summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2009-06-25 14:33:51 +0000
committercvs2svn <admin@example.com>2009-06-25 14:33:51 +0000
commit3944e6efcea0baa7128a89353d149b37100c0ece (patch)
tree64c1ad6d7af88839fd67d630ca81c768fd1191cd /src/lib/libcrypto/dsa
parent2eabc3aa42ad7d46a1723621f8e34e533342f67a (diff)
downloadopenbsd-OPENBSD_4_6_BASE.tar.gz
openbsd-OPENBSD_4_6_BASE.tar.bz2
openbsd-OPENBSD_4_6_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_4_6_BASE'.OPENBSD_4_6_BASE
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/dsa.h324
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c218
-rw-r--r--src/lib/libcrypto/dsa/dsa_depr.c106
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c119
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c325
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c132
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c316
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c396
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c95
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c84
10 files changed, 0 insertions, 2115 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
deleted file mode 100644
index 702c50d6dc..0000000000
--- a/src/lib/libcrypto/dsa/dsa.h
+++ /dev/null
@@ -1,324 +0,0 @@
1/* crypto/dsa/dsa.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/*
60 * The DSS routines are based on patches supplied by
61 * Steven Schoch <schoch@sheba.arc.nasa.gov>. He basically did the
62 * work and I have just tweaked them a little to fit into my
63 * stylistic vision for SSLeay :-) */
64
65#ifndef HEADER_DSA_H
66#define HEADER_DSA_H
67
68#include <openssl/e_os2.h>
69
70#ifdef OPENSSL_NO_DSA
71#error DSA is disabled.
72#endif
73
74#ifndef OPENSSL_NO_BIO
75#include <openssl/bio.h>
76#endif
77#include <openssl/crypto.h>
78#include <openssl/ossl_typ.h>
79
80#ifndef OPENSSL_NO_DEPRECATED
81#include <openssl/bn.h>
82#ifndef OPENSSL_NO_DH
83# include <openssl/dh.h>
84#endif
85#endif
86
87#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
89#endif
90
91#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
92
93#define DSA_FLAG_CACHE_MONT_P 0x01
94#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
95 * implementation now uses constant time
96 * modular exponentiation for secret exponents
97 * by default. This flag causes the
98 * faster variable sliding window method to
99 * be used for all exponents.
100 */
101
102/* If this flag is set the DSA method is FIPS compliant and can be used
103 * in FIPS mode. This is set in the validated module method. If an
104 * application sets this flag in its own methods it is its reposibility
105 * to ensure the result is compliant.
106 */
107
108#define DSA_FLAG_FIPS_METHOD 0x0400
109
110/* If this flag is set the operations normally disabled in FIPS mode are
111 * permitted it is then the applications responsibility to ensure that the
112 * usage is compliant.
113 */
114
115#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
116
117#ifdef OPENSSL_FIPS
118#define FIPS_DSA_SIZE_T int
119#endif
120
121#ifdef __cplusplus
122extern "C" {
123#endif
124
125/* Already defined in ossl_typ.h */
126/* typedef struct dsa_st DSA; */
127/* typedef struct dsa_method DSA_METHOD; */
128
129typedef struct DSA_SIG_st
130 {
131 BIGNUM *r;
132 BIGNUM *s;
133 } DSA_SIG;
134
135struct dsa_method
136 {
137 const char *name;
138 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
139 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
140 BIGNUM **rp);
141 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
142 DSA_SIG *sig, DSA *dsa);
143 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
144 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
145 BN_MONT_CTX *in_mont);
146 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
147 const BIGNUM *m, BN_CTX *ctx,
148 BN_MONT_CTX *m_ctx); /* Can be null */
149 int (*init)(DSA *dsa);
150 int (*finish)(DSA *dsa);
151 int flags;
152 char *app_data;
153 /* If this is non-NULL, it is used to generate DSA parameters */
154 int (*dsa_paramgen)(DSA *dsa, int bits,
155 unsigned char *seed, int seed_len,
156 int *counter_ret, unsigned long *h_ret,
157 BN_GENCB *cb);
158 /* If this is non-NULL, it is used to generate DSA keys */
159 int (*dsa_keygen)(DSA *dsa);
160 };
161
162struct dsa_st
163 {
164 /* This first variable is used to pick up errors where
165 * a DSA is passed instead of of a EVP_PKEY */
166 int pad;
167 long version;
168 int write_params;
169 BIGNUM *p;
170 BIGNUM *q; /* == 20 */
171 BIGNUM *g;
172
173 BIGNUM *pub_key; /* y public key */
174 BIGNUM *priv_key; /* x private key */
175
176 BIGNUM *kinv; /* Signing pre-calc */
177 BIGNUM *r; /* Signing pre-calc */
178
179 int flags;
180 /* Normally used to cache montgomery values */
181 BN_MONT_CTX *method_mont_p;
182 int references;
183 CRYPTO_EX_DATA ex_data;
184 const DSA_METHOD *meth;
185 /* functional reference if 'meth' is ENGINE-provided */
186 ENGINE *engine;
187 };
188
189#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
190#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
191 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
192#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
