Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build

functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.

Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.

7 files changed, 1245 insertions, 0 deletions

diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
new file mode 100644
index 0000000000..1ca87c1cbe
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -0,0 +1,194 @@
+/* crypto/dsa/dsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
+ * work and I have just tweaked them a little to fit into my
+ * stylistic vision for SSLeay :-) */
+
+#ifndef HEADER_DSA_H
+#define HEADER_DSA_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include "bn.h"
+
+typedef struct dsa_st
+        {
+        /* This first variable is used to pick up errors where
+         * a DSA is passed instead of of a EVP_PKEY */
+        int pad;
+        int version;
+        int write_params;
+        BIGNUM *p;
+        BIGNUM *q;      /* == 20 */
+        BIGNUM *g;
+
+        BIGNUM *pub_key;  /* y public key */
+        BIGNUM *priv_key; /* x private key */
+
+        BIGNUM *kinv;   /* Signing pre-calc */
+        BIGNUM *r;      /* Signing pre-calc */
+
+        int references;
+        } DSA;
+
+#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
+                (char *(*)())d2i_DSAparams,(char *)(x))
+#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
+#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
+                (unsigned char *)(x))
+
+#ifndef NOPROTO
+
+DSA *   DSA_new(void);
+int     DSA_size(DSA *);
+        /* next 4 return -1 on error */
+int     DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
+int     DSA_sign(int type,unsigned char *dgst,int dlen,
+                unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int     DSA_verify(int type,unsigned char *dgst,int dgst_len,
+                unsigned char *sigbuf, int siglen, DSA *dsa);
+void    DSA_free (DSA *r);
+
+void    ERR_load_DSA_strings(void );
+
+DSA *   d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+DSA *   d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+DSA *   d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+DSA *   DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
+                int *counter_ret, unsigned long *h_ret,void
+                (*callback)(),char *cb_arg);
+int     DSA_generate_key(DSA *a);
+int     i2d_DSAPublicKey(DSA *a, unsigned char **pp);
+int     i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
+int     i2d_DSAparams(DSA *a,unsigned char **pp);
+
+#ifdef HEADER_BIO_H
+int     DSAparams_print(BIO *bp, DSA *x);
+int     DSA_print(BIO *bp, DSA *x, int off);
+#endif
+#ifndef NO_FP_API
+int     DSAparams_print_fp(FILE *fp, DSA *x);
+int     DSA_print_fp(FILE *bp, DSA *x, int off);
+#endif
+
+int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
+
+#else
+
+DSA *   DSA_new();
+int     DSA_size();
+int     DSA_sign_setup();
+int     DSA_sign();
+int     DSA_verify();
+void    DSA_free ();
+
+void    ERR_load_DSA_strings();
+
+DSA *   d2i_DSAPublicKey();
+DSA *   d2i_DSAPrivateKey();
+DSA *   d2i_DSAparams();
+DSA *   DSA_generate_parameters();
+int     DSA_generate_key();
+int     i2d_DSAPublicKey();
+int     i2d_DSAPrivateKey();
+int     i2d_DSAparams();
+
+int     DSA_is_prime();
+
+int     DSAparams_print();
+int     DSA_print();
+
+#ifndef NO_FP_API
+int     DSAparams_print_fp();
+int     DSA_print_fp();
+#endif
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+#define DSA_F_DSAPARAMS_PRINT                            100
+#define DSA_F_DSAPARAMS_PRINT_FP                         101
+#define DSA_F_DSA_IS_PRIME                               102
+#define DSA_F_DSA_NEW                                    103
+#define DSA_F_DSA_PRINT                                  104
+#define DSA_F_DSA_PRINT_FP                               105
+#define DSA_F_DSA_SIGN                                   106
+#define DSA_F_DSA_SIGN_SETUP                             107
+#define DSA_F_DSA_VERIFY                                 108
+
+/* Reason codes. */
+#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..318e9f31aa
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -0,0 +1,99 @@
+/* lib/dsa/dsa_err.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "err.h"
+#include "dsa.h"
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA DSA_str_functs[]=
+        {
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),   "DSAparams_print"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),        "DSAparams_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0),      "DSA_is_prime"},
