Fix external symbols related to dsa keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

dsa_check_pairwise, dsa_check_params, dsa_check_priv_key, dsa_check_pub_key, dsa_check_pub_key_partial,
dsa_do_sign_int, dsa_ffc_params_fromdata,
dsa_generate_ffc_parameters, dsa_generate_public_key,
dsa_get0_params, dsa_key_fromdata, dsa_new_with_ctx, dsa_pkey_method, dsa_sign_int

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)

crypto/dsa/dsa_ameth.c

@@ -539,15 +539,15 @@ static int dsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
 {
     EVP_PKEY_CTX *pctx = vpctx;
     EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-    DSA *dsa = dsa_new_with_ctx(pctx->libctx);
+    DSA *dsa = ossl_dsa_new(pctx->libctx);
 
     if (dsa == NULL) {
         ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
         return 0;
     }
 
-    if (!dsa_ffc_params_fromdata(dsa, params)
-        || !dsa_key_fromdata(dsa, params)
+    if (!ossl_dsa_ffc_params_fromdata(dsa, params)
+        || !ossl_dsa_key_fromdata(dsa, params)
         || !EVP_PKEY_assign_DSA(pkey, dsa)) {
         DSA_free(dsa);
         return 0;

crypto/dsa/dsa_backend.c

@@ -22,7 +22,7 @@
  * implementations alike.
  */
 
-int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[])
+int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[])
 {
     const OSSL_PARAM *param_priv_key, *param_pub_key;
     BIGNUM *priv_key = NULL, *pub_key = NULL;

crypto/dsa/dsa_check.c

@@ -19,7 +19,7 @@
 #include "dsa_local.h"
 #include "crypto/dsa.h"
 
-int dsa_check_params(const DSA *dsa, int checktype, int *ret)
+int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
 {
     if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
         return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
@@ -37,7 +37,7 @@ int dsa_check_params(const DSA *dsa, int checktype, int *ret)
 /*
  * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation.
  */
-int dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
 {
     return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
 }
@@ -47,12 +47,12 @@ int dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
  * To only be used with ephemeral FFC public keys generated using the approved
  * safe-prime groups.
  */
-int dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
 {
     return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
 }
 
-int dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
+int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
 {
     *ret = 0;
 
@@ -64,7 +64,7 @@ int dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
  * FFC pairwise check from SP800-56A R3.
  *    Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
  */
-int dsa_check_pairwise(const DSA *dsa)
+int ossl_dsa_check_pairwise(const DSA *dsa)
 {
     int ret = 0;
     BN_CTX *ctx = NULL;
@@ -84,7 +84,7 @@ int dsa_check_pairwise(const DSA *dsa)
         goto err;
 
     /* recalculate the public key = (g ^ priv) mod p */
-    if (!dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key))
+    if (!ossl_dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key))
         goto err;
     /* check it matches the existing pubic_key */
     ret = BN_cmp(pub_key, dsa->pub_key) == 0;

crypto/dsa/dsa_gen.c

@@ -23,8 +23,8 @@
 #include "crypto/dsa.h"
 #include "dsa_local.h"
 
-int dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
-                                BN_GENCB *cb)
+int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
+                                     BN_GENCB *cb)
 {
     int ret = 0, res;
 
@@ -59,12 +59,12 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
 
     /* The old code used FIPS 186-2 DSA Parameter generation */
     if (bits <= 1024 && seed_len == 20) {
-        if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
-                                         bits, 160, cb))
+        if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
+                                              bits, 160, cb))
             return 0;
     } else {
-        if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_4,
-                                         bits, 0, cb))
+        if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_4,
+                                              bits, 0, cb))
             return 0;
     }
 

crypto/dsa/dsa_key.c

@@ -40,8 +40,8 @@ int DSA_generate_key(DSA *dsa)
     return dsa_keygen(dsa, 0);
 }
 
-int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key,
-                            BIGNUM *pub_key)
+int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
+                                 const BIGNUM *priv_key, BIGNUM *pub_key)
 {
     int ret = 0;
     BIGNUM *prk = BN_new();
@@ -97,7 +97,7 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
         pub_key = dsa->pub_key;
     }
 