193 (unsigned char *)(x))
194#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
195#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
196
197
198DSA_SIG * DSA_SIG_new(void);
199void DSA_SIG_free(DSA_SIG *a);
200int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
201DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
202
203DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
204int DSA_do_verify(const unsigned char *dgst,int dgst_len,
205 DSA_SIG *sig,DSA *dsa);
206
207const DSA_METHOD *DSA_OpenSSL(void);
208
209void DSA_set_default_method(const DSA_METHOD *);
210const DSA_METHOD *DSA_get_default_method(void);
211int DSA_set_method(DSA *dsa, const DSA_METHOD *);
212
213#ifdef OPENSSL_FIPS
214DSA * FIPS_dsa_new(void);
215void FIPS_dsa_free (DSA *r);
216#endif
217
218DSA * DSA_new(void);
219DSA * DSA_new_method(ENGINE *engine);
220void DSA_free (DSA *r);
221/* "up" the DSA object's reference count */
222int DSA_up_ref(DSA *r);
223int DSA_size(const DSA *);
224 /* next 4 return -1 on error */
225int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
226int DSA_sign(int type,const unsigned char *dgst,int dlen,
227 unsigned char *sig, unsigned int *siglen, DSA *dsa);
228int DSA_verify(int type,const unsigned char *dgst,int dgst_len,
229 const unsigned char *sigbuf, int siglen, DSA *dsa);
230int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
231 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
232int DSA_set_ex_data(DSA *d, int idx, void *arg);
233void *DSA_get_ex_data(DSA *d, int idx);
234
235DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
236DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
237DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
238
239/* Deprecated version */
240#ifndef OPENSSL_NO_DEPRECATED
241DSA * DSA_generate_parameters(int bits,
242 unsigned char *seed,int seed_len,
243 int *counter_ret, unsigned long *h_ret,void
244 (*callback)(int, int, void *),void *cb_arg);
245#endif /* !defined(OPENSSL_NO_DEPRECATED) */
246
247/* New version */
248int DSA_generate_parameters_ex(DSA *dsa, int bits,
249 unsigned char *seed,int seed_len,
250 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
251
252int DSA_generate_key(DSA *a);
253int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
254int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
255int i2d_DSAparams(const DSA *a,unsigned char **pp);
256
257#ifndef OPENSSL_NO_BIO
258int DSAparams_print(BIO *bp, const DSA *x);
259int DSA_print(BIO *bp, const DSA *x, int off);
260#endif
261#ifndef OPENSSL_NO_FP_API
262int DSAparams_print_fp(FILE *fp, const DSA *x);
263int DSA_print_fp(FILE *bp, const DSA *x, int off);
264#endif
265
266#define DSS_prime_checks 50
267/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
268 * 50 rounds of Rabin-Miller */
269#define DSA_is_prime(n, callback, cb_arg) \
270 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
271
272#ifndef OPENSSL_NO_DH
273/* Convert DSA structure (key or just parameters) into DH structure
274 * (be careful to avoid small subgroup attacks when using this!) */
275DH *DSA_dup_DH(const DSA *r);
276#endif
277
278#ifdef OPENSSL_FIPS
279int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
280int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
281#endif
282
283/* BEGIN ERROR CODES */
284/* The following lines are auto generated by the script mkerr.pl. Any changes
285 * made after this point may be overwritten when the script is next run.
286 */
287void ERR_load_DSA_strings(void);
288
289/* Error codes for the DSA functions. */
290
291/* Function codes. */
292#define DSA_F_D2I_DSA_SIG 110
293#define DSA_F_DSAPARAMS_PRINT 100
294#define DSA_F_DSAPARAMS_PRINT_FP 101
295#define DSA_F_DSA_BUILTIN_KEYGEN 119
296#define DSA_F_DSA_BUILTIN_PARAMGEN 118
297#define DSA_F_DSA_DO_SIGN 112
298#define DSA_F_DSA_DO_VERIFY 113
299#define DSA_F_DSA_GENERATE_PARAMETERS 117
300#define DSA_F_DSA_NEW_METHOD 103
301#define DSA_F_DSA_PRINT 104
302#define DSA_F_DSA_PRINT_FP 105
303#define DSA_F_DSA_SET_DEFAULT_METHOD 115
304#define DSA_F_DSA_SET_METHOD 116
305#define DSA_F_DSA_SIGN 106
306#define DSA_F_DSA_SIGN_SETUP 107
307#define DSA_F_DSA_SIG_NEW 109
308#define DSA_F_DSA_VERIFY 108
309#define DSA_F_I2D_DSA_SIG 111
310#define DSA_F_SIG_CB 114
311
312/* Reason codes. */
313#define DSA_R_BAD_Q_VALUE 102
314#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
315#define DSA_R_KEY_SIZE_TOO_SMALL 106
316#define DSA_R_MISSING_PARAMETERS 101
317#define DSA_R_MODULUS_TOO_LARGE 103
318#define DSA_R_NON_FIPS_METHOD 104
319#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
320
321#ifdef __cplusplus
322}
323#endif
324#endif
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
deleted file mode 100644
index 0645facb4b..0000000000
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ /dev/null
@@ -1,218 +0,0 @@
1/* dsa_asn1.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/dsa.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/bn.h>
65#ifdef OPENSSL_FIPS
66#include <openssl/fips.h>
67#endif
68
69
70/* Override the default new methods */
71static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
72{
73 if(operation == ASN1_OP_NEW_PRE) {
