summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/dsa
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/Makefile.ssl31
-rw-r--r--src/lib/libcrypto/dsa/dsa.h61
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c4
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c1
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c171
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c68
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c321
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c123
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c68
-rw-r--r--src/lib/libcrypto/dsa/dsatest.c28
10 files changed, 548 insertions, 328 deletions
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
index 4bc74a2f7c..b0bcf974fb 100644
--- a/src/lib/libcrypto/dsa/Makefile.ssl
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -22,8 +22,10 @@ TEST=dsatest.c
22APPS= 22APPS=
23 23
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c dsa_err.c 25LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
26LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o dsa_err.o 26 dsa_err.c dsa_ossl.c
27LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
28 dsa_err.o dsa_ossl.o
27 29
28SRC= $(LIBSRC) 30SRC= $(LIBSRC)
29 31
@@ -86,25 +88,27 @@ dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
86dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 88dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
87dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h 89dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
88dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h 90dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
89dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h 91dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
90dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h 92dsa_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
91dsa_err.o: ../../include/openssl/opensslconf.h 93dsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
94dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
95dsa_err.o: ../../include/openssl/stack.h
92dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 96dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
93dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 97dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
94dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 98dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
95dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 99dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
96dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 100dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
97dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 101dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
98dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 102dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
99dsa_gen.o: ../cryptlib.h 103dsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
100dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 104dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
101dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 105dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
102dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 106dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
103dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 107dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
104dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 108dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
105dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 109dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
106dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 110dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
107dsa_key.o: ../cryptlib.h 111dsa_key.o: ../../include/openssl/stack.h ../cryptlib.h
108dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 112dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
109dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 113dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
110dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h 114dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
@@ -113,6 +117,15 @@ dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
113dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 117dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
114dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 118dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
115dsa_lib.o: ../cryptlib.h 119dsa_lib.o: ../cryptlib.h
120dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
121dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
122dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
123dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
124dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
125dsa_ossl.o: ../../include/openssl/opensslconf.h
126dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
127dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
128dsa_ossl.o: ../cryptlib.h
116dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 129dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
117dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 130dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
118dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h 131dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 20b3f8d90a..68d9912cbc 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -74,13 +74,41 @@ extern "C" {
74#endif 74#endif
75 75
76#include <openssl/bn.h> 76#include <openssl/bn.h>
77#include <openssl/crypto.h>
77#ifndef NO_DH 78#ifndef NO_DH
78# include <openssl/dh.h> 79# include <openssl/dh.h>
79#endif 80#endif
80 81
81#define DSA_FLAG_CACHE_MONT_P 0x01 82#define DSA_FLAG_CACHE_MONT_P 0x01
82 83
83typedef struct dsa_st 84typedef struct dsa_st DSA;
85
86typedef struct DSA_SIG_st
87 {
88 BIGNUM *r;
89 BIGNUM *s;
90 } DSA_SIG;
91
92typedef struct dsa_method {
93 const char *name;
94 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
95 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
96 BIGNUM **rp);
97 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
98 DSA_SIG *sig, DSA *dsa);
99 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
100 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
101 BN_MONT_CTX *in_mont);
102 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
103 const BIGNUM *m, BN_CTX *ctx,
104 BN_MONT_CTX *m_ctx); /* Can be null */
105 int (*init)(DSA *dsa);
106 int (*finish)(DSA *dsa);
107 int flags;
108 char *app_data;
109} DSA_METHOD;
110
111struct dsa_st
84 { 112 {
85 /* This first variable is used to pick up errors where 113 /* This first variable is used to pick up errors where
86 * a DSA is passed instead of of a EVP_PKEY */ 114 * a DSA is passed instead of of a EVP_PKEY */
@@ -100,15 +128,10 @@ typedef struct dsa_st
100 int flags; 128 int flags;
101 /* Normally used to cache montgomery values */ 129 /* Normally used to cache montgomery values */
102 char *method_mont_p; 130 char *method_mont_p;
103
104 int references; 131 int references;
105 } DSA; 132 CRYPTO_EX_DATA ex_data;
106 133 DSA_METHOD *meth;
107typedef struct DSA_SIG_st 134 };
108 {
109 BIGNUM *r;
110 BIGNUM *s;
111 } DSA_SIG;
112 135
113#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ 136#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
114 (char *(*)())d2i_DSAparams,(char *)(x)) 137 (char *(*)())d2i_DSAparams,(char *)(x))
@@ -131,7 +154,14 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
131int DSA_do_verify(const unsigned char *dgst,int dgst_len, 154int DSA_do_verify(const unsigned char *dgst,int dgst_len,
132 DSA_SIG *sig,DSA *dsa); 155 DSA_SIG *sig,DSA *dsa);
133 156
157DSA_METHOD *DSA_OpenSSL(void);
158
159void DSA_set_default_method(DSA_METHOD *);
160DSA_METHOD *DSA_get_default_method(void);
161DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
162
134DSA * DSA_new(void); 163DSA * DSA_new(void);
164DSA * DSA_new_method(DSA_METHOD *meth);
135int DSA_size(DSA *); 165int DSA_size(DSA *);
136 /* next 4 return -1 on error */ 166 /* next 4 return -1 on error */
137int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); 167int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
@@ -140,6 +170,10 @@ int DSA_sign(int type,const unsigned char *dgst,int dlen,
140int DSA_verify(int type,const unsigned char *dgst,int dgst_len, 170int DSA_verify(int type,const unsigned char *dgst,int dgst_len,
141 unsigned char *sigbuf, int siglen, DSA *dsa); 171 unsigned char *sigbuf, int siglen, DSA *dsa);
142void DSA_free (DSA *r); 172void DSA_free (DSA *r);
173int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
174 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
175int DSA_set_ex_data(DSA *d, int idx, void *arg);
176void *DSA_get_ex_data(DSA *d, int idx);
143 177
144void ERR_load_DSA_strings(void ); 178void ERR_load_DSA_strings(void );
145 179
@@ -148,7 +182,7 @@ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
148DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); 182DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
149DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, 183DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
150 int *counter_ret, unsigned long *h_ret,void 184 int *counter_ret, unsigned long *h_ret,void
151 (*callback)(),char *cb_arg); 185 (*callback)(int, int, void *),void *cb_arg);
152int DSA_generate_key(DSA *a); 186int DSA_generate_key(DSA *a);
153int i2d_DSAPublicKey(DSA *a, unsigned char **pp); 187int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
154int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); 188int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
@@ -163,7 +197,11 @@ int DSAparams_print_fp(FILE *fp, DSA *x);
163int DSA_print_fp(FILE *bp, DSA *x, int off); 197int DSA_print_fp(FILE *bp, DSA *x, int off);
164#endif 198#endif
165 199
166int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg); 200#define DSS_prime_checks 50
201/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
202 * 50 rounds of Rabin-Miller */
203#define DSA_is_prime(n, callback, cb_arg) \
204 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
167 205
168#ifndef NO_DH 206#ifndef NO_DH
169/* Convert DSA structure (key or just parameters) into DH structure 207/* Convert DSA structure (key or just parameters) into DH structure
@@ -184,7 +222,6 @@ DH *DSA_dup_DH(DSA *r);