+{ERR_PACK(0,DSA_F_DSA_NEW,0),   "DSA_new"},
+{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
+{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),      "DSA_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_SIGN,0),  "DSA_sign"},
+{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),    "DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_VERIFY,0),        "DSA_verify"},
+{0,NULL},
+        };
+
+static ERR_STRING_DATA DSA_str_reasons[]=
+        {
+{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{0,NULL},
+        };
+
+#endif
+
+void ERR_load_DSA_strings()
+        {
+        static int init=1;
+
+        if (init);
+                {;
+                init=0;
+#ifndef NO_ERR
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000..d7d30bf90a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -0,0 +1,328 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+#define HASH    SHA
+#else
+#define HASH    SHA1
+#endif 
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "sha.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+
+DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback,
+        cb_arg)
+int bits;
+unsigned char *seed_in;
+int seed_len;
+int *counter_ret;
+unsigned long *h_ret;
+void (*callback)();
+char *cb_arg;
+        {
+        int ok=0;
+        unsigned char seed[SHA_DIGEST_LENGTH];
+        unsigned char md[SHA_DIGEST_LENGTH];
+        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+        BIGNUM *r0,*W,*X,*c,*test;
+        BIGNUM *g=NULL,*q=NULL,*p=NULL;
+        int k,n=0,i,b,m=0;
+        int counter=0;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+        unsigned int h=2;
+        DSA *ret=NULL;
+
+        if (bits < 512) bits=512;
+        bits=(bits+63)/64*64;
+
+        if ((seed_in != NULL) && (seed_len == 20))
+                memcpy(seed,seed_in,seed_len);
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        ctx2=BN_CTX_new();
+        if (ctx2 == NULL) goto err;
+        ret=DSA_new();
+        if (ret == NULL) goto err;
+        r0=ctx2->bn[0];
+        g=ctx2->bn[1];
+        W=ctx2->bn[2];
+        q=ctx2->bn[3];
+        X=ctx2->bn[4];
+        c=ctx2->bn[5];
+        p=ctx2->bn[6];
+        test=ctx2->bn[7];
+
+        BN_lshift(test,BN_value_one(),bits-1);
+
+        for (;;)
+                {
+                for (;;)
+                        {
+                        /* step 1 */
+                        if (callback != NULL) callback(0,m++,cb_arg);
+
+                        if (!seed_len)
+                                RAND_bytes(seed,SHA_DIGEST_LENGTH);
+                        else
+                                seed_len=0;
+
+                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                {
+                                buf[i]++;
+                                if (buf[i] != 0) break;
+                                }
+
+                        /* step 2 */
+                        HASH(seed,SHA_DIGEST_LENGTH,md);
+                        HASH(buf,SHA_DIGEST_LENGTH,buf2);
+                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                                md[i]^=buf2[i];
+
+                        /* step 3 */
+                        md[0]|=0x80;
+                        md[SHA_DIGEST_LENGTH-1]|=0x01;
+                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort();
+
+                        /* step 4 */
+                        if (DSA_is_prime(q,callback,cb_arg) > 0) break;
+                        /* do a callback call */
+                        /* step 5 */
+                        }
+
+                if (callback != NULL) callback(2,0,cb_arg);
+                if (callback != NULL) callback(3,0,cb_arg);
+
+                /* step 6 */
+                counter=0;
+
+                n=(bits-1)/160;
+                b=(bits-1)-n*160;
+
+                for (;;)
+                        {
+                        /* step 7 */
+                        BN_zero(W);
+                        for (k=0; k<=n; k++)
+                                {
+                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                        {
+                                        buf[i]++;
+                                        if (buf[i] != 0) break;
+                                        }
+
+                                HASH(buf,SHA_DIGEST_LENGTH,md);
+
+                                /* step 8 */
+                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
