summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
authordjm <>2010-10-01 22:54:21 +0000
committerdjm <>2010-10-01 22:54:21 +0000
commit829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch)
treee03b9f1bd051e844b971936729e9df549a209130 /src/lib/libcrypto/dsa
parente6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff)
downloadopenbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/dsa.h69
-rw-r--r--src/lib/libcrypto/dsa/dsa_ameth.c657
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c96
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c26
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c124
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c4
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c49
-rw-r--r--src/lib/libcrypto/dsa/dsa_locl.h59
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c48
-rw-r--r--src/lib/libcrypto/dsa/dsa_pmeth.c315
-rw-r--r--src/lib/libcrypto/dsa/dsa_prn.c121
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c35
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c37
13 files changed, 1372 insertions, 268 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 702c50d6dc..ac50a5c846 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -88,8 +88,6 @@
88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
89#endif 89#endif
90 90
91#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
92
93#define DSA_FLAG_CACHE_MONT_P 0x01 91#define DSA_FLAG_CACHE_MONT_P 0x01
94#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA 92#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
95 * implementation now uses constant time 93 * implementation now uses constant time
@@ -99,25 +97,6 @@
99 * be used for all exponents. 97 * be used for all exponents.
100 */ 98 */
101 99
102/* If this flag is set the DSA method is FIPS compliant and can be used
103 * in FIPS mode. This is set in the validated module method. If an
104 * application sets this flag in its own methods it is its reposibility
105 * to ensure the result is compliant.
106 */
107
108#define DSA_FLAG_FIPS_METHOD 0x0400
109
110/* If this flag is set the operations normally disabled in FIPS mode are
111 * permitted it is then the applications responsibility to ensure that the
112 * usage is compliant.
113 */
114
115#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
116
117#ifdef OPENSSL_FIPS
118#define FIPS_DSA_SIZE_T int
119#endif
120
121#ifdef __cplusplus 100#ifdef __cplusplus
122extern "C" { 101extern "C" {
123#endif 102#endif
@@ -139,7 +118,7 @@ struct dsa_method
139 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, 118 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
140 BIGNUM **rp); 119 BIGNUM **rp);
141 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, 120 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
142 DSA_SIG *sig, DSA *dsa); 121 DSA_SIG *sig, DSA *dsa);
143 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, 122 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
144 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, 123 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
145 BN_MONT_CTX *in_mont); 124 BN_MONT_CTX *in_mont);
@@ -152,7 +131,7 @@ struct dsa_method
152 char *app_data; 131 char *app_data;
153 /* If this is non-NULL, it is used to generate DSA parameters */ 132 /* If this is non-NULL, it is used to generate DSA parameters */
154 int (*dsa_paramgen)(DSA *dsa, int bits, 133 int (*dsa_paramgen)(DSA *dsa, int bits,
155 unsigned char *seed, int seed_len, 134 const unsigned char *seed, int seed_len,
156 int *counter_ret, unsigned long *h_ret, 135 int *counter_ret, unsigned long *h_ret,
157 BN_GENCB *cb); 136 BN_GENCB *cb);
158 /* If this is non-NULL, it is used to generate DSA keys */ 137 /* If this is non-NULL, it is used to generate DSA keys */
@@ -186,7 +165,6 @@ struct dsa_st
186 ENGINE *engine; 165 ENGINE *engine;
187 }; 166 };
188 167
189#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
190#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ 168#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
191 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) 169 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
192#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ 170#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@@ -195,6 +173,7 @@ struct dsa_st
195#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) 173#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
196 174
197 175
176DSA *DSAparams_dup(DSA *x);
198DSA_SIG * DSA_SIG_new(void); 177DSA_SIG * DSA_SIG_new(void);
199void DSA_SIG_free(DSA_SIG *a); 178void DSA_SIG_free(DSA_SIG *a);
200int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); 179int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
@@ -210,11 +189,6 @@ void DSA_set_default_method(const DSA_METHOD *);
210const DSA_METHOD *DSA_get_default_method(void); 189const DSA_METHOD *DSA_get_default_method(void);
211int DSA_set_method(DSA *dsa, const DSA_METHOD *); 190int DSA_set_method(DSA *dsa, const DSA_METHOD *);
212 191
213#ifdef OPENSSL_FIPS
214DSA * FIPS_dsa_new(void);
215void FIPS_dsa_free (DSA *r);
216#endif
217
218DSA * DSA_new(void); 192DSA * DSA_new(void);
219DSA * DSA_new_method(ENGINE *engine); 193DSA * DSA_new_method(ENGINE *engine);
220void DSA_free (DSA *r); 194void DSA_free (DSA *r);
@@ -246,7 +220,7 @@ DSA * DSA_generate_parameters(int bits,
246 220
247/* New version */ 221/* New version */
248int DSA_generate_parameters_ex(DSA *dsa, int bits, 222int DSA_generate_parameters_ex(DSA *dsa, int bits,
249 unsigned char *seed,int seed_len, 223 const unsigned char *seed,int seed_len,
250 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); 224 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
251 225
252int DSA_generate_key(DSA *a); 226int DSA_generate_key(DSA *a);
@@ -275,10 +249,13 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off);
275DH *DSA_dup_DH(const DSA *r); 249DH *DSA_dup_DH(const DSA *r);
276#endif 250#endif
277 251
278#ifdef OPENSSL_FIPS 252#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