184#define DSA_F_DSAPARAMS_PRINT_FP 101 222#define DSA_F_DSAPARAMS_PRINT_FP 101
185#define DSA_F_DSA_DO_SIGN 112 223#define DSA_F_DSA_DO_SIGN 112
186#define DSA_F_DSA_DO_VERIFY 113 224#define DSA_F_DSA_DO_VERIFY 113
187#define DSA_F_DSA_IS_PRIME 102
188#define DSA_F_DSA_NEW 103 225#define DSA_F_DSA_NEW 103
189#define DSA_F_DSA_PRINT 104 226#define DSA_F_DSA_PRINT 104
190#define DSA_F_DSA_PRINT_FP 105 227#define DSA_F_DSA_PRINT_FP 105
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 7523b21654..c9b32b4db7 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -83,7 +83,7 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
83 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); 83 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
84 if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) 84 if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
85 goto err_bn; 85 goto err_bn;
86 ASN1_BIT_STRING_free(bs); 86 M_ASN1_BIT_STRING_free(bs);
87 M_ASN1_D2I_Finish_2(a); 87 M_ASN1_D2I_Finish_2(a);
88 88
89err_bn: 89err_bn:
@@ -91,6 +91,6 @@ err_bn:
91err: 91err:
92 DSAerr(DSA_F_D2I_DSA_SIG,i); 92 DSAerr(DSA_F_D2I_DSA_SIG,i);
93 if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); 93 if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret);
94 if (bs != NULL) ASN1_BIT_STRING_free(bs); 94 if (bs != NULL) M_ASN1_BIT_STRING_free(bs);
95 return(NULL); 95 return(NULL);
96} 96}
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 33a8270afd..38e4af968c 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -70,7 +70,6 @@ static ERR_STRING_DATA DSA_str_functs[]=
70{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, 70{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"},
71{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, 71{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"},
72{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, 72{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"},
73{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0), "DSA_is_prime"},
74{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, 73{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"},
75{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, 74{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
76{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, 75{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"},
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index b5e5ec06e5..2294a362d9 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -59,12 +59,18 @@
59#undef GENUINE_DSA 59#undef GENUINE_DSA
60 60
61#ifdef GENUINE_DSA 61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
62#define HASH SHA 64#define HASH SHA
63#else 65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
64#define HASH SHA1 69#define HASH SHA1
65#endif 70#endif
66 71
67#ifndef NO_SHA 72#ifndef NO_SHA
73
68#include <stdio.h> 74#include <stdio.h>
69#include <time.h> 75#include <time.h>
70#include "cryptlib.h" 76#include "cryptlib.h"
@@ -74,8 +80,9 @@
74#include <openssl/rand.h> 80#include <openssl/rand.h>
75 81
76DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, 82DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
77 int *counter_ret, unsigned long *h_ret, void (*callback)(), 83 int *counter_ret, unsigned long *h_ret,
78 char *cb_arg) 84 void (*callback)(int, int, void *),
85 void *cb_arg)
79 { 86 {
80 int ok=0; 87 int ok=0;
81 unsigned char seed[SHA_DIGEST_LENGTH]; 88 unsigned char seed[SHA_DIGEST_LENGTH];
@@ -86,47 +93,63 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
86 BN_MONT_CTX *mont=NULL; 93 BN_MONT_CTX *mont=NULL;
87 int k,n=0,i,b,m=0; 94 int k,n=0,i,b,m=0;
88 int counter=0; 95 int counter=0;
89 BN_CTX *ctx=NULL,*ctx2=NULL; 96 int r=0;
97 BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
90 unsigned int h=2; 98 unsigned int h=2;
91 DSA *ret=NULL; 99 DSA *ret=NULL;
92 100
93 if (bits < 512) bits=512; 101 if (bits < 512) bits=512;
94 bits=(bits+63)/64*64; 102 bits=(bits+63)/64*64;
95 103
104 if (seed_len < 20)
105 seed_in = NULL; /* seed buffer too small -- ignore */
106 if (seed_len > 20)
107 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
108 * but our internal buffers are restricted to 160 bits*/
96 if ((seed_in != NULL) && (seed_len == 20)) 109 if ((seed_in != NULL) && (seed_len == 20))
97 memcpy(seed,seed_in,seed_len); 110 memcpy(seed,seed_in,seed_len);
98 111
99 if ((ctx=BN_CTX_new()) == NULL) goto err; 112 if ((ctx=BN_CTX_new()) == NULL) goto err;
100 if ((ctx2=BN_CTX_new()) == NULL) goto err; 113 if ((ctx2=BN_CTX_new()) == NULL) goto err;
114 if ((ctx3=BN_CTX_new()) == NULL) goto err;
101 if ((ret=DSA_new()) == NULL) goto err; 115 if ((ret=DSA_new()) == NULL) goto err;
102 116
103 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 117 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
104 118
105 r0= &(ctx2->bn[0]); 119 BN_CTX_start(ctx2);
106 g= &(ctx2->bn[1]); 120 r0 = BN_CTX_get(ctx2);
107 W= &(ctx2->bn[2]); 121 g = BN_CTX_get(ctx2);
108 q= &(ctx2->bn[3]); 122 W = BN_CTX_get(ctx2);
109 X= &(ctx2->bn[4]); 123 q = BN_CTX_get(ctx2);
110 c= &(ctx2->bn[5]); 124 X = BN_CTX_get(ctx2);
111 p= &(ctx2->bn[6]); 125 c = BN_CTX_get(ctx2);
112 test= &(ctx2->bn[7]); 126 p = BN_CTX_get(ctx2);