+                                BN_lshift(r0,r0,160*k);
+                                BN_add(W,W,r0);
+                                }
+
+                        /* more of step 8 */
+                        BN_mask_bits(W,bits-1);
+                        BN_copy(X,W); /* this should be ok */
+                        BN_add(X,X,test); /* this should be ok */
+
+                        /* step 9 */
+                        BN_lshift1(r0,q);
+                        BN_mod(c,X,r0,ctx);
+                        BN_sub(r0,c,BN_value_one());
+                        BN_sub(p,X,r0);
+
+                        /* step 10 */
+                        if (BN_cmp(p,test) >= 0)
+                                {
+                                /* step 11 */
+                                if (DSA_is_prime(p,callback,cb_arg) > 0)
+                                        goto end;
+                                }
+
+                        /* step 13 */
+                        counter++;
+
+                        /* step 14 */
+                        if (counter >= 4096) break;
+
+                        if (callback != NULL) callback(0,counter,cb_arg);
+                        }
+                }
+end:
+        if (callback != NULL) callback(2,1,cb_arg);
+
+        /* We now need to gernerate g */
+        /* Set r0=(p-1)/q */
+        BN_sub(test,p,BN_value_one());
+        BN_div(r0,NULL,test,q,ctx);
+
+        BN_set_word(test,h);
+        for (;;)
+                {
+                /* g=test^r0%p */
+                BN_mod_exp(g,test,r0,p,ctx);
+                if (!BN_is_one(g)) break;
+                BN_add(test,test,BN_value_one());
+                h++;
+                }
+
+        if (callback != NULL) callback(3,1,cb_arg);
+
+        ok=1;
+err:
+        if (!ok)
+                {
+                if (ret != NULL) DSA_free(ret);
+                }
+        else
+                {
+                ret->p=BN_dup(p);
+                ret->q=BN_dup(q);
+                ret->g=BN_dup(g);
+                if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+                if (counter_ret != NULL) *counter_ret=counter;
+                if (h_ret != NULL) *h_ret=h;
+                }
+        BN_CTX_free(ctx);
+        BN_CTX_free(ctx2);
+        return(ok?ret:NULL);
+        }
+
+int DSA_is_prime(w, callback,cb_arg)
+BIGNUM *w;
+void (*callback)();
+char *cb_arg;
+        {
+        int ok= -1,j,i,n;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+        BIGNUM *w_1,*b,*m,*z;
+        int a;
+
+        if (!BN_is_bit_set(w,0)) return(0);
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        ctx2=BN_CTX_new();
+        if (ctx2 == NULL) goto err;
+
+        m=  ctx2->bn[2];
+        b=  ctx2->bn[3];
+        z=  ctx2->bn[4];
+        w_1=ctx2->bn[5];
+
+        /* step 1 */
+        n=50;
+
+        /* step 2 */
+        if (!BN_sub(w_1,w,BN_value_one())) goto err;
+        for (a=1; !BN_is_bit_set(w_1,a); a++)
+                ;
+        if (!BN_rshift(m,w_1,a)) goto err;
+
+        for (i=1; i < n; i++)
+                {
+                /* step 3 */
+                BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
+                BN_set_word(b,0x10001L);
+
+                /* step 4 */
+                j=0;
+                if (!BN_mod_exp(z,b,m,w,ctx)) goto err;
+
+                /* step 5 */
+                for (;;)
+                        {
+                        if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0))
+                                break;
+
+                        /* step 6 */
+                        if ((j > 0) && BN_is_one(z))
+                                {
+                                ok=0;
+                                goto err;
+                                }
+
+                        j++;
+                        if (j >= a)
+                                {
+                                ok=0;
+                                goto err;
+                                }
+
+                        if (!BN_mod_mul(z,z,z,w,ctx)) goto err;
+                        if (callback != NULL) callback(1,j,cb_arg);
+                        }
+                }
+
+        ok=1;
+err:
+        if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
+        BN_CTX_free(ctx);
+        BN_CTX_free(ctx2);
+        
+        return(ok);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
new file mode 100644
