1/*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * DSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
16#include <string.h>
17
18#include <openssl/crypto.h>
19#include <openssl/core_dispatch.h>
20#include <openssl/core_names.h>
21#include <openssl/err.h>
22#include <openssl/dsa.h>
23#include <openssl/params.h>
24#include <openssl/evp.h>
25#include <openssl/err.h>
26#include <openssl/proverr.h>
27#include "internal/nelem.h"
28#include "internal/sizes.h"
29#include "internal/cryptlib.h"
30#include "prov/providercommon.h"
31#include "prov/implementations.h"
32#include "prov/provider_ctx.h"
33#include "prov/securitycheck.h"
34#include "crypto/dsa.h"
35#include "prov/der_dsa.h"
36
37static OSSL_FUNC_signature_newctx_fn dsa_newctx;
38static OSSL_FUNC_signature_sign_init_fn dsa_sign_init;
39static OSSL_FUNC_signature_verify_init_fn dsa_verify_init;
40static OSSL_FUNC_signature_sign_fn dsa_sign;
41static OSSL_FUNC_signature_verify_fn dsa_verify;
42static OSSL_FUNC_signature_digest_sign_init_fn dsa_digest_sign_init;
43static OSSL_FUNC_signature_digest_sign_update_fn dsa_digest_signverify_update;
44static OSSL_FUNC_signature_digest_sign_final_fn dsa_digest_sign_final;
45static OSSL_FUNC_signature_digest_verify_init_fn dsa_digest_verify_init;
46static OSSL_FUNC_signature_digest_verify_update_fn dsa_digest_signverify_update;
47static OSSL_FUNC_signature_digest_verify_final_fn dsa_digest_verify_final;
48static OSSL_FUNC_signature_freectx_fn dsa_freectx;
49static OSSL_FUNC_signature_dupctx_fn dsa_dupctx;
50static OSSL_FUNC_signature_get_ctx_params_fn dsa_get_ctx_params;
51static OSSL_FUNC_signature_gettable_ctx_params_fn dsa_gettable_ctx_params;
52static OSSL_FUNC_signature_set_ctx_params_fn dsa_set_ctx_params;
53static OSSL_FUNC_signature_settable_ctx_params_fn dsa_settable_ctx_params;
54static OSSL_FUNC_signature_get_ctx_md_params_fn dsa_get_ctx_md_params;
55static OSSL_FUNC_signature_gettable_ctx_md_params_fn dsa_gettable_ctx_md_params;
56static OSSL_FUNC_signature_set_ctx_md_params_fn dsa_set_ctx_md_params;
57static OSSL_FUNC_signature_settable_ctx_md_params_fn dsa_settable_ctx_md_params;
58
59/*
60 * What's passed as an actual key is defined by the KEYMGMT interface.
61 * We happen to know that our KEYMGMT simply passes DSA structures, so
62 * we use that here too.
63 */
64
65typedef struct {
66    OSSL_LIB_CTX *libctx;
67    char *propq;
68    DSA *dsa;
69
70    /*
71     * Flag to determine if the hash function can be changed (1) or not (0)
72     * Because it's dangerous to change during a DigestSign or DigestVerify
73     * operation, this flag is cleared by their Init function, and set again
74     * by their Final function.
