resolve conflicts

author: djm <> 2008-09-06 12:17:54 +0000
committer: djm <> 2008-09-06 12:17:54 +0000
commit: 6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda (patch)
tree: 7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libcrypto/dsa/dsa_ossl.c
parent: 89181603212b41e95cde36b1be5a146ce8fb2935 (diff)
download: openbsd-6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda.tar.gz
openbsd-6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda.tar.bz2
openbsd-6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda.zip
1 files changed, 54 insertions, 54 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 5de5fc7e91..75ff7cc4af 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,33 +65,63 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-                BN_MONT_CTX *in_mont);
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
 static DSA_METHOD openssl_dsa_meth = {
 "OpenSSL DSA method",
 dsa_do_sign,
 dsa_sign_setup,
 dsa_do_verify,
-dsa_mod_exp,
+NULL, /* dsa_mod_exp, */
-dsa_bn_mod_exp,
+NULL, /* dsa_bn_mod_exp, */
 dsa_init,
 dsa_finish,
 0,
+NULL,
+NULL,
 NULL
 };
+/* These macro wrappers replace attempts to use the dsa_mod_exp() and
+ * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
+ * having a the macro work as an expression by bundling an "err_instr". So;
+ * 
+ *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ *                 dsa->method_mont_p)) goto err;
+ *
+ * can be replaced by;
+ *
+ *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
+ *                 dsa->method_mont_p);
+ */
+#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
+        do { \
+        int _tmp_res53; \
+        if((dsa)->meth->dsa_mod_exp) \
+                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
+                                (a2), (p2), (m), (ctx), (in_mont)); \
+        else \
+                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
+                                (m), (ctx), (in_mont)); \
+        if(!_tmp_res53) err_instr; \
+        } while(0)
+#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
+        do { \
+        int _tmp_res53; \
+        if((dsa)->meth->bn_mod_exp) \
+                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
+                                (m), (ctx), (m_ctx)); \
+        else \
+                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
+        if(!_tmp_res53) err_instr; \
+        } while(0)
 const DSA_METHOD *DSA_OpenSSL(void)
 {
        return &openssl_dsa_meth;
@@ -199,12 +229,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        while (BN_is_zero(&k));
        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
                {
-                BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+                BN_set_flags(&k, BN_FLG_CONSTTIME);
                }
        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-                if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+                if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
                                                CRYPTO_LOCK_DSA,
                                                dsa->p, ctx))
                        goto err;
@@ -234,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                {
                K = &k;
                }
-        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
+        DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
-                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+                        dsa->method_mont_p);
        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
        /* Compute  part of 's = inv(k) (m + xr) mod q' */
@@ -292,12 +322,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+        if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+            BN_ucmp(sig->r, dsa->q) >= 0)
                {
                ret = 0;
                goto err;
                }
-        if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+        if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+            BN_ucmp(sig->s, dsa->q) >= 0)
                {
                ret = 0;
                goto err;
@@ -319,43 +351,25 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(
+                mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-                                        (BN_MONT_CTX **)&dsa->method_mont_p,
                                        CRYPTO_LOCK_DSA, dsa->p, ctx);
                if (!mont)
                        goto err;
                }
-#if 0
-        {
+        DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
-        BIGNUM t2;
-        BN_init(&t2);
-        /* v = ( g^u1 * y^u2 mod p ) mod q */
-        /* let t1 = g ^ u1 mod p */
-        if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
-        /* let t2 = y ^ u2 mod p */