index 0000000000..d51ed9395f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -0,0 +1,112 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "sha.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+
+int DSA_generate_key(dsa)
+DSA *dsa;
+        {
+        int ok=0;
+        unsigned int i;
+        BN_CTX *ctx=NULL;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if (dsa->priv_key == NULL)
+                {
+                if ((priv_key=BN_new()) == NULL) goto err;
+                }
+        else
+                priv_key=dsa->priv_key;
+
+        i=BN_num_bits(dsa->q);
+        for (;;)
+                {
+                BN_rand(priv_key,i,1,0);
+                if (BN_cmp(priv_key,dsa->q) >= 0)
+                        BN_sub(priv_key,priv_key,dsa->q);
+                if (!BN_is_zero(priv_key)) break;
+                }
+
+        if (dsa->pub_key == NULL)
+                {
+                if ((pub_key=BN_new()) == NULL) goto err;
+                }
+        else
+                pub_key=dsa->pub_key;
+
+        if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+
+        dsa->priv_key=priv_key;
+        dsa->pub_key=pub_key;
+        ok=1;
+
+err:
+        if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+        if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ok);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000..b647257f9f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -0,0 +1,145 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "asn1.h"
+
+char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998";
+
+DSA *DSA_new()
+        {
+        DSA *ret;
+
+        ret=(DSA *)Malloc(sizeof(DSA));
+        if (ret == NULL)
+                {
+                DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->pad=0;
+        ret->version=0;
+        ret->write_params=1;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->g=NULL;
+
+        ret->pub_key=NULL;
+        ret->priv_key=NULL;
+
+        ret->kinv=NULL;
+        ret->r=NULL;
+
+        ret->references=1;
+        return(ret);
+        }
+
+void DSA_free(r)
+DSA *r;
+        {
+        int i;
+
+        if (r == NULL) return;
+
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+        REF_PRINT("DSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"DSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        if (r->kinv != NULL) BN_clear_free(r->kinv);
+        if (r->r != NULL) BN_clear_free(r->r);
+        Free(r);
+        }
+
+int DSA_size(r)
+DSA *r;
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];
+
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..6ca1c318f2
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -0,0 +1,215 @@
+/* crypto/dsa/dsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+#include "asn1.h"
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/*      DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
+
+int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
+int type;
+unsigned char *dgst;
+int dlen;
+unsigned char *sig;     /* out */
+unsigned int *siglen;   /* out */
+DSA *dsa;
+        {
+        BIGNUM *kinv=NULL,*r=NULL;
+        BIGNUM *m=NULL;
+        BIGNUM *xr=NULL,*s=NULL;
+        BN_CTX *ctx=NULL;
+        unsigned char *p;
+        int i,len=0,ret=0,reason=ERR_R_BN_LIB;
+        ASN1_INTEGER rbs,sbs;
+        MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
+        MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
+
+        i=BN_num_bytes(dsa->q); /* should be 20 */
+        if ((dlen > i) || (dlen > 50))
+                {
+                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+                goto err;
+                }
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+
+        if ((dsa->kinv == NULL) || (dsa->r == NULL))
+                {
+                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+                }
+        else
+                {
+                kinv=dsa->kinv;
+                dsa->kinv=NULL;
+                r=dsa->r;
+                dsa->r=NULL;
+                }
+
+        m=BN_new();
+        xr=BN_new();
+        s=BN_new();
+        if (m == NULL || xr == NULL || s == NULL) goto err;
+
+        if (BN_bin2bn(dgst,dlen,m) == NULL) goto err;
+
+        /* Compute  s = inv(k) (m + xr) mod q */
+        if (!BN_mul(xr, dsa->priv_key, r)) goto err;    /* s = xr */
+        if (!BN_add(s, xr, m)) goto err;                /* s = m + xr */
+        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+        /*
+         * Now create a ASN.1 sequence of the integers R and S.
