summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_ossl.c
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/dsa/dsa_ossl.c
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c321
1 files changed, 321 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..b51cf6ad8d
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,321 @@
1/* crypto/dsa/dsa_ossl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67
68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
70static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
71 DSA *dsa);
72static int dsa_init(DSA *dsa);
73static int dsa_finish(DSA *dsa);
74static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
75 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
76 BN_MONT_CTX *in_mont);
77static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
78 const BIGNUM *m, BN_CTX *ctx,
79 BN_MONT_CTX *m_ctx);
80
81static DSA_METHOD openssl_dsa_meth = {
82"OpenSSL DSA method",
83dsa_do_sign,
84dsa_sign_setup,
85dsa_do_verify,
86dsa_mod_exp,
87dsa_bn_mod_exp,
88dsa_init,
89dsa_finish,
900,
91NULL
92};
93
94DSA_METHOD *DSA_OpenSSL(void)
95{
96 return &openssl_dsa_meth;
97}
98
99static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
100 {
101 BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
102 BIGNUM m;
103 BIGNUM xr;
104 BN_CTX *ctx=NULL;
105 int i,reason=ERR_R_BN_LIB;
106 DSA_SIG *ret=NULL;
107
108 BN_init(&m);
109 BN_init(&xr);
110 s=BN_new();
111 if (s == NULL) goto err;
112
113 i=BN_num_bytes(dsa->q); /* should be 20 */
114 if ((dlen > i) || (dlen > 50))
115 {
116 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
117 goto err;
118 }
119
120 ctx=BN_CTX_new();
121 if (ctx == NULL) goto err;
122
123 if ((dsa->kinv == NULL) || (dsa->r == NULL))
124 {
125 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
126 }
127 else
128 {
129 kinv=dsa->kinv;
130 dsa->kinv=NULL;
131 r=dsa->r;
132 dsa->r=NULL;
133 }
134
135 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
136
137 /* Compute s = inv(k) (m + xr) mod q */
138 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
139 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
140 if (BN_cmp(s,dsa->q) > 0)
141 BN_sub(s,s,dsa->q);
142 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
143
144 ret=DSA_SIG_new();
145 if (ret == NULL) goto err;
146 ret->r = r;
147 ret->s = s;
148
149err:
150 if (!ret)
151 {
152 DSAerr(DSA_F_DSA_DO_SIGN,reason);
153 BN_free(r);
154 BN_free(s);
155 }
156 if (ctx != NULL) BN_CTX_free(ctx);
157 BN_clear_free(&m);
158 BN_clear_free(&xr);
159 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
160 BN_clear_free(kinv);
161 return(ret);
162 }
163
164static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
165 {
166 BN_CTX *ctx;
167 BIGNUM k,*kinv=NULL,*r=NULL;
168 int ret=0;
169
170 if (ctx_in == NULL)
171 {
172 if ((ctx=BN_CTX_new()) == NULL) goto err;
173 }
174 else
175 ctx=ctx_in;
176
177 BN_init(&k);
178 if ((r=BN_new()) == NULL) goto err;
179 kinv=NULL;
180
181 /* Get random k */
182 for (;;)
183 {
184 if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
185 if (BN_cmp(&k,dsa->q) >= 0)
186 BN_sub(&k,&k,dsa->q);
187 if (!BN_is_zero(&k)) break;
188 }
189
190 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
191 {
192 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
193 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
194 dsa->p,ctx)) goto err;
195 }
196
197 /* Compute r = (g^k mod p) mod q */
198 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
199 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
200 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
201
202 /* Compute part of 's = inv(k) (m + xr) mod q' */
203 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
204
205 if (*kinvp != NULL) BN_clear_free(*kinvp);
206 *kinvp=kinv;
207 kinv=NULL;
208 if (*rp != NULL) BN_clear_free(*rp);
209 *rp=r;
210 ret=1;
211err:
212 if (!ret)
213 {
214 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
215 if (kinv != NULL) BN_clear_free(kinv);
216 if (r != NULL) BN_clear_free(r);
217 }
218 if (ctx_in == NULL) BN_CTX_free(ctx);
219 if (kinv != NULL) BN_clear_free(kinv);
220 BN_clear_free(&k);
221 return(ret);
222 }
223
224static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
225 DSA *dsa)
226 {
227 BN_CTX *ctx;
228 BIGNUM u1,u2,t1;
229 BN_MONT_CTX *mont=NULL;
230 int ret = -1;
231
232 if ((ctx=BN_CTX_new()) == NULL) goto err;
233 BN_init(&u1);
234 BN_init(&u2);
235 BN_init(&t1);
236
237 /* Calculate W = inv(S) mod Q
238 * save W in u2 */
239 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
240
241 /* save M in u1 */
242 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
243
244 /* u1 = M * w mod q */
245 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
246
247 /* u2 = r * w mod q */
248 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
249
250 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
251 {
252 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
253 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
254 dsa->p,ctx)) goto err;
255 }
256 mont=(BN_MONT_CTX *)dsa->method_mont_p;
257
258#if 0
259 {
260 BIGNUM t2;
261
262 BN_init(&t2);
263 /* v = ( g^u1 * y^u2 mod p ) mod q */
264 /* let t1 = g ^ u1 mod p */
265 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
266 /* let t2 = y ^ u2 mod p */
267 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
268 /* let u1 = t1 * t2 mod p */
269 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
270 BN_free(&t2);
271 }
272 /* let u1 = u1 mod q */
273 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
274#else
275 {
276 if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
277 dsa->p,ctx,mont)) goto err;
278 /* BN_copy(&u1,&t1); */
279 /* let u1 = u1 mod q */
280 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
281 }
282#endif
283 /* V is now in u1. If the signature is correct, it will be
284 * equal to R. */
285 ret=(BN_ucmp(&u1, sig->r) == 0);
286
287 err:
288 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
289 if (ctx != NULL) BN_CTX_free(ctx);
290 BN_free(&u1);
291 BN_free(&u2);
292 BN_free(&t1);
293 return(ret);
294 }
295
296static int dsa_init(DSA *dsa)
297{
298 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
299 return(1);
300}
301
302static int dsa_finish(DSA *dsa)
303{
304 if(dsa->method_mont_p)
305 BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
306 return(1);
307}
308
309static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
310 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
311 BN_MONT_CTX *in_mont)
312{
313 return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
314}
315
316static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
317 const BIGNUM *m, BN_CTX *ctx,
318 BN_MONT_CTX *m_ctx)
319{
320 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
321}