279int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); 253 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
280int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); 254 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
281#endif 255
256#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
257#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
258#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
282 259
283/* BEGIN ERROR CODES */ 260/* BEGIN ERROR CODES */
284/* The following lines are auto generated by the script mkerr.pl. Any changes 261/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -290,33 +267,39 @@ void ERR_load_DSA_strings(void);
290 267
291/* Function codes. */ 268/* Function codes. */
292#define DSA_F_D2I_DSA_SIG 110 269#define DSA_F_D2I_DSA_SIG 110
270#define DSA_F_DO_DSA_PRINT 104
293#define DSA_F_DSAPARAMS_PRINT 100 271#define DSA_F_DSAPARAMS_PRINT 100
294#define DSA_F_DSAPARAMS_PRINT_FP 101 272#define DSA_F_DSAPARAMS_PRINT_FP 101
295#define DSA_F_DSA_BUILTIN_KEYGEN 119
296#define DSA_F_DSA_BUILTIN_PARAMGEN 118
297#define DSA_F_DSA_DO_SIGN 112 273#define DSA_F_DSA_DO_SIGN 112
298#define DSA_F_DSA_DO_VERIFY 113 274#define DSA_F_DSA_DO_VERIFY 113
299#define DSA_F_DSA_GENERATE_PARAMETERS 117
300#define DSA_F_DSA_NEW_METHOD 103 275#define DSA_F_DSA_NEW_METHOD 103
301#define DSA_F_DSA_PRINT 104 276#define DSA_F_DSA_PARAM_DECODE 119
302#define DSA_F_DSA_PRINT_FP 105 277#define DSA_F_DSA_PRINT_FP 105
303#define DSA_F_DSA_SET_DEFAULT_METHOD 115 278#define DSA_F_DSA_PRIV_DECODE 115
304#define DSA_F_DSA_SET_METHOD 116 279#define DSA_F_DSA_PRIV_ENCODE 116
280#define DSA_F_DSA_PUB_DECODE 117
281#define DSA_F_DSA_PUB_ENCODE 118
305#define DSA_F_DSA_SIGN 106 282#define DSA_F_DSA_SIGN 106
306#define DSA_F_DSA_SIGN_SETUP 107 283#define DSA_F_DSA_SIGN_SETUP 107
307#define DSA_F_DSA_SIG_NEW 109 284#define DSA_F_DSA_SIG_NEW 109
308#define DSA_F_DSA_VERIFY 108 285#define DSA_F_DSA_VERIFY 108
309#define DSA_F_I2D_DSA_SIG 111 286#define DSA_F_I2D_DSA_SIG 111
287#define DSA_F_OLD_DSA_PRIV_DECODE 122
288#define DSA_F_PKEY_DSA_CTRL 120
289#define DSA_F_PKEY_DSA_KEYGEN 121
310#define DSA_F_SIG_CB 114 290#define DSA_F_SIG_CB 114
311 291
312/* Reason codes. */ 292/* Reason codes. */
313#define DSA_R_BAD_Q_VALUE 102 293#define DSA_R_BAD_Q_VALUE 102
294#define DSA_R_BN_DECODE_ERROR 108
295#define DSA_R_BN_ERROR 109
314#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 296#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
315#define DSA_R_KEY_SIZE_TOO_SMALL 106 297#define DSA_R_DECODE_ERROR 104
298#define DSA_R_INVALID_DIGEST_TYPE 106
316#define DSA_R_MISSING_PARAMETERS 101 299#define DSA_R_MISSING_PARAMETERS 101
317#define DSA_R_MODULUS_TOO_LARGE 103 300#define DSA_R_MODULUS_TOO_LARGE 103
318#define DSA_R_NON_FIPS_METHOD 104 301#define DSA_R_NO_PARAMETERS_SET 107
319#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 302#define DSA_R_PARAMETER_ENCODING_ERROR 105
320 303
321#ifdef __cplusplus 304#ifdef __cplusplus
322} 305}
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
new file mode 100644
index 0000000000..6413aae46e
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -0,0 +1,657 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2006.
3 */
4/* ====================================================================
5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/asn1.h>
62#include <openssl/dsa.h>
63#include <openssl/bn.h>
64#ifndef OPENSSL_NO_CMS
65#include <openssl/cms.h>
66#endif
67#include "asn1_locl.h"
68
69static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
70 {
71 const unsigned char *p, *pm;
72 int pklen, pmlen;
73 int ptype;
74 void *pval;
75 ASN1_STRING *pstr;
76 X509_ALGOR *palg;
77 ASN1_INTEGER *public_key = NULL;
78
79 DSA *dsa = NULL;
80
81 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
82 return 0;
83 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
84
85
86 if (ptype == V_ASN1_SEQUENCE)
87 {
88 pstr = pval;
89 pm = pstr->data;
90 pmlen = pstr->length;
91
92 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
93 {
94 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
95 goto err;
96 }
97
98 }
99 else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
100 {
101 if (!(dsa = DSA_new()))
102 {
103 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
104 goto err;
105 }
106 }
107 else
108 {
109 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
110 goto err;
111 }
112
113 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
114 {
115 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
116 goto err;
117 }
118
119 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
120 {
121 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
122 goto err;
123 }
124
125 ASN1_INTEGER_free(public_key);
126 EVP_PKEY_assign_DSA(pkey, dsa);
127 return 1;
128
129 err:
130 if (public_key)
131 ASN1_INTEGER_free(public_key);
132 if (dsa)
133 DSA_free(dsa);
134 return 0;
135
136 }
137
138static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
139 {
140 DSA *dsa;
141 void *pval = NULL;
142 int ptype;
143 unsigned char *penc = NULL;
144 int penclen;
145
146 dsa=pkey->pkey.dsa;
147 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
148 {
149 ASN1_STRING *str;
150 str = ASN1_STRING_new();
151 str->length = i2d_DSAparams(dsa, &str->data);
152 if (str->length <= 0)
153 {
154 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
155 goto err;
156 }
157 pval = str;
158 ptype = V_ASN1_SEQUENCE;
159 }
160 else
161 ptype = V_ASN1_UNDEF;
162
163 dsa->write_params=0;
164
165 penclen = i2d_DSAPublicKey(dsa, &penc);
166
167 if (penclen <= 0)
168 {
169 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
170 goto err;
171 }
172
173 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
174 ptype, pval, penc, penclen))
175 return 1;
176
177 err:
178 if (penc)
179 OPENSSL_free(penc);
180 if (pval)
181 ASN1_STRING_free(pval);
182
183 return 0;
184 }
185
186/* In PKCS#8 DSA: you just get a private key integer and parameters in the
187 * AlgorithmIdentifier the pubkey must be recalculated.
