DSA *DSA_new_method(ENGINE *engine)
{
DSA *ret;
ret = (DSA *)OPENSSL_malloc(sizeof(DSA));
if (ret == NULL) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return (NULL);
}
ret->meth = DSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (!ENGINE_init(engine)) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
OPENSSL_free(ret);
return NULL;
}
ret->engine = engine;
} else
ret->engine = ENGINE_get_default_DSA();
if (ret->engine) {
ret->meth = ENGINE_get_DSA(ret->engine);
if (!ret->meth) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
OPENSSL_free(ret);
return NULL;
}
}
#endif
ret->pad = 0;
ret->version = 0;
ret->write_params = 1;
ret->p = NULL;
ret->q = NULL;
ret->g = NULL;
ret->pub_key = NULL;
ret->priv_key = NULL;
ret->kinv = NULL;
ret->r = NULL;
ret->method_mont_p = NULL;
ret->references = 1;
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret = NULL;
}
return (ret);
}
DSA *
DSA_new(void)
{
DSA *dsa = calloc(1, sizeof(*dsa));
dsa->meth = rk_UNCONST(DSA_get_default_method());
dsa->references = 1;
return dsa;
}
// Key factory
bool OSSLDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* /*rng = NULL */)
{
// Check parameters
if ((ppKeyPair == NULL) ||
(parameters == NULL))
{
return false;
}
if (!parameters->areOfType(DSAParameters::type))
{
ERROR_MSG("Invalid parameters supplied for DSA key generation");
return false;
}
DSAParameters* params = (DSAParameters*) parameters;
// Generate the key-pair
DSA* dsa = DSA_new();
if (dsa == NULL)
{
ERROR_MSG("Failed to instantiate OpenSSL DSA object");
return false;
}
// Use the OpenSSL implementation and not any engine
DSA_set_method(dsa, DSA_get_default_method());
dsa->p = OSSL::byteString2bn(params->getP());
dsa->q = OSSL::byteString2bn(params->getQ());
dsa->g = OSSL::byteString2bn(params->getG());
if (DSA_generate_key(dsa) != 1)
{
ERROR_MSG("DSA key generation failed (0x%08X)", ERR_get_error());
DSA_free(dsa);
return false;
}
// Create an asymmetric key-pair object to return
OSSLDSAKeyPair* kp = new OSSLDSAKeyPair();
((OSSLDSAPublicKey*) kp->getPublicKey())->setFromOSSL(dsa);
((OSSLDSAPrivateKey*) kp->getPrivateKey())->setFromOSSL(dsa);
*ppKeyPair = kp;
// Release the key
DSA_free(dsa);
return true;
}
DSA *DSA_new_method(ENGINE *engine)
{
DSA *ret;
ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->meth = DSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (!ENGINE_init(engine)) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
OPENSSL_free(ret);
return NULL;
}
ret->engine = engine;
} else
ret->engine = ENGINE_get_default_DSA();
if (ret->engine) {
ret->meth = ENGINE_get_DSA(ret->engine);
if (ret->meth == NULL) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
OPENSSL_free(ret);
return NULL;
}
}
#endif
ret->references = 1;
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
OPENSSL_free(ret);
return NULL;
}
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DSA_free(ret);
ret = NULL;
}
return ret;
}
/*
* This internal function is used by ENGINE_openssl() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_openssl_id)
|| !ENGINE_set_name(e, engine_openssl_name)
|| !ENGINE_set_destroy_function(e, openssl_destroy)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
# ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, RSA_get_default_method())
# endif
# ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
# endif
# ifndef OPENSSL_NO_EC
|| !ENGINE_set_EC(e, EC_KEY_OpenSSL())
# endif
# ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
# endif
|| !ENGINE_set_RAND(e, RAND_OpenSSL())
# ifdef TEST_ENG_OPENSSL_RC4
|| !ENGINE_set_ciphers(e, openssl_ciphers)
# endif
# ifdef TEST_ENG_OPENSSL_SHA
|| !ENGINE_set_digests(e, openssl_digests)
# endif
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
#ifdef TEST_ENG_OPENSSL_HMAC
|| !ossl_register_hmac_meth()
|| !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
#endif
)
return 0;
/*
* If we add errors to this ENGINE, ensure the error handling is setup
* here
*/
/* openssl_load_error_strings(); */
return 1;
}
/* This internal function is used by ENGINE_openssl() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
if(!ENGINE_set_id(e, engine_openssl_id)