127 test = BN_CTX_get(ctx2);
113 128
114 BN_lshift(test,BN_value_one(),bits-1); 129 BN_lshift(test,BN_value_one(),bits-1);
115 130
116 for (;;) 131 for (;;)
117 { 132 {
118 for (;;) 133 for (;;) /* find q */
119 { 134 {
135 int seed_is_random;
136
120 /* step 1 */ 137 /* step 1 */
121 if (callback != NULL) callback(0,m++,cb_arg); 138 if (callback != NULL) callback(0,m++,cb_arg);
122 139
123 if (!seed_len) 140 if (!seed_len)
124 RAND_bytes(seed,SHA_DIGEST_LENGTH); 141 {
142 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
143 seed_is_random = 1;
144 }
125 else 145 else
126 seed_len=0; 146 {
127 147 seed_is_random = 0;
148 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
149 }
128 memcpy(buf,seed,SHA_DIGEST_LENGTH); 150 memcpy(buf,seed,SHA_DIGEST_LENGTH);
129 memcpy(buf2,seed,SHA_DIGEST_LENGTH); 151 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
152 /* precompute "SEED + 1" for step 7: */
130 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 153 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
131 { 154 {
132 buf[i]++; 155 buf[i]++;
@@ -142,10 +165,15 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
142 /* step 3 */ 165 /* step 3 */
143 md[0]|=0x80; 166 md[0]|=0x80;
144 md[SHA_DIGEST_LENGTH-1]|=0x01; 167 md[SHA_DIGEST_LENGTH-1]|=0x01;
145 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort(); 168 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
146 169
147 /* step 4 */ 170 /* step 4 */
148 if (DSA_is_prime(q,callback,cb_arg) > 0) break; 171 r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
172 if (r > 0)
173 break;
174 if (r != 0)
175 goto err;
176
149 /* do a callback call */ 177 /* do a callback call */
150 /* step 5 */ 178 /* step 5 */
151 } 179 }
@@ -155,16 +183,22 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
155 183
156 /* step 6 */ 184 /* step 6 */
157 counter=0; 185 counter=0;
186 /* "offset = 2" */
158 187
159 n=(bits-1)/160; 188 n=(bits-1)/160;
160 b=(bits-1)-n*160; 189 b=(bits-1)-n*160;
161 190
162 for (;;) 191 for (;;)
163 { 192 {
193 if (callback != NULL && counter != 0)
194 callback(0,counter,cb_arg);
195
164 /* step 7 */ 196 /* step 7 */
165 BN_zero(W); 197 BN_zero(W);
198 /* now 'buf' contains "SEED + offset - 1" */
166 for (k=0; k<=n; k++) 199 for (k=0; k<=n; k++)
167 { 200 {
201 /* obtain "SEED + offset + k" by incrementing: */
168 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 202 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
169 { 203 {
170 buf[i]++; 204 buf[i]++;
@@ -174,7 +208,8 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
174 HASH(buf,SHA_DIGEST_LENGTH,md); 208 HASH(buf,SHA_DIGEST_LENGTH,md);
175 209
176 /* step 8 */ 210 /* step 8 */
177 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort(); 211 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
212 goto err;
178 BN_lshift(r0,r0,160*k); 213 BN_lshift(r0,r0,160*k);
179 BN_add(W,W,r0); 214 BN_add(W,W,r0);
180 } 215 }
@@ -194,23 +229,25 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
194 if (BN_cmp(p,test) >= 0) 229 if (BN_cmp(p,test) >= 0)
195 { 230 {
196 /* step 11 */ 231 /* step 11 */
197 if (DSA_is_prime(p,callback,cb_arg) > 0) 232 r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
198 goto end; 233 if (r > 0)
234 goto end; /* found it */
235 if (r != 0)
236 goto err;
199 } 237 }
200 238
201 /* step 13 */ 239 /* step 13 */
202 counter++; 240 counter++;
241 /* "offset = offset + n + 1" */
203 242
204 /* step 14 */ 243 /* step 14 */
205 if (counter >= 4096) break; 244 if (counter >= 4096) break;
206
207 if (callback != NULL) callback(0,counter,cb_arg);
208 } 245 }
209 } 246 }
210end: 247end:
211 if (callback != NULL) callback(2,1,cb_arg); 248 if (callback != NULL) callback(2,1,cb_arg);
212 249
213 /* We now need to gernerate g */ 250 /* We now need to generate g */
214 /* Set r0=(p-1)/q */ 251 /* Set r0=(p-1)/q */
215 BN_sub(test,p,BN_value_one()); 252 BN_sub(test,p,BN_value_one());
216 BN_div(r0,NULL,test,q,ctx); 253 BN_div(r0,NULL,test,q,ctx);
@@ -245,89 +282,13 @@ err:
245 if (h_ret != NULL) *h_ret=h; 282 if (h_ret != NULL) *h_ret=h;
246 } 283 }
247 if (ctx != NULL) BN_CTX_free(ctx); 284 if (ctx != NULL) BN_CTX_free(ctx);
248 if (ctx != NULL) BN_CTX_free(ctx2); 285 if (ctx2 != NULL)
249 if (mont != NULL) BN_MONT_CTX_free(mont);
250 return(ok?ret:NULL);
251 }
252
253int DSA_is_prime(BIGNUM *w, void (*callback)(), char *cb_arg)
254 {
255 int ok= -1,j,i,n;
256 BN_CTX *ctx=NULL,*ctx2=NULL;
257 BIGNUM *w_1,*b,*m,*z,*tmp,*mont_1;
258 int a;
259 BN_MONT_CTX *mont=NULL;
260
261 if (!BN_is_bit_set(w,0)) return(0);
262
263 if ((ctx=BN_CTX_new()) == NULL) goto err;
264 if ((ctx2=BN_CTX_new()) == NULL) goto err;
265 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
266
267 m= &(ctx2->bn[2]);
268 b= &(ctx2->bn[3]);
269 z= &(ctx2->bn[4]);
270 w_1= &(ctx2->bn[5]);
271 tmp= &(ctx2->bn[6]);
272 mont_1= &(ctx2->bn[7]);
273
274 /* step 1 */
275 n=50;
276
277 /* step 2 */
278 if (!BN_sub(w_1,w,BN_value_one())) goto err;
279 for (a=1; !BN_is_bit_set(w_1,a); a++)
280 ;
281 if (!BN_rshift(m,w_1,a)) goto err;
282
283 BN_MONT_CTX_set(mont,w,ctx);
284 BN_to_montgomery(mont_1,BN_value_one(),mont,ctx);
285 BN_to_montgomery(w_1,w_1,mont,ctx);
286 for (i=1; i < n; i++)
287 { 286 {