74 DSA_SIG *sig;
75 sig = OPENSSL_malloc(sizeof(DSA_SIG));
76 sig->r = NULL;
77 sig->s = NULL;
78 *pval = (ASN1_VALUE *)sig;
79 if(sig) return 2;
80 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
81 return 0;
82 }
83 return 1;
84}
85
86ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
87 ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
88 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
89} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
90
91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
92
93/* Override the default free and new methods */
94static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
95{
96 if(operation == ASN1_OP_NEW_PRE) {
97 *pval = (ASN1_VALUE *)DSA_new();
98 if(*pval) return 2;
99 return 0;
100 } else if(operation == ASN1_OP_FREE_PRE) {
101 DSA_free((DSA *)*pval);
102 *pval = NULL;
103 return 2;
104 }
105 return 1;
106}
107
108ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
109 ASN1_SIMPLE(DSA, version, LONG),
110 ASN1_SIMPLE(DSA, p, BIGNUM),
111 ASN1_SIMPLE(DSA, q, BIGNUM),
112 ASN1_SIMPLE(DSA, g, BIGNUM),
113 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
114 ASN1_SIMPLE(DSA, priv_key, BIGNUM)
115} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
116
117IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
118
119ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
120 ASN1_SIMPLE(DSA, p, BIGNUM),
121 ASN1_SIMPLE(DSA, q, BIGNUM),
122 ASN1_SIMPLE(DSA, g, BIGNUM),
123} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
124
125IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
126
127/* DSA public key is a bit trickier... its effectively a CHOICE type
128 * decided by a field called write_params which can either write out
129 * just the public key as an INTEGER or the parameters and public key
130 * in a SEQUENCE
131 */
132
133ASN1_SEQUENCE(dsa_pub_internal) = {
134 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
135 ASN1_SIMPLE(DSA, p, BIGNUM),
136 ASN1_SIMPLE(DSA, q, BIGNUM),
137 ASN1_SIMPLE(DSA, g, BIGNUM)
138} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
139
140ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
141 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
142 ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
143} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
144
145IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
146
147int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
148 unsigned int *siglen, DSA *dsa)
149 {
150 DSA_SIG *s;
151#ifdef OPENSSL_FIPS
152 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
153 {
154 DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
155 return 0;
156 }
157#endif
158 s=DSA_do_sign(dgst,dlen,dsa);
159 if (s == NULL)
160 {
161 *siglen=0;
162 return(0);
163 }
164 *siglen=i2d_DSA_SIG(s,&sig);
165 DSA_SIG_free(s);
166 return(1);
167 }
168
169int DSA_size(const DSA *r)
170 {
171 int ret,i;
172 ASN1_INTEGER bs;
173 unsigned char buf[4]; /* 4 bytes looks really small.
174 However, i2d_ASN1_INTEGER() will not look
175 beyond the first byte, as long as the second
176 parameter is NULL. */
177
178 i=BN_num_bits(r->q);
179 bs.length=(i+7)/8;
180 bs.data=buf;
181 bs.type=V_ASN1_INTEGER;
182 /* If the top bit is set the asn1 encoding is 1 larger. */
183 buf[0]=0xff;
184
185 i=i2d_ASN1_INTEGER(&bs,NULL);
186 i+=i; /* r and s */
187 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
188 return(ret);
189 }
190
191/* data has already been hashed (probably with SHA or SHA-1). */
192/* returns
193 * 1: correct signature
194 * 0: incorrect signature
195 * -1: error
196 */
197int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
198 const unsigned char *sigbuf, int siglen, DSA *dsa)
199 {
200 DSA_SIG *s;
201 int ret=-1;
202#ifdef OPENSSL_FIPS
203 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
204 {
205 DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
206 return 0;
207 }
208#endif
209
210 s = DSA_SIG_new();
211 if (s == NULL) return(ret);
212 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
213 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
214err:
215 DSA_SIG_free(s);
216 return(ret);
217 }
218
diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c
deleted file mode 100644
index f2da680eb4..0000000000
--- a/src/lib/libcrypto/dsa/dsa_depr.c
+++ /dev/null
@@ -1,106 +0,0 @@
1/* crypto/dsa/dsa_depr.c */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* This file contains deprecated function(s) that are now wrappers to the new
57 * version(s). */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72static void *dummy=&dummy;
73
74#ifndef OPENSSL_NO_SHA
75
76#include <stdio.h>
77#include <time.h>
78#include "cryptlib.h"
79#include <openssl/evp.h>
80#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h>
83#include <openssl/sha.h>
84
85#ifndef OPENSSL_NO_DEPRECATED
86DSA *DSA_generate_parameters(int bits,
87 unsigned char *seed_in, int seed_len,
88 int *counter_ret, unsigned long *h_ret,
89 void (*callback)(int, int, void *),
90 void *cb_arg)
91 {
92 BN_GENCB cb;
93 DSA *ret;
94
95 if ((ret=DSA_new()) == NULL) return NULL;
96
97 BN_GENCB_set_old(&cb, callback, cb_arg);
98
99 if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