188 */
189
190static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
191 {
192 const unsigned char *p, *pm;
193 int pklen, pmlen;
194 int ptype;
195 void *pval;
196 ASN1_STRING *pstr;
197 X509_ALGOR *palg;
198 ASN1_INTEGER *privkey = NULL;
199 BN_CTX *ctx = NULL;
200
201 STACK_OF(ASN1_TYPE) *ndsa = NULL;
202 DSA *dsa = NULL;
203
204 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
205 return 0;
206 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
207
208 /* Check for broken DSA PKCS#8, UGH! */
209 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
210 {
211 ASN1_TYPE *t1, *t2;
212 if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
213 goto decerr;
214 if (sk_ASN1_TYPE_num(ndsa) != 2)
215 goto decerr;
216 /* Handle Two broken types:
217 * SEQUENCE {parameters, priv_key}
218 * SEQUENCE {pub_key, priv_key}
219 */
220
221 t1 = sk_ASN1_TYPE_value(ndsa, 0);
222 t2 = sk_ASN1_TYPE_value(ndsa, 1);
223 if (t1->type == V_ASN1_SEQUENCE)
224 {
225 p8->broken = PKCS8_EMBEDDED_PARAM;
226 pval = t1->value.ptr;
227 }
228 else if (ptype == V_ASN1_SEQUENCE)
229 p8->broken = PKCS8_NS_DB;
230 else
231 goto decerr;
232
233 if (t2->type != V_ASN1_INTEGER)
234 goto decerr;
235
236 privkey = t2->value.integer;
237 }
238 else
239 {
240 const unsigned char *q = p;
241 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
242 goto decerr;
243 if (privkey->type == V_ASN1_NEG_INTEGER)
244 {
245 p8->broken = PKCS8_NEG_PRIVKEY;
246 ASN1_INTEGER_free(privkey);
247 if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
248 goto decerr;
249 }
250 if (ptype != V_ASN1_SEQUENCE)
251 goto decerr;
252 }
253
254 pstr = pval;
255 pm = pstr->data;
256 pmlen = pstr->length;
257 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
258 goto decerr;
259 /* We have parameters now set private key */
260 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
261 {
262 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
263 goto dsaerr;
264 }
265 /* Calculate public key */
266 if (!(dsa->pub_key = BN_new()))
267 {
268 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
269 goto dsaerr;
270 }
271 if (!(ctx = BN_CTX_new()))
272 {
273 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
274 goto dsaerr;
275 }
276
277 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
278 {
279 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
280 goto dsaerr;
281 }
282
283 EVP_PKEY_assign_DSA(pkey, dsa);
284 BN_CTX_free (ctx);
285 if(ndsa)
286 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
287 else
288 ASN1_INTEGER_free(privkey);
289
290 return 1;
291
292 decerr:
293 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
294 dsaerr:
295 BN_CTX_free (ctx);
296 if (privkey)
297 ASN1_INTEGER_free(privkey);
298 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
299 DSA_free(dsa);
300 return 0;
301 }
302
303static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
304{
305 ASN1_STRING *params = NULL;
306 ASN1_INTEGER *prkey = NULL;
307 unsigned char *dp = NULL;
308 int dplen;
309
310 params = ASN1_STRING_new();
311
312 if (!params)
313 {
314 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
315 goto err;
316 }
317
318 params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
319 if (params->length <= 0)
320 {
321 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
322 goto err;
323 }
324 params->type = V_ASN1_SEQUENCE;
325
326 /* Get private key into integer */
327 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
328
329 if (!prkey)
330 {
331 DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
332 goto err;
333 }
334
335 dplen = i2d_ASN1_INTEGER(prkey, &dp);
336
337 ASN1_INTEGER_free(prkey);
338
339 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
340 V_ASN1_SEQUENCE, params, dp, dplen))
341 goto err;
342
343 return 1;
344
345err:
346 if (dp != NULL)
347 OPENSSL_free(dp);
348 if (params != NULL)
349 ASN1_STRING_free(params);
350 if (prkey != NULL)
351 ASN1_INTEGER_free(prkey);
352 return 0;
353}
354
355static int int_dsa_size(const EVP_PKEY *pkey)
356 {
357 return(DSA_size(pkey->pkey.dsa));
358 }
359
360static int dsa_bits(const EVP_PKEY *pkey)
361 {
362 return BN_num_bits(pkey->pkey.dsa->p);
363 }
364
365static int dsa_missing_parameters(const EVP_PKEY *pkey)
366 {
367 DSA *dsa;
368 dsa=pkey->pkey.dsa;
369 if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
370 return 1;
371 return 0;
372 }
373
374static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
375 {
376 BIGNUM *a;
377
378 if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
379 return 0;
380 if (to->pkey.dsa->p != NULL)
381 BN_free(to->pkey.dsa->p);
382 to->pkey.dsa->p=a;
383
384 if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
385 return 0;
386 if (to->pkey.dsa->q != NULL)
387 BN_free(to->pkey.dsa->q);
388 to->pkey.dsa->q=a;
389
390 if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
391 return 0;
392 if (to->pkey.dsa->g != NULL)
393 BN_free(to->pkey.dsa->g);
394 to->pkey.dsa->g=a;
395 return 1;
396 }
397
398static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
399 {
400 if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
401 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
402 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
403 return 0;
404 else
405 return 1;
406 }
407
408static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
409 {
410 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
411 return 0;
412 else
413 return 1;
414 }
415
416static void int_dsa_free(EVP_PKEY *pkey)
417 {
418 DSA_free(pkey->pkey.dsa);
419 }
420
421static void update_buflen(const BIGNUM *b, size_t *pbuflen)
422 {
423 size_t i;
424 if (!b)
425 return;
426 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
427 *pbuflen = i;
428 }
429
430static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
431 {
432 unsigned char *m=NULL;
433 int ret=0;
434 size_t buf_len=0;
435 const char *ktype = NULL;
436
437 const BIGNUM *priv_key, *pub_key;
438
439 if (ptype == 2)
440 priv_key = x->priv_key;
441 else
442 priv_key = NULL;
443
444 if (ptype > 0)
445 pub_key = x->pub_key;
446 else
447 pub_key = NULL;
448
449 if (ptype == 2)
450 ktype = "Private-Key";
451 else if (ptype == 1)
452 ktype = "Public-Key";
453 else
454 ktype = "DSA-Parameters";
455
456 update_buflen(x->p, &buf_len);
457 update_buflen(x->q, &buf_len);
458 update_buflen(x->g, &buf_len);
459 update_buflen(priv_key, &buf_len);
460 update_buflen(pub_key, &buf_len);
461
462 m=(unsigned char *)OPENSSL_malloc(buf_len+10);
463 if (m == NULL)
464 {
465 DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
466 goto err;
467 }
468
469 if (priv_key)
470 {
471 if(!BIO_indent(bp,off,128))
472 goto err;
473 if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
474 <= 0) goto err;
475 }
476
