]>
Commit | Line | Data |
---|---|---|
4889dadc | 1 | /* |
a28d06f3 | 2 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
4889dadc MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
f41ac0ee P |
10 | /* |
11 | * DSA low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
505b41fc RL |
16 | #include <string.h> |
17 | ||
4889dadc | 18 | #include <openssl/crypto.h> |
23c48d94 | 19 | #include <openssl/core_dispatch.h> |
4889dadc | 20 | #include <openssl/core_names.h> |
505b41fc | 21 | #include <openssl/err.h> |
4889dadc MC |
22 | #include <openssl/dsa.h> |
23 | #include <openssl/params.h> | |
45a845e4 | 24 | #include <openssl/evp.h> |
8bee6512 | 25 | #include <openssl/err.h> |
2741128e | 26 | #include <openssl/proverr.h> |
505b41fc | 27 | #include "internal/nelem.h" |
c24937d5 | 28 | #include "internal/sizes.h" |
8c555803 | 29 | #include "internal/cryptlib.h" |
f590a5ea | 30 | #include "prov/providercommon.h" |
af3e7e1b | 31 | #include "prov/implementations.h" |
ddd21319 | 32 | #include "prov/provider_ctx.h" |
7a810fac | 33 | #include "prov/securitycheck.h" |
e683582b | 34 | #include "crypto/dsa.h" |
8c555803 | 35 | #include "prov/der_dsa.h" |
4889dadc | 36 | |
363b1e5d | 37 | static OSSL_FUNC_signature_newctx_fn dsa_newctx; |
e43b4482 SL |
38 | static OSSL_FUNC_signature_sign_init_fn dsa_sign_init; |
39 | static OSSL_FUNC_signature_verify_init_fn dsa_verify_init; | |
363b1e5d DMSP |
40 | static OSSL_FUNC_signature_sign_fn dsa_sign; |
41 | static OSSL_FUNC_signature_verify_fn dsa_verify; | |
e43b4482 | 42 | static OSSL_FUNC_signature_digest_sign_init_fn dsa_digest_sign_init; |
363b1e5d DMSP |
43 | static OSSL_FUNC_signature_digest_sign_update_fn dsa_digest_signverify_update; |
44 | static OSSL_FUNC_signature_digest_sign_final_fn dsa_digest_sign_final; | |
e43b4482 | 45 | static OSSL_FUNC_signature_digest_verify_init_fn dsa_digest_verify_init; |
363b1e5d DMSP |
46 | static OSSL_FUNC_signature_digest_verify_update_fn dsa_digest_signverify_update; |
47 | static OSSL_FUNC_signature_digest_verify_final_fn dsa_digest_verify_final; | |
48 | static OSSL_FUNC_signature_freectx_fn dsa_freectx; | |
49 | static OSSL_FUNC_signature_dupctx_fn dsa_dupctx; | |
50 | static OSSL_FUNC_signature_get_ctx_params_fn dsa_get_ctx_params; | |
51 | static OSSL_FUNC_signature_gettable_ctx_params_fn dsa_gettable_ctx_params; | |
52 | static OSSL_FUNC_signature_set_ctx_params_fn dsa_set_ctx_params; | |
53 | static OSSL_FUNC_signature_settable_ctx_params_fn dsa_settable_ctx_params; | |
54 | static OSSL_FUNC_signature_get_ctx_md_params_fn dsa_get_ctx_md_params; | |
55 | static OSSL_FUNC_signature_gettable_ctx_md_params_fn dsa_gettable_ctx_md_params; | |
56 | static OSSL_FUNC_signature_set_ctx_md_params_fn dsa_set_ctx_md_params; | |
57 | static OSSL_FUNC_signature_settable_ctx_md_params_fn dsa_settable_ctx_md_params; | |
4889dadc MC |
58 | |
59 | /* | |
60 | * What's passed as an actual key is defined by the KEYMGMT interface. | |
61 | * We happen to know that our KEYMGMT simply passes DSA structures, so | |
62 | * we use that here too. | |
63 | */ | |
64 | ||
65 | typedef struct { | |
b4250010 | 66 | OSSL_LIB_CTX *libctx; |
2c6094ba | 67 | char *propq; |
4889dadc | 68 | DSA *dsa; |
8bee6512 RL |
69 | |
70 | /* | |
71 | * Flag to determine if the hash function can be changed (1) or not (0) | |
72 | * Because it's dangerous to change during a DigestSign or DigestVerify | |
73 | * operation, this flag is cleared by their Init function, and set again | |
74 | * by their Final function. | |
75 | */ | |
76 | unsigned int flag_allow_md : 1; | |
77 | ||
c24937d5 | 78 | char mdname[OSSL_MAX_NAME_SIZE]; |
505b41fc | 79 | |
edd3b7a3 | 80 | /* The Algorithm Identifier of the combined signature algorithm */ |