100 counter_ret, h_ret, &cb))
101 return ret;
102 DSA_free(ret);
103 return NULL;
104 }
105#endif
106#endif
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
deleted file mode 100644
index 872839af94..0000000000
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ /dev/null
@@ -1,119 +0,0 @@
1/* crypto/dsa/dsa_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/dsa.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
70
71static ERR_STRING_DATA DSA_str_functs[]=
72 {
73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
74{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
76{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
77{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
78{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
79{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
80{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
81{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
82{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
83{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
84{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"},
85{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"},
86{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
87{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
88{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
89{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
90{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
91{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
92{0,NULL}
93 };
94
95static ERR_STRING_DATA DSA_str_reasons[]=
96 {
97{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
98{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
99{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
100{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
101{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
102{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"},
103{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
104{0,NULL}
105 };
106
107#endif
108
109void ERR_load_DSA_strings(void)
110 {
111#ifndef OPENSSL_NO_ERR
112
113 if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
114 {
115 ERR_load_strings(0,DSA_str_functs);
116 ERR_load_strings(0,DSA_str_reasons);
117 }
118#endif
119 }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
deleted file mode 100644
index 6f1728e3cf..0000000000
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ /dev/null
@@ -1,325 +0,0 @@
1/* crypto/dsa/dsa_gen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
73
74#ifndef OPENSSL_NO_SHA
75
76#include <stdio.h>
77#include <time.h>
78#include "cryptlib.h"
79#include <openssl/evp.h>
80#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h>
83#include <openssl/sha.h>
84
85#ifndef OPENSSL_FIPS
86
87static int dsa_builtin_paramgen(DSA *ret, int bits,
88 unsigned char *seed_in, int seed_len,
89 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
90
91int DSA_generate_parameters_ex(DSA *ret, int bits,
92 unsigned char *seed_in, int seed_len,
93 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
94 {
95 if(ret->meth->dsa_paramgen)
96 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
97 counter_ret, h_ret, cb);
98 return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
99 counter_ret, h_ret, cb);
100 }
101
102static int dsa_builtin_paramgen(DSA *ret, int bits,
103 unsigned char *seed_in, int seed_len,
104 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
105 {
106 int ok=0;
107 unsigned char seed[SHA_DIGEST_LENGTH];
108 unsigned char md[SHA_DIGEST_LENGTH];
109 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
110 BIGNUM *r0,*W,*X,*c,*test;
111 BIGNUM *g=NULL,*q=NULL,*p=NULL;
112 BN_MONT_CTX *mont=NULL;
113 int k,n=0,i,b,m=0;
114 int counter=0;
115 int r=0;
116 BN_CTX *ctx=NULL;
117 unsigned int h=2;
118
119 if (bits < 512) bits=512;
120 bits=(bits+63)/64*64;
121
122 /* NB: seed_len == 0 is special case: copy generated seed to
123 * seed_in if it is not NULL.
124 */
125 if (seed_len && (seed_len < 20))
126 seed_in = NULL; /* seed buffer too small -- ignore */
127 if (seed_len > 20)
128 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
129 * but our internal buffers are restricted to 160 bits*/
130 if ((seed_in != NULL) && (seed_len == 20))
131 {
132 memcpy(seed,seed_in,seed_len);
133 /* set seed_in to NULL to avoid it being copied back */
134 seed_in = NULL;
135 }
136
137 if ((ctx=BN_CTX_new()) == NULL) goto err;
138
139 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
140
141 BN_CTX_start(ctx);
142 r0 = BN_CTX_get(ctx);
143 g = BN_CTX_get(ctx);
144 W = BN_CTX_get(ctx);
145 q = BN_CTX_get(ctx);
146 X = BN_CTX_get(ctx);
147 c = BN_CTX_get(ctx);
148 p = BN_CTX_get(ctx);
149 test = BN_CTX_get(ctx);
150
151 if (!BN_lshift(test,BN_value_one(),bits-1))
152 goto err;
153
154 for (;;)
155 {
156 for (;;) /* find q */
157 {
158 int seed_is_random;
159
160 /* step 1 */
161 if(!BN_GENCB_call(cb, 0, m++))
162 goto err;
163
164 if (!seed_len)
165 {
166 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
167 seed_is_random = 1;
168 }
169 else
170 {
171 seed_is_random = 0;
172 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
173 }
