EVP_PKEY & DSA: Make DSA EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_dsa_ functions were only available when DSA was
enabled ('no-dsa' not configured).  However, that makes it impossible
to use these functions with an engine or a provider that happens to
implement DSA.  This change solves that problem by shuffling these
functions to more appropriate places.

Fixes #13529

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13530)

5 files changed, 193 insertions, 173 deletions

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 2c3569a2c3..983a463ff5 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -19,9 +19,7 @@
 #include <openssl/bn.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
-#include <openssl/core_names.h>
 #include "dsa_local.h"
-#include "crypto/evp.h"
 #include "crypto/dsa.h"
 #include "crypto/dh.h" /* required by DSA_dup_DH() */
 
@@ -361,145 +359,3 @@ int dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
         dsa->dirty_cnt++;
     return ret;
 }
-
-static int dsa_paramgen_check(EVP_PKEY_CTX *ctx)
-{
-    if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
-        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
-        return -2;
-    }
-    /* If key type not DSA return error */
-    if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_DSA)
-        return -1;
-    return 1;
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name)
-{
-    int ret;
-    OSSL_PARAM params[2], *p = params;
-
-    if ((ret = dsa_paramgen_check(ctx)) <= 0)
-        return ret;
-
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
-                                            (char *)name, 0);
-    *p++ = OSSL_PARAM_construct_end();
-
-    return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
-{
-    int ret;
-    OSSL_PARAM params[2], *p = params;
-
-    if ((ret = dsa_paramgen_check(ctx)) <= 0)
-        return ret;
-
-    *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
-    *p++ = OSSL_PARAM_construct_end();
-
-    return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
-                                       const unsigned char *seed,
-                                       size_t seedlen)
-{
-    int ret;
-    OSSL_PARAM params[2], *p = params;
-
-    if ((ret = dsa_paramgen_check(ctx)) <= 0)
-        return ret;
-
-    *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
-                                             (void *)seed, seedlen);
-    *p++ = OSSL_PARAM_construct_end();
-
-    return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits)
-{
-    int ret;
-    OSSL_PARAM params[2], *p = params;
-    size_t bits = nbits;
-
-    if ((ret = dsa_paramgen_check(ctx)) <= 0)
-        return ret;
-
-#if !defined(FIPS_MODULE)
-    /* TODO(3.0): Remove this eventually when no more legacy */
-    if (ctx->op.keymgmt.genctx == NULL)
-        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,  EVP_PKEY_OP_PARAMGEN,
-                                 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL);
-#endif
-
-    *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
-    *p++ = OSSL_PARAM_construct_end();
-
-    return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits)
-{
-    int ret;
-    OSSL_PARAM params[2], *p = params;
-    size_t bits2 = qbits;
-
-    if ((ret = dsa_paramgen_check(ctx)) <= 0)
-        return ret;
-
-#if !defined(FIPS_MODULE)
-    /* TODO(3.0): Remove this eventually when no more legacy */
-    if (ctx->op.keymgmt.genctx == NULL)
-        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,  EVP_PKEY_OP_PARAMGEN,
-                                 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
-#endif
-
-    *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
-    *p++ = OSSL_PARAM_construct_end();
-
-    return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
-                                           const char *md_name,
-                                           const char *md_properties)
-{
-    int ret;
-    OSSL_PARAM params[3], *p = params;
-
-    if ((ret = dsa_paramgen_check(ctx)) <= 0)
-        return ret;
-
-#if !defined(FIPS_MODULE)
-    /* TODO(3.0): Remove this eventually when no more legacy */
-    if (ctx->op.keymgmt.genctx == NULL) {
-        const EVP_MD *md = EVP_get_digestbyname(md_name);
-
-         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-                           EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md));
-    }
-#endif
-
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST,
-                                            (char *)md_name, 0);
-    if (md_properties != NULL)
-        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS,
-                                                (char *)md_properties, 0);
-    *p++ = OSSL_PARAM_construct_end();
-
-    return EVP_PKEY_CTX_set_params(ctx, params);
-}
-
-#if !defined(FIPS_MODULE)
-int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
-{
-    const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);
-
-    return EVP_PKEY_CTX_set_dsa_paramgen_md_props(ctx, md_name, NULL);
-}
-#endif
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 358709a6a4..204c199bac 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -4,6 +4,10 @@ $COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
         m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
         pmeth_check.c evp_rand.c asymcipher.c kem.c
 