-        if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
-        /* let u1 = t1 * t2 mod p */
-        if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
-        BN_free(&t2);
-        }
-        /* let u1 = u1 mod q */
-        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
-#else
-        {
-        if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
-                                                dsa->p,ctx,mont)) goto err;
        /* BN_copy(&u1,&t1); */
        /* let u1 = u1 mod q */
        if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
-        }
-#endif
        /* V is now in u1.  If the signature is correct, it will be
         * equal to R. */
        ret=(BN_ucmp(&u1, sig->r) == 0);
        err:
+        /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
+           there is no error in BN. Test should be ret == -1 (Ben) */
        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
        if (ctx != NULL) BN_CTX_free(ctx);
        BN_free(&u1);
@@ -373,21 +387,7 @@ static int dsa_init(DSA *dsa)
 static int dsa_finish(DSA *dsa)
 {
        if(dsa->method_mont_p)
-                BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+                BN_MONT_CTX_free(dsa->method_mont_p);
        return(1);
 }
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-                BN_MONT_CTX *in_mont)
-{
-        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
-}
-        
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx)
-{
-        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
-}
-#endif
author	djm <>	2008-09-06 12:17:54 +0000
committer	djm <>	2008-09-06 12:17:54 +0000
commit	6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda (patch)
tree	7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libcrypto/dsa/dsa_ossl.c
parent	89181603212b41e95cde36b1be5a146ce8fb2935 (diff)
download	openbsd-6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda.tar.gz openbsd-6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda.tar.bz2 openbsd-6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda.zip

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 5de5fc7e91..75ff7cc4af 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,33 +65,63 @@
65	#include <openssl/rand.h>	65	#include <openssl/rand.h>
66	#include <openssl/asn1.h>	66	#include <openssl/asn1.h>
67		67
68	#ifndef OPENSSL_FIPS
69	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);	68	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);
70	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);	69	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);
71	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	70	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
72	DSA *dsa);	71	DSA *dsa);
73	static int dsa_init(DSA *dsa);	72	static int dsa_init(DSA *dsa);
74	static int dsa_finish(DSA *dsa);	73	static int dsa_finish(DSA *dsa);
75	static int dsa_mod_exp(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM p1,
76	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx,
77	BN_MONT_CTX *in_mont);
78	static int dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
79	const BIGNUM m, BN_CTX ctx,
80	BN_MONT_CTX *m_ctx);
81		74
82	static DSA_METHOD openssl_dsa_meth = {	75	static DSA_METHOD openssl_dsa_meth = {
83	"OpenSSL DSA method",	76	"OpenSSL DSA method",
84	dsa_do_sign,	77	dsa_do_sign,
85	dsa_sign_setup,	78	dsa_sign_setup,
86	dsa_do_verify,	79	dsa_do_verify,
87	dsa_mod_exp,	80	NULL, /* dsa_mod_exp, */
88	dsa_bn_mod_exp,	81	NULL, /* dsa_bn_mod_exp, */
89	dsa_init,	82	dsa_init,
90	dsa_finish,	83	dsa_finish,
91	0,	84	0,
		85	NULL,
		86	NULL,
92	NULL	87	NULL
93	};	88	};
94		89
		90	/* These macro wrappers replace attempts to use the dsa_mod_exp() and
		91	* bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
		92	* having a the macro work as an expression by bundling an "err_instr". So;
		93	*
		94	* if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
		95	* dsa->method_mont_p)) goto err;
		96	*
		97	* can be replaced by;
		98	*
		99	* DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
		100	* dsa->method_mont_p);
		101	*/
		102
		103	#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
		104	do { \
		105	int _tmp_res53; \
		106	if((dsa)->meth->dsa_mod_exp) \
		107	_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
		108	(a2), (p2), (m), (ctx), (in_mont)); \
		109	else \
		110	_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
		111	(m), (ctx), (in_mont)); \
		112	if(!_tmp_res53) err_instr; \
		113	} while(0)
		114	#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
		115	do { \
		116	int _tmp_res53; \
		117	if((dsa)->meth->bn_mod_exp) \
		118	_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
		119	(m), (ctx), (m_ctx)); \
		120	else \
		121	_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
		122	if(!_tmp_res53) err_instr; \
		123	} while(0)
		124