477 if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
478 goto err;
479 if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
480 goto err;
481 if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err;
482 if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err;
483 if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err;
484 ret=1;
485err:
486 if (m != NULL) OPENSSL_free(m);
487 return(ret);
488 }
489
490static int dsa_param_decode(EVP_PKEY *pkey,
491 const unsigned char **pder, int derlen)
492 {
493 DSA *dsa;
494 if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
495 {
496 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
497 return 0;
498 }
499 EVP_PKEY_assign_DSA(pkey, dsa);
500 return 1;
501 }
502
503static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
504 {
505 return i2d_DSAparams(pkey->pkey.dsa, pder);
506 }
507
508static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
509 ASN1_PCTX *ctx)
510 {
511 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
512 }
513
514static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
515 ASN1_PCTX *ctx)
516 {
517 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
518 }
519
520
521static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
522 ASN1_PCTX *ctx)
523 {
524 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
525 }
526
527static int old_dsa_priv_decode(EVP_PKEY *pkey,
528 const unsigned char **pder, int derlen)
529 {
530 DSA *dsa;
531 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
532 {
533 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
534 return 0;
535 }
536 EVP_PKEY_assign_DSA(pkey, dsa);
537 return 1;
538 }
539
540static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
541 {
542 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
543 }
544
545static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
546 {
547 switch (op)
548 {
549 case ASN1_PKEY_CTRL_PKCS7_SIGN:
550 if (arg1 == 0)
551 {
552 int snid, hnid;
553 X509_ALGOR *alg1, *alg2;
554 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
555 if (alg1 == NULL || alg1->algorithm == NULL)
556 return -1;
557 hnid = OBJ_obj2nid(alg1->algorithm);
558 if (hnid == NID_undef)
559 return -1;
560 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
561 return -1;
562 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
563 }
564 return 1;
565#ifndef OPENSSL_NO_CMS
566 case ASN1_PKEY_CTRL_CMS_SIGN:
567 if (arg1 == 0)
568 {
569 int snid, hnid;
570 X509_ALGOR *alg1, *alg2;
571 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
572 if (alg1 == NULL || alg1->algorithm == NULL)
573 return -1;
574 hnid = OBJ_obj2nid(alg1->algorithm);
575 if (hnid == NID_undef)
576 return -1;
577 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
578 return -1;
579 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
580 }
581 return 1;
582#endif
583
584 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
585 *(int *)arg2 = NID_sha1;
586 return 2;
587
588 default:
589 return -2;
590
591 }
592
593 }
594
595/* NB these are sorted in pkey_id order, lowest first */
596
597const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
598 {
599
600 {
601 EVP_PKEY_DSA2,
602 EVP_PKEY_DSA,
603 ASN1_PKEY_ALIAS
604 },
605
606 {
607 EVP_PKEY_DSA1,
608 EVP_PKEY_DSA,
609 ASN1_PKEY_ALIAS
610 },
611
612 {
613 EVP_PKEY_DSA4,
614 EVP_PKEY_DSA,
615 ASN1_PKEY_ALIAS
616 },
617
618 {
619 EVP_PKEY_DSA3,
620 EVP_PKEY_DSA,
621 ASN1_PKEY_ALIAS
622 },
623
624 {
625 EVP_PKEY_DSA,
626 EVP_PKEY_DSA,
627 0,
628
629 "DSA",
630 "OpenSSL DSA method",
631
632 dsa_pub_decode,
633 dsa_pub_encode,
634 dsa_pub_cmp,
635 dsa_pub_print,
636
637 dsa_priv_decode,
638 dsa_priv_encode,
639 dsa_priv_print,
640
641 int_dsa_size,
642 dsa_bits,
643
644 dsa_param_decode,
645 dsa_param_encode,
646 dsa_missing_parameters,
647 dsa_copy_parameters,
648 dsa_cmp_parameters,
649 dsa_param_print,
650
651 int_dsa_free,
652 dsa_pkey_ctrl,
653 old_dsa_priv_decode,
654 old_dsa_priv_encode
655 }
656 };
657
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 0645facb4b..c37460b2d6 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -61,24 +61,23 @@
61#include <openssl/dsa.h> 61#include <openssl/dsa.h>
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/bn.h>
65#ifdef OPENSSL_FIPS
66#include <openssl/fips.h>
67#endif
68
69 64
70/* Override the default new methods */ 65/* Override the default new methods */
71static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 66static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
67 void *exarg)
72{ 68{
73 if(operation == ASN1_OP_NEW_PRE) { 69 if(operation == ASN1_OP_NEW_PRE) {
74 DSA_SIG *sig; 70 DSA_SIG *sig;
75 sig = OPENSSL_malloc(sizeof(DSA_SIG)); 71 sig = OPENSSL_malloc(sizeof(DSA_SIG));
72 if (!sig)
73 {
74 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
75 return 0;
76 }
76 sig->r = NULL; 77 sig->r = NULL;
77 sig->s = NULL; 78 sig->s = NULL;
78 *pval = (ASN1_VALUE *)sig; 79 *pval = (ASN1_VALUE *)sig;
79 if(sig) return 2; 80 return 2;
80 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
81 return 0;
82 } 81 }
83 return 1; 82 return 1;
84} 83}
@@ -88,10 +87,11 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
88 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) 87 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
89} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) 88} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
90 89
91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) 90IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
92 91
93/* Override the default free and new methods */ 92/* Override the default free and new methods */
94static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 93static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
94 void *exarg)
95{ 95{
96 if(operation == ASN1_OP_NEW_PRE) { 96 if(operation == ASN1_OP_NEW_PRE) {
97 *pval = (ASN1_VALUE *)DSA_new(); 97 *pval = (ASN1_VALUE *)DSA_new();
@@ -144,75 +144,7 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
144 144
145IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) 145IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
146 146
147int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 147DSA *DSAparams_dup(DSA *dsa)
148 unsigned int *siglen, DSA *dsa)
149 {
150 DSA_SIG *s;
151#ifdef OPENSSL_FIPS
152 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
153 {
154 DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
155 return 0;
156 }
157#endif
158 s=DSA_do_sign(dgst,dlen,dsa);
159 if (s == NULL)
160 {
161 *siglen=0;
162 return(0);
163 }
164 *siglen=i2d_DSA_SIG(s,&sig);
165 DSA_SIG_free(s);
166 return(1);
167 }
168
169int DSA_size(const DSA *r)
170 {
171 int ret,i;
172 ASN1_INTEGER bs;
173 unsigned char buf[4]; /* 4 bytes looks really small.