288 /* step 3 */ 287 BN_CTX_end(ctx2);
289 BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0); 288 BN_CTX_free(ctx2);
290 /* BN_set_word(b,0x10001L); */
291
292 /* step 4 */
293 j=0;
294 if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err;
295
296 if (!BN_to_montgomery(z,z,mont,ctx)) goto err;
297
298 /* step 5 */
299 for (;;)
300 {
301 if (((j == 0) && (BN_cmp(z,mont_1) == 0)) ||
302 (BN_cmp(z,w_1) == 0))
303 break;
304
305 /* step 6 */
306 if ((j > 0) && (BN_cmp(z,mont_1) == 0))
307 {
308 ok=0;
309 goto err;
310 }
311
312 j++;
313 if (j >= a)
314 {
315 ok=0;
316 goto err;
317 }
318
319 if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err;
320 if (callback != NULL) callback(1,j,cb_arg);
321 }
322 } 289 }
323 290 if (ctx3 != NULL) BN_CTX_free(ctx3);
324 ok=1; 291 if (mont != NULL) BN_MONT_CTX_free(mont);
325err: 292 return(ok?ret:NULL);
326 if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
327 BN_CTX_free(ctx);
328 BN_CTX_free(ctx2);
329 BN_MONT_CTX_free(mont);
330
331 return(ok);
332 } 293 }
333#endif 294#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index ce8e204f7e..224e412afc 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -66,7 +66,38 @@
66 66
67const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; 67const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
68 68
69static DSA_METHOD *default_DSA_method;
70static int dsa_meth_num = 0;
71static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
72
73void DSA_set_default_method(DSA_METHOD *meth)
74{
75 default_DSA_method = meth;
76}
77
78DSA_METHOD *DSA_get_default_method(void)
79{
80 if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
81 return default_DSA_method;
82}
83
69DSA *DSA_new(void) 84DSA *DSA_new(void)
85{
86 return DSA_new_method(NULL);
87}
88
89DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
90{
91 DSA_METHOD *mtmp;
92 mtmp = dsa->meth;
93 if (mtmp->finish) mtmp->finish(dsa);
94 dsa->meth = meth;
95 if (meth->init) meth->init(dsa);
96 return mtmp;
97}
98
99
100DSA *DSA_new_method(DSA_METHOD *meth)
70 { 101 {
71 DSA *ret; 102 DSA *ret;
72 103
@@ -76,13 +107,15 @@ DSA *DSA_new(void)
76 DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); 107 DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
77 return(NULL); 108 return(NULL);
78 } 109 }
110 if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
111 if(meth) ret->meth = meth;
112 else ret->meth = default_DSA_method;
79 ret->pad=0; 113 ret->pad=0;
80 ret->version=0; 114 ret->version=0;
81 ret->write_params=1; 115 ret->write_params=1;
82 ret->p=NULL; 116 ret->p=NULL;
83 ret->q=NULL; 117 ret->q=NULL;
84 ret->g=NULL; 118 ret->g=NULL;
85 ret->flags=DSA_FLAG_CACHE_MONT_P;
86 119
87 ret->pub_key=NULL; 120 ret->pub_key=NULL;
88 ret->priv_key=NULL; 121 ret->priv_key=NULL;
@@ -92,6 +125,15 @@ DSA *DSA_new(void)
92 ret->method_mont_p=NULL; 125 ret->method_mont_p=NULL;
93 126
94 ret->references=1; 127 ret->references=1;
128 ret->flags=ret->meth->flags;
129 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
130 {
131 Free(ret);
132 ret=NULL;
133 }
134 else
135 CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
136
95 return(ret); 137 return(ret);
96 } 138 }
97 139
@@ -114,6 +156,10 @@ void DSA_free(DSA *r)
114 } 156 }
115#endif 157#endif
116 158
159 CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
160
161 if(r->meth->finish) r->meth->finish(r);
162
117 if (r->p != NULL) BN_clear_free(r->p); 163 if (r->p != NULL) BN_clear_free(r->p);
118 if (r->q != NULL) BN_clear_free(r->q); 164 if (r->q != NULL) BN_clear_free(r->q);
119 if (r->g != NULL) BN_clear_free(r->g); 165 if (r->g != NULL) BN_clear_free(r->g);
@@ -121,8 +167,6 @@ void DSA_free(DSA *r)
121 if (r->priv_key != NULL) BN_clear_free(r->priv_key); 167 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
122 if (r->kinv != NULL) BN_clear_free(r->kinv); 168 if (r->kinv != NULL) BN_clear_free(r->kinv);
123 if (r->r != NULL) BN_clear_free(r->r); 169 if (r->r != NULL) BN_clear_free(r->r);
124 if (r->method_mont_p != NULL)
125 BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
126 Free(r); 170 Free(r);
127 } 171 }
128 172
@@ -145,6 +189,24 @@ int DSA_size(DSA *r)
145 return(ret); 189 return(ret);
146 } 190 }
147 191
192int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
193 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
194 {
195 dsa_meth_num++;
196 return(CRYPTO_get_ex_new_index(dsa_meth_num-1,
197 &dsa_meth,argl,argp,new_func,dup_func,free_func));
198 }
199
200int DSA_set_ex_data(DSA *d, int idx, void *arg)
201 {
202 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
203 }
204
205void *DSA_get_ex_data(DSA *d, int idx)
206 {
207 return(CRYPTO_get_ex_data(&d->ex_data,idx));
208 }
209
148#ifndef NO_DH 210#ifndef NO_DH
149DH *DSA_dup_DH(DSA *r) 211DH *DSA_dup_DH(DSA *r)
150 { 212 {
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..b51cf6ad8d
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,321 @@
1/* crypto/dsa/dsa_ossl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67
68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
70static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
71 DSA *dsa);
72static int dsa_init(DSA *dsa);
73static int dsa_finish(DSA *dsa);