174 memcpy(buf,seed,SHA_DIGEST_LENGTH);
175 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
176 /* precompute "SEED + 1" for step 7: */
177 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
178 {
179 buf[i]++;
180 if (buf[i] != 0) break;
181 }
182
183 /* step 2 */
184 EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
185 EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
186 for (i=0; i<SHA_DIGEST_LENGTH; i++)
187 md[i]^=buf2[i];
188
189 /* step 3 */
190 md[0]|=0x80;
191 md[SHA_DIGEST_LENGTH-1]|=0x01;
192 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
193
194 /* step 4 */
195 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
196 seed_is_random, cb);
197 if (r > 0)
198 break;
199 if (r != 0)
200 goto err;
201
202 /* do a callback call */
203 /* step 5 */
204 }
205
206 if(!BN_GENCB_call(cb, 2, 0)) goto err;
207 if(!BN_GENCB_call(cb, 3, 0)) goto err;
208
209 /* step 6 */
210 counter=0;
211 /* "offset = 2" */
212
213 n=(bits-1)/160;
214 b=(bits-1)-n*160;
215
216 for (;;)
217 {
218 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
219 goto err;
220
221 /* step 7 */
222 BN_zero(W);
223 /* now 'buf' contains "SEED + offset - 1" */
224 for (k=0; k<=n; k++)
225 {
226 /* obtain "SEED + offset + k" by incrementing: */
227 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
228 {
229 buf[i]++;
230 if (buf[i] != 0) break;
231 }
232
233 EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
234
235 /* step 8 */
236 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
237 goto err;
238 if (!BN_lshift(r0,r0,160*k)) goto err;
239 if (!BN_add(W,W,r0)) goto err;
240 }
241
242 /* more of step 8 */
243 if (!BN_mask_bits(W,bits-1)) goto err;
244 if (!BN_copy(X,W)) goto err;
245 if (!BN_add(X,X,test)) goto err;
246
247 /* step 9 */
248 if (!BN_lshift1(r0,q)) goto err;
249 if (!BN_mod(c,X,r0,ctx)) goto err;
250 if (!BN_sub(r0,c,BN_value_one())) goto err;
251 if (!BN_sub(p,X,r0)) goto err;
252
253 /* step 10 */
254 if (BN_cmp(p,test) >= 0)
255 {
256 /* step 11 */
257 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
258 ctx, 1, cb);
259 if (r > 0)
260 goto end; /* found it */
261 if (r != 0)
262 goto err;
263 }
264
265 /* step 13 */
266 counter++;
267 /* "offset = offset + n + 1" */
268
269 /* step 14 */
270 if (counter >= 4096) break;
271 }
272 }
273end:
274 if(!BN_GENCB_call(cb, 2, 1))
275 goto err;
276
277 /* We now need to generate g */
278 /* Set r0=(p-1)/q */
279 if (!BN_sub(test,p,BN_value_one())) goto err;
280 if (!BN_div(r0,NULL,test,q,ctx)) goto err;
281
282 if (!BN_set_word(test,h)) goto err;
283 if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
284
285 for (;;)
286 {
287 /* g=test^r0%p */
288 if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
289 if (!BN_is_one(g)) break;
290 if (!BN_add(test,test,BN_value_one())) goto err;
291 h++;
292 }
293
294 if(!BN_GENCB_call(cb, 3, 1))
295 goto err;
296
297 ok=1;
298err:
299 if (ok)
300 {
301 if(ret->p) BN_free(ret->p);
302 if(ret->q) BN_free(ret->q);
303 if(ret->g) BN_free(ret->g);
304 ret->p=BN_dup(p);
305 ret->q=BN_dup(q);
306 ret->g=BN_dup(g);
307 if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
308 {
309 ok=0;
310 goto err;
311 }
312 if (seed_in != NULL) memcpy(seed_in,seed,20);
313 if (counter_ret != NULL) *counter_ret=counter;
314 if (h_ret != NULL) *h_ret=h;
315 }
316 if(ctx)
317 {
318 BN_CTX_end(ctx);
319 BN_CTX_free(ctx);
320 }
321 if (mont != NULL) BN_MONT_CTX_free(mont);
322 return ok;
323 }
324#endif
325#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
deleted file mode 100644
index 5e39124230..0000000000
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ /dev/null
@@ -1,132 +0,0 @@
1/* crypto/dsa/dsa_key.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include "cryptlib.h"
62#ifndef OPENSSL_NO_SHA
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66
67#ifndef OPENSSL_FIPS
68
69static int dsa_builtin_keygen(DSA *dsa);
70
71int DSA_generate_key(DSA *dsa)
72 {
73 if(dsa->meth->dsa_keygen)
74 return dsa->meth->dsa_keygen(dsa);
75 return dsa_builtin_keygen(dsa);
76 }
77
78static int dsa_builtin_keygen(DSA *dsa)
79 {
80 int ok=0;
81 BN_CTX *ctx=NULL;
82 BIGNUM *pub_key=NULL,*priv_key=NULL;
83
84 if ((ctx=BN_CTX_new()) == NULL) goto err;
85
86 if (dsa->priv_key == NULL)
87 {
88 if ((priv_key=BN_new()) == NULL) goto err;
89 }
90 else
91 priv_key=dsa->priv_key;
92
93 do
94 if (!BN_rand_range(priv_key,dsa->q)) goto err;
95 while (BN_is_zero(priv_key));
96
97 if (dsa->pub_key == NULL)
98 {
99 if ((pub_key=BN_new()) == NULL) goto err;
100 }
101 else
102 pub_key=dsa->pub_key;
103
104 {
105 BIGNUM local_prk;
106 BIGNUM *prk;
107
108 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
109 {
110 BN_init(&local_prk);
111 prk = &local_prk;
112 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
113 }
114 else
115 prk = priv_key;
116
117 if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
118 }
119
120 dsa->priv_key=priv_key;
121 dsa->pub_key=pub_key;
122 ok=1;
123
124err:
125 if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
126 if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
127 if (ctx != NULL) BN_CTX_free(ctx);
128 return(ok);
129 }
130#endif
131
132#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
