diff options
author | Matt Caswell <matt@openssl.org> | 2016-03-30 15:21:39 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-04-03 00:23:56 +0100 |
commit | 1258396d73cf937e4daaf2c35377011b9366f956 (patch) | |
tree | 6448183bf775904be79b29786795ade508f7fe4d /crypto | |
parent | 25c78440d21c814705e0e50c6e567300936aa02b (diff) | |
download | openssl-1258396d73cf937e4daaf2c35377011b9366f956.tar.gz |
Make the DSA structure opaque
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_asn1.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_key.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_lib.c | 75 | ||||
-rw-r--r-- | crypto/dsa/dsa_locl.h | 23 | ||||
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_sign.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_vrf.c | 2 | ||||
-rw-r--r-- | crypto/pem/pvkfmt.c | 55 |
9 files changed, 140 insertions, 25 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index f0f28bdf2a..54cdb3dae0 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -60,7 +60,7 @@ #include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/asn1.h> -#include <openssl/dsa.h> +#include "dsa_locl.h" #include <openssl/bn.h> #include <openssl/cms.h> #include "internal/asn1_int.h" diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index c338b5f3a8..1468fb1e66 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -58,7 +58,7 @@ #include <stdio.h> #include "internal/cryptlib.h" -#include <openssl/dsa.h> +#include "dsa_locl.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/rand.h> diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 831c2b1d9b..441588498e 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -59,7 +59,7 @@ #include <time.h> #include "internal/cryptlib.h" #include <openssl/bn.h> -#include <openssl/dsa.h> +#include "dsa_locl.h" #include <openssl/rand.h> static int dsa_builtin_keygen(DSA *dsa); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index fa8330fd84..08226181f9 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -60,7 +60,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> -#include <openssl/dsa.h> +#include "dsa_locl.h" #include <openssl/asn1.h> #include <openssl/engine.h> #include <openssl/dh.h> @@ -280,3 +280,76 @@ DH *DSA_dup_DH(const DSA *r) return NULL; } #endif + +BIGNUM *DSA_get0_p(const DSA *d) +{ + return d->p; +} + +BIGNUM *DSA_get0_q(const DSA *d) +{ + return d->q; +} + +BIGNUM *DSA_get0_g(const DSA *d) +{ + return d->g; +} + +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if (p == NULL || q == NULL || g == NULL) + return 0; + BN_free(d->p); + BN_free(d->q); + BN_free(d->g); + d->p = p; + d->q = q; + d->g = g; + + return 1; +} + +BIGNUM *DSA_get0_priv_key(const DSA *d) +{ + return d->priv_key; +} + +BIGNUM *DSA_get0_pub_key(const DSA *d) +{ + return d->pub_key; +} + +void DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +{ + /* Note that it is valid for priv_key to be NULL */ + if (pub_key == NULL) + return 0; + + BN_free(d->pub_key); + BN_free(d->priv_key); + d->pub_key = pub_key; + d->priv_key = priv_key; + + return 1; +} + +void DSA_clear_flags(DSA *d, int flags) +{ + d->flags &= ~flags; +} + +int DSA_test_flags(const DSA *d, int flags) +{ + return d->flags & flags; +} + +void DSA_set_flags(DSA *d, int flags) +{ + d->flags |= flags; +} + +ENGINE *DSA_get0_engine(DSA *d) +{ + return d->engine; +} diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h index 6182495848..9b25634ae3 100644 --- a/crypto/dsa/dsa_locl.h +++ b/crypto/dsa/dsa_locl.h @@ -54,6 +54,29 @@ #include <openssl/dsa.h> +struct dsa_st { + /* + * This first variable is used to pick up errors where a DSA is passed + * instead of of a EVP_PKEY + */ + int pad; + long version; + BIGNUM *p; + BIGNUM *q; /* == 20 */ + BIGNUM *g; + BIGNUM *pub_key; /* y public key */ + BIGNUM *priv_key; /* x private key */ + int flags; + /* Normally used to cache montgomery values */ + BN_MONT_CTX *method_mont_p; + int references; + CRYPTO_EX_DATA ex_data; + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + CRYPTO_RWLOCK *lock; +}; + int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 31a6d53c9a..92855537b8 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -61,7 +61,7 @@ #include "internal/cryptlib.h" #include <openssl/bn.h> #include <openssl/sha.h> -#include <openssl/dsa.h> +#include "dsa_locl.h" #include <openssl/rand.h> #include <openssl/asn1.h> diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index ca712cf201..b9dcd5b28d 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -58,7 +58,7 @@ /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ #include "internal/cryptlib.h" -#include <openssl/dsa.h> +#include "dsa_locl.h" #include <openssl/rand.h> #include <openssl/bn.h> diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 6724b7545f..6ce9968eaf 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -58,7 +58,7 @@ /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ #include "internal/cryptlib.h" -#include <openssl/dsa.h> +#include "dsa_locl.h" int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 117d2b794d..ac4b84c59e 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -289,34 +289,48 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, DSA *dsa = NULL; BN_CTX *ctx = NULL; unsigned int nbyte; + BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL; + BIGNUM *pub_key = NULL; + nbyte = (bitlen + 7) >> 3; dsa = DSA_new(); ret = EVP_PKEY_new(); if (dsa == NULL || ret == NULL) goto memerr; - if (!read_lebn(&p, nbyte, &dsa->p)) + if (!read_lebn(&p, nbyte, &pbn)) goto memerr; - if (!read_lebn(&p, 20, &dsa->q)) + + if (!read_lebn(&p, 20, &qbn)) goto memerr; - if (!read_lebn(&p, nbyte, &dsa->g)) + + if (!read_lebn(&p, nbyte, &gbn)) goto memerr; + if (ispub) { - if (!read_lebn(&p, nbyte, &dsa->pub_key)) + if (!read_lebn(&p, nbyte, &pub_key)) goto memerr; } else { - if (!read_lebn(&p, 20, &dsa->priv_key)) + if (!read_lebn(&p, 20, &priv_key)) goto memerr; + /* Calculate public key */ - if ((dsa->pub_key = BN_new()) == NULL) + pub_key = BN_new(); + if (pub_key == NULL) goto memerr; if ((ctx = BN_CTX_new()) == NULL) goto memerr; - if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) + if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx)) goto memerr; + BN_CTX_free(ctx); } + if (!DSA_set0_pqg(dsa, pbn, qbn, gbn)) + goto memerr; + pbn = qbn = gbn = NULL; + if (!DSA_set0_key(dsa, pub_key, priv_key)) + goto memerr; EVP_PKEY_set1_DSA(ret, dsa); DSA_free(dsa); @@ -326,6 +340,11 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, memerr: PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); DSA_free(dsa); + BN_free(pbn); + BN_free(qbn); + BN_free(gbn); + BN_free(pub_key); + BN_free(priv_key); EVP_PKEY_free(ret); BN_CTX_free(ctx); return NULL; @@ -484,16 +503,16 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) { int bitlen; - bitlen = BN_num_bits(dsa->p); - if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) - || (BN_num_bits(dsa->g) > bitlen)) + bitlen = BN_num_bits(DSA_get0_p(dsa)); + if ((bitlen & 7) || (BN_num_bits(DSA_get0_q(dsa)) != 160) + || (BN_num_bits(DSA_get0_g(dsa)) > bitlen)) goto badkey; if (ispub) { - if (BN_num_bits(dsa->pub_key) > bitlen) + if (BN_num_bits(DSA_get0_pub_key(dsa)) > bitlen) goto badkey; *pmagic = MS_DSS1MAGIC; } else { - if (BN_num_bits(dsa->priv_key) > 160) + if (BN_num_bits(DSA_get0_priv_key(dsa)) > 160) goto badkey; *pmagic = MS_DSS2MAGIC; } @@ -555,14 +574,14 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub) static void write_dsa(unsigned char **out, DSA *dsa, int ispub) { int nbyte; - nbyte = BN_num_bytes(dsa->p); - write_lebn(out, dsa->p, nbyte); - write_lebn(out, dsa->q, 20); - write_lebn(out, dsa->g, nbyte); + nbyte = BN_num_bytes(DSA_get0_p(dsa)); + write_lebn(out, DSA_get0_p(dsa), nbyte); + write_lebn(out, DSA_get0_q(dsa), 20); + write_lebn(out, DSA_get0_g(dsa), nbyte); if (ispub) - write_lebn(out, dsa->pub_key, nbyte); + write_lebn(out, DSA_get0_pub_key(dsa), nbyte); else - write_lebn(out, dsa->priv_key, 20); + write_lebn(out, DSA_get0_priv_key(dsa), 20); /* Set "invalid" for seed structure values */ memset(*out, 0xff, 24); *out += 24; |