summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_ossl.c
diff options
context:
space:
mode:
authormarkus <>2001-04-23 07:46:00 +0000
committermarkus <>2001-04-23 07:46:00 +0000
commitb32892991f70744ca178482fe884c025b4782b1e (patch)
tree85bc1ff1cac03d5ce1f6f03f4eea6c3886398df1 /src/lib/libcrypto/dsa/dsa_ossl.c
parent7bdbb2116dd933f7b4639bd9028ed79bfc1c12f9 (diff)
downloadopenbsd-b32892991f70744ca178482fe884c025b4782b1e.tar.gz
openbsd-b32892991f70744ca178482fe884c025b4782b1e.tar.bz2
openbsd-b32892991f70744ca178482fe884c025b4782b1e.zip
import DSA changes from 0.9.6a (Bleichenbacher attack), ok provos@/deraadt@
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c64
1 files changed, 57 insertions, 7 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 96295dc24f..5cbbdddfb9 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -66,6 +66,8 @@
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68 68
69int __BN_rand_range(BIGNUM *r, BIGNUM *range);
70
69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 71static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 72static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 73static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -180,13 +182,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
180 kinv=NULL; 182 kinv=NULL;
181 183
182 /* Get random k */ 184 /* Get random k */
183 for (;;) 185 do
184 { 186 if (!__BN_rand_range(&k, dsa->q)) goto err;
185 if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err; 187 while (BN_is_zero(&k));
186 if (BN_cmp(&k,dsa->q) >= 0)
187 BN_sub(&k,&k,dsa->q);
188 if (!BN_is_zero(&k)) break;
189 }
190 188
191 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) 189 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
192 { 190 {
@@ -320,3 +318,55 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
320{ 318{
321 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); 319 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
322} 320}
321
322
323/* random number r: 0 <= r < range */
324int __BN_rand_range(BIGNUM *r, BIGNUM *range)
325 {
326 int n;
327
328 if (range->neg || BN_is_zero(range))
329 {
330 /* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */
331 return 0;
332 }
333
334 n = BN_num_bits(range); /* n > 0 */
335
336 if (n == 1)
337 {
338 if (!BN_zero(r)) return 0;
339 }
340 else if (BN_is_bit_set(range, n - 2))
341 {
342 do
343 {
344 /* range = 11..._2, so each iteration succeeds with probability >= .75 */
345 if (!BN_rand(r, n, -1, 0)) return 0;
346 }
347 while (BN_cmp(r, range) >= 0);
348 }
349 else
350 {
351 /* range = 10..._2,
352 * so 3*range (= 11..._2) is exactly one bit longer than range */
353 do
354 {
355 if (!BN_rand(r, n + 1, -1, 0)) return 0;
356 /* If r < 3*range, use r := r MOD range
357 * (which is either r, r - range, or r - 2*range).
358 * Otherwise, iterate once more.
359 * Since 3*range = 11..._2, each iteration succeeds with
360 * probability >= .75. */
361 if (BN_cmp(r ,range) >= 0)
362 {
363 if (!BN_sub(r, r, range)) return 0;
364 if (BN_cmp(r, range) >= 0)
365 if (!BN_sub(r, r, range)) return 0;
366 }
367 }
368 while (BN_cmp(r, range) >= 0);
369 }
370
371 return 1;
372 }