style(9), comments and whitespace.

author: jsing <> 2018-06-13 18:01:04 +0000
committer: jsing <> 2018-06-13 18:01:04 +0000
commit: cc4832a164b06946cf8c74f7991da32974d0da27 (patch)
tree: 26949ac2bb9479ddc51fe970510e4ce3b1310e8d /src/lib/libcrypto/dsa/dsa_ossl.c
parent: 70f6c28ec4997461a2ea714457e95ada1c2287ef (diff)
download: openbsd-cc4832a164b06946cf8c74f7991da32974d0da27.tar.gz
openbsd-cc4832a164b06946cf8c74f7991da32974d0da27.tar.bz2
openbsd-cc4832a164b06946cf8c74f7991da32974d0da27.zip
1 files changed, 32 insertions, 30 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 505ef800dc..7c23bb4909 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.32 2018/06/13 15:05:04 jsing Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.33 2018/06/13 18:01:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -70,9 +70,9 @@
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-            BIGNUM **rp);
+    BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-            DSA *dsa);
+    DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
@@ -82,7 +82,7 @@ static DSA_METHOD openssl_dsa_meth = {
        .dsa_sign_setup = dsa_sign_setup,
        .dsa_do_verify = dsa_do_verify,
        .init = dsa_init,
-        .finish = dsa_finish
+        .finish = dsa_finish,
 };
 const DSA_METHOD *
@@ -116,7 +116,8 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        ctx = BN_CTX_new();
        if (ctx == NULL)
                goto err;
-redo:
+ redo:
        if (dsa->kinv == NULL || dsa->r == NULL) {
                if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
                        goto err;
@@ -128,11 +129,9 @@ redo:
                noredo = 1;
        }
-        
        /*
         * If the digest length is greater than the size of q use the
-         * BN_num_bits(dsa->q) leftmost bits of the digest, see
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2.
-         * fips 186-3, 4.2
         */
        if (dlen > BN_num_bytes(dsa->q))
                dlen = BN_num_bytes(dsa->q);
@@ -151,8 +150,8 @@ redo:
        if (ret == NULL)
                goto err;
        /*
-         * Redo if r or s is zero as required by FIPS 186-3: this is
+         * Redo if r or s is zero as required by FIPS 186-3: this is very
-         * very unlikely.
+         * unlikely.
         */
        if (BN_is_zero(r) || BN_is_zero(s)) {
                if (noredo) {
@@ -164,7 +163,7 @@ redo:
        ret->r = r;
        ret->s = s;
        
-err:
+ err:
        if (!ret) {
                DSAerror(reason);
                BN_free(r);
@@ -174,6 +173,7 @@ err:
        BN_clear_free(&m);
        BN_clear_free(&xr);
        BN_clear_free(kinv);
        return ret;
 }
@@ -245,14 +245,15 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        if (dsa->meth->bn_mod_exp != NULL) {
                if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, &k, dsa->p, ctx,
-                                        dsa->method_mont_p))
+                    dsa->method_mont_p))
                        goto err;
        } else {
-                if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p))
+                if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx,
+                    dsa->method_mont_p))
                        goto err;
        }
-        if (!BN_mod_ct(r,r,dsa->q,ctx))
+        if (!BN_mod_ct(r, r, dsa->q, ctx))
                goto err;
        /* Compute  part of 's = inv(k) (m + xr) mod q' */
@@ -264,8 +265,10 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        kinv = NULL;
        BN_clear_free(*rp);
        *rp = r;
        ret = 1;
-err:
+ err:
        if (!ret) {
                DSAerror(ERR_R_BN_LIB);
                BN_clear_free(r);
@@ -275,6 +278,7 @@ err:
        BN_clear_free(&k);
        BN_clear_free(&l);
        BN_clear_free(&m);
        return ret;
 }
@@ -292,7 +296,7 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
        }
        i = BN_num_bits(dsa->q);
-        /* fips 186-3 allows only different sizes for q */
+        /* FIPS 186-3 allows only three different sizes for q. */
        if (i != 160 && i != 224 && i != 256) {
                DSAerror(DSA_R_BAD_Q_VALUE);
                return -1;
@@ -320,23 +324,22 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
                goto err;
        }
-        /* Calculate W = inv(S) mod Q
+        /* Calculate w = inv(s) mod q, saving w in u2. */
-         * save W in u2 */
        if ((BN_mod_inverse_ct(&u2, sig->s, dsa->q, ctx)) == NULL)
                goto err;
-        /* save M in u1 */
        /*
         * If the digest length is greater than the size of q use the
-         * BN_num_bits(dsa->q) leftmost bits of the digest, see
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2.
