1 files changed, 0 insertions, 483 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
deleted file mode 100644
index daf2fa135b..0000000000
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/* $OpenBSD: dsa_lib.c,v 1.48 2024/03/27 01:49:31 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-#include <stdio.h>
-#include <openssl/opensslconf.h>
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include "dh_local.h"
-#include "dsa_local.h"
-static const DSA_METHOD *default_DSA_method = NULL;
-void
-DSA_set_default_method(const DSA_METHOD *meth)
-{
-        default_DSA_method = meth;
-}
-LCRYPTO_ALIAS(DSA_set_default_method);
-const DSA_METHOD *
-DSA_get_default_method(void)
-{
-        if (!default_DSA_method)
-                default_DSA_method = DSA_OpenSSL();
-        return default_DSA_method;
-}
-LCRYPTO_ALIAS(DSA_get_default_method);
-DSA *
-DSA_new(void)
-{
-        return DSA_new_method(NULL);
-}
-LCRYPTO_ALIAS(DSA_new);
-int
-DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
-{
-        /*
-         * NB: The caller is specifically setting a method, so it's not up to us
-         * to deal with which ENGINE it comes from.
-         */
-        const DSA_METHOD *mtmp;
-        mtmp = dsa->meth;
-        if (mtmp->finish)
-                mtmp->finish(dsa);
-        dsa->meth = meth;
-        if (meth->init)
-                meth->init(dsa);
-        return 1;
-}
-LCRYPTO_ALIAS(DSA_set_method);
-DSA *
-DSA_new_method(ENGINE *engine)
-{
-        DSA *dsa;
-        if ((dsa = calloc(1, sizeof(DSA))) == NULL) {
-                DSAerror(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        dsa->meth = DSA_get_default_method();
-        dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-        dsa->references = 1;
-        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data))
-                goto err;
-        if (dsa->meth->init != NULL && !dsa->meth->init(dsa))
-                goto err;
-        return dsa;
- err:
-        DSA_free(dsa);
-        return NULL;
-}
-LCRYPTO_ALIAS(DSA_new_method);
-void
-DSA_free(DSA *dsa)
-{
-        if (dsa == NULL)
-                return;
-        if (CRYPTO_add(&dsa->references, -1, CRYPTO_LOCK_DSA) > 0)
-                return;
-        if (dsa->meth != NULL && dsa->meth->finish != NULL)
-                dsa->meth->finish(dsa);
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data);
-        BN_free(dsa->p);
-        BN_free(dsa->q);
-        BN_free(dsa->g);
-        BN_free(dsa->pub_key);
-        BN_free(dsa->priv_key);
-        BN_free(dsa->kinv);
-        BN_free(dsa->r);
-        free(dsa);
-}
-LCRYPTO_ALIAS(DSA_free);
-int
-DSA_up_ref(DSA *dsa)
-{
-        return CRYPTO_add(&dsa->references, 1, CRYPTO_LOCK_DSA) > 1;
-}
-LCRYPTO_ALIAS(DSA_up_ref);
-int
-DSA_size(const DSA *dsa)
-{
-        DSA_SIG signature;
-        int ret = 0;
-        signature.r = dsa->q;
-        signature.s = dsa->q;
-        if ((ret = i2d_DSA_SIG(&signature, NULL)) < 0)
-                ret = 0;
-        return ret;
-}
-LCRYPTO_ALIAS(DSA_size);
-int
-DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
-            new_func, dup_func, free_func);
-}
-LCRYPTO_ALIAS(DSA_get_ex_new_index);
-int
-DSA_set_ex_data(DSA *dsa, int idx, void *arg)
-{
-        return CRYPTO_set_ex_data(&dsa->ex_data, idx, arg);
-}
-LCRYPTO_ALIAS(DSA_set_ex_data);
-void *
-DSA_get_ex_data(DSA *dsa, int idx)
-{
-        return CRYPTO_get_ex_data(&dsa->ex_data, idx);
-}
-LCRYPTO_ALIAS(DSA_get_ex_data);
-int
-DSA_security_bits(const DSA *dsa)
-{
-        if (dsa->p == NULL || dsa->q == NULL)
-                return -1;
-        return BN_security_bits(BN_num_bits(dsa->p), BN_num_bits(dsa->q));
-}
-LCRYPTO_ALIAS(DSA_security_bits);
-#ifndef OPENSSL_NO_DH
-DH *
-DSA_dup_DH(const DSA *dsa)
-{
-        /*
-         * DSA has p, q, g, optional pub_key, optional priv_key.
