simplify GenerateKeyDSA (#232)

qmuntal · web-flow · commit 65f2a3ae34cf · 2024-12-11T13:50:30.000+01:00
diff --git a/dsa.go b/dsa.go
@@ -60,8 +60,8 @@ func (k *PublicKeyDSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int {
 	return f(k._pkey)
 }
 
-// GenerateDSAParameters generates a set of DSA parameters.
-func GenerateDSAParameters(l, n int) (DSAParameters, error) {
+// GenerateParametersDSA generates a set of DSA parameters.
+func GenerateParametersDSA(l, n int) (DSAParameters, error) {
 	// The DSA parameters are generated by creating a new DSA key and
 	// extracting the domain parameters from it.
 
@@ -147,35 +147,34 @@ func NewPublicKeyDSA(params DSAParameters, y BigInt) (*PublicKeyDSA, error) {
 }
 
 // GenerateKeyDSA generates a new private DSA key using the given parameters.
-func GenerateKeyDSA(params DSAParameters) (*PrivateKeyDSA, error) {
+func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) {
 	pkey, err := newDSA(params, nil, nil)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	var x, y C.GO_BIGNUM_PTR
+	defer C.go_openssl_EVP_PKEY_free(pkey)
+	var bx, by C.GO_BIGNUM_PTR
 	switch vMajor {
 	case 1:
 		dsa := getDSA(pkey)
 		if vMinor == 0 {
-			C.go_openssl_DSA_get0_key_backport(dsa, &y, &x)
+			C.go_openssl_DSA_get0_key_backport(dsa, &by, &bx)
 		} else {
-			C.go_openssl_DSA_get0_key(dsa, &y, &x)
+			C.go_openssl_DSA_get0_key(dsa, &by, &bx)
 		}
 	case 3:
 		defer func() {
-			C.go_openssl_BN_clear_free(x)
-			C.go_openssl_BN_free(y)
+			C.go_openssl_BN_clear_free(bx)
+			C.go_openssl_BN_free(by)
 		}()
-		if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY, &y) != 1 ||
-			C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &x) != 1 {
-			return nil, newOpenSSLError("EVP_PKEY_get_bn_param")
+		if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY, &by) != 1 ||
+			C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &bx) != 1 {
+			return nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param")
 		}
 	default:
 		panic(errUnsupportedVersion())
 	}
-	k := &PrivateKeyDSA{params, bnToBig(x), bnToBig(y), pkey}
-	runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize)
-	return k, nil
+	return bnToBig(bx), bnToBig(by), nil
 }
 
 // SignDSA signs a hash (which should be the result of hashing a larger message).
diff --git a/dsa_test.go b/dsa_test.go
@@ -33,13 +33,13 @@ func TestDSAGenerateParameters(t *testing.T) {
 			if openssl.FIPS() {
 				t.Skip("generating DSA parameters with L = 2048 is not supported in FIPS mode")
 			}
-			testGenerateDSAParameters(t, test.L, test.N)
+			testGenerateParametersDSA(t, test.L, test.N)
 		})
 	}
 }
 
-func testGenerateDSAParameters(t *testing.T, L, N int) {
-	params, err := openssl.GenerateDSAParameters(L, N)
+func testGenerateParametersDSA(t *testing.T, L, N int) {
+	params, err := openssl.GenerateParametersDSA(L, N)
 	if err != nil {
 		t.Errorf("error generating parameters: %s", err)
 		return
@@ -64,17 +64,19 @@ func testGenerateDSAParameters(t *testing.T, L, N int) {
 	if rem.Sign() != 0 {
 		t.Error("p-1 mod q != 0")
 	}
-	x := new(big.Int).Exp(G, quo, P)
-	if x.Cmp(one) == 0 {
+	if x := new(big.Int).Exp(G, quo, P); x.Cmp(one) == 0 {
 		t.Error("invalid generator")
 	}
 
-	priv, err := openssl.GenerateKeyDSA(params)
+	x, y, err := openssl.GenerateKeyDSA(params)
 	if err != nil {
 		t.Errorf("error generating key: %s", err)
 		return
 	}
-
+	priv, err := openssl.NewPrivateKeyDSA(params, x, y)
+	if err != nil {
+		t.Errorf("error creating key: %s", err)
+	}
 	testDSASignAndVerify(t, priv)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -33,13 +33,13 @@ func TestDSAGenerateParameters(t *testing.T) {`
`33`	`33`	`if openssl.FIPS() {`
`34`	`34`	`t.Skip("generating DSA parameters with L = 2048 is not supported in FIPS mode")`
`35`	`35`	`}`
`36`		`- testGenerateDSAParameters(t, test.L, test.N)`
	`36`	`+ testGenerateParametersDSA(t, test.L, test.N)`
`37`	`37`	`})`
`38`	`38`	`}`
`39`	`39`	`}`
`40`	`40`
`41`		`-func testGenerateDSAParameters(t *testing.T, L, N int) {`
`42`		`- params, err := openssl.GenerateDSAParameters(L, N)`
	`41`	`+func testGenerateParametersDSA(t *testing.T, L, N int) {`
	`42`	`+ params, err := openssl.GenerateParametersDSA(L, N)`
`43`	`43`	`if err != nil {`
`44`	`44`	`t.Errorf("error generating parameters: %s", err)`
`45`	`45`	`return`
`@@ -64,17 +64,19 @@ func testGenerateDSAParameters(t *testing.T, L, N int) {`
`64`	`64`	`if rem.Sign() != 0 {`
`65`	`65`	`t.Error("p-1 mod q != 0")`
`66`	`66`	`}`
`67`		`- x := new(big.Int).Exp(G, quo, P)`
`68`		`- if x.Cmp(one) == 0 {`
	`67`	`+ if x := new(big.Int).Exp(G, quo, P); x.Cmp(one) == 0 {`
`69`	`68`	`t.Error("invalid generator")`
`70`	`69`	`}`
`71`	`70`
`72`		`- priv, err := openssl.GenerateKeyDSA(params)`
	`71`	`+ x, y, err := openssl.GenerateKeyDSA(params)`
`73`	`72`	`if err != nil {`
`74`	`73`	`t.Errorf("error generating key: %s", err)`
`75`	`74`	`return`
`76`	`75`	`}`
`77`		`-`
	`76`	`+ priv, err := openssl.NewPrivateKeyDSA(params, x, y)`
	`77`	`+ if err != nil {`
	`78`	`+ t.Errorf("error creating key: %s", err)`
	`79`	`+ }`
`78`	`80`	`testDSASignAndVerify(t, priv)`
`79`	`81`	`}`
`80`	`82`