8c555803 RL |
81 | unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; |
82 | unsigned char *aid; | |
505b41fc RL |
83 | size_t aid_len; |
84 | ||
85 | /* main digest */ | |
45a845e4 MC |
86 | EVP_MD *md; |
87 | EVP_MD_CTX *mdctx; | |
e43b4482 | 88 | int operation; |
4889dadc MC |
89 | } PROV_DSA_CTX; |
90 | ||
e43b4482 | 91 | |
8bee6512 RL |
92 | static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx) |
93 | { | |
94 | if (pdsactx->md != NULL) | |
95 | return EVP_MD_size(pdsactx->md); | |
96 | return 0; | |
97 | } | |
98 | ||
2c6094ba | 99 | static void *dsa_newctx(void *provctx, const char *propq) |
4889dadc | 100 | { |
f590a5ea P |
101 | PROV_DSA_CTX *pdsactx; |
102 | ||
103 | if (!ossl_prov_is_running()) | |
104 | return NULL; | |
45a845e4 | 105 | |
f590a5ea | 106 | pdsactx = OPENSSL_zalloc(sizeof(PROV_DSA_CTX)); |
45a845e4 MC |
107 | if (pdsactx == NULL) |
108 | return NULL; | |
109 | ||
a829b735 | 110 | pdsactx->libctx = PROV_LIBCTX_OF(provctx); |
8bee6512 | 111 | pdsactx->flag_allow_md = 1; |
2c6094ba RL |
112 | if (propq != NULL && (pdsactx->propq = OPENSSL_strdup(propq)) == NULL) { |
113 | OPENSSL_free(pdsactx); | |
114 | pdsactx = NULL; | |
115 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); | |
116 | } | |
45a845e4 | 117 | return pdsactx; |
4889dadc MC |
118 | } |
119 | ||
8bee6512 RL |
120 | static int dsa_setup_md(PROV_DSA_CTX *ctx, |
121 | const char *mdname, const char *mdprops) | |
122 | { | |
2c6094ba RL |
123 | if (mdprops == NULL) |
124 | mdprops = ctx->propq; | |
125 | ||
8bee6512 | 126 | if (mdname != NULL) { |
49ed5ba8 | 127 | int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); |
8c555803 | 128 | WPACKET pkt; |
e43b4482 | 129 | EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); |
7b676cc8 | 130 | int md_nid = ossl_digest_get_approved_nid_with_sha1(md, sha1_allowed); |
e43b4482 | 131 | size_t mdname_len = strlen(mdname); |
8bee6512 | 132 | |
8c555803 | 133 | if (md == NULL || md_nid == NID_undef) { |
e43b4482 SL |
134 | if (md == NULL) |
135 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, | |
136 | "%s could not be fetched", mdname); | |
137 | if (md_nid == NID_undef) | |
138 | ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, | |
139 | "digest=%s", mdname); | |
140 | if (mdname_len >= sizeof(ctx->mdname)) | |
141 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, | |
142 | "%s exceeds name buffer length", mdname); | |
8bee6512 RL |
143 | EVP_MD_free(md); |
144 | return 0; | |
145 | } | |
146 | ||
8c555803 RL |
147 | EVP_MD_CTX_free(ctx->mdctx); |
148 | EVP_MD_free(ctx->md); | |
149 | ||
150 | /* | |
8d05a652 | 151 | * We do not care about DER writing errors. |
8c555803 RL |
152 | * All it really means is that for some reason, there's no |
153 | * AlgorithmIdentifier to be had, but the operation itself is | |
154 | * still valid, just as long as it's not used to construct | |
155 | * anything that needs an AlgorithmIdentifier. | |
156 | */ | |
157 | ctx->aid_len = 0; | |
158 | if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) | |
a55b00bd P |
159 | && ossl_DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa, |
160 | md_nid) | |
8c555803 RL |
161 | && WPACKET_finish(&pkt)) { |
162 | WPACKET_get_total_written(&pkt, &ctx->aid_len); | |
163 | ctx->aid = WPACKET_get_curr(&pkt); | |
164 | } | |
165 | WPACKET_cleanup(&pkt); | |
166 | ||
167 | ctx->mdctx = NULL; | |
8bee6512 RL |
168 | ctx->md = md; |
169 | OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); | |
170 | } | |
171 | return 1; | |
172 | } | |
173 | ||
e43b4482 | 174 | static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation) |
4889dadc MC |
175 | { |
176 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