-         * DH has p, optional length, g, optional pub_key, optional priv_key,
-         * optional q.
-         */
-        DH *dh = NULL;
-        if (dsa == NULL)
-                goto err;
-        if ((dh = DH_new()) == NULL)
-                goto err;
-        if (dsa->p != NULL) {
-                if ((dh->p = BN_dup(dsa->p)) == NULL)
-                        goto err;
-        }
-        if (dsa->q != NULL) {
-                dh->length = BN_num_bits(dsa->q);
-                if ((dh->q = BN_dup(dsa->q)) == NULL)
-                        goto err;
-        }
-        if (dsa->g != NULL) {
-                if ((dh->g = BN_dup(dsa->g)) == NULL)
-                        goto err;
-        }
-        if (dsa->pub_key != NULL) {
-                if ((dh->pub_key = BN_dup(dsa->pub_key)) == NULL)
-                        goto err;
-        }
-        if (dsa->priv_key != NULL) {
-                if ((dh->priv_key = BN_dup(dsa->priv_key)) == NULL)
-                        goto err;
-        }
-        return dh;
- err:
-        DH_free(dh);
-        return NULL;
-}
-LCRYPTO_ALIAS(DSA_dup_DH);
-#endif
-void
-DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-{
-        if (p != NULL)
-                *p = dsa->p;
-        if (q != NULL)
-                *q = dsa->q;
-        if (g != NULL)
-                *g = dsa->g;
-}
-LCRYPTO_ALIAS(DSA_get0_pqg);
-int
-DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-{
-        if ((dsa->p == NULL && p == NULL) || (dsa->q == NULL && q == NULL) ||
-            (dsa->g == NULL && g == NULL))
-                return 0;
-        if (p != NULL) {
-                BN_free(dsa->p);
-                dsa->p = p;
-        }
-        if (q != NULL) {
-                BN_free(dsa->q);
-                dsa->q = q;
-        }
-        if (g != NULL) {
-                BN_free(dsa->g);
-                dsa->g = g;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(DSA_set0_pqg);
-void
-DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
-{
-        if (pub_key != NULL)
-                *pub_key = dsa->pub_key;
-        if (priv_key != NULL)
-                *priv_key = dsa->priv_key;
-}
-LCRYPTO_ALIAS(DSA_get0_key);
-int
-DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key)
-{
-        if (dsa->pub_key == NULL && pub_key == NULL)
-                return 0;
-        if (pub_key != NULL) {
-                BN_free(dsa->pub_key);
-                dsa->pub_key = pub_key;
-        }
-        if (priv_key != NULL) {
-                BN_free(dsa->priv_key);
-                dsa->priv_key = priv_key;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(DSA_set0_key);
-const BIGNUM *
-DSA_get0_p(const DSA *dsa)
-{
-        return dsa->p;
-}
-LCRYPTO_ALIAS(DSA_get0_p);
-const BIGNUM *
-DSA_get0_q(const DSA *dsa)
-{
-        return dsa->q;
-}
-LCRYPTO_ALIAS(DSA_get0_q);
-const BIGNUM *
-DSA_get0_g(const DSA *dsa)
-{
-        return dsa->g;
-}
-LCRYPTO_ALIAS(DSA_get0_g);
-const BIGNUM *
-DSA_get0_pub_key(const DSA *dsa)
-{
-        return dsa->pub_key;
-}
-LCRYPTO_ALIAS(DSA_get0_pub_key);
-const BIGNUM *
-DSA_get0_priv_key(const DSA *dsa)
-{
-        return dsa->priv_key;
-}
-LCRYPTO_ALIAS(DSA_get0_priv_key);
-void
-DSA_clear_flags(DSA *dsa, int flags)
-{
-        dsa->flags &= ~flags;
-}
-LCRYPTO_ALIAS(DSA_clear_flags);
-int
-DSA_test_flags(const DSA *dsa, int flags)
-{
-        return dsa->flags & flags;
-}
-LCRYPTO_ALIAS(DSA_test_flags);
-void
-DSA_set_flags(DSA *dsa, int flags)
-{
-        dsa->flags |= flags;
-}
-LCRYPTO_ALIAS(DSA_set_flags);
-ENGINE *
-DSA_get0_engine(DSA *dsa)
-{
-        return NULL;
-}
-LCRYPTO_ALIAS(DSA_get0_engine);
-int
-DSA_bits(const DSA *dsa)
-{
-        return BN_num_bits(dsa->p);
-}
-LCRYPTO_ALIAS(DSA_bits);