74static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
75 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
76 BN_MONT_CTX *in_mont);
77static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
78 const BIGNUM *m, BN_CTX *ctx,
79 BN_MONT_CTX *m_ctx);
80
81static DSA_METHOD openssl_dsa_meth = {
82"OpenSSL DSA method",
83dsa_do_sign,
84dsa_sign_setup,
85dsa_do_verify,
86dsa_mod_exp,
87dsa_bn_mod_exp,
88dsa_init,
89dsa_finish,
900,
91NULL
92};
93
94DSA_METHOD *DSA_OpenSSL(void)
95{
96 return &openssl_dsa_meth;
97}
98
99static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
100 {
101 BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
102 BIGNUM m;
103 BIGNUM xr;
104 BN_CTX *ctx=NULL;
105 int i,reason=ERR_R_BN_LIB;
106 DSA_SIG *ret=NULL;
107
108 BN_init(&m);
109 BN_init(&xr);
110 s=BN_new();
111 if (s == NULL) goto err;
112
113 i=BN_num_bytes(dsa->q); /* should be 20 */
114 if ((dlen > i) || (dlen > 50))
115 {
116 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
117 goto err;
118 }
119
120 ctx=BN_CTX_new();
121 if (ctx == NULL) goto err;
122
123 if ((dsa->kinv == NULL) || (dsa->r == NULL))
124 {
125 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
126 }
127 else
128 {
129 kinv=dsa->kinv;
130 dsa->kinv=NULL;
131 r=dsa->r;
132 dsa->r=NULL;
133 }
134
135 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
136
137 /* Compute s = inv(k) (m + xr) mod q */
138 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
139 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
140 if (BN_cmp(s,dsa->q) > 0)
141 BN_sub(s,s,dsa->q);
142 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
143
144 ret=DSA_SIG_new();
145 if (ret == NULL) goto err;
146 ret->r = r;
147 ret->s = s;
148
149err:
150 if (!ret)
151 {
152 DSAerr(DSA_F_DSA_DO_SIGN,reason);
153 BN_free(r);
154 BN_free(s);
155 }
156 if (ctx != NULL) BN_CTX_free(ctx);
157 BN_clear_free(&m);
158 BN_clear_free(&xr);
159 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
160 BN_clear_free(kinv);
161 return(ret);
162 }
163
164static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
165 {
166 BN_CTX *ctx;
167 BIGNUM k,*kinv=NULL,*r=NULL;
168 int ret=0;
169
170 if (ctx_in == NULL)
171 {
172 if ((ctx=BN_CTX_new()) == NULL) goto err;
173 }
174 else
175 ctx=ctx_in;
176
177 BN_init(&k);
178 if ((r=BN_new()) == NULL) goto err;
179 kinv=NULL;
180
181 /* Get random k */
182 for (;;)
183 {
184 if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
185 if (BN_cmp(&k,dsa->q) >= 0)
186 BN_sub(&k,&k,dsa->q);
187 if (!BN_is_zero(&k)) break;
188 }
189
190 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
191 {
192 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
193 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
194 dsa->p,ctx)) goto err;
195 }
196
197 /* Compute r = (g^k mod p) mod q */
198 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
199 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
200 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
201
202 /* Compute part of 's = inv(k) (m + xr) mod q' */
203 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
204
205 if (*kinvp != NULL) BN_clear_free(*kinvp);
206 *kinvp=kinv;
207 kinv=NULL;
208 if (*rp != NULL) BN_clear_free(*rp);
209 *rp=r;
210 ret=1;
211err:
212 if (!ret)
213 {
214 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
215 if (kinv != NULL) BN_clear_free(kinv);
216 if (r != NULL) BN_clear_free(r);
217 }
218 if (ctx_in == NULL) BN_CTX_free(ctx);
219 if (kinv != NULL) BN_clear_free(kinv);
220 BN_clear_free(&k);
221 return(ret);
222 }
223
224static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
225 DSA *dsa)
226 {
227 BN_CTX *ctx;
228 BIGNUM u1,u2,t1;
229 BN_MONT_CTX *mont=NULL;
230 int ret = -1;
231
232 if ((ctx=BN_CTX_new()) == NULL) goto err;
233 BN_init(&u1);
234 BN_init(&u2);
235 BN_init(&t1);
236
237 /* Calculate W = inv(S) mod Q
238 * save W in u2 */
239 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
240
241 /* save M in u1 */
242 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
243
244 /* u1 = M * w mod q */
245 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
246
247 /* u2 = r * w mod q */
248 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
249
250 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
251 {
252 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
253 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
254 dsa->p,ctx)) goto err;
255 }
256 mont=(BN_MONT_CTX *)dsa->method_mont_p;
257
258#if 0
259 {
260 BIGNUM t2;
261
262 BN_init(&t2);
263 /* v = ( g^u1 * y^u2 mod p ) mod q */
264 /* let t1 = g ^ u1 mod p */
265 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
266 /* let t2 = y ^ u2 mod p */
267 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
268 /* let u1 = t1 * t2 mod p */
269 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
270 BN_free(&t2);
271 }
272 /* let u1 = u1 mod q */
273 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
274#else
275 {
276 if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
277 dsa->p,ctx,mont)) goto err;
278 /* BN_copy(&u1,&t1); */
279 /* let u1 = u1 mod q */
280 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
281 }
282#endif
283 /* V is now in u1. If the signature is correct, it will be
