1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * DSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <string.h> 17 18 #include <openssl/crypto.h> 19 #include <openssl/core_dispatch.h> 20 #include <openssl/core_names.h> 21 #include <openssl/err.h> 22 #include <openssl/dsa.h> 23 #include <openssl/params.h> 24 #include <openssl/evp.h> 25 #include <openssl/proverr.h> 26 #include "internal/nelem.h" 27 #include "internal/sizes.h" 28 #include "internal/cryptlib.h" 29 #include "prov/providercommon.h" 30 #include "prov/implementations.h" 31 #include "prov/provider_ctx.h" 32 #include "prov/securitycheck.h" 33 #include "prov/der_dsa.h" 34 #include "crypto/dsa.h" 35 36 static OSSL_FUNC_signature_newctx_fn dsa_newctx; 37 static OSSL_FUNC_signature_sign_init_fn dsa_sign_init; 38 static OSSL_FUNC_signature_verify_init_fn dsa_verify_init; 39 static OSSL_FUNC_signature_sign_fn dsa_sign; 40 static OSSL_FUNC_signature_sign_message_update_fn dsa_signverify_message_update; 41 static OSSL_FUNC_signature_sign_message_final_fn dsa_sign_message_final; 42 static OSSL_FUNC_signature_verify_fn dsa_verify; 43 static OSSL_FUNC_signature_verify_message_update_fn dsa_signverify_message_update; 44 static OSSL_FUNC_signature_verify_message_final_fn dsa_verify_message_final; 45 static OSSL_FUNC_signature_digest_sign_init_fn dsa_digest_sign_init; 46 static OSSL_FUNC_signature_digest_sign_update_fn dsa_digest_signverify_update; 47 static OSSL_FUNC_signature_digest_sign_final_fn dsa_digest_sign_final; 48 static OSSL_FUNC_signature_digest_verify_init_fn dsa_digest_verify_init; 49 static OSSL_FUNC_signature_digest_verify_update_fn dsa_digest_signverify_update; 50 static OSSL_FUNC_signature_digest_verify_final_fn dsa_digest_verify_final; 51 static OSSL_FUNC_signature_freectx_fn dsa_freectx; 52 static OSSL_FUNC_signature_dupctx_fn dsa_dupctx; 53 static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types; 54 static OSSL_FUNC_signature_get_ctx_params_fn dsa_get_ctx_params; 55 static OSSL_FUNC_signature_gettable_ctx_params_fn dsa_gettable_ctx_params; 56 static OSSL_FUNC_signature_set_ctx_params_fn dsa_set_ctx_params; 57 static OSSL_FUNC_signature_settable_ctx_params_fn dsa_settable_ctx_params; 58 static OSSL_FUNC_signature_get_ctx_md_params_fn dsa_get_ctx_md_params; 59 static OSSL_FUNC_signature_gettable_ctx_md_params_fn dsa_gettable_ctx_md_params; 60 static OSSL_FUNC_signature_set_ctx_md_params_fn dsa_set_ctx_md_params; 61 static OSSL_FUNC_signature_settable_ctx_md_params_fn dsa_settable_ctx_md_params; 62 static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params; 63 static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params; 64 65 /* 66 * What's passed as an actual key is defined by the KEYMGMT interface. 67 * We happen to know that our KEYMGMT simply passes DSA structures, so 68 * we use that here too. 69 */ 70 71 typedef struct { 72 OSSL_LIB_CTX *libctx; 73 char *propq; 74 DSA *dsa; 75 /* |operation| reuses EVP's operation bitfield */ 76 int operation; 77 78 /* 79 * Flag to determine if a full sigalg is run (1) or if a composable 80 * signature algorithm is run (0). 81 * 82 * When a full sigalg is run (1), this currently affects the following 83 * other flags, which are to remain untouched after their initialization: 84 * 85 * - flag_allow_md (initialized to 0) 86 */ 87 unsigned int flag_sigalg : 1; 88 /* 89 * Flag to determine if the hash function can be changed (1) or not (0) 90 * Because it's dangerous to change during a DigestSign or DigestVerify 91 * operation, this flag is cleared by their Init function, and set again 92 * by their Final function. 