|| !ENGINE_set_name(e, engine_openssl_name)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
#ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, RSA_get_default_method())
#endif
#ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
#endif
#ifndef OPENSSL_NO_ECDH
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
#endif
#ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
#endif
#ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
#endif
|| !ENGINE_set_RAND(e, RAND_SSLeay())
#ifdef TEST_ENG_OPENSSL_RC4
|| !ENGINE_set_ciphers(e, openssl_ciphers)
#endif
#ifdef TEST_ENG_OPENSSL_SHA
|| !ENGINE_set_digests(e, openssl_digests)
#endif
#endif
//MS:
#ifndef OPENSSL_NO_STDIO
#ifdef TEST_ENG_OPENSSL_PKEY
|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
#endif
)
return 0;
/* If we add errors to this ENGINE, ensure the error handling is setup here */
/* openssl_load_error_strings(); */
return 1;
}
DSA *DSA_new_method(DSA_METHOD *meth)
{
DSA *ret;
ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
if (ret == NULL)
{
DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
if(meth) ret->meth = meth;
else ret->meth = DSA_get_default_method();
ret->pad=0;
ret->version=0;
ret->write_params=1;
ret->p=NULL;
ret->q=NULL;
ret->g=NULL;
ret->pub_key=NULL;
ret->priv_key=NULL;
ret->kinv=NULL;
ret->r=NULL;
ret->method_mont_p=NULL;
ret->references=1;
ret->flags=ret->meth->flags;
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
OPENSSL_free(ret);
ret=NULL;
}
else
CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
return(ret);
}
PKCS11H_BOOL
_pkcs11h_openssl_initialize (void) {
PKCS11H_BOOL ret = FALSE;
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - entered"
);
#ifndef OPENSSL_NO_RSA
if (__openssl_methods.rsa != NULL) {
RSA_meth_free (__openssl_methods.rsa);
}
if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) {
goto cleanup;
}
RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h");
RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec);
RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc);
RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY);
__openssl_methods.rsa_index = RSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifndef OPENSSL_NO_DSA
if (__openssl_methods.dsa != NULL) {
DSA_meth_free (__openssl_methods.dsa);
}
__openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ());
DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h");
DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign);
__openssl_methods.dsa_index = DSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifdef __ENABLE_EC
if (__openssl_methods.ecdsa != NULL) {
ECDSA_METHOD_free(__openssl_methods.ecdsa);
}
__openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ());
ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h");
ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign);
__openssl_methods.ecdsa_index = ECDSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
ret = TRUE;
cleanup:
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - return %d",
ret
);
return ret;
}
/* This internal function is used by ENGINE_aep() and possibly by the
* "dynamic" ENGINE support too */
static int bind_aep(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
if(!ENGINE_set_id(e, engine_aep_id) ||
!ENGINE_set_name(e, engine_aep_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &aep_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &aep_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &aep_dh) ||
#endif
#ifdef AEPRAND
!ENGINE_set_RAND(e, &aep_random) ||
#endif
!ENGINE_set_init_function(e, aep_init) ||
!ENGINE_set_destroy_function(e, aep_destroy) ||
!ENGINE_set_finish_function(e, aep_finish) ||
!ENGINE_set_ctrl_function(e, aep_ctrl) ||
!ENGINE_set_cmd_defns(e, aep_cmd_defns))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the aep-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
aep_dsa = *DSA_get_default_method();
aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
aep_dh.generate_key = meth3->generate_key;
aep_dh.compute_key = meth3->compute_key;
aep_dh.bn_mod_exp = meth3->bn_mod_exp;
#endif
/* Ensure the aep error handling is set up */
ERR_load_AEPHK_strings();
return 1;
}