-         * fips 186-3, 4.2
         */
        if (dgst_len > (i >> 3))
                dgst_len = (i >> 3);
+        /* Save m in u1. */
        if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
                goto err;
-        /* u1 = M * w mod q */
+        /* u1 = m * w mod q */
        if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
                goto err;
@@ -344,7 +347,6 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
        if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
                goto err;
        if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
                mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
                    CRYPTO_LOCK_DSA, dsa->p, ctx);
@@ -353,12 +355,12 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
        }
        if (dsa->meth->dsa_mod_exp != NULL) {
-                if (!dsa->meth->dsa_mod_exp(dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2,
+                if (!dsa->meth->dsa_mod_exp(dsa, &t1, dsa->g, &u1, dsa->pub_key,
-                                                dsa->p, ctx, mont))
+                    &u2, dsa->p, ctx, mont))
                        goto err;
        } else {
-                if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,
+                if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2,
-                                                mont))
+                    dsa->p, ctx, mont))
                        goto err;
        }
@@ -367,17 +369,17 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
        if (!BN_mod_ct(&u1, &t1, dsa->q, ctx))
                goto err;
-        /* V is now in u1.  If the signature is correct, it will be
+        /* v is in u1 - if the signature is correct, it will be equal to r. */
-         * equal to R. */
        ret = BN_ucmp(&u1, sig->r) == 0;
-err:
+ err:
        if (ret < 0)
                DSAerror(ERR_R_BN_LIB);
        BN_CTX_free(ctx);
        BN_free(&u1);
        BN_free(&u2);
        BN_free(&t1);
        return ret;
 }
author	jsing <>	2018-06-13 18:01:04 +0000
committer	jsing <>	2018-06-13 18:01:04 +0000
commit	cc4832a164b06946cf8c74f7991da32974d0da27 (patch)
tree	26949ac2bb9479ddc51fe970510e4ce3b1310e8d /src/lib/libcrypto/dsa/dsa_ossl.c
parent	70f6c28ec4997461a2ea714457e95ada1c2287ef (diff)
download	openbsd-cc4832a164b06946cf8c74f7991da32974d0da27.tar.gz openbsd-cc4832a164b06946cf8c74f7991da32974d0da27.tar.bz2 openbsd-cc4832a164b06946cf8c74f7991da32974d0da27.zip

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 505ef800dc..7c23bb4909 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_ossl.c,v 1.32 2018/06/13 15:05:04 jsing Exp $ */	1	/* $OpenBSD: dsa_ossl.c,v 1.33 2018/06/13 18:01:04 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -70,9 +70,9 @@
70		70
71	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);	71	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);
72	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM **kinvp,	72	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM **kinvp,
73	BIGNUM **rp);	73	BIGNUM **rp);
74	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	74	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
75	DSA *dsa);	75	DSA *dsa);
76	static int dsa_init(DSA *dsa);	76	static int dsa_init(DSA *dsa);
77	static int dsa_finish(DSA *dsa);	77	static int dsa_finish(DSA *dsa);
78		78
@@ -82,7 +82,7 @@ static DSA_METHOD openssl_dsa_meth = {
82	.dsa_sign_setup = dsa_sign_setup,	82	.dsa_sign_setup = dsa_sign_setup,
83	.dsa_do_verify = dsa_do_verify,	83	.dsa_do_verify = dsa_do_verify,
84	.init = dsa_init,	84	.init = dsa_init,
85	.finish = dsa_finish	85	.finish = dsa_finish,
86	};	86	};
87		87
88	const DSA_METHOD *	88	const DSA_METHOD *
@@ -116,7 +116,8 @@ dsa_do_sign(const unsigned char dgst, int dlen, DSA dsa)
116	ctx = BN_CTX_new();	116	ctx = BN_CTX_new();
117	if (ctx == NULL)	117	if (ctx == NULL)
118	goto err;	118	goto err;
119	redo:	119
		120	redo:
120	if (dsa->kinv == NULL \|\| dsa->r == NULL) {	121	if (dsa->kinv == NULL \|\| dsa->r == NULL) {
121	if (!DSA_sign_setup(dsa, ctx, &kinv, &r))	122	if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
122	goto err;	123	goto err;
@@ -128,11 +129,9 @@ redo:
128	noredo = 1;	129	noredo = 1;
129	}	130	}
130		131
131
132	/*	132	/*
133	* If the digest length is greater than the size of q use the	133	* If the digest length is greater than the size of q use the
134	* BN_num_bits(dsa->q) leftmost bits of the digest, see	134	* BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2.
135	* fips 186-3, 4.2
136	*/	135	*/
137	if (dlen > BN_num_bytes(dsa->q))	136	if (dlen > BN_num_bytes(dsa->q))
138	dlen = BN_num_bytes(dsa->q);	137	dlen = BN_num_bytes(dsa->q);
@@ -151,8 +150,8 @@ redo:
151	if (ret == NULL)	150	if (ret == NULL)
152	goto err;	151	goto err;
153	/*	152	/*
154	* Redo if r or s is zero as required by FIPS 186-3: this is	153	* Redo if r or s is zero as required by FIPS 186-3: this is very
155	* very unlikely.	154	* unlikely.
156	*/	155	*/
157	if (BN_is_zero(r) \|\| BN_is_zero(s)) {	156	if (BN_is_zero(r) \|\| BN_is_zero(s)) {
158	if (noredo) {	157	if (noredo) {
@@ -164,7 +163,7 @@ redo:
164	ret->r = r;	163	ret->r = r;
165	ret->s = s;	164	ret->s = s;
166		165
167	err:	166	err:
168	if (!ret) {	167	if (!ret) {
169	DSAerror(reason);	168	DSAerror(reason);
170	BN_free(r);	169	BN_free(r);
@@ -174,6 +173,7 @@ err:
174	BN_clear_free(&m);	173	BN_clear_free(&m);
175	BN_clear_free(&xr);	174	BN_clear_free(&xr);
176	BN_clear_free(kinv);	175	BN_clear_free(kinv);
		176
177	return ret;	177	return ret;
178	}	178	}
179		179
@@ -245,14 +245,15 @@ dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
245		245
246	if (dsa->meth->bn_mod_exp != NULL) {	246	if (dsa->meth->bn_mod_exp != NULL) {
247	if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, &k, dsa->p, ctx,	247	if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, &k, dsa->p, ctx,
248	dsa->method_mont_p))	248	dsa->method_mont_p))
249	goto err;	249	goto err;
250	} else {	250	} else {
251	if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p))	251	if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx,
		252	dsa->method_mont_p))
252	goto err;	253	goto err;
253	}	254	}
254		255
255	if (!BN_mod_ct(r,r,dsa->q,ctx))	256	if (!BN_mod_ct(r, r, dsa->q, ctx))
256	goto err;	257	goto err;
257		258
258	/* Compute part of 's = inv(k) (m + xr) mod q' */	259	/* Compute part of 's = inv(k) (m + xr) mod q' */
@@ -264,8 +265,10 @@ dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
264	kinv = NULL;	265	kinv = NULL;
265	BN_clear_free(*rp);	266	BN_clear_free(*rp);
266	*rp = r;	267	*rp = r;
		268
267	ret = 1;	269	ret = 1;
268	err:	270
		271	err:
269	if (!ret) {	272	if (!ret) {
270	DSAerror(ERR_R_BN_LIB);	273	DSAerror(ERR_R_BN_LIB);
271	BN_clear_free(r);	274	BN_clear_free(r);
@@ -275,6 +278,7 @@ err:
275	BN_clear_free(&k);	278	BN_clear_free(&k);
276	BN_clear_free(&l);	279	BN_clear_free(&l);
277	BN_clear_free(&m);	280	BN_clear_free(&m);
		281
278	return ret;	282	return ret;
279	}	283	}
280		284
@@ -292,7 +296,7 @@ dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig, DSA *dsa)
292	}	296	}
293		297
294	i = BN_num_bits(dsa->q);	298	i = BN_num_bits(dsa->q);
295	/* fips 186-3 allows only different sizes for q */	299	/* FIPS 186-3 allows only three different sizes for q. */
296	if (i != 160 && i != 224 && i != 256) {	300	if (i != 160 && i != 224 && i != 256) {
297	DSAerror(DSA_R_BAD_Q_VALUE);	301	DSAerror(DSA_R_BAD_Q_VALUE);
298	return -1;	302	return -1;
@@ -320,23 +324,22 @@ dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig, DSA *dsa)
320	goto err;	324	goto err;
321	}	325	}
322		326