95	const DSA_METHOD *DSA_OpenSSL(void)	125	const DSA_METHOD *DSA_OpenSSL(void)
96	{	126	{
97	return &openssl_dsa_meth;	127	return &openssl_dsa_meth;
@@ -199,12 +229,12 @@ static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
199	while (BN_is_zero(&k));	229	while (BN_is_zero(&k));
200	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)	230	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
201	{	231	{
202	BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);	232	BN_set_flags(&k, BN_FLG_CONSTTIME);
203	}	233	}
204		234
205	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)	235	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
206	{	236	{
207	if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,	237	if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
208	CRYPTO_LOCK_DSA,	238	CRYPTO_LOCK_DSA,
209	dsa->p, ctx))	239	dsa->p, ctx))
210	goto err;	240	goto err;
@@ -234,8 +264,8 @@ static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
234	{	264	{
235	K = &k;	265	K = &k;
236	}	266	}
237	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,	267	DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
238	(BN_MONT_CTX *)dsa->method_mont_p)) goto err;	268	dsa->method_mont_p);
239	if (!BN_mod(r,r,dsa->q,ctx)) goto err;	269	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
240		270
241	/* Compute part of 's = inv(k) (m + xr) mod q' */	271	/* Compute part of 's = inv(k) (m + xr) mod q' */
@@ -292,12 +322,14 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
292		322
293	if ((ctx=BN_CTX_new()) == NULL) goto err;	323	if ((ctx=BN_CTX_new()) == NULL) goto err;
294		324
295	if (BN_is_zero(sig->r) \|\| sig->r->neg \|\| BN_ucmp(sig->r, dsa->q) >= 0)	325	if (BN_is_zero(sig->r) \|\| BN_is_negative(sig->r) \|\|
		326	BN_ucmp(sig->r, dsa->q) >= 0)
296	{	327	{
297	ret = 0;	328	ret = 0;
298	goto err;	329	goto err;
299	}	330	}
300	if (BN_is_zero(sig->s) \|\| sig->s->neg \|\| BN_ucmp(sig->s, dsa->q) >= 0)	331	if (BN_is_zero(sig->s) \|\| BN_is_negative(sig->s) \|\|
		332	BN_ucmp(sig->s, dsa->q) >= 0)
301	{	333	{
302	ret = 0;	334	ret = 0;
303	goto err;	335	goto err;
@@ -319,43 +351,25 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
319		351
320	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)	352	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
321	{	353	{
322	mont = BN_MONT_CTX_set_locked(	354	mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
323	(BN_MONT_CTX **)&dsa->method_mont_p,
324	CRYPTO_LOCK_DSA, dsa->p, ctx);	355	CRYPTO_LOCK_DSA, dsa->p, ctx);
325	if (!mont)	356	if (!mont)
326	goto err;	357	goto err;
327	}	358	}
328		359
329	#if 0	360
330	{	361	DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
331	BIGNUM t2;
332
333	BN_init(&t2);
334	/* v = ( g^u1 * y^u2 mod p ) mod q */
335	/* let t1 = g ^ u1 mod p */
336	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
337	/* let t2 = y ^ u2 mod p */
338	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
339	/* let u1 = t1 * t2 mod p */
340	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
341	BN_free(&t2);
342	}
343	/* let u1 = u1 mod q */
344	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
345	#else
346	{
347	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
348	dsa->p,ctx,mont)) goto err;
349	/* BN_copy(&u1,&t1); */	362	/* BN_copy(&u1,&t1); */
350	/* let u1 = u1 mod q */	363	/* let u1 = u1 mod q */
351	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;	364	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
352	}	365
353	#endif
354	/* V is now in u1. If the signature is correct, it will be	366	/* V is now in u1. If the signature is correct, it will be
355	* equal to R. */	367	* equal to R. */
356	ret=(BN_ucmp(&u1, sig->r) == 0);	368	ret=(BN_ucmp(&u1, sig->r) == 0);
357		369
358	err:	370	err:
		371	/* XXX: surely this is wrong - if ret is 0, it just didn't verify;
		372	there is no error in BN. Test should be ret == -1 (Ben) */
359	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);	373	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
360	if (ctx != NULL) BN_CTX_free(ctx);	374	if (ctx != NULL) BN_CTX_free(ctx);
361	BN_free(&u1);	375	BN_free(&u1);
@@ -373,21 +387,7 @@ static int dsa_init(DSA *dsa)
373	static int dsa_finish(DSA *dsa)	387	static int dsa_finish(DSA *dsa)
374	{	388	{
375	if(dsa->method_mont_p)	389	if(dsa->method_mont_p)
376	BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);	390	BN_MONT_CTX_free(dsa->method_mont_p);
377	return(1);	391	return(1);
378	}	392	}
379		393
380	static int dsa_mod_exp(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM p1,
381	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx,
382	BN_MONT_CTX *in_mont)
383	{
384	return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
385	}
386
387	static int dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
388	const BIGNUM m, BN_CTX ctx,
389	BN_MONT_CTX *m_ctx)
390	{
391	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
392	}
393	#endif