177 | ||
f590a5ea P |
178 | if (!ossl_prov_is_running() |
179 | || pdsactx == NULL | |
180 | || vdsa == NULL | |
181 | || !DSA_up_ref(vdsa)) | |
4889dadc MC |
182 | return 0; |
183 | DSA_free(pdsactx->dsa); | |
184 | pdsactx->dsa = vdsa; | |
e43b4482 | 185 | pdsactx->operation = operation; |
7b676cc8 | 186 | if (!ossl_dsa_check_key(vdsa, operation == EVP_PKEY_OP_SIGN)) { |
e43b4482 SL |
187 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); |
188 | return 0; | |
189 | } | |
4889dadc MC |
190 | return 1; |
191 | } | |
192 | ||
e43b4482 SL |
193 | static int dsa_sign_init(void *vpdsactx, void *vdsa) |
194 | { | |
195 | return dsa_signverify_init(vpdsactx, vdsa, EVP_PKEY_OP_SIGN); | |
196 | } | |
197 | ||
198 | static int dsa_verify_init(void *vpdsactx, void *vdsa) | |
199 | { | |
200 | return dsa_signverify_init(vpdsactx, vdsa, EVP_PKEY_OP_VERIFY); | |
201 | } | |
202 | ||
4889dadc MC |
203 | static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, |
204 | size_t sigsize, const unsigned char *tbs, size_t tbslen) | |
205 | { | |
206 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
207 | int ret; | |
208 | unsigned int sltmp; | |
209 | size_t dsasize = DSA_size(pdsactx->dsa); | |
8bee6512 | 210 | size_t mdsize = dsa_get_md_size(pdsactx); |
4889dadc | 211 | |
f590a5ea P |
212 | if (!ossl_prov_is_running()) |
213 | return 0; | |
214 | ||
4889dadc MC |
215 | if (sig == NULL) { |
216 | *siglen = dsasize; | |
217 | return 1; | |
218 | } | |
219 | ||
220 | if (sigsize < (size_t)dsasize) | |
221 | return 0; | |
222 | ||
8bee6512 | 223 | if (mdsize != 0 && tbslen != mdsize) |
4889dadc MC |
224 | return 0; |
225 | ||
5af02212 | 226 | ret = ossl_dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa); |
4889dadc MC |
227 | if (ret <= 0) |
228 | return 0; | |
229 | ||
230 | *siglen = sltmp; | |
231 | return 1; | |
232 | } | |
233 | ||
390acbeb MC |
234 | static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen, |
235 | const unsigned char *tbs, size_t tbslen) | |
236 | { | |
237 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
8bee6512 | 238 | size_t mdsize = dsa_get_md_size(pdsactx); |
390acbeb | 239 | |
f590a5ea | 240 | if (!ossl_prov_is_running() || (mdsize != 0 && tbslen != mdsize)) |
390acbeb MC |
241 | return 0; |
242 | ||
243 | return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa); | |
244 | } | |
245 | ||
45a845e4 | 246 | static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, |
e43b4482 | 247 | void *vdsa, int operation) |
45a845e4 MC |
248 | { |
249 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
45a845e4 | 250 | |
f590a5ea P |
251 | if (!ossl_prov_is_running()) |
252 | return 0; | |
253 | ||
8bee6512 | 254 | pdsactx->flag_allow_md = 0; |
e43b4482 | 255 | if (!dsa_signverify_init(vpdsactx, vdsa, operation)) |
45a845e4 MC |
256 | return 0; |
257 | ||
2c6094ba | 258 | if (!dsa_setup_md(pdsactx, mdname, NULL)) |
8bee6512 | 259 | return 0; |
505b41fc | 260 | |
45a845e4 MC |
261 | pdsactx->mdctx = EVP_MD_CTX_new(); |
262 | if (pdsactx->mdctx == NULL) | |
505b41fc | 263 | goto error; |
45a845e4 | 264 | |
505b41fc RL |
265 | if (!EVP_DigestInit_ex(pdsactx->mdctx, pdsactx->md, NULL)) |
266 | goto error; | |
45a845e4 MC |
267 | |
268 | return 1; | |
505b41fc RL |
269 | |
270 | error: | |
271 | EVP_MD_CTX_free(pdsactx->mdctx); | |
272 | EVP_MD_free(pdsactx->md); | |
273 | pdsactx->mdctx = NULL; | |
505b41fc RL |
274 | pdsactx->md = NULL; |
275 | return 0; | |
45a845e4 MC |
276 | } |
277 | ||
e43b4482 SL |
278 | static int dsa_digest_sign_init(void *vpdsactx, const char *mdname, |
279 | void *vdsa) | |
280 | { | |
281 | return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, EVP_PKEY_OP_SIGN); | |
