/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
static OSSL_FUNC_keymgmt_import_types_fn dsa_import_types;
static OSSL_FUNC_keymgmt_export_fn dsa_export;
static OSSL_FUNC_keymgmt_export_types_fn dsa_export_types;
+static OSSL_FUNC_keymgmt_dup_fn dsa_dup;
#define DSA_DEFAULT_MD "SHA256"
#define DSA_POSSIBLE_SELECTIONS \
(OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
struct dsa_gen_ctx {
- OPENSSL_CTX *libctx;
+ OSSL_LIB_CTX *libctx;
FFC_PARAMS *ffc_params;
int selection;
int gen_type; /* DSA_PARAMGEN_TYPE_FIPS_186_2 or DSA_PARAMGEN_TYPE_FIPS_186_4 */
int pcounter;
int hindex;
- const char *mdname;
- const char *mdprops;
+ char *mdname;
+ char *mdprops;
OSSL_CALLBACK *cb;
void *cbarg;
};
static const DSA_GENTYPE_NAME2ID dsatype2id[]=
{
+#ifdef FIPS_MODULE
{ "default", DSA_PARAMGEN_TYPE_FIPS_186_4 },
+#else
+ { "default", DSA_PARAMGEN_TYPE_FIPS_DEFAULT },
+#endif
{ "fips186_4", DSA_PARAMGEN_TYPE_FIPS_186_4 },
{ "fips186_2", DSA_PARAMGEN_TYPE_FIPS_186_2 },
};
static void *dsa_newdata(void *provctx)
{
- return dsa_new_with_ctx(PROV_LIBRARY_CONTEXT_OF(provctx));
+ if (!ossl_prov_is_running())
+ return NULL;
+ return ossl_dsa_new(PROV_LIBCTX_OF(provctx));
}
static void dsa_freedata(void *keydata)
DSA_free(keydata);
}
-static int dsa_has(void *keydata, int selection)
+static int dsa_has(const void *keydata, int selection)
{
- DSA *dsa = keydata;
- int ok = 0;
-
- if (dsa != NULL) {
- if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
- ok = 1;
-
- if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
- ok = ok && (DSA_get0_pub_key(dsa) != NULL);
- if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
- ok = ok && (DSA_get0_priv_key(dsa) != NULL);
- if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
- ok = ok && (DSA_get0_p(dsa) != NULL && DSA_get0_g(dsa) != NULL);
- }
+ const DSA *dsa = keydata;
+ int ok = 1;
+
+ if (!ossl_prov_is_running() || dsa == NULL)
+ return 0;
+ if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
+ return 1; /* the selection is not missing */
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && (DSA_get0_pub_key(dsa) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && (DSA_get0_priv_key(dsa) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
+ ok = ok && (DSA_get0_p(dsa) != NULL && DSA_get0_g(dsa) != NULL);
return ok;
}
const DSA *dsa2 = keydata2;
int ok = 1;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok
&& BN_cmp(DSA_get0_pub_key(dsa1), DSA_get0_pub_key(dsa2)) == 0;
ok = ok
&& BN_cmp(DSA_get0_priv_key(dsa1), DSA_get0_priv_key(dsa2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
- FFC_PARAMS *dsaparams1 = dsa_get0_params((DSA *)dsa1);
- FFC_PARAMS *dsaparams2 = dsa_get0_params((DSA *)dsa2);
+ FFC_PARAMS *dsaparams1 = ossl_dsa_get0_params((DSA *)dsa1);
+ FFC_PARAMS *dsaparams2 = ossl_dsa_get0_params((DSA *)dsa2);
- ok = ok && ffc_params_cmp(dsaparams1, dsaparams2, 1);
+ ok = ok && ossl_ffc_params_cmp(dsaparams1, dsaparams2, 1);
}
return ok;
}
DSA *dsa = keydata;
int ok = 1;
- if (dsa == NULL)
+ if (!ossl_prov_is_running() || dsa == NULL)
return 0;
if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
- ok = ok && dsa_ffc_params_fromdata(dsa, params);
+ ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
- ok = ok && dsa_key_fromdata(dsa, params);
+ ok = ok && ossl_dsa_key_fromdata(dsa, params);
return ok;
}
OSSL_PARAM *params = NULL;
int ok = 1;
- if (dsa == NULL)
+ if (!ossl_prov_is_running() || dsa == NULL)
goto err;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
- ok = ok && ffc_params_todata(dsa_get0_params(dsa), tmpl, NULL);
+ ok = ok && ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), tmpl, NULL);
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
ok = ok && dsa_key_todata(dsa, tmpl, NULL);