-    if (!dsa_generate_public_key(ctx, dsa, priv_key, pub_key))
+    if (!ossl_dsa_generate_public_key(ctx, dsa, priv_key, pub_key))
         goto err;
 
     dsa->priv_key = priv_key;

crypto/dsa/dsa_lib.c

@@ -190,7 +190,7 @@ DSA *DSA_new_method(ENGINE *engine)
     return dsa_new_intern(engine, NULL);
 }
 
-DSA *dsa_new_with_ctx(OSSL_LIB_CTX *libctx)
+DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx)
 {
     return dsa_new_intern(NULL, libctx);
 }
@@ -336,19 +336,19 @@ int DSA_bits(const DSA *dsa)
     return -1;
 }
 
-FFC_PARAMS *dsa_get0_params(DSA *dsa)
+FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa)
 {
     return &dsa->params;
 }
 
-int dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
+int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
 {
     int ret;
     FFC_PARAMS *ffc;
 
     if (dsa == NULL)
         return 0;
-    ffc = dsa_get0_params(dsa);
+    ffc = ossl_dsa_get0_params(dsa);
     if (ffc == NULL)
         return 0;
 

crypto/dsa/dsa_local.h

@@ -69,4 +69,4 @@ struct dsa_method {
     int (*dsa_keygen) (DSA *dsa);
 };
 
-DSA_SIG *dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa);
+DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa);

crypto/dsa/dsa_ossl.c

@@ -67,7 +67,7 @@ const DSA_METHOD *DSA_OpenSSL(void)
     return &openssl_dsa_meth;
 }
 
-DSA_SIG *dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
+DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
 {
     BIGNUM *kinv = NULL;
     BIGNUM *m, *blind, *blindm, *tmp;
@@ -185,7 +185,7 @@ DSA_SIG *dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
-    return dsa_do_sign_int(dgst, dlen, dsa);
+    return ossl_dsa_do_sign_int(dgst, dlen, dsa);
 }
 
 static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,

crypto/dsa/dsa_pmeth.c

@@ -281,7 +281,7 @@ static const EVP_PKEY_METHOD dsa_pkey_meth = {
     pkey_dsa_ctrl_str
 };
 
-const EVP_PKEY_METHOD *dsa_pkey_method(void)
+const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void)
 {
     return &dsa_pkey_meth;
 }

crypto/dsa/dsa_sign.c

@@ -150,8 +150,8 @@ int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
     return 1;
 }
 
-int dsa_sign_int(int type, const unsigned char *dgst,
-                 int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa)
+int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
+                      unsigned char *sig, unsigned int *siglen, DSA *dsa)
 {
     DSA_SIG *s;
 
@@ -159,7 +159,7 @@ int dsa_sign_int(int type, const unsigned char *dgst,
     if (dsa->libctx == NULL || dsa->meth != DSA_get_default_method())
         s = DSA_do_sign(dgst, dlen, dsa);
     else
-        s = dsa_do_sign_int(dgst, dlen, dsa);
+        s = ossl_dsa_do_sign_int(dgst, dlen, dsa);
     if (s == NULL) {
         *siglen = 0;
         return 0;
@@ -172,7 +172,7 @@ int dsa_sign_int(int type, const unsigned char *dgst,
 int DSA_sign(int type, const unsigned char *dgst, int dlen,
              unsigned char *sig, unsigned int *siglen, DSA *dsa)
 {
-    return dsa_sign_int(type, dgst, dlen, sig, siglen, dsa);
+    return ossl_dsa_sign_int(type, dgst, dlen, sig, siglen, dsa);
 }
 
 /* data has already been hashed (probably with SHA or SHA-1). */
@@ -206,4 +206,3 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
     DSA_SIG_free(s);
     return ret;
 }
-

crypto/evp/pmeth_lib.c

@@ -54,7 +54,7 @@ static pmeth_fn standard_methods[] = {
     ossl_dh_pkey_method,
 # endif
 # ifndef OPENSSL_NO_DSA
-    dsa_pkey_method,
+    ossl_dsa_pkey_method,
 # endif
 # ifndef OPENSSL_NO_EC
     ec_pkey_method,

include/crypto/dsa.h

@@ -18,25 +18,26 @@
 #define DSA_PARAMGEN_TYPE_FIPS_186_4   0   /* Use FIPS186-4 standard */
 #define DSA_PARAMGEN_TYPE_FIPS_186_2   1   /* Use legacy FIPS186-2 standard */
 