93 */ 94 unsigned int flag_allow_md : 1; 95 96 /* If this is set to 1 then the generated k is not random */ 97 unsigned int nonce_type; 98 99 /* The Algorithm Identifier of the combined signature algorithm */ 100 unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; 101 size_t aid_len; 102 103 /* main digest */ 104 char mdname[OSSL_MAX_NAME_SIZE]; 105 EVP_MD *md; 106 EVP_MD_CTX *mdctx; 107 108 /* Signature, for verification */ 109 unsigned char *sig; 110 size_t siglen; 111 112 OSSL_FIPS_IND_DECLARE 113 } PROV_DSA_CTX; 114 115 static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx) 116 { 117 int md_size; 118 119 if (pdsactx->md != NULL) { 120 md_size = EVP_MD_get_size(pdsactx->md); 121 if (md_size <= 0) 122 return 0; 123 return (size_t)md_size; 124 } 125 return 0; 126 } 127 128 static void *dsa_newctx(void *provctx, const char *propq) 129 { 130 PROV_DSA_CTX *pdsactx; 131 132 if (!ossl_prov_is_running()) 133 return NULL; 134 135 pdsactx = OPENSSL_zalloc(sizeof(PROV_DSA_CTX)); 136 if (pdsactx == NULL) 137 return NULL; 138 139 pdsactx->libctx = PROV_LIBCTX_OF(provctx); 140 pdsactx->flag_allow_md = 1; 141 OSSL_FIPS_IND_INIT(pdsactx) 142 if (propq != NULL && (pdsactx->propq = OPENSSL_strdup(propq)) == NULL) { 143 OPENSSL_free(pdsactx); 144 pdsactx = NULL; 145 } 146 return pdsactx; 147 } 148 149 static int dsa_setup_md(PROV_DSA_CTX *ctx, 150 const char *mdname, const char *mdprops, 151 const char *desc) 152 { 153 EVP_MD *md = NULL; 154 155 if (mdprops == NULL) 156 mdprops = ctx->propq; 157 158 if (mdname != NULL) { 159 WPACKET pkt; 160 int md_nid; 161 size_t mdname_len = strlen(mdname); 162 unsigned char *aid = NULL; 163 164 md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); 165 md_nid = ossl_digest_get_approved_nid(md); 166 167 if (md == NULL) { 168 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, 169 "%s could not be fetched", mdname); 170 goto err; 171 } 172 if (md_nid == NID_undef) { 173 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, 174 "digest=%s", mdname); 175 goto err; 176 } 177 if (mdname_len >= sizeof(ctx->mdname)) { 178 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, 179 "%s exceeds name buffer length", mdname); 180 goto err; 181 } 182 /* XOF digests don't work */ 183 if (EVP_MD_xof(md)) { 184 ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); 185 goto err; 186 } 187 #ifdef FIPS_MODULE 188 { 189 int sha1_allowed 190 = ((ctx->operation 191 & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); 192 193 if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), 194 OSSL_FIPS_IND_SETTABLE1, 195 ctx->libctx, 196 md_nid, sha1_allowed, desc, 197 ossl_fips_config_signature_digest_check)) 198 goto err; 199 } 200 #endif 201 202 if (!ctx->flag_allow_md) { 203 if (ctx->mdname[0] != '\0' 204 && !EVP_MD_is_a(md, ctx->mdname)) { 205 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, 206 "digest %s != %s", mdname, ctx->mdname); 207 goto err; 208 } 209 EVP_MD_free(md); 210 return 1; 211 } 212 213 EVP_MD_CTX_free(ctx->mdctx); 214 EVP_MD_free(ctx->md); 215 216 /* 217 * We do not care about DER writing errors. 218 * All it really means is that for some reason, there's no 219 * AlgorithmIdentifier to be had, but the operation itself is 220 * still valid, just as long as it's not used to construct 221 * anything that needs an AlgorithmIdentifier. 222 */ 223 ctx->aid_len = 0; 224 if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) 225 && ossl_DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa, 226 md_nid) 227 && WPACKET_finish(&pkt)) { 228 WPACKET_get_total_written(&pkt, &ctx->aid_len); 229 aid = WPACKET_get_curr(&pkt); 230 } 231 WPACKET_cleanup(&pkt); 232 if (aid != NULL && ctx->aid_len != 0) 233 memmove(ctx->aid_buf, aid, ctx->aid_len); 234 235 ctx->mdctx = NULL; 236 ctx->md = md; 237 OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); 238 } 239 240 return 1; 241 err: 242 EVP_MD_free(md); 243 return 0; 244 } 245 246 #ifdef FIPS_MODULE 247 248 static int dsa_sign_check_approved(PROV_DSA_CTX *ctx, int signing, 249 const char *desc) 250 { 251 /* DSA Signing is not approved in FIPS 140-3 */ 252 if (signing 253 && !OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE2, 254 ctx->libctx, desc, "DSA", 255 ossl_fips_config_dsa_sign_disallowed)) 256 return 0; 257 return 1; 258 } 259 260 static int dsa_check_key(PROV_DSA_CTX *ctx, int sign, const char *desc) 261 { 262 int approved = ossl_dsa_check_key(ctx->dsa, sign); 263 264 if (!approved) { 265 if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, 266 ctx->libctx, desc, "DSA Key", 267 ossl_fips_config_signature_digest_check)) { 268 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 269 return 0; 270 } 271 } 272 return 1; 