goto err;;
ok = param_cb(params, cbarg);
- OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_free(params);
err:
OSSL_PARAM_BLD_free(tmpl);
return ok;
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
&& !OSSL_PARAM_set_utf8_string(p, DSA_DEFAULT_MD))
return 0;
- return ffc_params_todata(dsa_get0_params(dsa), NULL, params)
+ return ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), NULL, params)
&& dsa_key_todata(dsa, NULL, params);
}
OSSL_PARAM_END
};
-static const OSSL_PARAM *dsa_gettable_params(void)
+static const OSSL_PARAM *dsa_gettable_params(void *provctx)
{
return dsa_params;
}
-static int dsa_validate_domparams(DSA *dsa)
+static int dsa_validate_domparams(const DSA *dsa, int checktype)
{
int status = 0;
- return dsa_check_params(dsa, &status);
+ return ossl_dsa_check_params(dsa, checktype, &status);
}
-static int dsa_validate_public(DSA *dsa)
+static int dsa_validate_public(const DSA *dsa)
{
int status = 0;
const BIGNUM *pub_key = NULL;
DSA_get0_key(dsa, &pub_key, NULL);
if (pub_key == NULL)
return 0;
- return dsa_check_pub_key(dsa, pub_key, &status);
+ return ossl_dsa_check_pub_key(dsa, pub_key, &status);
}
-static int dsa_validate_private(DSA *dsa)
+static int dsa_validate_private(const DSA *dsa)
{
int status = 0;
const BIGNUM *priv_key = NULL;
DSA_get0_key(dsa, NULL, &priv_key);
if (priv_key == NULL)
return 0;
- return dsa_check_priv_key(dsa, priv_key, &status);
+ return ossl_dsa_check_priv_key(dsa, priv_key, &status);
}
-static int dsa_validate(void *keydata, int selection)
+static int dsa_validate(const void *keydata, int selection, int checktype)
{
- DSA *dsa = keydata;
- int ok = 0;
+ const DSA *dsa = keydata;
+ int ok = 1;
+
+ if (!ossl_prov_is_running())
+ return 0;
- if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
- ok = 1;
+ if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
+ return 1; /* nothing to validate */
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
- ok = ok && dsa_validate_domparams(dsa);
+ ok = ok && dsa_validate_domparams(dsa, checktype);
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && dsa_validate_public(dsa);
/* If the whole key is selected, we do a pairwise validation */
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
== OSSL_KEYMGMT_SELECT_KEYPAIR)
- ok = ok && dsa_check_pairwise(dsa);
+ ok = ok && ossl_dsa_check_pairwise(dsa);
return ok;
}
-static void *dsa_gen_init(void *provctx, int selection)
+static void *dsa_gen_init(void *provctx, int selection,
+ const OSSL_PARAM params[])
{
- OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
struct dsa_gen_ctx *gctx = NULL;
- if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
+ if (!ossl_prov_is_running() || (selection & DSA_POSSIBLE_SELECTIONS) == 0)
return NULL;
if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
gctx->libctx = libctx;
gctx->pbits = 2048;
gctx->qbits = 224;
+#ifdef FIPS_MODULE
gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_4;
+#else
+ gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_DEFAULT;
+#endif
gctx->gindex = -1;
gctx->pcounter = -1;
gctx->hindex = 0;
}
+ if (!dsa_gen_set_params(gctx, params)) {
+ OPENSSL_free(gctx);
+ gctx = NULL;
+ }
return gctx;
}
struct dsa_gen_ctx *gctx = genctx;
DSA *dsa = templ;
- if (gctx == NULL || dsa == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL || dsa == NULL)
return 0;
- gctx->ffc_params = dsa_get0_params(dsa);
+ gctx->ffc_params = ossl_dsa_get0_params(dsa);
return 1;
}
if (gctx == NULL)
return 0;
+ if (params == NULL)
+ return 1;
+
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
if (p != NULL) {
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
- gctx->mdname = p->data;
+ OPENSSL_free(gctx->mdname);
+ gctx->mdname = OPENSSL_strdup(p->data);