-DSA *dsa_new_with_ctx(OSSL_LIB_CTX *libctx);
+DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx);
 void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx);
 
-int dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
-                                BN_GENCB *cb);
+int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
+                                     BN_GENCB *cb);
 
-int dsa_sign_int(int type, const unsigned char *dgst,
-                 int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
+                      unsigned char *sig, unsigned int *siglen, DSA *dsa);
 
-FFC_PARAMS *dsa_get0_params(DSA *dsa);
-int dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]);
-int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]);
+FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa);
+int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]);
+int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]);
 
-int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key,
-                            BIGNUM *pub_key);
-int dsa_check_params(const DSA *dsa, int checktype, int *ret);
-int dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret);
-int dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret);
-int dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
-int dsa_check_pairwise(const DSA *dsa);
+int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
+                                 const BIGNUM *priv_key, BIGNUM *pub_key);
+int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret);
+int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret);
+int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key,
+                                   int *ret);
+int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
+int ossl_dsa_check_pairwise(const DSA *dsa);
 
 #endif

include/crypto/evp.h

@@ -181,7 +181,7 @@ void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 
 const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
 const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
-const EVP_PKEY_METHOD *dsa_pkey_method(void);
+const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void);
 const EVP_PKEY_METHOD *ec_pkey_method(void);
 const EVP_PKEY_METHOD *ecx25519_pkey_method(void);
 const EVP_PKEY_METHOD *ecx448_pkey_method(void);

providers/implementations/encode_decode/encode_key2text.c

@@ -24,7 +24,7 @@
 #include "internal/ffc.h"
 #include "crypto/bn.h"           /* bn_get_words() */
 #include "crypto/dh.h"           /* ossl_dh_get0_params() */
-#include "crypto/dsa.h"          /* dsa_get0_params() */
+#include "crypto/dsa.h"          /* ossl_dsa_get0_params() */
 #include "crypto/ec.h"           /* ec_key_get_libctx */
 #include "crypto/ecx.h"          /* ECX_KEY, etc... */
 #include "crypto/rsa.h"          /* RSA_PSS_PARAMS_30, etc... */
@@ -315,7 +315,7 @@ static int dsa_to_text(BIO *out, const void *key, int selection)
         }
     }
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
-        params = dsa_get0_params((DSA *)dsa);
+        params = ossl_dsa_get0_params((DSA *)dsa);
         if (params == NULL) {
             ERR_raise(ERR_LIB_PROV, PROV_R_NOT_PARAMETERS);
             return 0;

providers/implementations/keymgmt/dsa_kmgmt.c

@@ -117,7 +117,7 @@ static void *dsa_newdata(void *provctx)
 {
     if (!ossl_prov_is_running())
         return NULL;
-    return dsa_new_with_ctx(PROV_LIBCTX_OF(provctx));
+    return ossl_dsa_new(PROV_LIBCTX_OF(provctx));
 }
 
 static void dsa_freedata(void *keydata)
@@ -160,8 +160,8 @@ static int dsa_match(const void *keydata1, const void *keydata2, int selection)
         ok = ok
             && BN_cmp(DSA_get0_priv_key(dsa1), DSA_get0_priv_key(dsa2)) == 0;
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
-        FFC_PARAMS *dsaparams1 = dsa_get0_params((DSA *)dsa1);
-        FFC_PARAMS *dsaparams2 = dsa_get0_params((DSA *)dsa2);
+        FFC_PARAMS *dsaparams1 = ossl_dsa_get0_params((DSA *)dsa1);
+        FFC_PARAMS *dsaparams2 = ossl_dsa_get0_params((DSA *)dsa2);
 
         ok = ok && ossl_ffc_params_cmp(dsaparams1, dsaparams2, 1);
     }
@@ -180,9 +180,9 @@ static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
         return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && dsa_ffc_params_fromdata(dsa, params);
+        ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
-        ok = ok && dsa_key_fromdata(dsa, params);
+        ok = ok && ossl_dsa_key_fromdata(dsa, params);
 
     return ok;
 }
@@ -199,7 +199,7 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
         goto err;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && ossl_ffc_params_todata(dsa_get0_params(dsa), tmpl, NULL);
+        ok = ok && ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), tmpl, NULL);
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
         ok = ok && dsa_key_todata(dsa, tmpl, NULL);
 