273 } 274 #endif 275 276 static int 277 dsa_signverify_init(void *vpdsactx, void *vdsa, 278 OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, 279 const OSSL_PARAM params[], int operation, 280 const char *desc) 281 { 282 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 283 284 if (!ossl_prov_is_running() 285 || pdsactx == NULL) 286 return 0; 287 288 if (vdsa == NULL && pdsactx->dsa == NULL) { 289 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); 290 return 0; 291 } 292 293 if (vdsa != NULL) { 294 if (!DSA_up_ref(vdsa)) 295 return 0; 296 DSA_free(pdsactx->dsa); 297 pdsactx->dsa = vdsa; 298 } 299 300 pdsactx->operation = operation; 301 302 OSSL_FIPS_IND_SET_APPROVED(pdsactx) 303 if (!set_ctx_params(pdsactx, params)) 304 return 0; 305 #ifdef FIPS_MODULE 306 { 307 int operation_is_sign 308 = (operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) != 0; 309 310 if (!dsa_sign_check_approved(pdsactx, operation_is_sign, desc)) 311 return 0; 312 if (!dsa_check_key(pdsactx, operation_is_sign, desc)) 313 return 0; 314 } 315 #endif 316 return 1; 317 } 318 319 static int dsa_sign_init(void *vpdsactx, void *vdsa, const OSSL_PARAM params[]) 320 { 321 return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, 322 EVP_PKEY_OP_SIGN, "DSA Sign Init"); 323 } 324 325 /* 326 * Sign tbs without digesting it first. This is suitable for "primitive" 327 * signing and signing the digest of a message, i.e. should be used with 328 * implementations of the keytype related algorithms. 329 */ 330 static int dsa_sign_directly(void *vpdsactx, 331 unsigned char *sig, size_t *siglen, size_t sigsize, 332 const unsigned char *tbs, size_t tbslen) 333 { 334 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 335 int ret; 336 unsigned int sltmp; 337 size_t dsasize = DSA_size(pdsactx->dsa); 338 size_t mdsize = dsa_get_md_size(pdsactx); 339 340 if (!ossl_prov_is_running()) 341 return 0; 342 343 #ifdef FIPS_MODULE 344 if (!dsa_sign_check_approved(pdsactx, 1, "Sign")) 345 return 0; 346 #endif 347 348 if (sig == NULL) { 349 *siglen = dsasize; 350 return 1; 351 } 352 353 if (sigsize < dsasize) 354 return 0; 355 356 if (mdsize != 0 && tbslen != mdsize) 357 return 0; 358 359 ret = ossl_dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa, 360 pdsactx->nonce_type, pdsactx->mdname, 361 pdsactx->libctx, pdsactx->propq); 362 if (ret <= 0) 363 return 0; 364 365 *siglen = sltmp; 366 return 1; 367 } 368 369 static int dsa_signverify_message_update(void *vpdsactx, 370 const unsigned char *data, 371 size_t datalen) 372 { 373 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 374 375 if (pdsactx == NULL) 376 return 0; 377 378 return EVP_DigestUpdate(pdsactx->mdctx, data, datalen); 379 } 380 381 static int dsa_sign_message_final(void *vpdsactx, unsigned char *sig, 382 size_t *siglen, size_t sigsize) 383 { 384 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 385 unsigned char digest[EVP_MAX_MD_SIZE]; 386 unsigned int dlen = 0; 387 388 if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) 389 return 0; 390 /* 391 * If sig is NULL then we're just finding out the sig size. Other fields 392 * are ignored. Defer to dsa_sign. 393 */ 394 if (sig != NULL) { 395 /* 396 * When this function is used through dsa_digest_sign_final(), 397 * there is the possibility that some externally provided digests 398 * exceed EVP_MAX_MD_SIZE. We should probably handle that 399 * somehow but that problem is much larger than just in DSA. 400 */ 401 if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) 402 return 0; 403 } 404 405 return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen); 406 } 407 408 /* 409 * If signing a message, digest tbs and sign the result. 410 * Otherwise, sign tbs directly. 411 */ 412 static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, 413 size_t sigsize, const unsigned char *tbs, size_t tbslen) 414 { 415 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 416 417 if (pdsactx->operation == EVP_PKEY_OP_SIGNMSG) { 418 /* 419 * If |sig| is NULL, the caller is only looking for the sig length. 