174 However, i2d_ASN1_INTEGER() will not look
175 beyond the first byte, as long as the second
176 parameter is NULL. */
177
178 i=BN_num_bits(r->q);
179 bs.length=(i+7)/8;
180 bs.data=buf;
181 bs.type=V_ASN1_INTEGER;
182 /* If the top bit is set the asn1 encoding is 1 larger. */
183 buf[0]=0xff;
184
185 i=i2d_ASN1_INTEGER(&bs,NULL);
186 i+=i; /* r and s */
187 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
188 return(ret);
189 }
190
191/* data has already been hashed (probably with SHA or SHA-1). */
192/* returns
193 * 1: correct signature
194 * 0: incorrect signature
195 * -1: error
196 */
197int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
198 const unsigned char *sigbuf, int siglen, DSA *dsa)
199 { 148 {
200 DSA_SIG *s; 149 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
201 int ret=-1;
202#ifdef OPENSSL_FIPS
203 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
204 {
205 DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
206 return 0;
207 }
208#endif
209
210 s = DSA_SIG_new();
211 if (s == NULL) return(ret);
212 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
213 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
214err:
215 DSA_SIG_free(s);
216 return(ret);
217 } 150 }
218
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 872839af94..bba984e92e 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/dsa/dsa_err.c */ 1/* crypto/dsa/dsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -71,23 +71,26 @@
71static ERR_STRING_DATA DSA_str_functs[]= 71static ERR_STRING_DATA DSA_str_functs[]=
72 { 72 {
73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, 73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
74{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
74{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, 75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, 76{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
76{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
77{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
78{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, 77{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
79{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, 78{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
80{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
81{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, 79{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
82{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, 80{ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "DSA_PARAM_DECODE"},
83{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, 81{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
84{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, 82{ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "DSA_PRIV_DECODE"},
85{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, 83{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "DSA_PRIV_ENCODE"},
84{ERR_FUNC(DSA_F_DSA_PUB_DECODE), "DSA_PUB_DECODE"},
85{ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "DSA_PUB_ENCODE"},
86{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, 86{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
87{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, 87{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
88{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, 88{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
89{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, 89{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
90{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, 90{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
91{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
92{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
93{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
91{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, 94{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
92{0,NULL} 95{0,NULL}
93 }; 96 };
@@ -95,12 +98,15 @@ static ERR_STRING_DATA DSA_str_functs[]=
95static ERR_STRING_DATA DSA_str_reasons[]= 98static ERR_STRING_DATA DSA_str_reasons[]=
96 { 99 {
97{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, 100{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
101{ERR_REASON(DSA_R_BN_DECODE_ERROR) ,"bn decode error"},
102{ERR_REASON(DSA_R_BN_ERROR) ,"bn error"},
98{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, 103{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
99{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, 104{ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"},
105{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
100{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, 106{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
101{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 107{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
102{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"}, 108{ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"},
103{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, 109{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
104{0,NULL} 110{0,NULL}
105 }; 111 };
106 112
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 6f1728e3cf..0fcd25f8b0 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -74,69 +74,88 @@
74#ifndef OPENSSL_NO_SHA 74#ifndef OPENSSL_NO_SHA
75 75
76#include <stdio.h> 76#include <stdio.h>
77#include <time.h>
78#include "cryptlib.h" 77#include "cryptlib.h"
79#include <openssl/evp.h> 78#include <openssl/evp.h>
80#include <openssl/bn.h> 79#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h> 80#include <openssl/rand.h>
83#include <openssl/sha.h> 81#include <openssl/sha.h>
84 82#include "dsa_locl.h"
85#ifndef OPENSSL_FIPS
86
87static int dsa_builtin_paramgen(DSA *ret, int bits,
88 unsigned char *seed_in, int seed_len,
89 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
90 83
91int DSA_generate_parameters_ex(DSA *ret, int bits, 84int DSA_generate_parameters_ex(DSA *ret, int bits,
92 unsigned char *seed_in, int seed_len, 85 const unsigned char *seed_in, int seed_len,
93 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
94 { 87 {
95 if(ret->meth->dsa_paramgen) 88 if(ret->meth->dsa_paramgen)
96 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
97 counter_ret, h_ret, cb); 90 counter_ret, h_ret, cb);
98 return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, 91 else
99 counter_ret, h_ret, cb); 92 {
93 const EVP_MD *evpmd;
94 size_t qbits = bits >= 2048 ? 256 : 160;
95
96 if (bits >= 2048)
97 {
98 qbits = 256;
99 evpmd = EVP_sha256();
100 }
101 else
102 {
103 qbits = 160;
104 evpmd = EVP_sha1();
105 }
106
107 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
108 seed_in, seed_len, counter_ret, h_ret, cb);
109 }
100 } 110 }
101 111
102static int dsa_builtin_paramgen(DSA *ret, int bits, 112int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
103 unsigned char *seed_in, int seed_len, 113 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
104 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 114 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
105 { 115 {
106 int ok=0; 116 int ok=0;
107 unsigned char seed[SHA_DIGEST_LENGTH]; 117 unsigned char seed[SHA256_DIGEST_LENGTH];
108 unsigned char md[SHA_DIGEST_LENGTH]; 118 unsigned char md[SHA256_DIGEST_LENGTH];
109 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; 119 unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
110 BIGNUM *r0,*W,*X,*c,*test; 120 BIGNUM *r0,*W,*X,*c,*test;
111 BIGNUM *g=NULL,*q=NULL,*p=NULL; 121 BIGNUM *g=NULL,*q=NULL,*p=NULL;
112 BN_MONT_CTX *mont=NULL; 122 BN_MONT_CTX *mont=NULL;
113 int k,n=0,i,b,m=0; 123 int i, k,n=0,b,m=0, qsize = qbits >> 3;
114 int counter=0; 124 int counter=0;
115 int r=0; 125 int r=0;
116 BN_CTX *ctx=NULL; 126 BN_CTX *ctx=NULL;
117 unsigned int h=2; 127 unsigned int h=2;
118 128
119 if (bits < 512) bits=512; 129 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
120 bits=(bits+63)/64*64; 130 qsize != SHA256_DIGEST_LENGTH)
131 /* invalid q size */
132 return 0;
133
134 if (evpmd == NULL)
135 /* use SHA1 as default */
136 evpmd = EVP_sha1();
137
138 if (bits < 512)
139 bits = 512;
140
141 bits = (bits+63)/64*64;
121 142
122 /* NB: seed_len == 0 is special case: copy generated seed to 143 /* NB: seed_len == 0 is special case: copy generated seed to
123 * seed_in if it is not NULL. 144 * seed_in if it is not NULL.
