->pub_key);
  60         if (pub_key == NULL)
  61             goto err;
  62         if (r->priv_key != NULL) {
  63             priv_key = BN_dup(r->priv_key);
  64             if (priv_key == NULL)
  65                 goto err;
  66         }
  67         if (!DH_set0_key(ret, pub_key, priv_key))
  68             goto err;
  69     } else if (r->priv_key != NULL) {
  70         /* Shouldn't happen */
  71         goto err;
  72     }
  73
  74     return ret;
  75
  76  err:
  77     BN_free(pub_key);
  78     BN_free(priv_key);
  79     DH_free(ret);
  80     return NULL;
  81 }
  82 # endif /*  OPENSSL_NO_DH */
  83
  84 void DSA_clear_flags(DSA *d, int flags)
  85 {
  86     d->flags &= ~flags;
  87 }
  88
  89 int DSA_test_flags(const DSA *d, int flags)
  90 {
  91     return d->flags & flags;
  92 }
  93
  94 void DSA_set_flags(DSA *d, int flags)
  95 {
  96     d->flags |= flags;
  97 }
  98
  99 ENGINE *DSA_get0_engine(DSA *d)
 100 {
 101     return d->engine;
 102 }
 103
 104 int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
 105 {
 106     /*
 107      * NB: The caller is specifically setting a method, so it's not up to us
 108      * to deal with which ENGINE it comes from.
 109      */
 110     const DSA_METHOD *mtmp;
 111     mtmp = dsa->meth;
 112     if (mtmp->finish)
 113         mtmp->finish(dsa);
 114 #ifndef OPENSSL_NO_ENGINE
 115     ENGINE_finish(dsa->engine);
 116     dsa->engine = NULL;
 117 #endif
 118     dsa->meth = meth;
 119     if (meth->init)
 120         meth->init(dsa);
 121     return 1;
 122 }
 123 #endif /* FIPS_MODULE */
 124
 125
 126 const DSA_METHOD *DSA_get_method(DSA *d)
 127 {
 128     return d->meth;
 129 }
 130
 131 static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
 132 {
 133     DSA *ret = OPENSSL_zalloc(sizeof(*ret));
 134
 135     if (ret == NULL) {
 136         ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
 137         return NULL;
 138     }
 139
 140     ret->references = 1;
 141     ret->lock = CRYPTO_THREAD_lock_new();
 142     if (ret->lock == NULL) {
 143         ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
 144         OPENSSL_free(ret);
 145         return NULL;
 146     }
 147
 148     ret->libctx = libctx;
 149     ret->meth = DSA_get_default_method();
 150 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
 151     ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
 152     if (engine) {
 153         if (!ENGINE_init(engine)) {
 154             ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
 155             goto err;
 156         }
 157         ret->engine = engine;
 158     } else
 159         ret->engine = ENGINE_get_default_DSA();
 160     if (ret->engine) {
 161         ret->meth = ENGINE_get_DSA(ret->engine);
 162         if (ret->meth == NULL) {
 163             ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
 164             goto err;
 165         }
 166     }
 167 #endif
 168
 169     ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
 170
 171 #ifndef FIPS_MODULE
 172     if (!ossl_crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret,
 173                                     &ret->ex_data))
 174         goto err;
 175 #endif
 176
 177     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
 178         ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
 179         goto err;
 180     }
 181
 182     return ret;
 183
 184  err:
 185     DSA_free(ret);
 186     return NULL;
 187 }
 188
 189 DSA *DSA_new_method(ENGINE *engine)
 190 {
 191     return dsa_new_intern(engine, NULL);
 192 }
 193
 194 DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx)
 195 {
 196     return dsa_new_intern(NULL, libctx);
 197 }
 198
 199 #ifndef FIPS_MODULE
 200 DSA *DSA_new(void)
 201 {
 202     return dsa_new_intern(NULL, NULL);
 203 }
 204 #endif
 205
 206 void DSA_free(DSA *r)