420 * DO NOT update the input in this case. 421 */ 422 if (sig == NULL) 423 return dsa_sign_message_final(pdsactx, sig, siglen, sigsize); 424 425 if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0) 426 return 0; 427 return dsa_sign_message_final(pdsactx, sig, siglen, sigsize); 428 } 429 return dsa_sign_directly(pdsactx, sig, siglen, sigsize, tbs, tbslen); 430 } 431 432 static int dsa_verify_init(void *vpdsactx, void *vdsa, 433 const OSSL_PARAM params[]) 434 { 435 return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, 436 EVP_PKEY_OP_VERIFY, "DSA Verify Init"); 437 } 438 439 static int dsa_verify_directly(void *vpdsactx, 440 const unsigned char *sig, size_t siglen, 441 const unsigned char *tbs, size_t tbslen) 442 { 443 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 444 size_t mdsize = dsa_get_md_size(pdsactx); 445 446 if (!ossl_prov_is_running() || (mdsize != 0 && tbslen != mdsize)) 447 return 0; 448 449 return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa); 450 } 451 452 static int dsa_verify_set_sig(void *vpdsactx, 453 const unsigned char *sig, size_t siglen) 454 { 455 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 456 OSSL_PARAM params[2]; 457 458 params[0] = 459 OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, 460 (unsigned char *)sig, siglen); 461 params[1] = OSSL_PARAM_construct_end(); 462 return dsa_sigalg_set_ctx_params(pdsactx, params); 463 } 464 465 static int dsa_verify_message_final(void *vpdsactx) 466 { 467 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 468 unsigned char digest[EVP_MAX_MD_SIZE]; 469 unsigned int dlen = 0; 470 471 if (!ossl_prov_is_running()) 472 return 0; 473 474 if (pdsactx == NULL || pdsactx->mdctx == NULL) 475 return 0; 476 477 /* 478 * The digests used here are all known (see dsa_get_md_nid()), so they 479 * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. 480 */ 481 if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) 482 return 0; 483 484 return dsa_verify_directly(vpdsactx, pdsactx->sig, pdsactx->siglen, 485 digest, dlen); 486 } 487 488 /* 489 * If verifying a message, digest tbs and verify the result. 490 * Otherwise, verify tbs directly. 491 */ 492 static int dsa_verify(void *vpdsactx, 493 const unsigned char *sig, size_t siglen, 494 const unsigned char *tbs, size_t tbslen) 495 { 496 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 497 498 if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) { 499 if (dsa_verify_set_sig(pdsactx, sig, siglen) <= 0) 500 return 0; 501 if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0) 502 return 0; 503 return dsa_verify_message_final(pdsactx); 504 } 505 return dsa_verify_directly(pdsactx, sig, siglen, tbs, tbslen); 506 } 507 508 /* DigestSign/DigestVerify wrappers */ 509 510 static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, 511 void *vdsa, const OSSL_PARAM params[], 512 int operation, const char *desc) 513 { 514 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 515 516 if (!ossl_prov_is_running()) 517 return 0; 518 519 if (!dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, 520 operation, desc)) 521 return 0; 522 523 if (mdname != NULL 524 /* was dsa_setup_md already called in dsa_signverify_init()? */ 525 && (mdname[0] == '\0' || OPENSSL_strcasecmp(pdsactx->mdname, mdname) != 0) 526 && !dsa_setup_md(pdsactx, mdname, NULL, desc)) 527 return 0; 528 529 pdsactx->flag_allow_md = 0; 530 531 if (pdsactx->mdctx == NULL) { 532 pdsactx->mdctx = EVP_MD_CTX_new(); 533 if (pdsactx->mdctx == NULL) 534 goto error; 535 } 536 537 if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params)) 538 goto error; 539 540 return 1; 541 542 error: 543 EVP_MD_CTX_free(pdsactx->mdctx); 544 pdsactx->mdctx = NULL; 545 return 0; 546 } 547 548 static int dsa_digest_sign_init(void *vpdsactx, const char *mdname, 549 void *vdsa, const OSSL_PARAM params[]) 550 { 551 return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, 552 EVP_PKEY_OP_SIGNMSG, 553 "DSA Digest Sign Init"); 554 } 555 556 static int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, 557 size_t datalen) 558 { 559 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 560 561 if (pdsactx == NULL) 562 return 0; 563 /* Sigalg implementations shouldn't do digest_sign */ 564 if (pdsactx->flag_sigalg) 565 return 0; 566 567 return dsa_signverify_message_update(vpdsactx, data, datalen); 568 } 569 570 static int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, 571 size_t *siglen, size_t sigsize) 572 { 573 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 574 int ok = 0; 575 576 if (pdsactx == NULL) 577 return 0; 578 /* Sigalg implementations shouldn't do digest_sign */ 579 if (pdsactx->flag_sigalg) 580 return 0; 581 582 ok = dsa_sign_message_final(pdsactx, sig, siglen, sigsize); 583 584 pdsactx->flag_allow_md = 1; 585 586 return ok; 587 } 588 589 static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, 590 void *vdsa, const OSSL_PARAM params[]) 591 { 592 return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, 593 EVP_PKEY_OP_VERIFYMSG, 594 "DSA Digest Verify Init"); 595 } 596 597 int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, 598 size_t siglen) 599 { 600 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 601 int ok = 0; 602 603 if (pdsactx == NULL) 604 return 0; 605 /* Sigalg implementations shouldn't do digest_verify */ 606 if (pdsactx->flag_sigalg) 607 return 0; 608 609 if (dsa_verify_set_sig(pdsactx, sig, siglen)) 610 ok = dsa_verify_message_final(vpdsactx); 611 612 pdsactx->flag_allow_md = 1; 613 614 return ok; 615 } 616 617 static void dsa_freectx(void *vpdsactx) 618 { 619 PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx; 620 621 EVP_MD_CTX_free(ctx->mdctx); 622 EVP_MD_free(ctx->md); 623 OPENSSL_free(ctx->sig); 624 OPENSSL_free(ctx->propq); 625 DSA_free(ctx->dsa); 626 OPENSSL_free(ctx); 627 } 628 629 static void *dsa_dupctx(void *vpdsactx) 630 { 631 PROV_DSA_CTX *srcctx = (PROV_DSA_CTX *)vpdsactx; 632 PROV_DSA_CTX *dstctx; 633 634 if (!ossl_prov_is_running()) 635 return NULL; 636 637 dstctx = OPENSSL_zalloc(sizeof(*srcctx)); 638 if (dstctx == NULL) 639 return NULL; 640 641 *dstctx = *srcctx; 642 dstctx->dsa = NULL; 643 dstctx->propq = NULL; 644 645 if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa)) 646 goto err; 647 dstctx->dsa = srcctx->dsa; 648 649 if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) 650 goto err; 651 dstctx->md = srcctx->md; 652 653 if (srcctx->mdctx != NULL) { 654 dstctx->mdctx = EVP_MD_CTX_new(); 655 if (dstctx->mdctx == NULL 656 || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) 657 goto err; 658 } 659 660 if (srcctx->propq != NULL) { 661 dstctx->propq = OPENSSL_strdup(srcctx->propq); 662 if (dstctx->propq == NULL) 663 goto err; 664 } 665 666 return dstctx; 667 err: 668 dsa_freectx(dstctx); 669 return NULL; 670 } 671 672 static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) 673 { 674 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 675 OSSL_PARAM *p; 676 677 if (pdsactx == NULL) 678 return 0; 679 680 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); 681 if (p != NULL 682 && !OSSL_PARAM_set_octet_string(p, 683 pdsactx->aid_len == 0 ? NULL : pdsactx->aid_buf, 684 pdsactx->aid_len)) 685 return 0; 686 687 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); 688 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->mdname)) 689 return 0; 690 691 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); 692 if (p != NULL && !OSSL_PARAM_set_uint(p, pdsactx->nonce_type)) 693 return 0; 694 if (!OSSL_FIPS_IND_GET_CTX_PARAM(pdsactx, params)) 695 return 0; 696 697 return 1; 698 } 699 700 static const OSSL_PARAM known_gettable_ctx_params[] = { 701 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), 702 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), 703 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), 704 OSSL_FIPS_IND_GETTABLE_CTX_PARAM() 705 OSSL_PARAM_END 706 }; 707 708 static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, 709 ossl_unused void *provctx) 710 { 711 return known_gettable_ctx_params; 712 } 713 714 /** 715 * @brief Setup common params for dsa_set_ctx_params and dsa_sigalg_set_ctx_params 716 * The caller is responsible for checking |vpdsactx| is not NULL and |params| 717 * is not empty. 