282 | } | |
283 | ||
284 | static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, void *vdsa) | |
285 | { | |
286 | return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, EVP_PKEY_OP_VERIFY); | |
287 | } | |
288 | ||
45a845e4 MC |
289 | int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, |
290 | size_t datalen) | |
291 | { | |
292 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
293 | ||
294 | if (pdsactx == NULL || pdsactx->mdctx == NULL) | |
295 | return 0; | |
296 | ||
297 | return EVP_DigestUpdate(pdsactx->mdctx, data, datalen); | |
298 | } | |
299 | ||
300 | int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen, | |
301 | size_t sigsize) | |
302 | { | |
303 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
304 | unsigned char digest[EVP_MAX_MD_SIZE]; | |
305 | unsigned int dlen = 0; | |
306 | ||
f590a5ea | 307 | if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) |
45a845e4 MC |
308 | return 0; |
309 | ||
310 | /* | |
311 | * If sig is NULL then we're just finding out the sig size. Other fields | |
312 | * are ignored. Defer to dsa_sign. | |
313 | */ | |
314 | if (sig != NULL) { | |
315 | /* | |
8d05a652 | 316 | * There is the possibility that some externally provided |
45a845e4 MC |
317 | * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - |
318 | * but that problem is much larger than just in DSA. | |
319 | */ | |
320 | if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) | |
321 | return 0; | |
322 | } | |
323 | ||
8bee6512 RL |
324 | pdsactx->flag_allow_md = 1; |
325 | ||
45a845e4 MC |
326 | return dsa_sign(vpdsactx, sig, siglen, sigsize, digest, (size_t)dlen); |
327 | } | |
328 | ||
329 | ||
330 | int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, | |
331 | size_t siglen) | |
332 | { | |
333 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
334 | unsigned char digest[EVP_MAX_MD_SIZE]; | |
335 | unsigned int dlen = 0; | |
336 | ||
f590a5ea | 337 | if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) |
45a845e4 MC |
338 | return 0; |
339 | ||
340 | /* | |
8d05a652 | 341 | * There is the possibility that some externally provided |
45a845e4 MC |
342 | * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - |
343 | * but that problem is much larger than just in DSA. | |
344 | */ | |
345 | if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) | |
346 | return 0; | |
347 | ||
8bee6512 RL |
348 | pdsactx->flag_allow_md = 1; |
349 | ||
45a845e4 MC |
350 | return dsa_verify(vpdsactx, sig, siglen, digest, (size_t)dlen); |
351 | } | |
390acbeb | 352 | |
4889dadc MC |
353 | static void dsa_freectx(void *vpdsactx) |
354 | { | |
4f2271d5 SL |
355 | PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx; |
356 | ||
357 | OPENSSL_free(ctx->propq); | |
358 | EVP_MD_CTX_free(ctx->mdctx); | |
359 | EVP_MD_free(ctx->md); | |
360 | ctx->propq = NULL; | |
361 | ctx->mdctx = NULL; | |
362 | ctx->md = NULL; | |
4f2271d5 SL |
363 | DSA_free(ctx->dsa); |
364 | OPENSSL_free(ctx); | |
4889dadc MC |
365 | } |
366 | ||
367 | static void *dsa_dupctx(void *vpdsactx) | |
368 | { | |
369 | PROV_DSA_CTX *srcctx = (PROV_DSA_CTX *)vpdsactx; | |
370 | PROV_DSA_CTX *dstctx; | |
371 | ||
f590a5ea P |
372 | if (!ossl_prov_is_running()) |
373 | return NULL; | |
374 | ||
4889dadc MC |
375 | dstctx = OPENSSL_zalloc(sizeof(*srcctx)); |
376 | if (dstctx == NULL) | |
377 | return NULL; | |
378 | ||
379 | *dstctx = *srcctx; | |
45a845e4 MC |
380 | dstctx->dsa = NULL; |
381 | dstctx->md = NULL; | |
382 | dstctx->mdctx = NULL; | |
c2386b81 | 383 | dstctx->propq = NULL; |
45a845e4 MC |
384 | |
385 | if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa)) | |
386 | goto err; | |
387 | dstctx->dsa = srcctx->dsa; | |
388 | ||