-int
-dsa_check_key(const DSA *dsa)
-{
-        int p_bits, q_bits;
-        if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
-                DSAerror(DSA_R_MISSING_PARAMETERS);
-                return 0;
-        }
-        /* Checking that p and q are primes is expensive. Check they are odd. */
-        if (!BN_is_odd(dsa->p) || !BN_is_odd(dsa->q)) {
-                DSAerror(DSA_R_INVALID_PARAMETERS);
-                return 0;
-        }
-        /* FIPS 186-4: 1 < g < p. */
-        if (BN_cmp(dsa->g, BN_value_one()) <= 0 ||
-            BN_cmp(dsa->g, dsa->p) >= 0) {
-                DSAerror(DSA_R_INVALID_PARAMETERS);
-                return 0;
-        }
-        /* We know p and g are positive. The next two checks imply q > 0. */
-        if (BN_is_negative(dsa->q)) {
-                DSAerror(DSA_R_BAD_Q_VALUE);
-                return 0;
-        }
-        /* FIPS 186-4 only allows three sizes for q. */
-        q_bits = BN_num_bits(dsa->q);
-        if (q_bits != 160 && q_bits != 224 && q_bits != 256) {
-                DSAerror(DSA_R_BAD_Q_VALUE);
-                return 0;
-        }
-        /*
-         * XXX - FIPS 186-4 only allows 1024, 2048, and 3072 bits for p.
-         * Cap the size to reduce DoS risks. Poor defaults make keys with
-         * incorrect p sizes >= 512 bits common, so only enforce a weak
-         * lower bound.
-         */
-        p_bits = BN_num_bits(dsa->p);
-        if (p_bits > OPENSSL_DSA_MAX_MODULUS_BITS) {
-                DSAerror(DSA_R_MODULUS_TOO_LARGE);
-                return 0;
-        }
-        if (p_bits < 512) {
-                DSAerror(DSA_R_INVALID_PARAMETERS);
-                return 0;
-        }
-        /* The public key must be in the multiplicative group (mod p). */
-        if (dsa->pub_key != NULL) {
-                if (BN_cmp(dsa->pub_key, BN_value_one()) <= 0 ||
-                    BN_cmp(dsa->pub_key, dsa->p) >= 0) {
-                        DSAerror(DSA_R_INVALID_PARAMETERS);
-                        return 0;
-                }
-        }
-        /* The private key must be nonzero and in GF(q). */
-        if (dsa->priv_key != NULL) {
-                if (BN_cmp(dsa->priv_key, BN_value_one()) < 0 ||
-                    BN_cmp(dsa->priv_key, dsa->q) >= 0) {
-                        DSAerror(DSA_R_INVALID_PARAMETERS);
-                        return 0;
-                }
-        }
-        return 1;
-}

diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c deleted file mode 100644 index daf2fa135b..0000000000 --- a/src/lib/libcrypto/dsa/dsa_lib.c +++ /dev/null
@@ -1,483 +0,0 @@
1	/* $OpenBSD: dsa_lib.c,v 1.48 2024/03/27 01:49:31 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61	#include <stdio.h>
62
63	#include <openssl/opensslconf.h>
64
65	#include <openssl/asn1.h>
66	#include <openssl/bn.h>
67	#include <openssl/dsa.h>
68	#include <openssl/err.h>
69
70	#ifndef OPENSSL_NO_DH
71	#include <openssl/dh.h>
72	#endif
73
74	#include "dh_local.h"
75	#include "dsa_local.h"
76
77	static const DSA_METHOD *default_DSA_method = NULL;
78
79	void
80	DSA_set_default_method(const DSA_METHOD *meth)
81	{
82	default_DSA_method = meth;
83	}
84	LCRYPTO_ALIAS(DSA_set_default_method);
85
86	const DSA_METHOD *
87	DSA_get_default_method(void)
88	{
89	if (!default_DSA_method)
90	default_DSA_method = DSA_OpenSSL();
91	return default_DSA_method;
92	}
93	LCRYPTO_ALIAS(DSA_get_default_method);
94
95	DSA *
96	DSA_new(void)
97	{
98	return DSA_new_method(NULL);
99	}
100	LCRYPTO_ALIAS(DSA_new);
101
102	int
103	DSA_set_method(DSA dsa, const DSA_METHOD meth)
104	{
105	/*
106	* NB: The caller is specifically setting a method, so it's not up to us
107	* to deal with which ENGINE it comes from.