124 */ 145 */
125 if (seed_len && (seed_len < 20)) 146 if (seed_len && (seed_len < (size_t)qsize))
126 seed_in = NULL; /* seed buffer too small -- ignore */ 147 seed_in = NULL; /* seed buffer too small -- ignore */
127 if (seed_len > 20) 148 if (seed_len > (size_t)qsize)
128 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 149 seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
129 * but our internal buffers are restricted to 160 bits*/ 150 * but our internal buffers are restricted to 160 bits*/
130 if ((seed_in != NULL) && (seed_len == 20)) 151 if (seed_in != NULL)
131 { 152 memcpy(seed, seed_in, seed_len);
132 memcpy(seed,seed_in,seed_len); 153
133 /* set seed_in to NULL to avoid it being copied back */ 154 if ((ctx=BN_CTX_new()) == NULL)
134 seed_in = NULL; 155 goto err;
135 }
136
137 if ((ctx=BN_CTX_new()) == NULL) goto err;
138 156
139 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 157 if ((mont=BN_MONT_CTX_new()) == NULL)
158 goto err;
140 159
141 BN_CTX_start(ctx); 160 BN_CTX_start(ctx);
142 r0 = BN_CTX_get(ctx); 161 r0 = BN_CTX_get(ctx);
@@ -163,7 +182,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
163 182
164 if (!seed_len) 183 if (!seed_len)
165 { 184 {
166 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); 185 RAND_pseudo_bytes(seed, qsize);
167 seed_is_random = 1; 186 seed_is_random = 1;
168 } 187 }
169 else 188 else
@@ -171,25 +190,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
171 seed_is_random = 0; 190 seed_is_random = 0;
172 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ 191 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
173 } 192 }
174 memcpy(buf,seed,SHA_DIGEST_LENGTH); 193 memcpy(buf , seed, qsize);
175 memcpy(buf2,seed,SHA_DIGEST_LENGTH); 194 memcpy(buf2, seed, qsize);
176 /* precompute "SEED + 1" for step 7: */ 195 /* precompute "SEED + 1" for step 7: */
177 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 196 for (i = qsize-1; i >= 0; i--)
178 { 197 {
179 buf[i]++; 198 buf[i]++;
180 if (buf[i] != 0) break; 199 if (buf[i] != 0)
200 break;
181 } 201 }
182 202
183 /* step 2 */ 203 /* step 2 */
184 EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); 204 EVP_Digest(seed, qsize, md, NULL, evpmd, NULL);
185 EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); 205 EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL);
186 for (i=0; i<SHA_DIGEST_LENGTH; i++) 206 for (i = 0; i < qsize; i++)
187 md[i]^=buf2[i]; 207 md[i]^=buf2[i];
188 208
189 /* step 3 */ 209 /* step 3 */
190 md[0]|=0x80; 210 md[0] |= 0x80;
191 md[SHA_DIGEST_LENGTH-1]|=0x01; 211 md[qsize-1] |= 0x01;
192 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; 212 if (!BN_bin2bn(md, qsize, q))
213 goto err;
193 214
194 /* step 4 */ 215 /* step 4 */
195 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, 216 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
@@ -224,18 +245,19 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
224 for (k=0; k<=n; k++) 245 for (k=0; k<=n; k++)
225 { 246 {
226 /* obtain "SEED + offset + k" by incrementing: */ 247 /* obtain "SEED + offset + k" by incrementing: */
227 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 248 for (i = qsize-1; i >= 0; i--)
228 { 249 {
229 buf[i]++; 250 buf[i]++;
230 if (buf[i] != 0) break; 251 if (buf[i] != 0)
252 break;
231 } 253 }
232 254
233 EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); 255 EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
234 256
235 /* step 8 */ 257 /* step 8 */
236 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) 258 if (!BN_bin2bn(md, qsize, r0))
237 goto err; 259 goto err;
238 if (!BN_lshift(r0,r0,160*k)) goto err; 260 if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
239 if (!BN_add(W,W,r0)) goto err; 261 if (!BN_add(W,W,r0)) goto err;
240 } 262 }
241 263
@@ -309,7 +331,6 @@ err:
309 ok=0; 331 ok=0;
310 goto err; 332 goto err;
311 } 333 }
312 if (seed_in != NULL) memcpy(seed_in,seed,20);
313 if (counter_ret != NULL) *counter_ret=counter; 334 if (counter_ret != NULL) *counter_ret=counter;
314 if (h_ret != NULL) *h_ret=h; 335 if (h_ret != NULL) *h_ret=h;
315 } 336 }
@@ -322,4 +343,3 @@ err:
322 return ok; 343 return ok;
323 } 344 }
324#endif 345#endif
325#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 5e39124230..c4aa86bc6d 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,8 +64,6 @@
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66 66
67#ifndef OPENSSL_FIPS
68
69static int dsa_builtin_keygen(DSA *dsa); 67static int dsa_builtin_keygen(DSA *dsa);
70 68
71int DSA_generate_key(DSA *dsa) 69int DSA_generate_key(DSA *dsa)
@@ -128,5 +126,3 @@ err:
128 return(ok); 126 return(ok);
129 } 127 }
130#endif 128#endif
131
132#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 7ac9dc8c89..e9b75902db 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -76,14 +76,6 @@ static const DSA_METHOD *default_DSA_method = NULL;
76 76
77void DSA_set_default_method(const DSA_METHOD *meth) 77void DSA_set_default_method(const DSA_METHOD *meth)
78 { 78 {
79#ifdef OPENSSL_FIPS
80 if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
81 {
82 DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
83 return;
84 }
85#endif
86
87 default_DSA_method = meth; 79 default_DSA_method = meth;
88 } 80 }
89 81
@@ -104,13 +96,6 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
104 /* NB: The caller is specifically setting a method, so it's not up to us 96 /* NB: The caller is specifically setting a method, so it's not up to us
105 * to deal with which ENGINE it comes from. */ 97 * to deal with which ENGINE it comes from. */
106 const DSA_METHOD *mtmp; 98 const DSA_METHOD *mtmp;
107#ifdef OPENSSL_FIPS
108 if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
109 {
110 DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
111 return 0;
112 }
113#endif
114 mtmp = dsa->meth; 99 mtmp = dsa->meth;
115 if (mtmp->finish) mtmp->finish(dsa); 100 if (mtmp->finish) mtmp->finish(dsa);
116#ifndef OPENSSL_NO_ENGINE 101#ifndef OPENSSL_NO_ENGINE
@@ -162,18 +147,6 @@ DSA *DSA_new_method(ENGINE *engine)
162 } 147 }
163 } 148 }
164#endif 149#endif
165#ifdef OPENSSL_FIPS
166 if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
167 {
168 DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
169#ifndef OPENSSL_NO_ENGINE
170 if (ret->engine)
171 ENGINE_finish(ret->engine);
172#endif
173 OPENSSL_free(ret);
174 return NULL;
175 }
176#endif
177 150
178 ret->pad=0; 151 ret->pad=0;
179 ret->version=0; 152 ret->version=0;
@@ -260,6 +233,28 @@ int DSA_up_ref(DSA *r)
260 return ((i > 1) ? 1 : 0); 233 return ((i > 1) ? 1 : 0);
261 } 234 }
262 235
236int DSA_size(const DSA *r)
237 {
238 int ret,i;
239 ASN1_INTEGER bs;
240 unsigned char buf[4]; /* 4 bytes looks really small.