389 | if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) | |
390 | goto err; | |
391 | dstctx->md = srcctx->md; | |
392 | ||
393 | if (srcctx->mdctx != NULL) { | |
394 | dstctx->mdctx = EVP_MD_CTX_new(); | |
395 | if (dstctx->mdctx == NULL | |
396 | || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) | |
397 | goto err; | |
4889dadc | 398 | } |
c2386b81 SL |
399 | if (srcctx->propq != NULL) { |
400 | dstctx->propq = OPENSSL_strdup(srcctx->propq); | |
401 | if (dstctx->propq == NULL) | |
402 | goto err; | |
403 | } | |
4889dadc MC |
404 | |
405 | return dstctx; | |
45a845e4 MC |
406 | err: |
407 | dsa_freectx(dstctx); | |
408 | return NULL; | |
4889dadc MC |
409 | } |
410 | ||
9c45222d MC |
411 | static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) |
412 | { | |
413 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
414 | OSSL_PARAM *p; | |
415 | ||
416 | if (pdsactx == NULL || params == NULL) | |
417 | return 0; | |
418 | ||
505b41fc RL |
419 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); |
420 | if (p != NULL | |
421 | && !OSSL_PARAM_set_octet_string(p, pdsactx->aid, pdsactx->aid_len)) | |
422 | return 0; | |
423 | ||
9c45222d | 424 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); |
8bee6512 | 425 | if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->mdname)) |
9c45222d MC |
426 | return 0; |
427 | ||
428 | return 1; | |
429 | } | |
430 | ||
431 | static const OSSL_PARAM known_gettable_ctx_params[] = { | |
505b41fc | 432 | OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), |
9c45222d MC |
433 | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
434 | OSSL_PARAM_END | |
435 | }; | |
436 | ||
fb67126e TM |
437 | static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, |
438 | ossl_unused void *provctx) | |
9c45222d MC |
439 | { |
440 | return known_gettable_ctx_params; | |
441 | } | |
442 | ||
443 | static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) | |
4889dadc MC |
444 | { |
445 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
446 | const OSSL_PARAM *p; | |
4889dadc MC |
447 | |
448 | if (pdsactx == NULL || params == NULL) | |
449 | return 0; | |
450 | ||
9c45222d | 451 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); |
8bee6512 RL |
452 | /* Not allowed during certain operations */ |
453 | if (p != NULL && !pdsactx->flag_allow_md) | |
9c45222d | 454 | return 0; |
8bee6512 RL |
455 | if (p != NULL) { |
456 | char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; | |
457 | char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; | |
458 | const OSSL_PARAM *propsp = | |
459 | OSSL_PARAM_locate_const(params, | |
460 | OSSL_SIGNATURE_PARAM_PROPERTIES); | |
461 | ||
462 | if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) | |
463 | return 0; | |
464 | if (propsp != NULL | |
465 | && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) | |
466 | return 0; | |
467 | if (!dsa_setup_md(pdsactx, mdname, mdprops)) | |
468 | return 0; | |
469 | } | |
4889dadc MC |
470 | |
471 | return 1; | |
472 | } | |
473 | ||
fb67126e | 474 | static const OSSL_PARAM settable_ctx_params[] = { |
9c45222d | 475 | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
b8086652 | 476 | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), |
9c45222d MC |
477 | OSSL_PARAM_END |
478 | }; | |
479 | ||
fb67126e TM |
480 | static const OSSL_PARAM settable_ctx_params_no_digest[] = { |
481 | OSSL_PARAM_END | |
482 | }; | |
483 | ||
484 | static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx, | |
485 | ossl_unused void *provctx) | |
9c45222d | 486 | { |
fb67126e TM |
487 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; |
488 | ||
489 | if (pdsactx != NULL && !pdsactx->flag_allow_md) | |
