port support openssl 3

dsa.go

@@ -249,34 +249,60 @@ func newDSA3(params DSAParameters, X, Y BigInt) (C.GO_EVP_PKEY_PTR, error) {
 		return nil, newOpenSSLError("OSSL_PARAM_BLD_new")
 	}
 	defer C.go_openssl_OSSL_PARAM_BLD_free(bld)
-	selection := C.int(C.GO_EVP_PKEY_PUBLIC_KEY)
-	pub := bigToBN(Y)
-	defer C.go_openssl_BN_free(pub)
-	if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramPubKey, pub) != 1 {
+	p, q, g := bigToBN(params.P), bigToBN(params.Q), bigToBN(params.G)
+	defer func() {
+		C.go_openssl_BN_free(p)
+		C.go_openssl_BN_free(q)
+		C.go_openssl_BN_free(g)
+	}()
+	if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramP, p) != 1 ||
+		C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramQ, q) != 1 ||
+		C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramG, g) != 1 {
 		return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN")
 	}
+	selection := C.int(C.GO_EVP_PKEY_KEYPAIR)
+	if Y != nil {
+		pub := bigToBN(Y)
+		defer C.go_openssl_BN_free(pub)
+		if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramPubKey, pub) != 1 {
+			return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN")
+		}
+		selection = C.int(C.GO_EVP_PKEY_PUBLIC_KEY)
+	}
 	if X != nil {
 		priv := bigToBN(X)
 		defer C.go_openssl_BN_clear_free(priv)
 		if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramPrivKey, priv) != 1 {
 			return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN")
 		}
-		selection = C.GO_EVP_PKEY_KEYPAIR
 	}
 	bldparams := C.go_openssl_OSSL_PARAM_BLD_to_param(bld)
 	if bldparams == nil {
 		return nil, newOpenSSLError("OSSL_PARAM_BLD_to_param")
 	}
 	defer C.go_openssl_OSSL_PARAM_free(bldparams)
-	pkey, err := newEvpFromParams(C.GO_EVP_PKEY_EC, selection, bldparams)
+	pkey, err := newEvpFromParams(C.GO_EVP_PKEY_DSA, selection, bldparams)
 	if err != nil {
 		return nil, err
 	}
 	if Y != nil {
 		return pkey, nil
 	}
-	// Generate the key.
-	return nil, nil
+	// pkey doesn't contain the public/private components. We use it
+	// as domain parameters placeholder to generate the final key.
+	defer C.go_openssl_EVP_PKEY_free(pkey)
+	ctx := C.go_openssl_EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil)
+	if ctx == nil {
+		return nil, newOpenSSLError("EVP_PKEY_CTX_new_from_pkey")
+	}
+	if C.go_openssl_EVP_PKEY_keygen_init(ctx) != 1 {
+		return nil, newOpenSSLError("EVP_PKEY_keygen_init")
+	}
+	var gkey C.GO_EVP_PKEY_PTR
+	if C.go_openssl_EVP_PKEY_keygen(ctx, &gkey) != 1 {
+		return nil, newOpenSSLError("EVP_PKEY_keygen")
+	}
+	return gkey, nil
 }
 
 // getDSA returns the DSA from pkey.

dsa_test.go

@@ -146,9 +146,15 @@ func TestDSANewPrivateKeyWithDegenerateKeys(t *testing.T) {
 			Q: bbig.Enc(fromHex(test.q)),
 			G: bbig.Enc(fromHex(test.g)),
 		}
-		_, err := openssl.NewPrivateKeyDSA(params, bbig.Enc(fromHex(test.x)), bbig.Enc(fromHex(test.y)))
-		if err == nil {
-			t.Errorf("#%d: error generating key: %s", i, err)
+		x, y := bbig.Enc(fromHex(test.x)), bbig.Enc(fromHex(test.y))
+		priv, err := openssl.NewPrivateKeyDSA(params, x, y)
+		if err != nil {
+			// Some OpenSSL 1 fails to create degenerated private keys, which is fine.
+			continue
+		}
+		hashed := []byte("testing")
+		if _, err := openssl.SignDSA(priv, hashed); err == nil {
+			t.Errorf("#%d: unexpected success", i)
 		}
 	}
 }

shims.h

@@ -285,6 +285,7 @@ DEFINEFUNC_LEGACY_1(int, EVP_PKEY_assign, (GO_EVP_PKEY_PTR pkey, int type, void
 DEFINEFUNC(int, EVP_PKEY_verify, (GO_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen), (ctx, sig, siglen, tbs, tbslen)) \
 DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new, (GO_EVP_PKEY_PTR arg0, GO_ENGINE_PTR arg1), (arg0, arg1)) \
 DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new_id, (int id, GO_ENGINE_PTR e), (id, e)) \
+DEFINEFUNC_3_0(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new_from_pkey, (GO_OSSL_LIB_CTX_PTR libctx, GO_EVP_PKEY_PTR pkey, const char *propquery), (libctx, pkey, propquery)) \
 DEFINEFUNC(int, EVP_PKEY_paramgen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \
 DEFINEFUNC(int, EVP_PKEY_paramgen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \
 DEFINEFUNC(int, EVP_PKEY_keygen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \