summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
authormarkus <>2002-09-05 12:51:50 +0000
committermarkus <>2002-09-05 12:51:50 +0000
commit15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch)
treebf939e82d7fd73cc8a01cf6959002209972091bc /src/lib/libcrypto/dsa
parent027351f729b9e837200dae6e1520cda6577ab930 (diff)
downloadopenbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz
openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2
openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip
import openssl-0.9.7-beta1
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/dsa.h180
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c200
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c133
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c220
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c25
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c176
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c39
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c166
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c109
9 files changed, 656 insertions, 592 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 1ca87c1cbe..9b3baadf2c 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -65,18 +65,59 @@
65#ifndef HEADER_DSA_H 65#ifndef HEADER_DSA_H
66#define HEADER_DSA_H 66#define HEADER_DSA_H
67 67
68#ifdef OPENSSL_NO_DSA
69#error DSA is disabled.
70#endif
71
72#ifndef OPENSSL_NO_BIO
73#include <openssl/bio.h>
74#endif
75#include <openssl/bn.h>
76#include <openssl/crypto.h>
77#include <openssl/ossl_typ.h>
78#ifndef OPENSSL_NO_DH
79# include <openssl/dh.h>
80#endif
81
82#define DSA_FLAG_CACHE_MONT_P 0x01
83
68#ifdef __cplusplus 84#ifdef __cplusplus
69extern "C" { 85extern "C" {
70#endif 86#endif
71 87
72#include "bn.h" 88typedef struct dsa_st DSA;
73 89
74typedef struct dsa_st 90typedef struct DSA_SIG_st
91 {
92 BIGNUM *r;
93 BIGNUM *s;
94 } DSA_SIG;
95
96typedef struct dsa_method {
97 const char *name;
98 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
99 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
100 BIGNUM **rp);
101 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
102 DSA_SIG *sig, DSA *dsa);
103 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
104 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
105 BN_MONT_CTX *in_mont);
106 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
107 const BIGNUM *m, BN_CTX *ctx,
108 BN_MONT_CTX *m_ctx); /* Can be null */
109 int (*init)(DSA *dsa);
110 int (*finish)(DSA *dsa);
111 int flags;
112 char *app_data;
113} DSA_METHOD;
114
115struct dsa_st
75 { 116 {
76 /* This first variable is used to pick up errors where 117 /* This first variable is used to pick up errors where
77 * a DSA is passed instead of of a EVP_PKEY */ 118 * a DSA is passed instead of of a EVP_PKEY */
78 int pad; 119 int pad;
79 int version; 120 long version;
80 int write_params; 121 int write_params;
81 BIGNUM *p; 122 BIGNUM *p;
82 BIGNUM *q; /* == 20 */ 123 BIGNUM *q; /* == 20 */
@@ -88,8 +129,15 @@ typedef struct dsa_st
88 BIGNUM *kinv; /* Signing pre-calc */ 129 BIGNUM *kinv; /* Signing pre-calc */
89 BIGNUM *r; /* Signing pre-calc */ 130 BIGNUM *r; /* Signing pre-calc */
90 131
132 int flags;
133 /* Normally used to cache montgomery values */
134 char *method_mont_p;
91 int references; 135 int references;
92 } DSA; 136 CRYPTO_EX_DATA ex_data;
137 const DSA_METHOD *meth;
138 /* functional reference if 'meth' is ENGINE-provided */
139 ENGINE *engine;
140 };
93 141
94#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ 142#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
95 (char *(*)())d2i_DSAparams,(char *)(x)) 143 (char *(*)())d2i_DSAparams,(char *)(x))
@@ -102,93 +150,101 @@ typedef struct dsa_st
102#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ 150#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
103 (unsigned char *)(x)) 151 (unsigned char *)(x))
104 152
105#ifndef NOPROTO 153
154DSA_SIG * DSA_SIG_new(void);
155void DSA_SIG_free(DSA_SIG *a);
156int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
157DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
158
159DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
160int DSA_do_verify(const unsigned char *dgst,int dgst_len,
161 DSA_SIG *sig,DSA *dsa);
162
163const DSA_METHOD *DSA_OpenSSL(void);
164
165void DSA_set_default_method(const DSA_METHOD *);
166const DSA_METHOD *DSA_get_default_method(void);
167int DSA_set_method(DSA *dsa, const DSA_METHOD *);
106 168
107DSA * DSA_new(void); 169DSA * DSA_new(void);
108int DSA_size(DSA *); 170DSA * DSA_new_method(ENGINE *engine);
171void DSA_free (DSA *r);
172/* "up" the DSA object's reference count */
173int DSA_up_ref(DSA *r);
174int DSA_size(const DSA *);
109 /* next 4 return -1 on error */ 175 /* next 4 return -1 on error */
110int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); 176int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
111int DSA_sign(int type,unsigned char *dgst,int dlen, 177int DSA_sign(int type,const unsigned char *dgst,int dlen,
112 unsigned char *sig, unsigned int *siglen, DSA *dsa); 178 unsigned char *sig, unsigned int *siglen, DSA *dsa);
113int DSA_verify(int type,unsigned char *dgst,int dgst_len, 179int DSA_verify(int type,const unsigned char *dgst,int dgst_len,
114 unsigned char *sigbuf, int siglen, DSA *dsa); 180 const unsigned char *sigbuf, int siglen, DSA *dsa);
115void DSA_free (DSA *r); 181int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
116 182 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
117void ERR_load_DSA_strings(void ); 183int DSA_set_ex_data(DSA *d, int idx, void *arg);
118 184void *DSA_get_ex_data(DSA *d, int idx);
119DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); 185
120DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); 186DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
121DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); 187DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
122DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, 188DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
189DSA * DSA_generate_parameters(int bits,
190 unsigned char *seed,int seed_len,
123 int *counter_ret, unsigned long *h_ret,void 191 int *counter_ret, unsigned long *h_ret,void
124 (*callback)(),char *cb_arg); 192 (*callback)(int, int, void *),void *cb_arg);
125int DSA_generate_key(DSA *a); 193int DSA_generate_key(DSA *a);
126int i2d_DSAPublicKey(DSA *a, unsigned char **pp); 194int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
127int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); 195int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
128int i2d_DSAparams(DSA *a,unsigned char **pp); 196int i2d_DSAparams(const DSA *a,unsigned char **pp);
129 197
130#ifdef HEADER_BIO_H 198#ifndef OPENSSL_NO_BIO
131int DSAparams_print(BIO *bp, DSA *x); 199int DSAparams_print(BIO *bp, const DSA *x);
132int DSA_print(BIO *bp, DSA *x, int off); 200int DSA_print(BIO *bp, const DSA *x, int off);
133#endif 201#endif
134#ifndef NO_FP_API 202#ifndef OPENSSL_NO_FP_API
135int DSAparams_print_fp(FILE *fp, DSA *x); 203int DSAparams_print_fp(FILE *fp, const DSA *x);
136int DSA_print_fp(FILE *bp, DSA *x, int off); 204int DSA_print_fp(FILE *bp, const DSA *x, int off);
137#endif 205#endif
138 206
139int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg); 207#define DSS_prime_checks 50
140 208/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
141#else 209 * 50 rounds of Rabin-Miller */
142 210#define DSA_is_prime(n, callback, cb_arg) \
143DSA * DSA_new(); 211 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
144int DSA_size();
145int DSA_sign_setup();
146int DSA_sign();
147int DSA_verify();
148void DSA_free ();
149
150void ERR_load_DSA_strings();
151
152DSA * d2i_DSAPublicKey();
153DSA * d2i_DSAPrivateKey();
154DSA * d2i_DSAparams();
155DSA * DSA_generate_parameters();
156int DSA_generate_key();
157int i2d_DSAPublicKey();
158int i2d_DSAPrivateKey();
159int i2d_DSAparams();
160
161int DSA_is_prime();
162
163int DSAparams_print();
164int DSA_print();
165
166#ifndef NO_FP_API
167int DSAparams_print_fp();
168int DSA_print_fp();
169#endif
170 212
213#ifndef OPENSSL_NO_DH
214/* Convert DSA structure (key or just parameters) into DH structure
215 * (be careful to avoid small subgroup attacks when using this!) */
216DH *DSA_dup_DH(const DSA *r);
171#endif 217#endif
172 218
173/* BEGIN ERROR CODES */ 219/* BEGIN ERROR CODES */
220/* The following lines are auto generated by the script mkerr.pl. Any changes
221 * made after this point may be overwritten when the script is next run.
222 */
223void ERR_load_DSA_strings(void);
224
174/* Error codes for the DSA functions. */ 225/* Error codes for the DSA functions. */
175 226
176/* Function codes. */ 227/* Function codes. */
228#define DSA_F_D2I_DSA_SIG 110
177#define DSA_F_DSAPARAMS_PRINT 100 229#define DSA_F_DSAPARAMS_PRINT 100
178#define DSA_F_DSAPARAMS_PRINT_FP 101 230#define DSA_F_DSAPARAMS_PRINT_FP 101
179#define DSA_F_DSA_IS_PRIME 102 231#define DSA_F_DSA_DO_SIGN 112
180#define DSA_F_DSA_NEW 103 232#define DSA_F_DSA_DO_VERIFY 113
233#define DSA_F_DSA_NEW_METHOD 103
181#define DSA_F_DSA_PRINT 104 234#define DSA_F_DSA_PRINT 104
182#define DSA_F_DSA_PRINT_FP 105 235#define DSA_F_DSA_PRINT_FP 105
183#define DSA_F_DSA_SIGN 106 236#define DSA_F_DSA_SIGN 106
184#define DSA_F_DSA_SIGN_SETUP 107 237#define DSA_F_DSA_SIGN_SETUP 107
238#define DSA_F_DSA_SIG_NEW 109
185#define DSA_F_DSA_VERIFY 108 239#define DSA_F_DSA_VERIFY 108
240#define DSA_F_I2D_DSA_SIG 111
241#define DSA_F_SIG_CB 114
186 242
187/* Reason codes. */ 243/* Reason codes. */
188#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 244#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
189 245#define DSA_R_MISSING_PARAMETERS 101
246
190#ifdef __cplusplus 247#ifdef __cplusplus
191} 248}
192#endif 249#endif
193#endif 250#endif
194
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 7523b21654..23fce555aa 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -1,96 +1,140 @@
1/* crypto/dsa/dsa_asn1.c */ 1/* dsa_asn1.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
2 58
3#include <stdio.h> 59#include <stdio.h>
4#include "cryptlib.h" 60#include "cryptlib.h"
5#include <openssl/dsa.h> 61#include <openssl/dsa.h>
6#include <openssl/asn1.h> 62#include <openssl/asn1.h>
7#include <openssl/asn1_mac.h> 63#include <openssl/asn1t.h>
8 64
9DSA_SIG *DSA_SIG_new(void) 65/* Override the default new methods */
66static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
10{ 67{
11 DSA_SIG *ret; 68 if(operation == ASN1_OP_NEW_PRE) {
12 69 DSA_SIG *sig;
13 ret = Malloc(sizeof(DSA_SIG)); 70 sig = OPENSSL_malloc(sizeof(DSA_SIG));
14 if (ret == NULL) 71 sig->r = NULL;
15 { 72 sig->s = NULL;
16 DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE); 73 *pval = (ASN1_VALUE *)sig;
17 return(NULL); 74 if(sig) return 2;
18 } 75 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
19 ret->r = NULL; 76 return 0;
20 ret->s = NULL; 77 }
21 return(ret); 78 return 1;
22} 79}
23 80
24void DSA_SIG_free(DSA_SIG *r) 81ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
82 ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
83 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
84} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
85
86IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
87
88/* Override the default free and new methods */
89static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
25{ 90{
26 if (r == NULL) return; 91 if(operation == ASN1_OP_NEW_PRE) {
27 if (r->r) BN_clear_free(r->r); 92 *pval = (ASN1_VALUE *)DSA_new();
28 if (r->s) BN_clear_free(r->s); 93 if(*pval) return 2;
29 Free(r); 94 return 0;
95 } else if(operation == ASN1_OP_FREE_PRE) {
96 DSA_free((DSA *)*pval);
97 *pval = NULL;
98 return 2;
99 }
100 return 1;
30} 101}
31 102
32int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp) 103ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
33{ 104 ASN1_SIMPLE(DSA, version, LONG),
34 int t=0,len; 105 ASN1_SIMPLE(DSA, p, BIGNUM),
35 ASN1_INTEGER rbs,sbs; 106 ASN1_SIMPLE(DSA, q, BIGNUM),
36 unsigned char *p; 107 ASN1_SIMPLE(DSA, g, BIGNUM),
108 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
109 ASN1_SIMPLE(DSA, priv_key, BIGNUM)
110} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
37 111
38 rbs.data=Malloc(BN_num_bits(v->r)/8+1); 112IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
39 if (rbs.data == NULL)
40 {
41 DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
42 return(0);
43 }
44 rbs.type=V_ASN1_INTEGER;
45 rbs.length=BN_bn2bin(v->r,rbs.data);
46 sbs.data=Malloc(BN_num_bits(v->s)/8+1);
47 if (sbs.data == NULL)
48 {
49 Free(rbs.data);
50 DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
51 return(0);
52 }
53 sbs.type=V_ASN1_INTEGER;
54 sbs.length=BN_bn2bin(v->s,sbs.data);
55 113
56 len=i2d_ASN1_INTEGER(&rbs,NULL); 114ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
57 len+=i2d_ASN1_INTEGER(&sbs,NULL); 115 ASN1_SIMPLE(DSA, p, BIGNUM),
116 ASN1_SIMPLE(DSA, q, BIGNUM),
117 ASN1_SIMPLE(DSA, g, BIGNUM),
118} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
58 119
59 if (pp) 120IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
60 {
61 p=*pp;
62 ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
63 i2d_ASN1_INTEGER(&rbs,&p);
64 i2d_ASN1_INTEGER(&sbs,&p);
65 }
66 t=ASN1_object_size(1,len,V_ASN1_SEQUENCE);
67 Free(rbs.data);
68 Free(sbs.data);
69 return(t);
70}
71 121
72DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length) 122/* DSA public key is a bit trickier... its effectively a CHOICE type
73{ 123 * decided by a field called write_params which can either write out
74 int i=ERR_R_NESTED_ASN1_ERROR; 124 * just the public key as an INTEGER or the parameters and public key
75 ASN1_INTEGER *bs=NULL; 125 * in a SEQUENCE
76 M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new); 126 */
77 127
78 M_ASN1_D2I_Init(); 128ASN1_SEQUENCE(dsa_pub_internal) = {
79 M_ASN1_D2I_start_sequence(); 129 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
80 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); 130 ASN1_SIMPLE(DSA, p, BIGNUM),
81 if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL) 131 ASN1_SIMPLE(DSA, q, BIGNUM),
82 goto err_bn; 132 ASN1_SIMPLE(DSA, g, BIGNUM)
83 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); 133} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
84 if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
85 goto err_bn;
86 ASN1_BIT_STRING_free(bs);
87 M_ASN1_D2I_Finish_2(a);
88 134
89err_bn: 135ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
90 i=ERR_R_BN_LIB; 136 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
91err: 137 ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
92 DSAerr(DSA_F_D2I_DSA_SIG,i); 138} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
93 if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); 139
94 if (bs != NULL) ASN1_BIT_STRING_free(bs); 140IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
95 return(NULL);
96}
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 318e9f31aa..79aa4ff526 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,96 +1,105 @@
1/* lib/dsa/dsa_err.c */ 1/* crypto/dsa/dsa_err.c */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* ====================================================================
3 * All rights reserved. 3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
25 * are met: 7 * are met:
26 * 1. Redistributions of source code must retain the copyright 8 *
27 * notice, this list of conditions and the following disclaimer. 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
28 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in
30 * documentation and/or other materials provided with the distribution. 14 * the documentation and/or other materials provided with the
31 * 3. All advertising materials mentioning features or use of this software 15 * distribution.
32 * must display the following acknowledgement: 16 *
33 * "This product includes cryptographic software written by 17 * 3. All advertising materials mentioning features or use of this
34 * Eric Young (eay@cryptsoft.com)" 18 * software must display the following acknowledgment:
35 * The word 'cryptographic' can be left out if the rouines from the library 19 * "This product includes software developed by the OpenSSL Project
36 * being used are not cryptographic related :-). 20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
37 * 4. If you include any Windows specific code (or a derivative thereof) from 21 *
38 * the apps directory (application code) you must include an acknowledgement: 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 23 * endorse or promote products derived from this software without
40 * 24 * prior written permission. For written permission, please contact
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 25 * openssl-core@OpenSSL.org.
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 *
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * 5. Products derived from this software may not be called "OpenSSL"
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 * nor may "OpenSSL" appear in their names without prior written
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * permission of the OpenSSL Project.
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 *
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * 6. Redistributions of any form whatsoever must retain the following
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * acknowledgment:
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * "This product includes software developed by the OpenSSL Project
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
51 * SUCH DAMAGE. 35 *
52 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
53 * The licence and distribution terms for any publically available version or 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
55 * copied and put under another distribution licence 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
56 * [including the GNU Public Licence.] 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
57 */ 54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
58#include <stdio.h> 61#include <stdio.h>
59#include "err.h" 62#include <openssl/err.h>
60#include "dsa.h" 63#include <openssl/dsa.h>
61 64
62/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
63#ifndef NO_ERR 66#ifndef OPENSSL_NO_ERR
64static ERR_STRING_DATA DSA_str_functs[]= 67static ERR_STRING_DATA DSA_str_functs[]=
65 { 68 {
69{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"},
66{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, 70{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"},
67{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, 71{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"},
68{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0), "DSA_is_prime"}, 72{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"},
69{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, 73{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"},
74{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"},
70{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, 75{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
71{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, 76{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"},
72{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, 77{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"},
73{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, 78{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"},
79{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"},
74{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, 80{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"},
75{0,NULL}, 81{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"},
82{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"},
83{0,NULL}
76 }; 84 };
77 85