75     */
76    unsigned int flag_allow_md : 1;
77
78    char mdname[OSSL_MAX_NAME_SIZE];
79
80    /* The Algorithm Identifier of the combined signature algorithm */
81    unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
82    unsigned char *aid;
83    size_t  aid_len;
84
85    /* main digest */
86    EVP_MD *md;
87    EVP_MD_CTX *mdctx;
88    int operation;
89} PROV_DSA_CTX;
90
91
92static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx)
93{
94    if (pdsactx->md != NULL)
95        return EVP_MD_get_size(pdsactx->md);
96    return 0;
97}
98
99static void *dsa_newctx(void *provctx, const char *propq)
100{
101    PROV_DSA_CTX *pdsactx;
102
103    if (!ossl_prov_is_running())
104        return NULL;
105
106    pdsactx = OPENSSL_zalloc(sizeof(PROV_DSA_CTX));
107    if (pdsactx == NULL)
108        return NULL;
109
110    pdsactx->libctx = PROV_LIBCTX_OF(provctx);
111    pdsactx->flag_allow_md = 1;
112    if (propq != NULL && (pdsactx->propq = OPENSSL_strdup(propq)) == NULL) {
113        OPENSSL_free(pdsactx);
114        pdsactx = NULL;
115        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
116    }
117    return pdsactx;
118}
119
120static int dsa_setup_md(PROV_DSA_CTX *ctx,
121                        const char *mdname, const char *mdprops)
122{
123    if (mdprops == NULL)
124        mdprops = ctx->propq;
125
126    if (mdname != NULL) {
127        int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
128        WPACKET pkt;
129        EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
130        int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
131                                                            sha1_allowed);
132        size_t mdname_len = strlen(mdname);
133
134        if (md == NULL || md_nid < 0) {
135            if (md == NULL)
136                ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
137                               "%s could not be fetched", mdname);
138            if (md_nid < 0)
139                ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
140                               "digest=%s", mdname);
141            if (mdname_len >= sizeof(ctx->mdname))
142                ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
143                               "%s exceeds name buffer length", mdname);
144            EVP_MD_free(md);
145            return 0;
146        }
147
148        if (!ctx->flag_allow_md) {
149            if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) {
150                ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
151                               "digest %s != %s", mdname, ctx->mdname);
152                EVP_MD_free(md);
153                return 0;
154            }
155            EVP_MD_free(md);
156            return 1;
157        }
158
159        EVP_MD_CTX_free(ctx->mdctx);
160        EVP_MD_free(ctx->md);
161
162        /*
163         * We do not care about DER writing errors.
164         * All it really means is that for some reason, there's no
165         * AlgorithmIdentifier to be had, but the operation itself is
166         * still valid, just as long as it's not used to construct
167         * anything that needs an AlgorithmIdentifier.
168         */
169        ctx->aid_len = 0;
170        if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
171            && ossl_DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa,
172                                                          md_nid)
173            && WPACKET_finish(&pkt)) {
174            WPACKET_get_total_written(&pkt, &ctx->aid_len);
175            ctx->aid = WPACKET_get_curr(&pkt);
176        }
177        WPACKET_cleanup(&pkt);
178
179        ctx->mdctx = NULL;
180        ctx->md = md;
181        OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
182    }
183    return 1;
184}
185
186static int dsa_signverify_init(void *vpdsactx, void *vdsa,
187                               const OSSL_PARAM params[], int operation)
188{
189    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
190
191    if (!ossl_prov_is_running()
192            || pdsactx == NULL)
193        return 0;
194
195    if (vdsa == NULL && pdsactx->dsa == NULL) {
196        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
197        return 0;
198    }
199
200    if (vdsa != NULL) {
201        if (!ossl_dsa_check_key(pdsactx->libctx, vdsa,
202                                operation == EVP_PKEY_OP_SIGN)) {
203            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
204            return 0;
205        }
206        if (!DSA_up_ref(vdsa))
207            return 0;
208        DSA_free(pdsactx->dsa);
209        pdsactx->dsa = vdsa;
210    }
211
212    pdsactx->operation = operation;
213
214    if (!dsa_set_ctx_params(pdsactx, params))
215        return 0;
216
217    return 1;
218}
219
220static int dsa_sign_init(void *vpdsactx, void *vdsa, const OSSL_PARAM params[])
221{
222    return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_SIGN);
223}
224
225static int dsa_verify_init(void *vpdsactx, void *vdsa,
226                           const OSSL_PARAM params[])
227{
228    return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_VERIFY);
229}
230
231static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen,
232                    size_t sigsize, const unsigned char *tbs, size_t tbslen)
233{
234    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
235    int ret;
236    unsigned int sltmp;
237    size_t dsasize = DSA_size(pdsactx->dsa);
238    size_t mdsize = dsa_get_md_size(pdsactx);
239
240    if (!ossl_prov_is_running())
241        return 0;
242
243    if (sig == NULL) {
244        *siglen = dsasize;
245        return 1;
246    }
247
248    if (sigsize < (size_t)dsasize)
249        return 0;
250
251    if (mdsize != 0 && tbslen != mdsize)