718 */ 719 static int dsa_common_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) 720 { 721 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 722 const OSSL_PARAM *p; 723 724 if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE0, params, 725 OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)) 726 return 0; 727 if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE1, params, 728 OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)) 729 return 0; 730 if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE2, params, 731 OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK)) 732 return 0; 733 734 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); 735 if (p != NULL 736 && !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type)) 737 return 0; 738 return 1; 739 } 740 741 #define DSA_COMMON_SETTABLE_CTX_PARAMS \ 742 OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \ 743 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \ 744 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \ 745 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) \ 746 OSSL_PARAM_END 747 748 static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) 749 { 750 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 751 const OSSL_PARAM *p; 752 int ret; 753 754 if (pdsactx == NULL) 755 return 0; 756 if (ossl_param_is_empty(params)) 757 return 1; 758 759 if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) 760 return ret; 761 762 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); 763 if (p != NULL) { 764 char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; 765 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; 766 const OSSL_PARAM *propsp = 767 OSSL_PARAM_locate_const(params, 768 OSSL_SIGNATURE_PARAM_PROPERTIES); 769 770 if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) 771 return 0; 772 if (propsp != NULL 773 && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) 774 return 0; 775 if (!dsa_setup_md(pdsactx, mdname, mdprops, "DSA Set Ctx")) 776 return 0; 777 } 778 return 1; 779 } 780 781 static const OSSL_PARAM settable_ctx_params[] = { 782 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), 783 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), 784 DSA_COMMON_SETTABLE_CTX_PARAMS 785 }; 786 787 static const OSSL_PARAM settable_ctx_params_no_digest[] = { 788 OSSL_PARAM_END 789 }; 790 791 static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx, 792 ossl_unused void *provctx) 793 { 794 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 795 796 if (pdsactx != NULL && !pdsactx->flag_allow_md) 797 return settable_ctx_params_no_digest; 798 return settable_ctx_params; 799 } 800 801 static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params) 802 { 803 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 804 805 if (pdsactx->mdctx == NULL) 806 return 0; 807 808 return EVP_MD_CTX_get_params(pdsactx->mdctx, params); 809 } 810 811 static const OSSL_PARAM *dsa_gettable_ctx_md_params(void *vpdsactx) 812 { 813 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 814 815 if (pdsactx->md == NULL) 816 return 0; 817 818 return EVP_MD_gettable_ctx_params(pdsactx->md); 819 } 820 821 static int dsa_set_ctx_md_params(void *vpdsactx, const OSSL_PARAM params[]) 822 { 823 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 824 825 if (pdsactx->mdctx == NULL) 826 return 0; 827 828 return EVP_MD_CTX_set_params(pdsactx->mdctx, params); 829 } 830 831 static const OSSL_PARAM *dsa_settable_ctx_md_params(void *vpdsactx) 832 { 833 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 834 835 if (pdsactx->md == NULL) 836 return 0; 837 838 return EVP_MD_settable_ctx_params(pdsactx->md); 839 } 840 841 const OSSL_DISPATCH ossl_dsa_signature_functions[] = { 842 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, 843 { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))dsa_sign_init }, 844 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, 845 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))dsa_verify_init }, 846 { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))dsa_verify }, 847 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, 848 (void (*)(void))dsa_digest_sign_init }, 849 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, 850 (void (*)(void))dsa_digest_signverify_update }, 851 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, 852 (void (*)(void))dsa_digest_sign_final }, 853 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, 854 (void (*)(void))dsa_digest_verify_init }, 855 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, 856 (void (*)(void))dsa_digest_signverify_update }, 857 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, 858 (void (*)(void))dsa_digest_verify_final }, 859 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, 860 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, 861 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))dsa_get_ctx_params }, 862 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, 863 (void (*)(void))dsa_gettable_ctx_params }, 864 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))dsa_set_ctx_params }, 865 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, 866 (void (*)(void))dsa_settable_ctx_params }, 867 { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, 868 (void (*)(void))dsa_get_ctx_md_params }, 869 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, 870 (void (*)(void))dsa_gettable_ctx_md_params }, 871 { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, 872 (void (*)(void))dsa_set_ctx_md_params }, 873 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, 874 (void (*)(void))dsa_settable_ctx_md_params }, 875 OSSL_DISPATCH_END 876 }; 877 878 /* ------------------------------------------------------------------ */ 879 880 /* 881 * So called sigalgs (composite DSA+hash) implemented below. They 882 * are pretty much hard coded. 883 */ 884 885 static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types; 886 static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params; 887 static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params; 888 889 /* 890 * dsa_sigalg_signverify_init() is almost like dsa_digest_signverify_init(), 891 * just doesn't allow fetching an MD from whatever the user chooses. 892 */ 893 static int dsa_sigalg_signverify_init(void *vpdsactx, void *vdsa, 894 OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, 895 const OSSL_PARAM params[], 896 const char *mdname, 897 int operation, const char *desc) 898 { 899 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 900 901 if (!ossl_prov_is_running()) 902 return 0; 903 904 if (!dsa_signverify_init(vpdsactx, vdsa, set_ctx_params, params, operation, 905 desc)) 906 return 0; 907 908 if (!dsa_setup_md(pdsactx, mdname, NULL, desc)) 909 return 0; 910 911 pdsactx->flag_sigalg = 1; 912 pdsactx->flag_allow_md = 0; 913 914 if (pdsactx->mdctx == NULL) { 915 pdsactx->mdctx = EVP_MD_CTX_new(); 916 if (pdsactx->mdctx == NULL) 917 goto error; 918 } 919 920 if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params)) 921 goto error; 922 923 return 1; 924 925 error: 926 EVP_MD_CTX_free(pdsactx->mdctx); 927 pdsactx->mdctx = NULL; 928 return 0; 929 } 930 931 static const char **dsa_sigalg_query_key_types(void) 932 { 933 static const char *keytypes[] = { "DSA", NULL }; 934 935 return keytypes; 936 } 937 938 static const OSSL_PARAM settable_sigalg_ctx_params[] = { 939 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), 940 DSA_COMMON_SETTABLE_CTX_PARAMS 941 }; 942 943 static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx, 944 ossl_unused void *provctx) 945 { 946 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 947 948 if (pdsactx != NULL && pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) 949 return settable_sigalg_ctx_params; 950 return NULL; 951 } 952 953 static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) 954 { 955 PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; 956 const OSSL_PARAM *p; 957 int ret; 958 959 if (pdsactx == NULL) 960 return 0; 961 if (ossl_param_is_empty(params)) 962 return 1; 963 964 if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) 965 return ret; 966 967 if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) { 968 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE); 969 if (p != NULL) { 970 OPENSSL_free(pdsactx->sig); 971 pdsactx->sig = NULL; 972 pdsactx->siglen = 0; 973 if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig, 