deleted file mode 100644
index 7ac9dc8c89..0000000000
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ /dev/null
@@ -1,316 +0,0 @@
1/* crypto/dsa/dsa_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/asn1.h>
66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h>
68#endif
69#ifndef OPENSSL_NO_DH
70#include <openssl/dh.h>
71#endif
72
73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
74
75static const DSA_METHOD *default_DSA_method = NULL;
76
77void DSA_set_default_method(const DSA_METHOD *meth)
78 {
79#ifdef OPENSSL_FIPS
80 if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
81 {
82 DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
83 return;
84 }
85#endif
86
87 default_DSA_method = meth;
88 }
89
90const DSA_METHOD *DSA_get_default_method(void)
91 {
92 if(!default_DSA_method)
93 default_DSA_method = DSA_OpenSSL();
94 return default_DSA_method;
95 }
96
97DSA *DSA_new(void)
98 {
99 return DSA_new_method(NULL);
100 }
101
102int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
103 {
104 /* NB: The caller is specifically setting a method, so it's not up to us
105 * to deal with which ENGINE it comes from. */
106 const DSA_METHOD *mtmp;
107#ifdef OPENSSL_FIPS
108 if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
109 {
110 DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
111 return 0;
112 }
113#endif
114 mtmp = dsa->meth;
115 if (mtmp->finish) mtmp->finish(dsa);
116#ifndef OPENSSL_NO_ENGINE
117 if (dsa->engine)
118 {
119 ENGINE_finish(dsa->engine);
120 dsa->engine = NULL;
121 }
122#endif
123 dsa->meth = meth;
124 if (meth->init) meth->init(dsa);
125 return 1;
126 }
127
128DSA *DSA_new_method(ENGINE *engine)
129 {
130 DSA *ret;
131
132 ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
133 if (ret == NULL)
134 {
135 DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
136 return(NULL);
137 }
138 ret->meth = DSA_get_default_method();
139#ifndef OPENSSL_NO_ENGINE
140 if (engine)
141 {
142 if (!ENGINE_init(engine))
143 {
144 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
145 OPENSSL_free(ret);
146 return NULL;
147 }
148 ret->engine = engine;
149 }
150 else
151 ret->engine = ENGINE_get_default_DSA();
152 if(ret->engine)
153 {
154 ret->meth = ENGINE_get_DSA(ret->engine);
155 if(!ret->meth)
156 {
157 DSAerr(DSA_F_DSA_NEW_METHOD,
158 ERR_R_ENGINE_LIB);
159 ENGINE_finish(ret->engine);
160 OPENSSL_free(ret);
161 return NULL;
162 }
163 }
164#endif
165#ifdef OPENSSL_FIPS
166 if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
167 {
168 DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
169#ifndef OPENSSL_NO_ENGINE
170 if (ret->engine)
171 ENGINE_finish(ret->engine);
172#endif
173 OPENSSL_free(ret);
174 return NULL;
175 }
176#endif
177
178 ret->pad=0;
179 ret->version=0;
180 ret->write_params=1;
181 ret->p=NULL;
182 ret->q=NULL;
183 ret->g=NULL;
184
185 ret->pub_key=NULL;
186 ret->priv_key=NULL;
187
188 ret->kinv=NULL;
189 ret->r=NULL;
190 ret->method_mont_p=NULL;
191
192 ret->references=1;
193 ret->flags=ret->meth->flags;
194 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
195 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
196 {
197#ifndef OPENSSL_NO_ENGINE
198 if (ret->engine)
199 ENGINE_finish(ret->engine);
200#endif
201 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
202 OPENSSL_free(ret);
203 ret=NULL;
204 }
205
206 return(ret);
207 }
208
209void DSA_free(DSA *r)
210 {
211 int i;
212
213 if (r == NULL) return;
214
215 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
216#ifdef REF_PRINT
217 REF_PRINT("DSA",r);
218#endif
219 if (i > 0) return;
220#ifdef REF_CHECK
221 if (i < 0)
222 {
223 fprintf(stderr,"DSA_free, bad reference count\n");
224 abort();
225 }
226#endif
227
228 if(r->meth->finish)
229 r->meth->finish(r);
230#ifndef OPENSSL_NO_ENGINE
231 if(r->engine)
232 ENGINE_finish(r->engine);
233#endif
234
235 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
236
237 if (r->p != NULL) BN_clear_free(r->p);
238 if (r->q != NULL) BN_clear_free(r->q);
239 if (r->g != NULL) BN_clear_free(r->g);
240 if (r->pub_key != NULL) BN_clear_free(r->pub_key);
241 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
242 if (r->kinv != NULL) BN_clear_free(r->kinv);
243 if (r->r != NULL) BN_clear_free(r->r);
244 OPENSSL_free(r);
245 }
246
247int DSA_up_ref(DSA *r)
248 {
249 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
250#ifdef REF_PRINT
251 REF_PRINT("DSA",r);
252#endif
253#ifdef REF_CHECK
254 if (i < 2)
255 {
256 fprintf(stderr, "DSA_up_ref, bad reference count\n");
257 abort();
258 }
259#endif
260 return ((i > 1) ? 1 : 0);
261 }
262
263int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
264 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
265 {
266 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
267 new_func, dup_func, free_func);
268 }
269
270int DSA_set_ex_data(DSA *d, int idx, void *arg)
271 {
272 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
273 }
274
275void *DSA_get_ex_data(DSA *d, int idx)
276 {
277 return(CRYPTO_get_ex_data(&d->ex_data,idx));
278 }
279
280#ifndef OPENSSL_NO_DH
281DH *DSA_dup_DH(const DSA *r)
282 {
283 /* DSA has p, q, g, optional pub_key, optional priv_key.