252        return 0;
253
254    ret = ossl_dsa_sign_int(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa);
255    if (ret <= 0)
256        return 0;
257
258    *siglen = sltmp;
259    return 1;
260}
261
262static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen,
263                      const unsigned char *tbs, size_t tbslen)
264{
265    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
266    size_t mdsize = dsa_get_md_size(pdsactx);
267
268    if (!ossl_prov_is_running() || (mdsize != 0 && tbslen != mdsize))
269        return 0;
270
271    return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa);
272}
273
274static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
275                                      void *vdsa, const OSSL_PARAM params[],
276                                      int operation)
277{
278    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
279
280    if (!ossl_prov_is_running())
281        return 0;
282
283    if (!dsa_signverify_init(vpdsactx, vdsa, params, operation))
284        return 0;
285
286    if (!dsa_setup_md(pdsactx, mdname, NULL))
287        return 0;
288
289    pdsactx->flag_allow_md = 0;
290
291    if (pdsactx->mdctx == NULL) {
292        pdsactx->mdctx = EVP_MD_CTX_new();
293        if (pdsactx->mdctx == NULL)
294            goto error;
295    }
296
297    if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params))
298        goto error;
299
300    return 1;
301
302 error:
303    EVP_MD_CTX_free(pdsactx->mdctx);
304    pdsactx->mdctx = NULL;
305    return 0;
306}
307
308static int dsa_digest_sign_init(void *vpdsactx, const char *mdname,
309                                void *vdsa, const OSSL_PARAM params[])
310{
311    return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params,
312                                      EVP_PKEY_OP_SIGN);
313}
314
315static int dsa_digest_verify_init(void *vpdsactx, const char *mdname,
316                                  void *vdsa, const OSSL_PARAM params[])
317{
318    return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params,
319                                      EVP_PKEY_OP_VERIFY);
320}
321
322int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data,
323                                 size_t datalen)
324{
325    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
326
327    if (pdsactx == NULL || pdsactx->mdctx == NULL)
328        return 0;
329
330    return EVP_DigestUpdate(pdsactx->mdctx, data, datalen);
331}
332
333int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen,
334                          size_t sigsize)
335{
336    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
337    unsigned char digest[EVP_MAX_MD_SIZE];
338    unsigned int dlen = 0;
339
340    if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL)
341        return 0;
342
343    /*
344     * If sig is NULL then we're just finding out the sig size. Other fields
345     * are ignored. Defer to dsa_sign.
346     */
347    if (sig != NULL) {
348        /*
349         * There is the possibility that some externally provided
350         * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow -
351         * but that problem is much larger than just in DSA.
352         */
353        if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen))
354            return 0;
355    }
356
357    pdsactx->flag_allow_md = 1;
358
359    return dsa_sign(vpdsactx, sig, siglen, sigsize, digest, (size_t)dlen);
360}
361
362
363int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig,
364                            size_t siglen)
365{
366    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
367    unsigned char digest[EVP_MAX_MD_SIZE];
368    unsigned int dlen = 0;
369
370    if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL)
371        return 0;
372
373    /*
374     * There is the possibility that some externally provided
375     * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow -
376     * but that problem is much larger than just in DSA.
377     */
378    if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen))
379        return 0;
380
381    pdsactx->flag_allow_md = 1;
382
383    return dsa_verify(vpdsactx, sig, siglen, digest, (size_t)dlen);
384}
385
386static void dsa_freectx(void *vpdsactx)
387{
388    PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx;
389
390    OPENSSL_free(ctx->propq);
391    EVP_MD_CTX_free(ctx->mdctx);
392    EVP_MD_free(ctx->md);
393    ctx->propq = NULL;
394    ctx->mdctx = NULL;
395    ctx->md = NULL;
396    DSA_free(ctx->dsa);
397    OPENSSL_free(ctx);
398}
399
400static void *dsa_dupctx(void *vpdsactx)
401{
402    PROV_DSA_CTX *srcctx = (PROV_DSA_CTX *)vpdsactx;
403    PROV_DSA_CTX *dstctx;
404
405    if (!ossl_prov_is_running())
406        return NULL;
407
408    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
409    if (dstctx == NULL)
410        return NULL;
411
412    *dstctx = *srcctx;
413    dstctx->dsa = NULL;
414    dstctx->md = NULL;
415    dstctx->mdctx = NULL;
416    dstctx->propq = NULL;
417
418    if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa))
419        goto err;
420    dstctx->dsa = srcctx->dsa;
421
422    if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
423        goto err;
424    dstctx->md = srcctx->md;
425
426    if (srcctx->mdctx != NULL) {
427        dstctx->mdctx = EVP_MD_CTX_new();
428        if (dstctx->mdctx == NULL
429                || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
430            goto err;
431    }
432    if (srcctx->propq != NULL) {
433        dstctx->propq = OPENSSL_strdup(srcctx->propq);
434        if (dstctx->propq == NULL)
435            goto err;
436    }
437
438    return dstctx;
439 err:
440    dsa_freectx(dstctx);
441    return NULL;
442}
443
444static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params)