@@ -289,7 +289,7 @@ static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[])
     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
         && !OSSL_PARAM_set_utf8_string(p, DSA_DEFAULT_MD))
         return 0;
-    return ossl_ffc_params_todata(dsa_get0_params(dsa), NULL, params)
+    return ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), NULL, params)
            && dsa_key_todata(dsa, NULL, params);
 }
 
@@ -313,7 +313,7 @@ static int dsa_validate_domparams(const DSA *dsa, int checktype)
 {
     int status = 0;
 
-    return dsa_check_params(dsa, checktype, &status);
+    return ossl_dsa_check_params(dsa, checktype, &status);
 }
 
 static int dsa_validate_public(const DSA *dsa)
@@ -324,7 +324,7 @@ static int dsa_validate_public(const DSA *dsa)
     DSA_get0_key(dsa, &pub_key, NULL);
     if (pub_key == NULL)
         return 0;
-    return dsa_check_pub_key(dsa, pub_key, &status);
+    return ossl_dsa_check_pub_key(dsa, pub_key, &status);
 }
 
 static int dsa_validate_private(const DSA *dsa)
@@ -335,7 +335,7 @@ static int dsa_validate_private(const DSA *dsa)
     DSA_get0_key(dsa, NULL, &priv_key);
     if (priv_key == NULL)
         return 0;
-    return dsa_check_priv_key(dsa, priv_key, &status);
+    return ossl_dsa_check_priv_key(dsa, priv_key, &status);
 }
 
 static int dsa_validate(const void *keydata, int selection, int checktype)
@@ -361,7 +361,7 @@ static int dsa_validate(const void *keydata, int selection, int checktype)
     /* If the whole key is selected, we do a pairwise validation */
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
         == OSSL_KEYMGMT_SELECT_KEYPAIR)
-        ok = ok && dsa_check_pairwise(dsa);
+        ok = ok && ossl_dsa_check_pairwise(dsa);
     return ok;
 }
 
@@ -397,7 +397,7 @@ static int dsa_gen_set_template(void *genctx, void *templ)
 
     if (!ossl_prov_is_running() || gctx == NULL || dsa == NULL)
         return 0;
-    gctx->ffc_params = dsa_get0_params(dsa);
+    gctx->ffc_params = ossl_dsa_get0_params(dsa);
     return 1;
 }
 
@@ -514,7 +514,7 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
 
     if (!ossl_prov_is_running() || gctx == NULL)
         return NULL;
-    dsa = dsa_new_with_ctx(gctx->libctx);
+    dsa = ossl_dsa_new(gctx->libctx);
     if (dsa == NULL)
         return NULL;
 
@@ -524,7 +524,7 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     if (gencb != NULL)
         BN_GENCB_set(gencb, dsa_gencb, genctx);
 
-    ffc = dsa_get0_params(dsa);
+    ffc = ossl_dsa_get0_params(dsa);
     /* Copy the template value if one was passed */
     if (gctx->ffc_params != NULL
         && !ossl_ffc_params_copy(ffc, gctx->ffc_params))
@@ -546,9 +546,9 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     }
     if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
 
-         if (dsa_generate_ffc_parameters(dsa, gctx->gen_type,
-                                         gctx->pbits, gctx->qbits,
-                                         gencb) <= 0)
+         if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type,
+                                              gctx->pbits, gctx->qbits,
+                                              gencb) <= 0)
              goto end;
     }
     ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY,

providers/implementations/signature/dsa.c

@@ -223,7 +223,7 @@ static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen,
     if (mdsize != 0 && tbslen != mdsize)
         return 0;
 
-    ret = dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa);
+    ret = ossl_dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa);
     if (ret <= 0)
         return 0;