78static ERR_STRING_DATA DSA_str_reasons[]= 86static ERR_STRING_DATA DSA_str_reasons[]=
79 { 87 {
80{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 88{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
81{0,NULL}, 89{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
90{0,NULL}
82 }; 91 };
83 92
84#endif 93#endif
85 94
86void ERR_load_DSA_strings() 95void ERR_load_DSA_strings(void)
87 { 96 {
88 static int init=1; 97 static int init=1;
89 98
90 if (init); 99 if (init)
91 {; 100 {
92 init=0; 101 init=0;
93#ifndef NO_ERR 102#ifndef OPENSSL_NO_ERR
94 ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); 103 ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
95 ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); 104 ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
96#endif 105#endif
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index d7d30bf90a..dc9c249310 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -59,28 +59,32 @@
59#undef GENUINE_DSA 59#undef GENUINE_DSA
60 60
61#ifdef GENUINE_DSA 61#ifdef GENUINE_DSA
62#define HASH SHA 62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
63#else 65#else
64#define HASH SHA1 66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
65#endif 70#endif
66 71
72#ifndef OPENSSL_NO_SHA
73
67#include <stdio.h> 74#include <stdio.h>
68#include <time.h> 75#include <time.h>
69#include "cryptlib.h" 76#include "cryptlib.h"
70#include "sha.h" 77#include <openssl/evp.h>
71#include "bn.h" 78#include <openssl/bn.h>
72#include "dsa.h" 79#include <openssl/dsa.h>
73#include "rand.h" 80#include <openssl/rand.h>
74 81#include <openssl/sha.h>
75DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback, 82
76 cb_arg) 83DSA *DSA_generate_parameters(int bits,
77int bits; 84 unsigned char *seed_in, int seed_len,
78unsigned char *seed_in; 85 int *counter_ret, unsigned long *h_ret,
79int seed_len; 86 void (*callback)(int, int, void *),
80int *counter_ret; 87 void *cb_arg)
81unsigned long *h_ret;
82void (*callback)();
83char *cb_arg;
84 { 88 {
85 int ok=0; 89 int ok=0;
86 unsigned char seed[SHA_DIGEST_LENGTH]; 90 unsigned char seed[SHA_DIGEST_LENGTH];
@@ -88,49 +92,66 @@ char *cb_arg;
88 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; 92 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
89 BIGNUM *r0,*W,*X,*c,*test; 93 BIGNUM *r0,*W,*X,*c,*test;
90 BIGNUM *g=NULL,*q=NULL,*p=NULL; 94 BIGNUM *g=NULL,*q=NULL,*p=NULL;
95 BN_MONT_CTX *mont=NULL;
91 int k,n=0,i,b,m=0; 96 int k,n=0,i,b,m=0;
92 int counter=0; 97 int counter=0;
93 BN_CTX *ctx=NULL,*ctx2=NULL; 98 int r=0;
99 BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
94 unsigned int h=2; 100 unsigned int h=2;
95 DSA *ret=NULL; 101 DSA *ret=NULL;
96 102
97 if (bits < 512) bits=512; 103 if (bits < 512) bits=512;
98 bits=(bits+63)/64*64; 104 bits=(bits+63)/64*64;
99 105
106 if (seed_len < 20)
107 seed_in = NULL; /* seed buffer too small -- ignore */
108 if (seed_len > 20)
109 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
110 * but our internal buffers are restricted to 160 bits*/
100 if ((seed_in != NULL) && (seed_len == 20)) 111 if ((seed_in != NULL) && (seed_len == 20))
101 memcpy(seed,seed_in,seed_len); 112 memcpy(seed,seed_in,seed_len);
102 113
103 ctx=BN_CTX_new(); 114 if ((ctx=BN_CTX_new()) == NULL) goto err;
104 if (ctx == NULL) goto err; 115 if ((ctx2=BN_CTX_new()) == NULL) goto err;
105 ctx2=BN_CTX_new(); 116 if ((ctx3=BN_CTX_new()) == NULL) goto err;
106 if (ctx2 == NULL) goto err; 117 if ((ret=DSA_new()) == NULL) goto err;
107 ret=DSA_new(); 118
108 if (ret == NULL) goto err; 119 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
109 r0=ctx2->bn[0]; 120
110 g=ctx2->bn[1]; 121 BN_CTX_start(ctx2);
111 W=ctx2->bn[2]; 122 r0 = BN_CTX_get(ctx2);
112 q=ctx2->bn[3]; 123 g = BN_CTX_get(ctx2);
113 X=ctx2->bn[4]; 124 W = BN_CTX_get(ctx2);
114 c=ctx2->bn[5]; 125 q = BN_CTX_get(ctx2);
115 p=ctx2->bn[6]; 126 X = BN_CTX_get(ctx2);
116 test=ctx2->bn[7]; 127 c = BN_CTX_get(ctx2);
128 p = BN_CTX_get(ctx2);
129 test = BN_CTX_get(ctx2);
117 130
118 BN_lshift(test,BN_value_one(),bits-1); 131 BN_lshift(test,BN_value_one(),bits-1);
119 132
120 for (;;) 133 for (;;)
121 { 134 {
122 for (;;) 135 for (;;) /* find q */
123 { 136 {
137 int seed_is_random;
138
124 /* step 1 */ 139 /* step 1 */
125 if (callback != NULL) callback(0,m++,cb_arg); 140 if (callback != NULL) callback(0,m++,cb_arg);
126 141
127 if (!seed_len) 142 if (!seed_len)
128 RAND_bytes(seed,SHA_DIGEST_LENGTH); 143 {
144 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
145 seed_is_random = 1;
146 }
129 else 147 else
130 seed_len=0; 148 {
131 149 seed_is_random = 0;
150 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
151 }
132 memcpy(buf,seed,SHA_DIGEST_LENGTH); 152 memcpy(buf,seed,SHA_DIGEST_LENGTH);
133 memcpy(buf2,seed,SHA_DIGEST_LENGTH); 153 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
154 /* precompute "SEED + 1" for step 7: */
134 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 155 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
135 { 156 {
136 buf[i]++; 157 buf[i]++;
@@ -138,18 +159,23 @@ char *cb_arg;
138 } 159 }
139 160
140 /* step 2 */ 161 /* step 2 */
141 HASH(seed,SHA_DIGEST_LENGTH,md); 162 EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
142 HASH(buf,SHA_DIGEST_LENGTH,buf2); 163 EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
143 for (i=0; i<SHA_DIGEST_LENGTH; i++) 164 for (i=0; i<SHA_DIGEST_LENGTH; i++)
144 md[i]^=buf2[i]; 165 md[i]^=buf2[i];
145 166
146 /* step 3 */ 167 /* step 3 */
147 md[0]|=0x80; 168 md[0]|=0x80;
148 md[SHA_DIGEST_LENGTH-1]|=0x01; 169 md[SHA_DIGEST_LENGTH-1]|=0x01;
149 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort(); 170 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