445{
446    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
447    OSSL_PARAM *p;
448
449    if (pdsactx == NULL)
450        return 0;
451
452    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
453    if (p != NULL
454        && !OSSL_PARAM_set_octet_string(p, pdsactx->aid, pdsactx->aid_len))
455        return 0;
456
457    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
458    if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->mdname))
459        return 0;
460
461    return 1;
462}
463
464static const OSSL_PARAM known_gettable_ctx_params[] = {
465    OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
466    OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
467    OSSL_PARAM_END
468};
469
470static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx,
471                                                 ossl_unused void *provctx)
472{
473    return known_gettable_ctx_params;
474}
475
476static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
477{
478    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
479    const OSSL_PARAM *p;
480
481    if (pdsactx == NULL)
482        return 0;
483    if (params == NULL)
484        return 1;
485
486    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
487    if (p != NULL) {
488        char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
489        char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops;
490        const OSSL_PARAM *propsp =
491            OSSL_PARAM_locate_const(params,
492                                    OSSL_SIGNATURE_PARAM_PROPERTIES);
493
494        if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
495            return 0;
496        if (propsp != NULL
497            && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops)))
498            return 0;
499        if (!dsa_setup_md(pdsactx, mdname, mdprops))
500            return 0;
501    }
502
503    return 1;
504}
505
506static const OSSL_PARAM settable_ctx_params[] = {
507    OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
508    OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
509    OSSL_PARAM_END
510};
511
512static const OSSL_PARAM settable_ctx_params_no_digest[] = {
513    OSSL_PARAM_END
514};
515
516static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx,
517                                                 ossl_unused void *provctx)
518{
519    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
520
521    if (pdsactx != NULL && !pdsactx->flag_allow_md)
522        return settable_ctx_params_no_digest;
523    return settable_ctx_params;
524}
525
526static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params)
527{
528    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
529
530    if (pdsactx->mdctx == NULL)
531        return 0;
532
533    return EVP_MD_CTX_get_params(pdsactx->mdctx, params);
534}
535
536static const OSSL_PARAM *dsa_gettable_ctx_md_params(void *vpdsactx)
537{
538    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
539
540    if (pdsactx->md == NULL)
541        return 0;
542
543    return EVP_MD_gettable_ctx_params(pdsactx->md);
544}
545
546static int dsa_set_ctx_md_params(void *vpdsactx, const OSSL_PARAM params[])
547{
548    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
549
550    if (pdsactx->mdctx == NULL)
551        return 0;
552
553    return EVP_MD_CTX_set_params(pdsactx->mdctx, params);
554}
555
556static const OSSL_PARAM *dsa_settable_ctx_md_params(void *vpdsactx)
557{
558    PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
559
560    if (pdsactx->md == NULL)
561        return 0;
562
563    return EVP_MD_settable_ctx_params(pdsactx->md);
564}
565
566const OSSL_DISPATCH ossl_dsa_signature_functions[] = {
567    { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx },
568    { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))dsa_sign_init },
569    { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign },
570    { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))dsa_verify_init },
571    { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))dsa_verify },
572    { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
573      (void (*)(void))dsa_digest_sign_init },
574    { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE,
575      (void (*)(void))dsa_digest_signverify_update },
576    { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL,
577      (void (*)(void))dsa_digest_sign_final },
578    { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
579      (void (*)(void))dsa_digest_verify_init },
580    { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE,
581      (void (*)(void))dsa_digest_signverify_update },
582    { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL,
583      (void (*)(void))dsa_digest_verify_final },
584    { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx },
585    { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx },
586    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))dsa_get_ctx_params },
587    { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
588      (void (*)(void))dsa_gettable_ctx_params },
589    { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))dsa_set_ctx_params },
590    { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS,
591      (void (*)(void))dsa_settable_ctx_params },
592    { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS,
593      (void (*)(void))dsa_get_ctx_md_params },
594    { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS,
595      (void (*)(void))dsa_gettable_ctx_md_params },
596    { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS,
597      (void (*)(void))dsa_set_ctx_md_params },
598    { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS,
599      (void (*)(void))dsa_settable_ctx_md_params },
600    { 0, NULL }
601};
602