108	*/
109	const DSA_METHOD *mtmp;
110	mtmp = dsa->meth;
111	if (mtmp->finish)
112	mtmp->finish(dsa);
113	dsa->meth = meth;
114	if (meth->init)
115	meth->init(dsa);
116	return 1;
117	}
118	LCRYPTO_ALIAS(DSA_set_method);
119
120	DSA *
121	DSA_new_method(ENGINE *engine)
122	{
123	DSA *dsa;
124
125	if ((dsa = calloc(1, sizeof(DSA))) == NULL) {
126	DSAerror(ERR_R_MALLOC_FAILURE);
127	goto err;
128	}
129
130	dsa->meth = DSA_get_default_method();
131	dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
132	dsa->references = 1;
133
134	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data))
135	goto err;
136	if (dsa->meth->init != NULL && !dsa->meth->init(dsa))
137	goto err;
138
139	return dsa;
140
141	err:
142	DSA_free(dsa);
143
144	return NULL;
145	}
146	LCRYPTO_ALIAS(DSA_new_method);
147
148	void
149	DSA_free(DSA *dsa)
150	{
151	if (dsa == NULL)
152	return;
153
154	if (CRYPTO_add(&dsa->references, -1, CRYPTO_LOCK_DSA) > 0)
155	return;
156
157	if (dsa->meth != NULL && dsa->meth->finish != NULL)
158	dsa->meth->finish(dsa);
159
160	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data);
161
162	BN_free(dsa->p);
163	BN_free(dsa->q);
164	BN_free(dsa->g);
165	BN_free(dsa->pub_key);
166	BN_free(dsa->priv_key);
167	BN_free(dsa->kinv);
168	BN_free(dsa->r);
169	free(dsa);
170	}
171	LCRYPTO_ALIAS(DSA_free);
172
173	int
174	DSA_up_ref(DSA *dsa)
175	{
176	return CRYPTO_add(&dsa->references, 1, CRYPTO_LOCK_DSA) > 1;
177	}
178	LCRYPTO_ALIAS(DSA_up_ref);
179
180	int
181	DSA_size(const DSA *dsa)
182	{
183	DSA_SIG signature;
184	int ret = 0;
185
186	signature.r = dsa->q;
187	signature.s = dsa->q;
188
189	if ((ret = i2d_DSA_SIG(&signature, NULL)) < 0)
190	ret = 0;
191
192	return ret;
193	}
194	LCRYPTO_ALIAS(DSA_size);
195
196	int
197	DSA_get_ex_new_index(long argl, void argp, CRYPTO_EX_new new_func,
198	CRYPTO_EX_dup dup_func, CRYPTO_EX_free free_func)
199	{
200	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
201	new_func, dup_func, free_func);
202	}
203	LCRYPTO_ALIAS(DSA_get_ex_new_index);
204
205	int
206	DSA_set_ex_data(DSA dsa, int idx, void arg)
207	{
208	return CRYPTO_set_ex_data(&dsa->ex_data, idx, arg);
209	}
210	LCRYPTO_ALIAS(DSA_set_ex_data);
211
212	void *
213	DSA_get_ex_data(DSA *dsa, int idx)
214	{
215	return CRYPTO_get_ex_data(&dsa->ex_data, idx);
216	}
217	LCRYPTO_ALIAS(DSA_get_ex_data);
218
219	int
220	DSA_security_bits(const DSA *dsa)
221	{
222	if (dsa->p == NULL \|\| dsa->q == NULL)
223	return -1;
224
225	return BN_security_bits(BN_num_bits(dsa->p), BN_num_bits(dsa->q));
226	}
227	LCRYPTO_ALIAS(DSA_security_bits);
228
229	#ifndef OPENSSL_NO_DH
230	DH *
231	DSA_dup_DH(const DSA *dsa)
232	{
233	/*
234	* DSA has p, q, g, optional pub_key, optional priv_key.
