import OpenSSL-1.0.0a

author: djm <> 2010-10-01 22:54:21 +0000
committer: djm <> 2010-10-01 22:54:21 +0000
commit: 829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch)
tree: e03b9f1bd051e844b971936729e9df549a209130 /src/lib/libcrypto/dsa/dsa_ossl.c
parent: e6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff)
download: openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip
1 files changed, 34 insertions, 14 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 412cf1d88b..4fead07e80 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -61,16 +61,15 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
+#include <openssl/sha.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa);
+                         DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
@@ -135,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        BIGNUM m;
        BIGNUM xr;
        BN_CTX *ctx=NULL;
-        int i,reason=ERR_R_BN_LIB;
+        int reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
        BN_init(&m);
@@ -150,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        s=BN_new();
        if (s == NULL) goto err;
-        i=BN_num_bytes(dsa->q); /* should be 20 */
+        /* reject a excessive digest length (currently at most
-        if ((dlen > i) || (dlen > 50))
+         * dsa-with-SHA256 is supported) */
+        if (dlen > SHA256_DIGEST_LENGTH)
                {
                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
                goto err;
@@ -172,7 +172,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                dsa->r=NULL;
                }
-        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+        
+        if (dlen > BN_num_bytes(dsa->q))
+                /* if the digest length is greater than the size of q use the
+                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                 * fips 186-3, 4.2 */
+                dlen = BN_num_bytes(dsa->q);
+        if (BN_bin2bn(dgst,dlen,&m) == NULL)
+                goto err;
        /* Compute  s = inv(k) (m + xr) mod q */
        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -283,30 +290,31 @@ err:
        if (!ret)
                {
                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL)
-                if (r != NULL) BN_clear_free(r);
+                        BN_clear_free(r);
                }
        if (ctx_in == NULL) BN_CTX_free(ctx);
-        if (kinv != NULL) BN_clear_free(kinv);
        BN_clear_free(&k);
        BN_clear_free(&kq);
        return(ret);
        }
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa)
+                         DSA *dsa)
        {
        BN_CTX *ctx;
        BIGNUM u1,u2,t1;
        BN_MONT_CTX *mont=NULL;
-        int ret = -1;
+        int ret = -1, i;
        if (!dsa->p || !dsa->q || !dsa->g)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
                return -1;
                }
-        if (BN_num_bits(dsa->q) != 160)
+        i = BN_num_bits(dsa->q);
+        /* fips 186-3 allows only different sizes for q */
+        if (i != 160 && i != 224 && i != 256)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
                return -1;
@@ -318,6 +326,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                return -1;
                }
+        /* reject a excessive digest length (currently at most
+         * dsa-with-SHA256 is supported) */
+        if (dgst_len > SHA256_DIGEST_LENGTH)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return -1;
+                }
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);
@@ -342,6 +358,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
        /* save M in u1 */
+        if (dgst_len > (i >> 3))
+                /* if the digest length is greater than the size of q use the
+                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                 * fips 186-3, 4.2 */
+                dgst_len = (i >> 3);
        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
        /* u1 = M * w mod q */
@@ -393,4 +414,3 @@ static int dsa_finish(DSA *dsa)
        return(1);
 }
-#endif
author	djm <>	2010-10-01 22:54:21 +0000
committer	djm <>	2010-10-01 22:54:21 +0000
commit	829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch)
tree	e03b9f1bd051e844b971936729e9df549a209130 /src/lib/libcrypto/dsa/dsa_ossl.c
parent	e6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff)
download	openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2 openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 412cf1d88b..4fead07e80 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -61,16 +61,15 @@
61	#include <stdio.h>	61	#include <stdio.h>
62	#include "cryptlib.h"	62	#include "cryptlib.h"
63	#include <openssl/bn.h>	63	#include <openssl/bn.h>
		64	#include <openssl/sha.h>
64	#include <openssl/dsa.h>	65	#include <openssl/dsa.h>
65	#include <openssl/rand.h>	66	#include <openssl/rand.h>