 207 {
 208     int i;
 209
 210     if (r == NULL)
 211         return;
 212
 213     CRYPTO_DOWN_REF(&r->references, &i, r->lock);
 214     REF_PRINT_COUNT("DSA", r);
 215     if (i > 0)
 216         return;
 217     REF_ASSERT_ISNT(i < 0);
 218
 219     if (r->meth != NULL && r->meth->finish != NULL)
 220         r->meth->finish(r);
 221 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
 222     ENGINE_finish(r->engine);
 223 #endif
 224
 225 #ifndef FIPS_MODULE
 226     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 227 #endif
 228
 229     CRYPTO_THREAD_lock_free(r->lock);
 230
 231     ossl_ffc_params_cleanup(&r->params);
 232     BN_clear_free(r->pub_key);
 233     BN_clear_free(r->priv_key);
 234     OPENSSL_free(r);
 235 }
 236
 237 int DSA_up_ref(DSA *r)
 238 {
 239     int i;
 240
 241     if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
 242         return 0;
 243
 244     REF_PRINT_COUNT("DSA", r);
 245     REF_ASSERT_ISNT(i < 2);
 246     return ((i > 1) ? 1 : 0);
 247 }
 248
 249 void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx)
 250 {
 251     d->libctx = libctx;
 252 }
 253
 254 void DSA_get0_pqg(const DSA *d,
 255                   const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 256 {
 257     ossl_ffc_params_get0_pqg(&d->params, p, q, g);
 258 }
 259
 260 int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
 261 {
 262     /* If the fields p, q and g in d are NULL, the corresponding input
 263      * parameters MUST be non-NULL.
 264      */
 265     if ((d->params.p == NULL && p == NULL)
 266         || (d->params.q == NULL && q == NULL)
 267         || (d->params.g == NULL && g == NULL))
 268         return 0;
 269
 270     ossl_ffc_params_set0_pqg(&d->params, p, q, g);
 271     d->dirty_cnt++;
 272
 273     return 1;
 274 }
 275
 276 const BIGNUM *DSA_get0_p(const DSA *d)
 277 {
 278     return d->params.p;
 279 }
 280
 281 const BIGNUM *DSA_get0_q(const DSA *d)
 282 {
 283     return d->params.q;
 284 }
 285
 286 const BIGNUM *DSA_get0_g(const DSA *d)
 287 {
 288     return d->params.g;
 289 }
 290
 291 const BIGNUM *DSA_get0_pub_key(const DSA *d)
 292 {
 293     return d->pub_key;
 294 }
 295
 296 const BIGNUM *DSA_get0_priv_key(const DSA *d)
 297 {
 298     return d->priv_key;
 299 }
 300
 301 void DSA_get0_key(const DSA *d,
 302                   const BIGNUM **pub_key, const BIGNUM **priv_key)
 303 {
 304     if (pub_key != NULL)
 305         *pub_key = d->pub_key;
 306     if (priv_key != NULL)
 307         *priv_key = d->priv_key;
 308 }
 309
 310 int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
 311 {
 312     if (pub_key != NULL) {
 313         BN_free(d->pub_key);
 314         d->pub_key = pub_key;
 315     }
 316     if (priv_key != NULL) {
 317         BN_free(d->priv_key);
 318         d->priv_key = priv_key;
 319     }
 320     d->dirty_cnt++;
 321
 322     return 1;
 323 }
 324
 325 int DSA_security_bits(const DSA *d)
 326 {
 327     if (d->params.p != NULL && d->params.q != NULL)
 328         return BN_security_bits(BN_num_bits(d->params.p),
 329                                 BN_num_bits(d->params.q));
 330     return -1;
 331 }
 332
 333 int DSA_bits(const DSA *dsa)
 334 {
 335     if (dsa->params.p != NULL)
 336         return BN_num_bits(dsa->params.p);
 337     return -1;
 338 }
 339
 340 FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa)
 341 {
 342     return &dsa->params;
 343 }
 344
 345 int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
 346 {
 347     int ret;
 348     FFC_PARAMS *ffc;
 349
 350     if (dsa == NULL)
 351         return 0;
 352     ffc = ossl_dsa_get0_params(dsa);
 353     if (ffc == NULL)
 354         return 0;
 355
 356     ret = ossl_ffc_params_fromdata(ffc, params);
 357     if (ret)
 358         dsa->dirty_cnt++;
 359     return ret;
 360 }
 361