235	* DH has p, optional length, g, optional pub_key, optional priv_key,
236	* optional q.
237	*/
238	DH *dh = NULL;
239
240	if (dsa == NULL)
241	goto err;
242
243	if ((dh = DH_new()) == NULL)
244	goto err;
245
246	if (dsa->p != NULL) {
247	if ((dh->p = BN_dup(dsa->p)) == NULL)
248	goto err;
249	}
250	if (dsa->q != NULL) {
251	dh->length = BN_num_bits(dsa->q);
252	if ((dh->q = BN_dup(dsa->q)) == NULL)
253	goto err;
254	}
255	if (dsa->g != NULL) {
256	if ((dh->g = BN_dup(dsa->g)) == NULL)
257	goto err;
258	}
259	if (dsa->pub_key != NULL) {
260	if ((dh->pub_key = BN_dup(dsa->pub_key)) == NULL)
261	goto err;
262	}
263	if (dsa->priv_key != NULL) {
264	if ((dh->priv_key = BN_dup(dsa->priv_key)) == NULL)
265	goto err;
266	}
267
268	return dh;
269
270	err:
271	DH_free(dh);
272	return NULL;
273	}
274	LCRYPTO_ALIAS(DSA_dup_DH);
275	#endif
276
277	void
278	DSA_get0_pqg(const DSA dsa, const BIGNUM p, const BIGNUM q, const BIGNUM *g)
279	{
280	if (p != NULL)
281	*p = dsa->p;
282	if (q != NULL)
283	*q = dsa->q;
284	if (g != NULL)
285	*g = dsa->g;
286	}
287	LCRYPTO_ALIAS(DSA_get0_pqg);
288
289	int
290	DSA_set0_pqg(DSA dsa, BIGNUM p, BIGNUM q, BIGNUM g)
291	{
292	if ((dsa->p == NULL && p == NULL) \|\| (dsa->q == NULL && q == NULL) \|\|
293	(dsa->g == NULL && g == NULL))
294	return 0;
295
296	if (p != NULL) {
297	BN_free(dsa->p);
298	dsa->p = p;
299	}
300	if (q != NULL) {
301	BN_free(dsa->q);
302	dsa->q = q;
303	}
304	if (g != NULL) {
305	BN_free(dsa->g);
306	dsa->g = g;
307	}
308
309	return 1;
310	}
311	LCRYPTO_ALIAS(DSA_set0_pqg);
312
313	void
314	DSA_get0_key(const DSA dsa, const BIGNUM pub_key, const BIGNUM *priv_key)
315	{
316	if (pub_key != NULL)
317	*pub_key = dsa->pub_key;
318	if (priv_key != NULL)
319	*priv_key = dsa->priv_key;
320	}
321	LCRYPTO_ALIAS(DSA_get0_key);
322
323	int
324	DSA_set0_key(DSA dsa, BIGNUM pub_key, BIGNUM *priv_key)
325	{
326	if (dsa->pub_key == NULL && pub_key == NULL)
327	return 0;
328
329	if (pub_key != NULL) {
330	BN_free(dsa->pub_key);
331	dsa->pub_key = pub_key;
332	}
333	if (priv_key != NULL) {
334	BN_free(dsa->priv_key);
335	dsa->priv_key = priv_key;
336	}
337
338	return 1;
339	}
340	LCRYPTO_ALIAS(DSA_set0_key);
341
342	const BIGNUM *
343	DSA_get0_p(const DSA *dsa)
344	{
345	return dsa->p;
346	}
347	LCRYPTO_ALIAS(DSA_get0_p);
348
349	const BIGNUM *
350	DSA_get0_q(const DSA *dsa)
351	{
352	return dsa->q;
353	}
354	LCRYPTO_ALIAS(DSA_get0_q);
355
356	const BIGNUM *
357	DSA_get0_g(const DSA *dsa)
358	{
359	return dsa->g;
360	}
361	LCRYPTO_ALIAS(DSA_get0_g);
362
363	const BIGNUM *
364	DSA_get0_pub_key(const DSA *dsa)
365	{
366	return dsa->pub_key;
367	}
368	LCRYPTO_ALIAS(DSA_get0_pub_key);
369
370	const BIGNUM *