150 171
151 /* step 4 */ 172 /* step 4 */
152 if (DSA_is_prime(q,callback,cb_arg) > 0) break; 173 r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
174 if (r > 0)
175 break;
176 if (r != 0)
177 goto err;
178
153 /* do a callback call */ 179 /* do a callback call */
154 /* step 5 */ 180 /* step 5 */
155 } 181 }
@@ -159,26 +185,33 @@ char *cb_arg;
159 185
160 /* step 6 */ 186 /* step 6 */
161 counter=0; 187 counter=0;
188 /* "offset = 2" */
162 189
163 n=(bits-1)/160; 190 n=(bits-1)/160;
164 b=(bits-1)-n*160; 191 b=(bits-1)-n*160;
165 192
166 for (;;) 193 for (;;)
167 { 194 {
195 if (callback != NULL && counter != 0)
196 callback(0,counter,cb_arg);
197
168 /* step 7 */ 198 /* step 7 */
169 BN_zero(W); 199 BN_zero(W);
200 /* now 'buf' contains "SEED + offset - 1" */
170 for (k=0; k<=n; k++) 201 for (k=0; k<=n; k++)
171 { 202 {
203 /* obtain "SEED + offset + k" by incrementing: */
172 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 204 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
173 { 205 {
174 buf[i]++; 206 buf[i]++;
175 if (buf[i] != 0) break; 207 if (buf[i] != 0) break;
176 } 208 }
177 209
178 HASH(buf,SHA_DIGEST_LENGTH,md); 210 EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
179 211
180 /* step 8 */ 212 /* step 8 */
181 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort(); 213 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
214 goto err;
182 BN_lshift(r0,r0,160*k); 215 BN_lshift(r0,r0,160*k);
183 BN_add(W,W,r0); 216 BN_add(W,W,r0);
184 } 217 }
@@ -198,32 +231,36 @@ char *cb_arg;
198 if (BN_cmp(p,test) >= 0) 231 if (BN_cmp(p,test) >= 0)
199 { 232 {
200 /* step 11 */ 233 /* step 11 */
201 if (DSA_is_prime(p,callback,cb_arg) > 0) 234 r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
202 goto end; 235 if (r > 0)
236 goto end; /* found it */
237 if (r != 0)
238 goto err;
203 } 239 }
204 240
205 /* step 13 */ 241 /* step 13 */
206 counter++; 242 counter++;
243 /* "offset = offset + n + 1" */
207 244
208 /* step 14 */ 245 /* step 14 */
209 if (counter >= 4096) break; 246 if (counter >= 4096) break;
210
211 if (callback != NULL) callback(0,counter,cb_arg);
212 } 247 }
213 } 248 }
214end: 249end:
215 if (callback != NULL) callback(2,1,cb_arg); 250 if (callback != NULL) callback(2,1,cb_arg);
216 251
217 /* We now need to gernerate g */ 252 /* We now need to generate g */
218 /* Set r0=(p-1)/q */ 253 /* Set r0=(p-1)/q */
219 BN_sub(test,p,BN_value_one()); 254 BN_sub(test,p,BN_value_one());
220 BN_div(r0,NULL,test,q,ctx); 255 BN_div(r0,NULL,test,q,ctx);
221 256
222 BN_set_word(test,h); 257 BN_set_word(test,h);
258 BN_MONT_CTX_set(mont,p,ctx);
259
223 for (;;) 260 for (;;)
224 { 261 {
225 /* g=test^r0%p */ 262 /* g=test^r0%p */
226 BN_mod_exp(g,test,r0,p,ctx); 263 BN_mod_exp_mont(g,test,r0,p,ctx,mont);
227 if (!BN_is_one(g)) break; 264 if (!BN_is_one(g)) break;
228 BN_add(test,test,BN_value_one()); 265 BN_add(test,test,BN_value_one());
229 h++; 266 h++;
@@ -246,83 +283,14 @@ err:
246 if (counter_ret != NULL) *counter_ret=counter; 283 if (counter_ret != NULL) *counter_ret=counter;
247 if (h_ret != NULL) *h_ret=h; 284 if (h_ret != NULL) *h_ret=h;
248 } 285 }
249 BN_CTX_free(ctx); 286 if (ctx != NULL) BN_CTX_free(ctx);
250 BN_CTX_free(ctx2); 287 if (ctx2 != NULL)
251 return(ok?ret:NULL);
252 }
253
254int DSA_is_prime(w, callback,cb_arg)
255BIGNUM *w;
256void (*callback)();
257char *cb_arg;
258 {
259 int ok= -1,j,i,n;
260 BN_CTX *ctx=NULL,*ctx2=NULL;
261 BIGNUM *w_1,*b,*m,*z;
262 int a;
263
264 if (!BN_is_bit_set(w,0)) return(0);
265
266 ctx=BN_CTX_new();
267 if (ctx == NULL) goto err;
268 ctx2=BN_CTX_new();
269 if (ctx2 == NULL) goto err;
270
271 m= ctx2->bn[2];
272 b= ctx2->bn[3];
273 z= ctx2->bn[4];
274 w_1=ctx2->bn[5];
275
276 /* step 1 */
277 n=50;
278
279 /* step 2 */
280 if (!BN_sub(w_1,w,BN_value_one())) goto err;
281 for (a=1; !BN_is_bit_set(w_1,a); a++)
282 ;
283 if (!BN_rshift(m,w_1,a)) goto err;
284
285 for (i=1; i < n; i++)
286 { 288 {
287 /* step 3 */ 289 BN_CTX_end(ctx2);
288 BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0); 290 BN_CTX_free(ctx2);
289 BN_set_word(b,0x10001L);
290
291 /* step 4 */
292 j=0;
293 if (!BN_mod_exp(z,b,m,w,ctx)) goto err;
294
295 /* step 5 */
296 for (;;)
297 {
298 if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0))
299 break;
300
301 /* step 6 */
302 if ((j > 0) && BN_is_one(z))
303 {
304 ok=0;
305 goto err;
306 }
307
308 j++;
309 if (j >= a)
310 {
311 ok=0;
312 goto err;
313 }
314
315 if (!BN_mod_mul(z,z,z,w,ctx)) goto err;
316 if (callback != NULL) callback(1,j,cb_arg);
317 }
318 } 291 }
319 292 if (ctx3 != NULL) BN_CTX_free(ctx3);
320 ok=1; 293 if (mont != NULL) BN_MONT_CTX_free(mont);
321err: 294 return(ok?ret:NULL);
322 if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
323 BN_CTX_free(ctx);
324 BN_CTX_free(ctx2);
325
326 return(ok);
327 } 295 }
328 296#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index d51ed9395f..ef87c3e637 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -56,19 +56,17 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA
59#include <stdio.h> 60#include <stdio.h>
60#include <time.h> 61#include <time.h>
61#include "cryptlib.h" 62#include "cryptlib.h"
62#include "sha.h" 63#include <openssl/bn.h>
63#include "bn.h" 64#include <openssl/dsa.h>
64#include "dsa.h" 65#include <openssl/rand.h>
65#include "rand.h"
66 66
67int DSA_generate_key(dsa) 67int DSA_generate_key(DSA *dsa)
68DSA *dsa;
69 { 68 {
70 int ok=0; 69 int ok=0;
71 unsigned int i;
72 BN_CTX *ctx=NULL; 70 BN_CTX *ctx=NULL;
73 BIGNUM *pub_key=NULL,*priv_key=NULL; 71 BIGNUM *pub_key=NULL,*priv_key=NULL;
74 72
@@ -81,14 +79,9 @@ DSA *dsa;
81 else 79 else