66	#include <openssl/asn1.h>	67	#include <openssl/asn1.h>
67		68
68	#ifndef OPENSSL_FIPS
69
70	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);	69	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);
71	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);	70	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);
72	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	71	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
73	DSA *dsa);	72	DSA *dsa);
74	static int dsa_init(DSA *dsa);	73	static int dsa_init(DSA *dsa);
75	static int dsa_finish(DSA *dsa);	74	static int dsa_finish(DSA *dsa);
76		75
@@ -135,7 +134,7 @@ static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
135	BIGNUM m;	134	BIGNUM m;
136	BIGNUM xr;	135	BIGNUM xr;
137	BN_CTX *ctx=NULL;	136	BN_CTX *ctx=NULL;
138	int i,reason=ERR_R_BN_LIB;	137	int reason=ERR_R_BN_LIB;
139	DSA_SIG *ret=NULL;	138	DSA_SIG *ret=NULL;
140		139
141	BN_init(&m);	140	BN_init(&m);
@@ -150,8 +149,9 @@ static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
150	s=BN_new();	149	s=BN_new();
151	if (s == NULL) goto err;	150	if (s == NULL) goto err;
152		151
153	i=BN_num_bytes(dsa->q); /* should be 20 */	152	/* reject a excessive digest length (currently at most
154	if ((dlen > i) \|\| (dlen > 50))	153	* dsa-with-SHA256 is supported) */
		154	if (dlen > SHA256_DIGEST_LENGTH)
155	{	155	{
156	reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;	156	reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
157	goto err;	157	goto err;
@@ -172,7 +172,14 @@ static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
172	dsa->r=NULL;	172	dsa->r=NULL;
173	}	173	}
174		174
175	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;	175
		176	if (dlen > BN_num_bytes(dsa->q))
		177	/* if the digest length is greater than the size of q use the
		178	* BN_num_bits(dsa->q) leftmost bits of the digest, see
		179	* fips 186-3, 4.2 */
		180	dlen = BN_num_bytes(dsa->q);
		181	if (BN_bin2bn(dgst,dlen,&m) == NULL)
		182	goto err;
176		183
177	/* Compute s = inv(k) (m + xr) mod q */	184	/* Compute s = inv(k) (m + xr) mod q */
178	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */	185	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -283,30 +290,31 @@ err:
283	if (!ret)	290	if (!ret)
284	{	291	{
285	DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);	292	DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
286	if (kinv != NULL) BN_clear_free(kinv);	293	if (r != NULL)
287	if (r != NULL) BN_clear_free(r);	294	BN_clear_free(r);
288	}	295	}
289	if (ctx_in == NULL) BN_CTX_free(ctx);	296	if (ctx_in == NULL) BN_CTX_free(ctx);
290	if (kinv != NULL) BN_clear_free(kinv);
291	BN_clear_free(&k);	297	BN_clear_free(&k);
292	BN_clear_free(&kq);	298	BN_clear_free(&kq);
293	return(ret);	299	return(ret);
294	}	300	}
295		301
296	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	302	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
297	DSA *dsa)	303	DSA *dsa)
298	{	304	{
299	BN_CTX *ctx;	305	BN_CTX *ctx;
300	BIGNUM u1,u2,t1;	306	BIGNUM u1,u2,t1;
301	BN_MONT_CTX *mont=NULL;	307	BN_MONT_CTX *mont=NULL;
302	int ret = -1;	308	int ret = -1, i;
303	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)	309	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)
304	{	310	{
305	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);	311	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
306	return -1;	312	return -1;
307	}	313	}
308		314
309	if (BN_num_bits(dsa->q) != 160)	315	i = BN_num_bits(dsa->q);
		316	/* fips 186-3 allows only different sizes for q */
		317	if (i != 160 && i != 224 && i != 256)
310	{	318	{
311	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);	319	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
312	return -1;	320	return -1;
@@ -318,6 +326,14 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
318	return -1;	326	return -1;
319	}	327	}
320		328
		329	/* reject a excessive digest length (currently at most
		330	* dsa-with-SHA256 is supported) */
		331	if (dgst_len > SHA256_DIGEST_LENGTH)
		332	{
		333	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		334	return -1;
		335	}
		336
321	BN_init(&u1);	337	BN_init(&u1);
322	BN_init(&u2);	338	BN_init(&u2);
323	BN_init(&t1);	339	BN_init(&t1);
@@ -342,6 +358,11 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
342	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;	358	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
343		359
344	/* save M in u1 */	360	/* save M in u1 */
		361	if (dgst_len > (i >> 3))
		362	/* if the digest length is greater than the size of q use the
		363	* BN_num_bits(dsa->q) leftmost bits of the digest, see
		364	* fips 186-3, 4.2 */
		365	dgst_len = (i >> 3);
345	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;	366	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
346		367
347	/* u1 = M * w mod q */	368	/* u1 = M * w mod q */
@@ -393,4 +414,3 @@ static int dsa_finish(DSA *dsa)
393	return(1);	414	return(1);
394	}	415	}
395		416
396	#endif