323	/* Calculate W = inv(S) mod Q	327	/* Calculate w = inv(s) mod q, saving w in u2. */
324	* save W in u2 */
325	if ((BN_mod_inverse_ct(&u2, sig->s, dsa->q, ctx)) == NULL)	328	if ((BN_mod_inverse_ct(&u2, sig->s, dsa->q, ctx)) == NULL)
326	goto err;	329	goto err;
327		330
328	/* save M in u1 */
329	/*	331	/*
330	* If the digest length is greater than the size of q use the	332	* If the digest length is greater than the size of q use the
331	* BN_num_bits(dsa->q) leftmost bits of the digest, see	333	* BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2.
332	* fips 186-3, 4.2
333	*/	334	*/
334	if (dgst_len > (i >> 3))	335	if (dgst_len > (i >> 3))
335	dgst_len = (i >> 3);	336	dgst_len = (i >> 3);
		337
		338	/* Save m in u1. */
336	if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)	339	if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
337	goto err;	340	goto err;
338		341
339	/* u1 = M * w mod q */	342	/* u1 = m * w mod q */
340	if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))	343	if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
341	goto err;	344	goto err;
342		345
@@ -344,7 +347,6 @@ dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig, DSA *dsa)
344	if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))	347	if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
345	goto err;	348	goto err;
346		349
347
348	if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {	350	if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
349	mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,	351	mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
350	CRYPTO_LOCK_DSA, dsa->p, ctx);	352	CRYPTO_LOCK_DSA, dsa->p, ctx);
@@ -353,12 +355,12 @@ dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig, DSA *dsa)
353	}	355	}
354		356
355	if (dsa->meth->dsa_mod_exp != NULL) {	357	if (dsa->meth->dsa_mod_exp != NULL) {
356	if (!dsa->meth->dsa_mod_exp(dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2,	358	if (!dsa->meth->dsa_mod_exp(dsa, &t1, dsa->g, &u1, dsa->pub_key,
357	dsa->p, ctx, mont))	359	&u2, dsa->p, ctx, mont))
358	goto err;	360	goto err;
359	} else {	361	} else {
360	if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,	362	if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2,
361	mont))	363	dsa->p, ctx, mont))
362	goto err;	364	goto err;
363	}	365	}
364		366
@@ -367,17 +369,17 @@ dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig, DSA *dsa)
367	if (!BN_mod_ct(&u1, &t1, dsa->q, ctx))	369	if (!BN_mod_ct(&u1, &t1, dsa->q, ctx))
368	goto err;	370	goto err;
369		371
370	/* V is now in u1. If the signature is correct, it will be	372	/* v is in u1 - if the signature is correct, it will be equal to r. */
371	* equal to R. */
372	ret = BN_ucmp(&u1, sig->r) == 0;	373	ret = BN_ucmp(&u1, sig->r) == 0;
373		374
374	err:	375	err:
375	if (ret < 0)	376	if (ret < 0)
376	DSAerror(ERR_R_BN_LIB);	377	DSAerror(ERR_R_BN_LIB);
377	BN_CTX_free(ctx);	378	BN_CTX_free(ctx);
378	BN_free(&u1);	379	BN_free(&u1);
379	BN_free(&u2);	380	BN_free(&u2);
380	BN_free(&t1);	381	BN_free(&t1);
		382
381	return ret;	383	return ret;
382	}	384	}
383		385