490 | return settable_ctx_params_no_digest; | |
491 | return settable_ctx_params; | |
9c45222d MC |
492 | } |
493 | ||
45a845e4 MC |
494 | static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params) |
495 | { | |
496 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
497 | ||
498 | if (pdsactx->mdctx == NULL) | |
499 | return 0; | |
500 | ||
501 | return EVP_MD_CTX_get_params(pdsactx->mdctx, params); | |
502 | } | |
503 | ||
504 | static const OSSL_PARAM *dsa_gettable_ctx_md_params(void *vpdsactx) | |
505 | { | |
506 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
507 | ||
508 | if (pdsactx->md == NULL) | |
509 | return 0; | |
510 | ||
511 | return EVP_MD_gettable_ctx_params(pdsactx->md); | |
512 | } | |
513 | ||
514 | static int dsa_set_ctx_md_params(void *vpdsactx, const OSSL_PARAM params[]) | |
515 | { | |
516 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
517 | ||
518 | if (pdsactx->mdctx == NULL) | |
519 | return 0; | |
520 | ||
521 | return EVP_MD_CTX_set_params(pdsactx->mdctx, params); | |
522 | } | |
523 | ||
524 | static const OSSL_PARAM *dsa_settable_ctx_md_params(void *vpdsactx) | |
525 | { | |
526 | PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; | |
527 | ||
528 | if (pdsactx->md == NULL) | |
529 | return 0; | |
530 | ||
531 | return EVP_MD_settable_ctx_params(pdsactx->md); | |
532 | } | |
533 | ||
1be63951 | 534 | const OSSL_DISPATCH ossl_dsa_signature_functions[] = { |
4889dadc | 535 | { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, |
e43b4482 | 536 | { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))dsa_sign_init }, |
4889dadc | 537 | { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, |
e43b4482 | 538 | { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))dsa_verify_init }, |
390acbeb | 539 | { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))dsa_verify }, |
45a845e4 | 540 | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, |
e43b4482 | 541 | (void (*)(void))dsa_digest_sign_init }, |
45a845e4 MC |
542 | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, |
543 | (void (*)(void))dsa_digest_signverify_update }, | |
544 | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, | |
545 | (void (*)(void))dsa_digest_sign_final }, | |
546 | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, | |
e43b4482 | 547 | (void (*)(void))dsa_digest_verify_init }, |
45a845e4 MC |
548 | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, |
549 | (void (*)(void))dsa_digest_signverify_update }, | |
550 | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, | |
551 | (void (*)(void))dsa_digest_verify_final }, | |
4889dadc MC |
552 | { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, |
553 | { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, | |
9c45222d MC |
554 | { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))dsa_get_ctx_params }, |
555 | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, | |
556 | (void (*)(void))dsa_gettable_ctx_params }, | |
557 | { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))dsa_set_ctx_params }, | |
558 | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, | |
559 | (void (*)(void))dsa_settable_ctx_params }, | |
45a845e4 MC |
560 | { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, |
561 | (void (*)(void))dsa_get_ctx_md_params }, | |
562 | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, | |
563 | (void (*)(void))dsa_gettable_ctx_md_params }, | |
564 | { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, | |
565 | (void (*)(void))dsa_set_ctx_md_params }, | |
566 | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, | |
567 | (void (*)(void))dsa_settable_ctx_md_params }, | |
4889dadc MC |
568 | { 0, NULL } |
569 | }; |