+         */
+        rbs.data=rbuf;
+        sbs.data=sbuf;
+        rbs.type = V_ASN1_INTEGER;
+        sbs.type = V_ASN1_INTEGER;
+        rbs.length=BN_bn2bin(r,rbs.data);
+        sbs.length=BN_bn2bin(s,sbs.data);
+
+        len =i2d_ASN1_INTEGER(&rbs,NULL);
+        len+=i2d_ASN1_INTEGER(&sbs,NULL);
+
+        p=sig;
+        ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_ASN1_INTEGER(&rbs,&p);
+        i2d_ASN1_INTEGER(&sbs,&p);
+        *siglen=(p-sig);
+        ret=1;
+err:
+        if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
+                
+#if 1 /* do the right thing :-) */
+        if (kinv != NULL) BN_clear_free(kinv);
+        if (r != NULL) BN_clear_free(r);
+#endif
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (m != NULL) BN_clear_free(m);
+        if (xr != NULL) BN_clear_free(xr);
+        if (s != NULL) BN_clear_free(s);
+        return(ret);
+        }
+
+int DSA_sign_setup(dsa,ctx_in,kinvp,rp)
+DSA *dsa;
+BN_CTX *ctx_in;
+BIGNUM **kinvp;
+BIGNUM **rp;
+        {
+        BN_CTX *ctx;
+        BIGNUM *k=NULL,*kinv=NULL,*r=NULL;
+        int ret=0;
+
+        if (ctx_in == NULL)
+                {
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+                }
+        else
+                ctx=ctx_in;
+
+        r=BN_new();
+        k=BN_new();
+        if ((r == NULL) || (k == NULL))
+                goto err;
+        kinv=NULL;
+
+        if (r == NULL) goto err;
+
+        /* Get random k */
+        for (;;)
+                {
+                if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err;
+                if (BN_cmp(k,dsa->q) >= 0)
+                        BN_sub(k,k,dsa->q);
+                if (!BN_is_zero(k)) break;
+                }
+
+        /* Compute r = (g^k mod p) mod q */
+        if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err;
+        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+        /* Compute  part of 's = inv(k) (m + xr) mod q' */
+        if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err;
+
+        if (*kinvp != NULL) BN_clear_free(*kinvp);
+        *kinvp=kinv;
+        kinv=NULL;
+        if (*rp != NULL) BN_clear_free(*rp);
+        *rp=r;
+        ret=1;
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL) BN_clear_free(r);
+                }
+        if (ctx_in == NULL) BN_CTX_free(ctx);
+        if (k != NULL) BN_clear_free(k);
+        if (kinv != NULL) BN_clear_free(kinv);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..0f860984ed
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -0,0 +1,152 @@
+/* crypto/dsa/dsa_vrf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn.h"
+#include "dsa.h"
+#include "rand.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *       1: correct signature
+ *       0: incorrect signature
+ *      -1: error
+ */
+int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
+int type;
+unsigned char *dgst;
+int dgst_len;
+unsigned char *sigbuf;
+int siglen;
+DSA *dsa;
+        {
+        /* The next 3 are used by the M_ASN1 macros */
+        long length=siglen;
+        ASN1_CTX c;
+        unsigned char **pp= &sigbuf;
+        BN_CTX *ctx;
+        BIGNUM *r=NULL;
+        BIGNUM *t1=NULL,*t2=NULL;
+        BIGNUM *u1=NULL,*u2=NULL;
+        ASN1_INTEGER *bs=NULL;
+        int ret = -1;
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+
+        t1=BN_new();
+        t2=BN_new();
+        if (t1 == NULL || t2 == NULL) goto err;
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+        if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
+        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+        if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
+        if (!asn1_Finish(&c)) goto err;
+
+        /* Calculate W = inv(S) mod Q
+         * save W in u2 */
+        if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn;
+
+        /* save M in u1 */
+        if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn;
+
+        /* u1 = M * w mod q */
+        if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn;
+
+        /* u2 = r * w mod q */
+        if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn;
+
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn;
+        /* let t2 = y ^ u2 mod p */
+        if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn;
+        /* let u1 = u1 mod q */
+        if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn;
+        /* V is now in u1.  If the signature is correct, it will be
+         * equal to R. */
+        ret=(BN_ucmp(u1, r) == 0);
+        if (0)
+                {
+err: /* ASN1 error */
+                DSAerr(DSA_F_DSA_VERIFY,c.error);
+                }
+        if (0)
+                {
+err_bn: /* BN error */
+                DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
+                }
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (r != NULL) BN_free(r);
+        if (t1 != NULL) BN_free(t1);
+        if (t2 != NULL) BN_free(t2);
+        if (u1 != NULL) BN_free(u1);
+        if (u2 != NULL) BN_free(u2);
+        if (bs != NULL) ASN1_BIT_STRING_free(bs);
+        return(ret);
+        }