82 priv_key=dsa->priv_key; 80 priv_key=dsa->priv_key;
83 81
84 i=BN_num_bits(dsa->q); 82 do
85 for (;;) 83 if (!BN_rand_range(priv_key,dsa->q)) goto err;
86 { 84 while (BN_is_zero(priv_key));
87 BN_rand(priv_key,i,1,0);
88 if (BN_cmp(priv_key,dsa->q) >= 0)
89 BN_sub(priv_key,priv_key,dsa->q);
90 if (!BN_is_zero(priv_key)) break;
91 }
92 85
93 if (dsa->pub_key == NULL) 86 if (dsa->pub_key == NULL)
94 { 87 {
@@ -109,4 +102,4 @@ err:
109 if (ctx != NULL) BN_CTX_free(ctx); 102 if (ctx != NULL) BN_CTX_free(ctx);
110 return(ok); 103 return(ok);
111 } 104 }
112 105#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index b647257f9f..da2cdfa3d6 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -56,26 +56,89 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h> 61#include <stdio.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include "bn.h" 63#include <openssl/bn.h>
64#include "dsa.h" 64#include <openssl/dsa.h>
65#include "asn1.h" 65#include <openssl/asn1.h>
66#include <openssl/engine.h>
66 67
67char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998"; 68const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
68 69
69DSA *DSA_new() 70static const DSA_METHOD *default_DSA_method = NULL;
71
72void DSA_set_default_method(const DSA_METHOD *meth)
73 {
74 default_DSA_method = meth;
75 }
76
77const DSA_METHOD *DSA_get_default_method(void)
78 {
79 if(!default_DSA_method)
80 default_DSA_method = DSA_OpenSSL();
81 return default_DSA_method;
82 }
83
84DSA *DSA_new(void)
85 {
86 return DSA_new_method(NULL);
87 }
88
89int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
90 {
91 /* NB: The caller is specifically setting a method, so it's not up to us
92 * to deal with which ENGINE it comes from. */
93 const DSA_METHOD *mtmp;
94 mtmp = dsa->meth;
95 if (mtmp->finish) mtmp->finish(dsa);
96 if (dsa->engine)
97 {
98 ENGINE_finish(dsa->engine);
99 dsa->engine = NULL;
100 }
101 dsa->meth = meth;
102 if (meth->init) meth->init(dsa);
103 return 1;
104 }
105
106DSA *DSA_new_method(ENGINE *engine)
70 { 107 {
71 DSA *ret; 108 DSA *ret;
72 109
73 ret=(DSA *)Malloc(sizeof(DSA)); 110 ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
74 if (ret == NULL) 111 if (ret == NULL)
75 { 112 {
76 DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); 113 DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
77 return(NULL); 114 return(NULL);
78 } 115 }
116 ret->meth = DSA_get_default_method();
117 if (engine)
118 {
119 if (!ENGINE_init(engine))
120 {
121 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
122 OPENSSL_free(ret);
123 return NULL;
124 }
125 ret->engine = engine;
126 }
127 else
128 ret->engine = ENGINE_get_default_DSA();
129 if(ret->engine)
130 {
131 ret->meth = ENGINE_get_DSA(ret->engine);
132 if(!ret->meth)
133 {
134 DSAerr(DSA_F_DSA_NEW_METHOD,
135 ERR_R_ENGINE_LIB);
136 ENGINE_finish(ret->engine);
137 OPENSSL_free(ret);
138 return NULL;
139 }
140 }
141
79 ret->pad=0; 142 ret->pad=0;
80 ret->version=0; 143 ret->version=0;
81 ret->write_params=1; 144 ret->write_params=1;
@@ -88,13 +151,24 @@ DSA *DSA_new()
88 151
89 ret->kinv=NULL; 152 ret->kinv=NULL;
90 ret->r=NULL; 153 ret->r=NULL;
154 ret->method_mont_p=NULL;
91 155
92 ret->references=1; 156 ret->references=1;
157 ret->flags=ret->meth->flags;
158 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
159 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
160 {
161 if (ret->engine)
162 ENGINE_finish(ret->engine);
163 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
164 OPENSSL_free(ret);
165 ret=NULL;
166 }
167
93 return(ret); 168 return(ret);
94 } 169 }
95 170
96void DSA_free(r) 171void DSA_free(DSA *r)
97DSA *r;
98 { 172 {
99 int i; 173 int i;
100 174
@@ -113,6 +187,13 @@ DSA *r;
113 } 187 }
114#endif 188#endif
115 189
190 if(r->meth->finish)
191 r->meth->finish(r);
192 if(r->engine)
193 ENGINE_finish(r->engine);
194
195 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
196
116 if (r->p != NULL) BN_clear_free(r->p); 197 if (r->p != NULL) BN_clear_free(r->p);
117 if (r->q != NULL) BN_clear_free(r->q); 198 if (r->q != NULL) BN_clear_free(r->q);
118 if (r->g != NULL) BN_clear_free(r->g); 199 if (r->g != NULL) BN_clear_free(r->g);
@@ -120,11 +201,26 @@ DSA *r;
120 if (r->priv_key != NULL) BN_clear_free(r->priv_key); 201 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
121 if (r->kinv != NULL) BN_clear_free(r->kinv); 202 if (r->kinv != NULL) BN_clear_free(r->kinv);
122 if (r->r != NULL) BN_clear_free(r->r); 203 if (r->r != NULL) BN_clear_free(r->r);
123 Free(r); 204 OPENSSL_free(r);
205 }
206
207int DSA_up_ref(DSA *r)
208 {
209 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
210#ifdef REF_PRINT
211 REF_PRINT("DSA",r);
212#endif
213#ifdef REF_CHECK
214 if (i < 2)
215 {
216 fprintf(stderr, "DSA_up_ref, bad reference count\n");
217 abort();
218 }
219#endif
220 return ((i > 1) ? 1 : 0);
124 } 221 }
125 222
126int DSA_size(r) 223int DSA_size(const DSA *r)
127DSA *r;
128 { 224 {
129 int ret,i; 225 int ret,i;
130 ASN1_INTEGER bs; 226 ASN1_INTEGER bs;
@@ -143,3 +239,57 @@ DSA *r;
143 return(ret); 239 return(ret);
144 } 240 }
145 241
242int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
243 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
244 {
245 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
246 new_func, dup_func, free_func);
247 }
248
249int DSA_set_ex_data(DSA *d, int idx, void *arg)
250 {
251 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
252 }
253
254void *DSA_get_ex_data(DSA *d, int idx)
255 {
256 return(CRYPTO_get_ex_data(&d->ex_data,idx));
257 }
258
259#ifndef OPENSSL_NO_DH
260DH *DSA_dup_DH(const DSA *r)
261 {
262 /* DSA has p, q, g, optional pub_key, optional priv_key.