284 * DH has p, optional length, g, optional pub_key, optional priv_key.
285 */
286
287 DH *ret = NULL;
288
289 if (r == NULL)
290 goto err;
291 ret = DH_new();
292 if (ret == NULL)
293 goto err;
294 if (r->p != NULL)
295 if ((ret->p = BN_dup(r->p)) == NULL)
296 goto err;
297 if (r->q != NULL)
298 ret->length = BN_num_bits(r->q);
299 if (r->g != NULL)
300 if ((ret->g = BN_dup(r->g)) == NULL)
301 goto err;
302 if (r->pub_key != NULL)
303 if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
304 goto err;
305 if (r->priv_key != NULL)
306 if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
307 goto err;
308
309 return ret;
310
311 err:
312 if (ret != NULL)
313 DH_free(ret);
314 return NULL;
315 }
316#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
deleted file mode 100644
index 412cf1d88b..0000000000
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ /dev/null
@@ -1,396 +0,0 @@
1/* crypto/dsa/dsa_ossl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67
68#ifndef OPENSSL_FIPS
69
70static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
71static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
72static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
73 DSA *dsa);
74static int dsa_init(DSA *dsa);
75static int dsa_finish(DSA *dsa);
76
77static DSA_METHOD openssl_dsa_meth = {
78"OpenSSL DSA method",
79dsa_do_sign,
80dsa_sign_setup,
81dsa_do_verify,
82NULL, /* dsa_mod_exp, */
83NULL, /* dsa_bn_mod_exp, */
84dsa_init,
85dsa_finish,
860,
87NULL,
88NULL,
89NULL
90};
91
92/* These macro wrappers replace attempts to use the dsa_mod_exp() and
93 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
94 * having a the macro work as an expression by bundling an "err_instr". So;
95 *
96 * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
97 * dsa->method_mont_p)) goto err;
98 *
99 * can be replaced by;
100 *
101 * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
102 * dsa->method_mont_p);
103 */
104
105#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
106 do { \
107 int _tmp_res53; \
108 if((dsa)->meth->dsa_mod_exp) \
109 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
110 (a2), (p2), (m), (ctx), (in_mont)); \
111 else \
112 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
113 (m), (ctx), (in_mont)); \
114 if(!_tmp_res53) err_instr; \
115 } while(0)
116#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
117 do { \
118 int _tmp_res53; \
119 if((dsa)->meth->bn_mod_exp) \
120 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
121 (m), (ctx), (m_ctx)); \
122 else \
123 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
124 if(!_tmp_res53) err_instr; \
125 } while(0)
126
127const DSA_METHOD *DSA_OpenSSL(void)
128{
129 return &openssl_dsa_meth;
130}
131
132static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
133 {
134 BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
135 BIGNUM m;
136 BIGNUM xr;
137 BN_CTX *ctx=NULL;
138 int i,reason=ERR_R_BN_LIB;
139 DSA_SIG *ret=NULL;
140
141 BN_init(&m);
142 BN_init(&xr);
143
144 if (!dsa->p || !dsa->q || !dsa->g)
145 {
146 reason=DSA_R_MISSING_PARAMETERS;
147 goto err;
148 }
149
150 s=BN_new();
151 if (s == NULL) goto err;
152
153 i=BN_num_bytes(dsa->q); /* should be 20 */
154 if ((dlen > i) || (dlen > 50))
155 {
156 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
157 goto err;
158 }
159
160 ctx=BN_CTX_new();
161 if (ctx == NULL) goto err;
162
163 if ((dsa->kinv == NULL) || (dsa->r == NULL))
164 {
165 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
166 }
167 else
168 {
169 kinv=dsa->kinv;
170 dsa->kinv=NULL;
171 r=dsa->r;
172 dsa->r=NULL;
173 }
174
175 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
176
177 /* Compute s = inv(k) (m + xr) mod q */
178 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
179 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
180 if (BN_cmp(s,dsa->q) > 0)
181 BN_sub(s,s,dsa->q);
182 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
183
184 ret=DSA_SIG_new();
185 if (ret == NULL) goto err;
186 ret->r = r;
187 ret->s = s;
188
189err:
190 if (!ret)
191 {
192 DSAerr(DSA_F_DSA_DO_SIGN,reason);
193 BN_free(r);
194 BN_free(s);
195 }
196 if (ctx != NULL) BN_CTX_free(ctx);
197 BN_clear_free(&m);
198 BN_clear_free(&xr);
199 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
200 BN_clear_free(kinv);
201 return(ret);
202 }
203
204static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
205 {
206 BN_CTX *ctx;
207 BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
208 int ret=0;
209
210 if (!dsa->p || !dsa->q || !dsa->g)
211 {
212 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
213 return 0;
214 }
215
216 BN_init(&k);
217 BN_init(&kq);
218
219 if (ctx_in == NULL)
220 {
221 if ((ctx=BN_CTX_new()) == NULL) goto err;
222 }
223 else
224 ctx=ctx_in;
225
226 if ((r=BN_new()) == NULL) goto err;
227
228 /* Get random k */
229 do
230 if (!BN_rand_range(&k, dsa->q)) goto err;
231 while (BN_is_zero(&k));
232 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
233 {
234 BN_set_flags(&k, BN_FLG_CONSTTIME);
235 }
236
237 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
238 {
239 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
240 CRYPTO_LOCK_DSA,
241 dsa->p, ctx))
242 goto err;
243 }
244
245 /* Compute r = (g^k mod p) mod q */
246
247 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
248 {
249 if (!BN_copy(&kq, &k)) goto err;
250
251 /* We do not want timing information to leak the length of k,
252 * so we compute g^k using an equivalent exponent of fixed length.