284 * equal to R. */
285 ret=(BN_ucmp(&u1, sig->r) == 0);
286
287 err:
288 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
289 if (ctx != NULL) BN_CTX_free(ctx);
290 BN_free(&u1);
291 BN_free(&u2);
292 BN_free(&t1);
293 return(ret);
294 }
295
296static int dsa_init(DSA *dsa)
297{
298 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
299 return(1);
300}
301
302static int dsa_finish(DSA *dsa)
303{
304 if(dsa->method_mont_p)
305 BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
306 return(1);
307}
308
309static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
310 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
311 BN_MONT_CTX *in_mont)
312{
313 return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
314}
315
316static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
317 const BIGNUM *m, BN_CTX *ctx,
318 BN_MONT_CTX *m_ctx)
319{
320 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
321}
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 774c161964..89205026f0 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -67,73 +67,9 @@
67 67
68DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 68DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
69 { 69 {
70 BIGNUM *kinv=NULL,*r=NULL,*s=NULL; 70 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
71 BIGNUM m;
72 BIGNUM xr;
73 BN_CTX *ctx=NULL;
74 int i,reason=ERR_R_BN_LIB;
75 DSA_SIG *ret=NULL;
76
77 BN_init(&m);
78 BN_init(&xr);
79 s=BN_new();
80 if (s == NULL) goto err;
81
82 i=BN_num_bytes(dsa->q); /* should be 20 */
83 if ((dlen > i) || (dlen > 50))
84 {
85 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
86 goto err;
87 }
88
89 ctx=BN_CTX_new();
90 if (ctx == NULL) goto err;
91
92 if ((dsa->kinv == NULL) || (dsa->r == NULL))
93 {
94 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
95 }
96 else
97 {
98 kinv=dsa->kinv;
99 dsa->kinv=NULL;
100 r=dsa->r;
101 dsa->r=NULL;
102 }
103
104 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
105
106 /* Compute s = inv(k) (m + xr) mod q */
107 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
108 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
109 if (BN_cmp(s,dsa->q) > 0)
110 BN_sub(s,s,dsa->q);
111 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
112
113 ret=DSA_SIG_new();
114 if (ret == NULL) goto err;
115 ret->r = r;
116 ret->s = s;
117
118err:
119 if (!ret)
120 {
121 DSAerr(DSA_F_DSA_DO_SIGN,reason);
122 BN_free(r);
123 BN_free(s);
124 }
125 if (ctx != NULL) BN_CTX_free(ctx);
126 BN_clear_free(&m);
127 BN_clear_free(&xr);
128 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
129 BN_clear_free(kinv);
130 return(ret);
131 } 71 }
132 72
133/* data has already been hashed (probably with SHA or SHA-1). */
134
135/* unsigned char *sig: out */
136/* unsigned int *siglen: out */
137int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 73int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
138 unsigned int *siglen, DSA *dsa) 74 unsigned int *siglen, DSA *dsa)
139 { 75 {
@@ -151,61 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
151 87
152int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 88int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
153 { 89 {
154 BN_CTX *ctx; 90 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
155 BIGNUM k,*kinv=NULL,*r=NULL;
156 int ret=0;
157
158 if (ctx_in == NULL)
159 {
160 if ((ctx=BN_CTX_new()) == NULL) goto err;
161 }
162 else
163 ctx=ctx_in;
164
165 BN_init(&k);
166 if ((r=BN_new()) == NULL) goto err;
167 kinv=NULL;
168
169 /* Get random k */
170 for (;;)
171 {
172 if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
173 if (BN_cmp(&k,dsa->q) >= 0)
174 BN_sub(&k,&k,dsa->q);
175 if (!BN_is_zero(&k)) break;
176 }
177
178 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
179 {
180 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
181 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
182 dsa->p,ctx)) goto err;
183 }
184
185 /* Compute r = (g^k mod p) mod q */
186 if (!BN_mod_exp_mont(r,dsa->g,&k,dsa->p,ctx,
187 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
188 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
189
190 /* Compute part of 's = inv(k) (m + xr) mod q' */
191 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
192
193 if (*kinvp != NULL) BN_clear_free(*kinvp);
194 *kinvp=kinv;
195 kinv=NULL;
196 if (*rp != NULL) BN_clear_free(*rp);
197 *rp=r;
198 ret=1;
199err:
200 if (!ret)
201 {
202 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
203 if (kinv != NULL) BN_clear_free(kinv);
204 if (r != NULL) BN_clear_free(r);
205 }
206 if (ctx_in == NULL) BN_CTX_free(ctx);
207 if (kinv != NULL) BN_clear_free(kinv);
208 BN_clear_free(&k);
209 return(ret);
210 } 91 }
211 92
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index ff552208aa..03277f80fd 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -69,73 +69,7 @@
69int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 69int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
70 DSA *dsa) 70 DSA *dsa)
71 { 71 {
72 BN_CTX *ctx; 72 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
73 BIGNUM u1,u2,t1;
74 BN_MONT_CTX *mont=NULL;
75 int ret = -1;
76
77 if ((ctx=BN_CTX_new()) == NULL) goto err;
78 BN_init(&u1);
79 BN_init(&u2);