+ if (gctx->mdname == NULL)
+ return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
- gctx->mdprops = p->data;
+ OPENSSL_free(gctx->mdprops);
+ gctx->mdprops = OPENSSL_strdup(p->data);
+ if (gctx->mdprops == NULL)
+ return 0;
}
return 1;
}
-static const OSSL_PARAM *dsa_gen_settable_params(void *provctx)
+static const OSSL_PARAM *dsa_gen_settable_params(ossl_unused void *genctx,
+ ossl_unused void *provctx)
{
static OSSL_PARAM settable[] = {
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
int ret = 0;
FFC_PARAMS *ffc;
- if (gctx == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
- dsa = dsa_new_with_ctx(gctx->libctx);
+ dsa = ossl_dsa_new(gctx->libctx);
if (dsa == NULL)
return NULL;
+ if (gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_DEFAULT)
+ gctx->gen_type = (gctx->pbits >= 2048 ? DSA_PARAMGEN_TYPE_FIPS_186_4 :
+ DSA_PARAMGEN_TYPE_FIPS_186_2);
+
gctx->cb = osslcb;
gctx->cbarg = cbarg;
gencb = BN_GENCB_new();
if (gencb != NULL)
BN_GENCB_set(gencb, dsa_gencb, genctx);
- ffc = dsa_get0_params(dsa);
+ ffc = ossl_dsa_get0_params(dsa);
/* Copy the template value if one was passed */
if (gctx->ffc_params != NULL
- && !ffc_params_copy(ffc, gctx->ffc_params))
+ && !ossl_ffc_params_copy(ffc, gctx->ffc_params))
goto end;
if (gctx->seed != NULL
- && !ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
+ && !ossl_ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
goto end;
if (gctx->gindex != -1) {
- ffc_params_set_gindex(ffc, gctx->gindex);
+ ossl_ffc_params_set_gindex(ffc, gctx->gindex);
if (gctx->pcounter != -1)
- ffc_params_set_pcounter(ffc, gctx->pcounter);
+ ossl_ffc_params_set_pcounter(ffc, gctx->pcounter);
} else if (gctx->hindex != 0) {
- ffc_params_set_h(ffc, gctx->hindex);
+ ossl_ffc_params_set_h(ffc, gctx->hindex);
}
if (gctx->mdname != NULL) {
- if (!ffc_set_digest(ffc, gctx->mdname, gctx->mdprops))
+ if (!ossl_ffc_set_digest(ffc, gctx->mdname, gctx->mdprops))
goto end;
}
if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
- if (dsa_generate_ffc_parameters(dsa, gctx->gen_type,
- gctx->pbits, gctx->qbits,
- gencb) <= 0)
+ if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type,
+ gctx->pbits, gctx->qbits,
+ gencb) <= 0)
goto end;
}
+ ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY,
+ gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_186_2);
if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
if (ffc->p == NULL
|| ffc->q == NULL
if (gctx == NULL)
return;
+ OPENSSL_free(gctx->mdname);
+ OPENSSL_free(gctx->mdprops);
OPENSSL_clear_free(gctx->seed, gctx->seedlen);
OPENSSL_free(gctx);
}
-void *dsa_load(const void *reference, size_t reference_sz)
+static void *dsa_load(const void *reference, size_t reference_sz)
{
DSA *dsa = NULL;
- if (reference_sz == sizeof(dsa)) {
+ if (ossl_prov_is_running() && reference_sz == sizeof(dsa)) {
/* The contents of the reference is the address to our object */
dsa = *(DSA **)reference;
/* We grabbed, so we detach it */
return NULL;
}
-const OSSL_DISPATCH dsa_keymgmt_functions[] = {
+static void *dsa_dup(const void *keydata_from)
+{
+ if (ossl_prov_is_running())
+ return ossl_dsa_dup(keydata_from);
+ return NULL;
+}
+
+const OSSL_DISPATCH ossl_dsa_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata },
{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dsa_gen_init },
{ OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dsa_gen_set_template },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dsa_import_types },
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export },
{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dsa_export_types },
+ { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dsa_dup },
{ 0, NULL }
};
projects / thirdparty / openssl.git / blobdiff