974 0, &pdsactx->siglen)) 975 return 0; 976 } 977 } 978 return 1; 979 } 980 981 #define IMPL_DSA_SIGALG(md, MD) \ 982 static OSSL_FUNC_signature_sign_init_fn dsa_##md##_sign_init; \ 983 static OSSL_FUNC_signature_sign_message_init_fn \ 984 dsa_##md##_sign_message_init; \ 985 static OSSL_FUNC_signature_verify_init_fn dsa_##md##_verify_init; \ 986 static OSSL_FUNC_signature_verify_message_init_fn \ 987 dsa_##md##_verify_message_init; \ 988 \ 989 static int \ 990 dsa_##md##_sign_init(void *vpdsactx, void *vdsa, \ 991 const OSSL_PARAM params[]) \ 992 { \ 993 static const char desc[] = "DSA-" #MD " Sign Init"; \ 994 \ 995 return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ 996 dsa_sigalg_set_ctx_params, \ 997 params, #MD, \ 998 EVP_PKEY_OP_SIGN, \ 999 desc); \ 1000 } \ 1001 \ 1002 static int \ 1003 dsa_##md##_sign_message_init(void *vpdsactx, void *vdsa, \ 1004 const OSSL_PARAM params[]) \ 1005 { \ 1006 static const char desc[] = "DSA-" #MD " Sign Message Init"; \ 1007 \ 1008 return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ 1009 dsa_sigalg_set_ctx_params, \ 1010 params, #MD, \ 1011 EVP_PKEY_OP_SIGNMSG, \ 1012 desc); \ 1013 } \ 1014 \ 1015 static int \ 1016 dsa_##md##_verify_init(void *vpdsactx, void *vdsa, \ 1017 const OSSL_PARAM params[]) \ 1018 { \ 1019 static const char desc[] = "DSA-" #MD " Verify Init"; \ 1020 \ 1021 return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ 1022 dsa_sigalg_set_ctx_params, \ 1023 params, #MD, \ 1024 EVP_PKEY_OP_VERIFY, \ 1025 desc); \ 1026 } \ 1027 \ 1028 static int \ 1029 dsa_##md##_verify_message_init(void *vpdsactx, void *vdsa, \ 1030 const OSSL_PARAM params[]) \ 1031 { \ 1032 static const char desc[] = "DSA-" #MD " Verify Message Init"; \ 1033 \ 1034 return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ 1035 dsa_sigalg_set_ctx_params, \ 1036 params, #MD, \ 1037 EVP_PKEY_OP_VERIFYMSG, \ 1038 desc); \ 1039 } \ 1040 \ 1041 const OSSL_DISPATCH ossl_dsa_##md##_signature_functions[] = { \ 1042 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, \ 1043 { OSSL_FUNC_SIGNATURE_SIGN_INIT, \ 1044 (void (*)(void))dsa_##md##_sign_init }, \ 1045 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, \ 1046 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \ 1047 (void (*)(void))dsa_##md##_sign_message_init }, \ 1048 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \ 1049 (void (*)(void))dsa_signverify_message_update }, \ 1050 { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \ 1051 (void (*)(void))dsa_sign_message_final }, \ 1052 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, \ 1053 (void (*)(void))dsa_##md##_verify_init }, \ 1054 { OSSL_FUNC_SIGNATURE_VERIFY, \ 1055 (void (*)(void))dsa_verify }, \ 1056 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \ 1057 (void (*)(void))dsa_##md##_verify_message_init }, \ 1058 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \ 1059 (void (*)(void))dsa_signverify_message_update }, \ 1060 { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \ 1061 (void (*)(void))dsa_verify_message_final }, \ 1062 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, \ 1063 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, \ 1064 { OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \ 1065 (void (*)(void))dsa_sigalg_query_key_types }, \ 1066 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \ 1067 (void (*)(void))dsa_get_ctx_params }, \ 1068 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \ 1069 (void (*)(void))dsa_gettable_ctx_params }, \ 1070 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ 1071 (void (*)(void))dsa_sigalg_set_ctx_params }, \ 1072 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ 1073 (void (*)(void))dsa_sigalg_settable_ctx_params }, \ 1074 OSSL_DISPATCH_END \ 1075 } 1076 1077 IMPL_DSA_SIGALG(sha1, SHA1); 1078 IMPL_DSA_SIGALG(sha224, SHA2-224); 1079 IMPL_DSA_SIGALG(sha256, SHA2-256); 1080 IMPL_DSA_SIGALG(sha384, SHA2-384); 1081 IMPL_DSA_SIGALG(sha512, SHA2-512); 1082 IMPL_DSA_SIGALG(sha3_224, SHA3-224); 1083 IMPL_DSA_SIGALG(sha3_256, SHA3-256); 1084 IMPL_DSA_SIGALG(sha3_384, SHA3-384); 1085 IMPL_DSA_SIGALG(sha3_512, SHA3-512); 1086