241 However, i2d_ASN1_INTEGER() will not look
242 beyond the first byte, as long as the second
243 parameter is NULL. */
244
245 i=BN_num_bits(r->q);
246 bs.length=(i+7)/8;
247 bs.data=buf;
248 bs.type=V_ASN1_INTEGER;
249 /* If the top bit is set the asn1 encoding is 1 larger. */
250 buf[0]=0xff;
251
252 i=i2d_ASN1_INTEGER(&bs,NULL);
253 i+=i; /* r and s */
254 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
255 return(ret);
256 }
257
263int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 258int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
264 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 259 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
265 { 260 {
diff --git a/src/lib/libcrypto/dsa/dsa_locl.h b/src/lib/libcrypto/dsa/dsa_locl.h
new file mode 100644
index 0000000000..2b8cfee3db
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_locl.h
@@ -0,0 +1,59 @@
1/* ====================================================================
2 * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/dsa.h>
56
57int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
58 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
59 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 412cf1d88b..4fead07e80 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -61,16 +61,15 @@
61#include <stdio.h> 61#include <stdio.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/sha.h>
64#include <openssl/dsa.h> 65#include <openssl/dsa.h>
65#include <openssl/rand.h> 66#include <openssl/rand.h>
66#include <openssl/asn1.h> 67#include <openssl/asn1.h>
67 68
68#ifndef OPENSSL_FIPS
69
70static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
71static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
72static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
73 DSA *dsa); 72 DSA *dsa);
74static int dsa_init(DSA *dsa); 73static int dsa_init(DSA *dsa);
75static int dsa_finish(DSA *dsa); 74static int dsa_finish(DSA *dsa);
76 75
@@ -135,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
135 BIGNUM m; 134 BIGNUM m;
136 BIGNUM xr; 135 BIGNUM xr;
137 BN_CTX *ctx=NULL; 136 BN_CTX *ctx=NULL;
138 int i,reason=ERR_R_BN_LIB; 137 int reason=ERR_R_BN_LIB;
139 DSA_SIG *ret=NULL; 138 DSA_SIG *ret=NULL;
140 139
141 BN_init(&m); 140 BN_init(&m);
@@ -150,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
150 s=BN_new(); 149 s=BN_new();
151 if (s == NULL) goto err; 150 if (s == NULL) goto err;
152 151
153 i=BN_num_bytes(dsa->q); /* should be 20 */ 152 /* reject a excessive digest length (currently at most
154 if ((dlen > i) || (dlen > 50)) 153 * dsa-with-SHA256 is supported) */
154 if (dlen > SHA256_DIGEST_LENGTH)
155 { 155 {
156 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; 156 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
157 goto err; 157 goto err;
@@ -172,7 +172,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
172 dsa->r=NULL; 172 dsa->r=NULL;
173 } 173 }
174 174
175 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; 175
176 if (dlen > BN_num_bytes(dsa->q))
177 /* if the digest length is greater than the size of q use the
178 * BN_num_bits(dsa->q) leftmost bits of the digest, see
179 * fips 186-3, 4.2 */
180 dlen = BN_num_bytes(dsa->q);
181 if (BN_bin2bn(dgst,dlen,&m) == NULL)
182 goto err;
176 183
177 /* Compute s = inv(k) (m + xr) mod q */ 184 /* Compute s = inv(k) (m + xr) mod q */
178 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ 185 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -283,30 +290,31 @@ err:
283 if (!ret) 290 if (!ret)
284 { 291 {
285 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); 292 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
286 if (kinv != NULL) BN_clear_free(kinv); 293 if (r != NULL)
287 if (r != NULL) BN_clear_free(r); 294 BN_clear_free(r);
288 } 295 }
289 if (ctx_in == NULL) BN_CTX_free(ctx); 296 if (ctx_in == NULL) BN_CTX_free(ctx);
290 if (kinv != NULL) BN_clear_free(kinv);
291 BN_clear_free(&k); 297 BN_clear_free(&k);
292 BN_clear_free(&kq); 298 BN_clear_free(&kq);
293 return(ret); 299 return(ret);
294 } 300 }
295 301
296static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 302static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
297 DSA *dsa) 303 DSA *dsa)
298 { 304 {
299 BN_CTX *ctx; 305 BN_CTX *ctx;
300 BIGNUM u1,u2,t1; 306 BIGNUM u1,u2,t1;
301 BN_MONT_CTX *mont=NULL; 307 BN_MONT_CTX *mont=NULL;
302 int ret = -1; 308 int ret = -1, i;
303 if (!dsa->p || !dsa->q || !dsa->g) 309 if (!dsa->p || !dsa->q || !dsa->g)
304 { 310 {
305 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); 311 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
306 return -1; 312 return -1;
307 } 313 }
308 314
309 if (BN_num_bits(dsa->q) != 160) 315 i = BN_num_bits(dsa->q);
316 /* fips 186-3 allows only different sizes for q */
317 if (i != 160 && i != 224 && i != 256)
310 { 318 {
311 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); 319 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
312 return -1; 320 return -1;
@@ -318,6 +326,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
318 return -1; 326 return -1;
319 } 327 }
320 328
329 /* reject a excessive digest length (currently at most
330 * dsa-with-SHA256 is supported) */
331 if (dgst_len > SHA256_DIGEST_LENGTH)
332 {
333 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
334 return -1;
335 }
336
321 BN_init(&u1); 337 BN_init(&u1);
322 BN_init(&u2); 338 BN_init(&u2);
323 BN_init(&t1); 339 BN_init(&t1);
@@ -342,6 +358,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
342 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 358 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
343 359
344 /* save M in u1 */ 360 /* save M in u1 */
361 if (dgst_len > (i >> 3))
362 /* if the digest length is greater than the size of q use the
363 * BN_num_bits(dsa->q) leftmost bits of the digest, see
364 * fips 186-3, 4.2 */
365 dgst_len = (i >> 3);
345 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; 366 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
346 367
347 /* u1 = M * w mod q */ 368 /* u1 = M * w mod q */
@@ -393,4 +414,3 @@ static int dsa_finish(DSA *dsa)
393 return(1); 414 return(1);
394} 415}
395 416
396#endif
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
new file mode 100644
index 0000000000..4ce91e20c6
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -0,0 +1,315 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2006.