+# Diverse type specific ctrl functions.  They are kinda sorta legacy, kinda
+# sorta not.
+$COMMON=$COMMON dsa_ctrl.c
+
 SOURCE[../../libcrypto]=$COMMON\
         encode.c evp_key.c evp_cnf.c \
         e_des.c e_bf.c e_idea.c e_des3.c \
diff --git a/crypto/evp/dsa_ctrl.c b/crypto/evp/dsa_ctrl.c
new file mode 100644
index 0000000000..cb7e543e02
--- /dev/null
+++ b/crypto/evp/dsa_ctrl.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <openssl/core_names.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+
+static int dsa_paramgen_check(EVP_PKEY_CTX *ctx)
+{
+    if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+        return -2;
+    }
+    /* If key type not DSA return error */
+    if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_DSA)
+        return -1;
+    return 1;
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+
+    if ((ret = dsa_paramgen_check(ctx)) <= 0)
+        return ret;
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
+                                            (char *)name, 0);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+
+    if ((ret = dsa_paramgen_check(ctx)) <= 0)
+        return ret;
+
+    *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
+                                       const unsigned char *seed,
+                                       size_t seedlen)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+
+    if ((ret = dsa_paramgen_check(ctx)) <= 0)
+        return ret;
+
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
+                                             (void *)seed, seedlen);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+    size_t bits = nbits;
+
+    if ((ret = dsa_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODULE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,  EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL);
+#endif
+
+    *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+    size_t bits2 = qbits;
+
+    if ((ret = dsa_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODULE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,  EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
+#endif
+
+    *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
+                                           const char *md_name,
+                                           const char *md_properties)
+{
+    int ret;
+    OSSL_PARAM params[3], *p = params;
+
+    if ((ret = dsa_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODULE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL) {
+        const EVP_MD *md = EVP_get_digestbyname(md_name);
+
+         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                           EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md));
+    }
+#endif
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST,
+                                            (char *)md_name, 0);
+    if (md_properties != NULL)
+        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS,
+                                                (char *)md_properties, 0);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+#if !defined(FIPS_MODULE)
+int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+    const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);
+
+    return EVP_PKEY_CTX_set_dsa_paramgen_md_props(ctx, md_name, NULL);
+}
+#endif
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 915870acbf..8b4696fabc 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -17,16 +17,35 @@
 # endif
 
 # include <openssl/opensslconf.h>
+# include <openssl/types.h>
 
-# ifndef OPENSSL_NO_DSA
-#  ifdef  __cplusplus
+# ifdef  __cplusplus
 extern "C" {
-#  endif
+# endif
+
+# include <stdlib.h>
+
+int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
+                                           const char *md_name,
+                                           const char *md_properties);
+int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name);
+int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
+                                       const unsigned char *seed,
+                                       size_t seedlen);
+int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
+
+# ifndef OPENSSL_NO_DSA
 #  include <openssl/e_os2.h>
 #  include <openssl/asn1.h>
 #  include <openssl/bio.h>
 #  include <openssl/crypto.h>
-#  include <openssl/types.h>
 #  include <openssl/bn.h>
 #  ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #   include <openssl/dh.h>
@@ -182,22 +201,6 @@ DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off))
 DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r))
 #  endif
 
-int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
-int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
-int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
-                                           const char *md_name,
-                                           const char *md_properties);
-int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
-int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name);
-int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
-                                       const unsigned char *seed,
-                                       size_t seedlen);
-int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
-
-#  define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
-#  define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
-#  define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
-
 void DSA_get0_pqg(const DSA *d,
                   const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
 int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
@@ -261,8 +264,8 @@ DEPRECATEDIN_3_0(int DSA_meth_set_paramgen(DSA_METHOD *dsam,
 DEPRECATEDIN_3_0(int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *))
 DEPRECATEDIN_3_0(int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)))
 
-#  ifdef  __cplusplus
+# endif
+# ifdef  __cplusplus
 }
-#  endif
 # endif
 #endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1e27d46711..54a04d6d31 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5015,13 +5015,13 @@ d2i_PrivateKey_ex_fp                    ?	3_0_0	EXIST::FUNCTION:STDIO
 d2i_PrivateKey_ex_bio                   ?	3_0_0	EXIST::FUNCTION:
 PEM_read_bio_PrivateKey_ex              ?	3_0_0	EXIST::FUNCTION:
 PEM_read_PrivateKey_ex                  ?	3_0_0	EXIST::FUNCTION:STDIO
-EVP_PKEY_CTX_set_dsa_paramgen_bits      ?	3_0_0	EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_q_bits    ?	3_0_0	EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_md_props  ?	3_0_0	EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_gindex    ?	3_0_0	EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_type      ?	3_0_0	EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_seed      ?	3_0_0	EXIST::FUNCTION:DSA
-EVP_PKEY_CTX_set_dsa_paramgen_md        ?	3_0_0	EXIST::FUNCTION:DSA
+EVP_PKEY_CTX_set_dsa_paramgen_bits      ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_q_bits    ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_md_props  ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_gindex    ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_type      ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_seed      ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_md        ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_dh_paramgen_type       ?	3_0_0	EXIST::FUNCTION:DH
 EVP_PKEY_CTX_set_dh_paramgen_gindex     ?	3_0_0	EXIST::FUNCTION:DH
 EVP_PKEY_CTX_set_dh_paramgen_seed       ?	3_0_0	EXIST::FUNCTION:DH