80 BN_init(&t1);
81
82 /* Calculate W = inv(S) mod Q
83 * save W in u2 */
84 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
85
86 /* save M in u1 */
87 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
88
89 /* u1 = M * w mod q */
90 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
91
92 /* u2 = r * w mod q */
93 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
94
95 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
96 {
97 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
98 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
99 dsa->p,ctx)) goto err;
100 }
101 mont=(BN_MONT_CTX *)dsa->method_mont_p;
102
103#if 0
104 {
105 BIGNUM t2;
106
107 BN_init(&t2);
108 /* v = ( g^u1 * y^u2 mod p ) mod q */
109 /* let t1 = g ^ u1 mod p */
110 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
111 /* let t2 = y ^ u2 mod p */
112 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
113 /* let u1 = t1 * t2 mod p */
114 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
115 BN_free(&t2);
116 }
117 /* let u1 = u1 mod q */
118 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
119#else
120 {
121 if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont))
122 goto err;
123 /* BN_copy(&u1,&t1); */
124 /* let u1 = u1 mod q */
125 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
126 }
127#endif
128 /* V is now in u1. If the signature is correct, it will be
129 * equal to R. */
130 ret=(BN_ucmp(&u1, sig->r) == 0);
131
132 err:
133 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
134 if (ctx != NULL) BN_CTX_free(ctx);
135 BN_free(&u1);
136 BN_free(&u2);
137 BN_free(&t1);
138 return(ret);
139 } 73 }
140 74
141/* data has already been hashed (probably with SHA or SHA-1). */ 75/* data has already been hashed (probably with SHA or SHA-1). */
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index fc25c9a1b7..309a7cda89 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -84,7 +84,10 @@ int main(int argc, char *argv[])
84#define MS_CALLBACK 84#define MS_CALLBACK
85#endif 85#endif
86 86
87static void MS_CALLBACK dsa_cb(int p, int n, char *arg); 87static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
88
89/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
90 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
88static unsigned char seed[20]={ 91static unsigned char seed[20]={
89 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, 92 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
90 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, 93 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
@@ -120,6 +123,8 @@ static unsigned char out_g[]={
120 123
121static const unsigned char str1[]="12345678901234567890"; 124static const unsigned char str1[]="12345678901234567890";
122 125
126static const char rnd_seed[] = "string to make the random number generator think it has entropy";
127
123static BIO *bio_err=NULL; 128static BIO *bio_err=NULL;
124 129
125int main(int argc, char **argv) 130int main(int argc, char **argv)
@@ -131,15 +136,17 @@ int main(int argc, char **argv)
131 unsigned char sig[256]; 136 unsigned char sig[256];
132 unsigned int siglen; 137 unsigned int siglen;
133 138
139 ERR_load_crypto_strings();
140 RAND_seed(rnd_seed, sizeof rnd_seed);
141
134 if (bio_err == NULL) 142 if (bio_err == NULL)
135 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 143 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
136 144
137 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 145 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
138 146
139 BIO_printf(bio_err,"test generation of DSA parameters\n"); 147 BIO_printf(bio_err,"test generation of DSA parameters\n");
140 BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n"); 148
141 dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb, 149 dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
142 (char *)bio_err);
143 150
144 BIO_printf(bio_err,"seed\n"); 151 BIO_printf(bio_err,"seed\n");
145 for (i=0; i<20; i+=4) 152 for (i=0; i<20; i+=4)
@@ -193,13 +200,18 @@ end:
193 if (!ret) 200 if (!ret)
194 ERR_print_errors(bio_err); 201 ERR_print_errors(bio_err);
195 if (dsa != NULL) DSA_free(dsa); 202 if (dsa != NULL) DSA_free(dsa);
203 ERR_remove_state(0);
196 CRYPTO_mem_leaks(bio_err); 204 CRYPTO_mem_leaks(bio_err);
197 if (bio_err != NULL) BIO_free(bio_err); 205 if (bio_err != NULL)
206 {
207 BIO_free(bio_err);
208 bio_err = NULL;
209 }
198 exit(!ret); 210 exit(!ret);
199 return(0); 211 return(0);
200 } 212 }
201 213
202static void MS_CALLBACK dsa_cb(int p, int n, char *arg) 214static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
203 { 215 {
204 char c='*'; 216 char c='*';
205 static int ok=0,num=0; 217 static int ok=0,num=0;
@@ -208,8 +220,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
208 if (p == 1) c='+'; 220 if (p == 1) c='+';
209 if (p == 2) { c='*'; ok++; } 221 if (p == 2) { c='*'; ok++; }
210 if (p == 3) c='\n'; 222 if (p == 3) c='\n';
211 BIO_write((BIO *)arg,&c,1); 223 BIO_write(arg,&c,1);
212 (void)BIO_flush((BIO *)arg); 224 (void)BIO_flush(arg);
213 225
214 if (!ok && (p == 0) && (num > 1)) 226 if (!ok && (p == 0) && (num > 1))
215 { 227 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 13:05:41 +0000