371	DSA_get0_priv_key(const DSA *dsa)
372	{
373	return dsa->priv_key;
374	}
375	LCRYPTO_ALIAS(DSA_get0_priv_key);
376
377	void
378	DSA_clear_flags(DSA *dsa, int flags)
379	{
380	dsa->flags &= ~flags;
381	}
382	LCRYPTO_ALIAS(DSA_clear_flags);
383
384	int
385	DSA_test_flags(const DSA *dsa, int flags)
386	{
387	return dsa->flags & flags;
388	}
389	LCRYPTO_ALIAS(DSA_test_flags);
390
391	void
392	DSA_set_flags(DSA *dsa, int flags)
393	{
394	dsa->flags \|= flags;
395	}
396	LCRYPTO_ALIAS(DSA_set_flags);
397
398	ENGINE *
399	DSA_get0_engine(DSA *dsa)
400	{
401	return NULL;
402	}
403	LCRYPTO_ALIAS(DSA_get0_engine);
404
405	int
406	DSA_bits(const DSA *dsa)
407	{
408	return BN_num_bits(dsa->p);
409	}
410	LCRYPTO_ALIAS(DSA_bits);
411
412	int
413	dsa_check_key(const DSA *dsa)
414	{
415	int p_bits, q_bits;
416
417	if (dsa->p == NULL \|\| dsa->q == NULL \|\| dsa->g == NULL) {
418	DSAerror(DSA_R_MISSING_PARAMETERS);
419	return 0;
420	}
421
422	/* Checking that p and q are primes is expensive. Check they are odd. */
423	if (!BN_is_odd(dsa->p) \|\| !BN_is_odd(dsa->q)) {
424	DSAerror(DSA_R_INVALID_PARAMETERS);
425	return 0;
426	}
427
428	/* FIPS 186-4: 1 < g < p. */
429	if (BN_cmp(dsa->g, BN_value_one()) <= 0 \|\|
430	BN_cmp(dsa->g, dsa->p) >= 0) {
431	DSAerror(DSA_R_INVALID_PARAMETERS);
432	return 0;
433	}
434
435	/* We know p and g are positive. The next two checks imply q > 0. */
436	if (BN_is_negative(dsa->q)) {
437	DSAerror(DSA_R_BAD_Q_VALUE);
438	return 0;
439	}
440
441	/* FIPS 186-4 only allows three sizes for q. */
442	q_bits = BN_num_bits(dsa->q);
443	if (q_bits != 160 && q_bits != 224 && q_bits != 256) {
444	DSAerror(DSA_R_BAD_Q_VALUE);
445	return 0;
446	}
447
448	/*
449	* XXX - FIPS 186-4 only allows 1024, 2048, and 3072 bits for p.
450	* Cap the size to reduce DoS risks. Poor defaults make keys with
451	* incorrect p sizes >= 512 bits common, so only enforce a weak
452	* lower bound.
453	*/
454	p_bits = BN_num_bits(dsa->p);
455	if (p_bits > OPENSSL_DSA_MAX_MODULUS_BITS) {
456	DSAerror(DSA_R_MODULUS_TOO_LARGE);
457	return 0;
458	}
459	if (p_bits < 512) {
460	DSAerror(DSA_R_INVALID_PARAMETERS);
461	return 0;
462	}
463
464	/* The public key must be in the multiplicative group (mod p). */
465	if (dsa->pub_key != NULL) {
466	if (BN_cmp(dsa->pub_key, BN_value_one()) <= 0 \|\|
467	BN_cmp(dsa->pub_key, dsa->p) >= 0) {
468	DSAerror(DSA_R_INVALID_PARAMETERS);
469	return 0;
470	}
471	}
472
473	/* The private key must be nonzero and in GF(q). */
474	if (dsa->priv_key != NULL) {
475	if (BN_cmp(dsa->priv_key, BN_value_one()) < 0 \|\|
476	BN_cmp(dsa->priv_key, dsa->q) >= 0) {
477	DSAerror(DSA_R_INVALID_PARAMETERS);
478	return 0;
479	}
480	}
481
482	return 1;
483	}