263 * DH has p, optional length, g, optional pub_key, optional priv_key.
264 */
265
266 DH *ret = NULL;
267
268 if (r == NULL)
269 goto err;
270 ret = DH_new();
271 if (ret == NULL)
272 goto err;
273 if (r->p != NULL)
274 if ((ret->p = BN_dup(r->p)) == NULL)
275 goto err;
276 if (r->q != NULL)
277 ret->length = BN_num_bits(r->q);
278 if (r->g != NULL)
279 if ((ret->g = BN_dup(r->g)) == NULL)
280 goto err;
281 if (r->pub_key != NULL)
282 if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
283 goto err;
284 if (r->priv_key != NULL)
285 if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
286 goto err;
287
288 return ret;
289
290 err:
291 if (ret != NULL)
292 DH_free(ret);
293 return NULL;
294 }
295#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index b51cf6ad8d..37dd5fc994 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#include <openssl/engine.h>
67 68
68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -91,7 +92,7 @@ dsa_finish,
91NULL 92NULL
92}; 93};
93 94
94DSA_METHOD *DSA_OpenSSL(void) 95const DSA_METHOD *DSA_OpenSSL(void)
95{ 96{
96 return &openssl_dsa_meth; 97 return &openssl_dsa_meth;
97} 98}
@@ -105,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
105 int i,reason=ERR_R_BN_LIB; 106 int i,reason=ERR_R_BN_LIB;
106 DSA_SIG *ret=NULL; 107 DSA_SIG *ret=NULL;
107 108
109 if (!dsa->p || !dsa->q || !dsa->g)
110 {
111 reason=DSA_R_MISSING_PARAMETERS;
112 goto err;
113 }
108 BN_init(&m); 114 BN_init(&m);
109 BN_init(&xr); 115 BN_init(&xr);
110 s=BN_new(); 116 s=BN_new();
@@ -167,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
167 BIGNUM k,*kinv=NULL,*r=NULL; 173 BIGNUM k,*kinv=NULL,*r=NULL;
168 int ret=0; 174 int ret=0;
169 175
176 if (!dsa->p || !dsa->q || !dsa->g)
177 {
178 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
179 return 0;
180 }
170 if (ctx_in == NULL) 181 if (ctx_in == NULL)
171 { 182 {
172 if ((ctx=BN_CTX_new()) == NULL) goto err; 183 if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -179,13 +190,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
179 kinv=NULL; 190 kinv=NULL;
180 191
181 /* Get random k */ 192 /* Get random k */
182 for (;;) 193 do
183 { 194 if (!BN_rand_range(&k, dsa->q)) goto err;
184 if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; 195 while (BN_is_zero(&k));
185 if (BN_cmp(&k,dsa->q) >= 0)
186 BN_sub(&k,&k,dsa->q);
187 if (!BN_is_zero(&k)) break;
188 }
189 196
190 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) 197 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
191 { 198 {
@@ -228,12 +235,28 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
228 BIGNUM u1,u2,t1; 235 BIGNUM u1,u2,t1;
229 BN_MONT_CTX *mont=NULL; 236 BN_MONT_CTX *mont=NULL;
230 int ret = -1; 237 int ret = -1;
238 if (!dsa->p || !dsa->q || !dsa->g)
239 {
240 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
241 return -1;
242 }
231 243
232 if ((ctx=BN_CTX_new()) == NULL) goto err; 244 if ((ctx=BN_CTX_new()) == NULL) goto err;
233 BN_init(&u1); 245 BN_init(&u1);
234 BN_init(&u2); 246 BN_init(&u2);
235 BN_init(&t1); 247 BN_init(&t1);
236 248
249 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
250 {
251 ret = 0;
252 goto err;
253 }
254 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
255 {
256 ret = 0;
257 goto err;
258 }
259
237 /* Calculate W = inv(S) mod Q 260 /* Calculate W = inv(S) mod Q
238 * save W in u2 */ 261 * save W in u2 */
239 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 262 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 6ca1c318f2..e9469ca62f 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -56,160 +56,38 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h> 61#include <stdio.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include "bn.h" 63#include <openssl/bn.h>
64#include "dsa.h" 64#include <openssl/dsa.h>
65#include "rand.h" 65#include <openssl/rand.h>
66#include "asn1.h" 66#include <openssl/asn1.h>
67#include <openssl/engine.h>
67 68
68/* data has already been hashed (probably with SHA or SHA-1). */ 69DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
69/* DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
70
71int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
72int type;
73unsigned char *dgst;
74int dlen;
75unsigned char *sig; /* out */
76unsigned int *siglen; /* out */
77DSA *dsa;
78 { 70 {
79 BIGNUM *kinv=NULL,*r=NULL; 71 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
80 BIGNUM *m=NULL;
81 BIGNUM *xr=NULL,*s=NULL;
82 BN_CTX *ctx=NULL;
83 unsigned char *p;
84 int i,len=0,ret=0,reason=ERR_R_BN_LIB;
85 ASN1_INTEGER rbs,sbs;
86 MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
87 MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
88
89 i=BN_num_bytes(dsa->q); /* should be 20 */
90 if ((dlen > i) || (dlen > 50))
91 {
92 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
93 goto err;
94 }
95
96 ctx=BN_CTX_new();
97 if (ctx == NULL) goto err;
98
99 if ((dsa->kinv == NULL) || (dsa->r == NULL))
100 {
101 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
102 }
103 else
104 {
105 kinv=dsa->kinv;
106 dsa->kinv=NULL;
107 r=dsa->r;
108 dsa->r=NULL;
109 }
110
111 m=BN_new();
112 xr=BN_new();
113 s=BN_new();
114 if (m == NULL || xr == NULL || s == NULL) goto err;
115
116 if (BN_bin2bn(dgst,dlen,m) == NULL) goto err;
117
118 /* Compute s = inv(k) (m + xr) mod q */
119 if (!BN_mul(xr, dsa->priv_key, r)) goto err; /* s = xr */
120 if (!BN_add(s, xr, m)) goto err; /* s = m + xr */
121 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
122
123 /*
124 * Now create a ASN.1 sequence of the integers R and S.
