Make DSA opaque
Update-Note: Accessing the DSA struct directly is no longer supported.
Use accessors instead.
Bug: 325
Change-Id: I73dc20f2e275d48648ca84d2db7806fe155c567d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60425
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/dsa/dsa_test.cc b/crypto/dsa/dsa_test.cc
index 611b003..22e9e13 100644
--- a/crypto/dsa/dsa_test.cc
+++ b/crypto/dsa/dsa_test.cc
@@ -257,7 +257,10 @@
TEST(DSATest, InvalidGroup) {
bssl::UniquePtr<DSA> dsa = GetFIPSDSA();
ASSERT_TRUE(dsa);
- BN_zero(dsa->g);
+ bssl::UniquePtr<BIGNUM> zero(BN_new());
+ ASSERT_TRUE(zero);
+ ASSERT_TRUE(DSA_set0_pqg(dsa.get(), /*p=*/nullptr, /*q=*/nullptr,
+ /*g=*/zero.release()));
std::vector<uint8_t> sig(DSA_size(dsa.get()));
unsigned sig_len;
@@ -305,7 +308,10 @@
TEST(DSATest, ZeroPrivateKey) {
bssl::UniquePtr<DSA> dsa = GetFIPSDSA();
ASSERT_TRUE(dsa);
- BN_zero(dsa->priv_key);
+ bssl::UniquePtr<BIGNUM> zero(BN_new());
+ ASSERT_TRUE(zero);
+ ASSERT_TRUE(DSA_set0_key(dsa.get(), /*pub_key=*/nullptr,
+ /*priv_key=*/zero.release()));
static const uint8_t kZeroDigest[32] = {0};
std::vector<uint8_t> sig(DSA_size(dsa.get()));
diff --git a/crypto/dsa/internal.h b/crypto/dsa/internal.h
index 560ae7f..aae3263 100644
--- a/crypto/dsa/internal.h
+++ b/crypto/dsa/internal.h
@@ -17,11 +17,29 @@
#include <openssl/dsa.h>
+#include <openssl/thread.h>
+
#if defined(__cplusplus)
extern "C" {
#endif
+struct dsa_st {
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *g;
+
+ BIGNUM *pub_key;
+ BIGNUM *priv_key;
+
+ // Normally used to cache montgomery values
+ CRYPTO_MUTEX method_mont_lock;
+ BN_MONT_CTX *method_mont_p;
+ BN_MONT_CTX *method_mont_q;
+ CRYPTO_refcount_t references;
+ CRYPTO_EX_DATA ex_data;
+};
+
// dsa_check_key performs cheap self-checks on |dsa|, and ensures it is within
// DoS bounds. It returns one on success and zero on error.
int dsa_check_key(const DSA *dsa);
diff --git a/crypto/evp/print.c b/crypto/evp/print.c
index 925074e..05383b7 100644
--- a/crypto/evp/print.c
+++ b/crypto/evp/print.c
@@ -194,12 +194,12 @@
static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) {
const BIGNUM *priv_key = NULL;
if (ptype == 2) {
- priv_key = x->priv_key;
+ priv_key = DSA_get0_priv_key(x);
}
const BIGNUM *pub_key = NULL;
if (ptype > 0) {
- pub_key = x->pub_key;
+ pub_key = DSA_get0_pub_key(x);
}
const char *ktype = "DSA-Parameters";
@@ -210,14 +210,15 @@
}
if (!BIO_indent(bp, off, 128) ||
- BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(x->p)) <= 0 ||
+ BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(DSA_get0_p(x))) <=
+ 0 ||
// |priv_key| and |pub_key| may be NULL, in which case |bn_print| will
// silently skip them.
!bn_print(bp, "priv:", priv_key, off) ||
!bn_print(bp, "pub:", pub_key, off) ||
- !bn_print(bp, "P:", x->p, off) ||
- !bn_print(bp, "Q:", x->q, off) ||
- !bn_print(bp, "G:", x->g, off)) {
+ !bn_print(bp, "P:", DSA_get0_p(x), off) ||
+ !bn_print(bp, "Q:", DSA_get0_q(x), off) ||
+ !bn_print(bp, "G:", DSA_get0_g(x), off)) {
return 0;
}
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 30afd43..4075001 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -62,9 +62,7 @@
#include <openssl/base.h>
-#include <openssl/engine.h>
#include <openssl/ex_data.h>
-#include <openssl/thread.h>
#if defined(__cplusplus)
extern "C" {
@@ -398,25 +396,6 @@
void *cb_arg);
-struct dsa_st {
- long version;
- BIGNUM *p;
- BIGNUM *q; // == 20
- BIGNUM *g;
-
- BIGNUM *pub_key; // y public key
- BIGNUM *priv_key; // x private key
-
- int flags;
- // Normally used to cache montgomery values
- CRYPTO_MUTEX method_mont_lock;
- BN_MONT_CTX *method_mont_p;
- BN_MONT_CTX *method_mont_q;
- CRYPTO_refcount_t references;
- CRYPTO_EX_DATA ex_data;
-};
-
-
#if defined(__cplusplus)
} // extern C