253 *
254 * (This is a kludge that we need because the BN_mod_exp_mont()
255 * does not let us specify the desired timing behaviour.) */
256
257 if (!BN_add(&kq, &kq, dsa->q)) goto err;
258 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
259 {
260 if (!BN_add(&kq, &kq, dsa->q)) goto err;
261 }
262
263 K = &kq;
264 }
265 else
266 {
267 K = &k;
268 }
269 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
270 dsa->method_mont_p);
271 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
272
273 /* Compute part of 's = inv(k) (m + xr) mod q' */
274 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
275
276 if (*kinvp != NULL) BN_clear_free(*kinvp);
277 *kinvp=kinv;
278 kinv=NULL;
279 if (*rp != NULL) BN_clear_free(*rp);
280 *rp=r;
281 ret=1;
282err:
283 if (!ret)
284 {
285 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
286 if (kinv != NULL) BN_clear_free(kinv);
287 if (r != NULL) BN_clear_free(r);
288 }
289 if (ctx_in == NULL) BN_CTX_free(ctx);
290 if (kinv != NULL) BN_clear_free(kinv);
291 BN_clear_free(&k);
292 BN_clear_free(&kq);
293 return(ret);
294 }
295
296static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
297 DSA *dsa)
298 {
299 BN_CTX *ctx;
300 BIGNUM u1,u2,t1;
301 BN_MONT_CTX *mont=NULL;
302 int ret = -1;
303 if (!dsa->p || !dsa->q || !dsa->g)
304 {
305 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
306 return -1;
307 }
308
309 if (BN_num_bits(dsa->q) != 160)
310 {
311 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
312 return -1;
313 }
314
315 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
316 {
317 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
318 return -1;
319 }
320
321 BN_init(&u1);
322 BN_init(&u2);
323 BN_init(&t1);
324
325 if ((ctx=BN_CTX_new()) == NULL) goto err;
326
327 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
328 BN_ucmp(sig->r, dsa->q) >= 0)
329 {
330 ret = 0;
331 goto err;
332 }
333 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
334 BN_ucmp(sig->s, dsa->q) >= 0)
335 {
336 ret = 0;
337 goto err;
338 }
339
340 /* Calculate W = inv(S) mod Q
341 * save W in u2 */
342 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
343
344 /* save M in u1 */
345 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
346
347 /* u1 = M * w mod q */
348 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
349
350 /* u2 = r * w mod q */
351 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
352
353
354 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
355 {
356 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
357 CRYPTO_LOCK_DSA, dsa->p, ctx);
358 if (!mont)
359 goto err;
360 }
361
362
363 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
364 /* BN_copy(&u1,&t1); */
365 /* let u1 = u1 mod q */
366 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
367
368 /* V is now in u1. If the signature is correct, it will be
369 * equal to R. */
370 ret=(BN_ucmp(&u1, sig->r) == 0);
371
372 err:
373 /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
374 there is no error in BN. Test should be ret == -1 (Ben) */
375 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
376 if (ctx != NULL) BN_CTX_free(ctx);
377 BN_free(&u1);
378 BN_free(&u2);
379 BN_free(&t1);
380 return(ret);
381 }
382
383static int dsa_init(DSA *dsa)
384{
385 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
386 return(1);
387}
388
389static int dsa_finish(DSA *dsa)
390{
391 if(dsa->method_mont_p)
392 BN_MONT_CTX_free(dsa->method_mont_p);
393 return(1);
394}
395
396#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
deleted file mode 100644
index 4cfbbe57a8..0000000000
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ /dev/null
@@ -1,95 +0,0 @@
1/* crypto/dsa/dsa_sign.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
70
71
72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
73 {
74#ifdef OPENSSL_FIPS
75 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
76 {
77 DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
78 return NULL;
79 }
80#endif
81 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
82 }
83
84int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
85 {
86#ifdef OPENSSL_FIPS
87 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
88 {
89 DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
90 return 0;
91 }
92#endif
93 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
94 }
95
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
deleted file mode 100644
index c75e423048..0000000000
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ /dev/null
@@ -1,84 +0,0 @@
1/* crypto/dsa/dsa_vrf.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
70
71#include <openssl/asn1_mac.h>
72
73int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
74 DSA *dsa)
75 {
76#ifdef OPENSSL_FIPS
77 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
78 {
79 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
80 return 0;
81 }
82#endif
83 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
84 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-04 16:22:57 +0000