125 */
126 rbs.data=rbuf;
127 sbs.data=sbuf;
128 rbs.type = V_ASN1_INTEGER;
129 sbs.type = V_ASN1_INTEGER;
130 rbs.length=BN_bn2bin(r,rbs.data);
131 sbs.length=BN_bn2bin(s,sbs.data);
132
133 len =i2d_ASN1_INTEGER(&rbs,NULL);
134 len+=i2d_ASN1_INTEGER(&sbs,NULL);
135
136 p=sig;
137 ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
138 i2d_ASN1_INTEGER(&rbs,&p);
139 i2d_ASN1_INTEGER(&sbs,&p);
140 *siglen=(p-sig);
141 ret=1;
142err:
143 if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
144
145#if 1 /* do the right thing :-) */
146 if (kinv != NULL) BN_clear_free(kinv);
147 if (r != NULL) BN_clear_free(r);
148#endif
149 if (ctx != NULL) BN_CTX_free(ctx);
150 if (m != NULL) BN_clear_free(m);
151 if (xr != NULL) BN_clear_free(xr);
152 if (s != NULL) BN_clear_free(s);
153 return(ret);
154 } 72 }
155 73
156int DSA_sign_setup(dsa,ctx_in,kinvp,rp) 74int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
157DSA *dsa; 75 unsigned int *siglen, DSA *dsa)
158BN_CTX *ctx_in;
159BIGNUM **kinvp;
160BIGNUM **rp;
161 { 76 {
162 BN_CTX *ctx; 77 DSA_SIG *s;
163 BIGNUM *k=NULL,*kinv=NULL,*r=NULL; 78 s=DSA_do_sign(dgst,dlen,dsa);
164 int ret=0; 79 if (s == NULL)
165
166 if (ctx_in == NULL)
167 {
168 if ((ctx=BN_CTX_new()) == NULL) goto err;
169 }
170 else
171 ctx=ctx_in;
172
173 r=BN_new();
174 k=BN_new();
175 if ((r == NULL) || (k == NULL))
176 goto err;
177 kinv=NULL;
178
179 if (r == NULL) goto err;
180
181 /* Get random k */
182 for (;;)
183 { 80 {
184 if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err; 81 *siglen=0;
185 if (BN_cmp(k,dsa->q) >= 0) 82 return(0);
186 BN_sub(k,k,dsa->q);
187 if (!BN_is_zero(k)) break;
188 } 83 }
84 *siglen=i2d_DSA_SIG(s,&sig);
85 DSA_SIG_free(s);
86 return(1);
87 }
189 88
190 /* Compute r = (g^k mod p) mod q */ 89int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
191 if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err; 90 {
192 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 91 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
193
194 /* Compute part of 's = inv(k) (m + xr) mod q' */
195 if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err;
196
197 if (*kinvp != NULL) BN_clear_free(*kinvp);
198 *kinvp=kinv;
199 kinv=NULL;
200 if (*rp != NULL) BN_clear_free(*rp);
201 *rp=r;
202 ret=1;
203err:
204 if (!ret)
205 {
206 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
207 if (kinv != NULL) BN_clear_free(kinv);
208 if (r != NULL) BN_clear_free(r);
209 }
210 if (ctx_in == NULL) BN_CTX_free(ctx);
211 if (k != NULL) BN_clear_free(k);
212 if (kinv != NULL) BN_clear_free(kinv);
213 return(ret);
214 } 92 }
215 93
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index 0f860984ed..066c6b5b28 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -56,97 +56,40 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h> 61#include <stdio.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include "bn.h" 63#include <openssl/bn.h>
64#include "dsa.h" 64#include <openssl/dsa.h>
65#include "rand.h" 65#include <openssl/rand.h>
66#include "asn1.h" 66#include <openssl/asn1.h>
67#include "asn1_mac.h" 67#include <openssl/asn1_mac.h>
68#include <openssl/engine.h>
69
70int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
71 DSA *dsa)
72 {
73 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
74 }
68 75
69/* data has already been hashed (probably with SHA or SHA-1). */ 76/* data has already been hashed (probably with SHA or SHA-1). */
70/* returns 77/* returns
71 * 1: correct signature 78 * 1: correct signature
72 * 0: incorrect signature 79 * 0: incorrect signature
73 * -1: error 80 * -1: error
74 */ 81 */
75int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa) 82int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
76int type; 83 const unsigned char *sigbuf, int siglen, DSA *dsa)
77unsigned char *dgst;
78int dgst_len;
79unsigned char *sigbuf;
80int siglen;
81DSA *dsa;
82 { 84 {
83 /* The next 3 are used by the M_ASN1 macros */ 85 DSA_SIG *s;
84 long length=siglen; 86 int ret=-1;
85 ASN1_CTX c;
86 unsigned char **pp= &sigbuf;
87 BN_CTX *ctx;
88 BIGNUM *r=NULL;
89 BIGNUM *t1=NULL,*t2=NULL;
90 BIGNUM *u1=NULL,*u2=NULL;
91 ASN1_INTEGER *bs=NULL;
92 int ret = -1;
93
94 ctx=BN_CTX_new();
95 if (ctx == NULL) goto err;
96
97 t1=BN_new();
98 t2=BN_new();
99 if (t1 == NULL || t2 == NULL) goto err;
100
101 M_ASN1_D2I_Init();
102 M_ASN1_D2I_start_sequence();
103 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
104 if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
105 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
106 if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
107 if (!asn1_Finish(&c)) goto err;
108
109 /* Calculate W = inv(S) mod Q
110 * save W in u2 */
111 if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn;
112
113 /* save M in u1 */
114 if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn;
115
116 /* u1 = M * w mod q */
117 if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn;
118
119 /* u2 = r * w mod q */
120 if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn;
121 87
122 /* v = ( g^u1 * y^u2 mod p ) mod q */ 88 s = DSA_SIG_new();
123 /* let t1 = g ^ u1 mod p */ 89 if (s == NULL) return(ret);
124 if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn; 90 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
125 /* let t2 = y ^ u2 mod p */ 91 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
126 if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn; 92err:
127 /* let u1 = t1 * t2 mod p */ 93 DSA_SIG_free(s);
128 if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn;
129 /* let u1 = u1 mod q */
130 if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn;
131 /* V is now in u1. If the signature is correct, it will be
132 * equal to R. */
133 ret=(BN_ucmp(u1, r) == 0);
134 if (0)
135 {
136err: /* ASN1 error */
137 DSAerr(DSA_F_DSA_VERIFY,c.error);
138 }
139 if (0)
140 {
141err_bn: /* BN error */
142 DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
143 }
144 if (ctx != NULL) BN_CTX_free(ctx);
145 if (r != NULL) BN_free(r);
146 if (t1 != NULL) BN_free(t1);
147 if (t2 != NULL) BN_free(t2);
148 if (u1 != NULL) BN_free(u1);
149 if (u2 != NULL) BN_free(u2);
150 if (bs != NULL) ASN1_BIT_STRING_free(bs);
151 return(ret); 94 return(ret);
152 } 95 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 22:01:16 +0000