3 */
4/* ====================================================================
5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include "cryptlib.h"
60#include <openssl/asn1t.h>
61#include <openssl/x509.h>
62#include <openssl/evp.h>
63#include <openssl/bn.h>
64#include "evp_locl.h"
65#include "dsa_locl.h"
66
67/* DSA pkey context structure */
68
69typedef struct
70 {
71 /* Parameter gen parameters */
72 int nbits; /* size of p in bits (default: 1024) */
73 int qbits; /* size of q in bits (default: 160) */
74 const EVP_MD *pmd; /* MD for parameter generation */
75 /* Keygen callback info */
76 int gentmp[2];
77 /* message digest */
78 const EVP_MD *md; /* MD for the signature */
79 } DSA_PKEY_CTX;
80
81static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
82 {
83 DSA_PKEY_CTX *dctx;
84 dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
85 if (!dctx)
86 return 0;
87 dctx->nbits = 1024;
88 dctx->qbits = 160;
89 dctx->pmd = NULL;
90 dctx->md = NULL;
91
92 ctx->data = dctx;
93 ctx->keygen_info = dctx->gentmp;
94 ctx->keygen_info_count = 2;
95
96 return 1;
97 }
98
99static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
100 {
101 DSA_PKEY_CTX *dctx, *sctx;
102 if (!pkey_dsa_init(dst))
103 return 0;
104 sctx = src->data;
105 dctx = dst->data;
106 dctx->nbits = sctx->nbits;
107 dctx->qbits = sctx->qbits;
108 dctx->pmd = sctx->pmd;
109 dctx->md = sctx->md;
110 return 1;
111 }
112
113static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
114 {
115 DSA_PKEY_CTX *dctx = ctx->data;
116 if (dctx)
117 OPENSSL_free(dctx);
118 }
119
120static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
121 const unsigned char *tbs, size_t tbslen)
122 {
123 int ret, type;
124 unsigned int sltmp;
125 DSA_PKEY_CTX *dctx = ctx->data;
126 DSA *dsa = ctx->pkey->pkey.dsa;
127
128 if (dctx->md)
129 type = EVP_MD_type(dctx->md);
130 else
131 type = NID_sha1;
132
133 ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
134
135 if (ret <= 0)
136 return ret;
137 *siglen = sltmp;
138 return 1;
139 }
140
141static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
142 const unsigned char *sig, size_t siglen,
143 const unsigned char *tbs, size_t tbslen)
144 {
145 int ret, type;
146 DSA_PKEY_CTX *dctx = ctx->data;
147 DSA *dsa = ctx->pkey->pkey.dsa;
148
149 if (dctx->md)
150 type = EVP_MD_type(dctx->md);
151 else
152 type = NID_sha1;
153
154 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
155
156 return ret;
157 }
158
159static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
160 {
161 DSA_PKEY_CTX *dctx = ctx->data;
162 switch (type)
163 {
164 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
165 if (p1 < 256)
166 return -2;
167 dctx->nbits = p1;
168 return 1;
169
170 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
171 if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
172 return -2;
173 dctx->qbits = p1;
174 return 1;
175
176 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
177 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
178 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
179 EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
180 {
181 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
182 return 0;
183 }
184 dctx->md = p2;
185 return 1;
186
187 case EVP_PKEY_CTRL_MD:
188 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
189 EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
190 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
191 EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
192 {
193 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
194 return 0;
195 }
196 dctx->md = p2;
197 return 1;
198
199 case EVP_PKEY_CTRL_DIGESTINIT:
200 case EVP_PKEY_CTRL_PKCS7_SIGN:
201 case EVP_PKEY_CTRL_CMS_SIGN:
202 return 1;
203
204 case EVP_PKEY_CTRL_PEER_KEY:
205 DSAerr(DSA_F_PKEY_DSA_CTRL,
206 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
207 return -2;
208 default:
209 return -2;
210
211 }
212 }
213
214static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
215 const char *type, const char *value)
216 {
217 if (!strcmp(type, "dsa_paramgen_bits"))
218 {
219 int nbits;
220 nbits = atoi(value);
221 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
222 }
223 if (!strcmp(type, "dsa_paramgen_q_bits"))
224 {
225 int qbits = atoi(value);
226 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
227 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
228 }
229 if (!strcmp(type, "dsa_paramgen_md"))
230 {
231 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
232 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
233 (void *)EVP_get_digestbyname(value));
234 }
235 return -2;
236 }
237
238static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
239 {
240 DSA *dsa = NULL;
241 DSA_PKEY_CTX *dctx = ctx->data;
242 BN_GENCB *pcb, cb;
243 int ret;
244 if (ctx->pkey_gencb)
245 {
246 pcb = &cb;
247 evp_pkey_set_cb_translate(pcb, ctx);
248 }
249 else
250 pcb = NULL;
251 dsa = DSA_new();
252 if (!dsa)
253 return 0;
254 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
255 NULL, 0, NULL, NULL, pcb);
256 if (ret)
257 EVP_PKEY_assign_DSA(pkey, dsa);
258 else
259 DSA_free(dsa);
260 return ret;
261 }
262
263static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
264 {
265 DSA *dsa = NULL;
266 if (ctx->pkey == NULL)
267 {
268 DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
269 return 0;
270 }
271 dsa = DSA_new();
272 if (!dsa)
273 return 0;
274 EVP_PKEY_assign_DSA(pkey, dsa);
275 /* Note: if error return, pkey is freed by parent routine */
276 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
277 return 0;
278 return DSA_generate_key(pkey->pkey.dsa);
279 }
280
281const EVP_PKEY_METHOD dsa_pkey_meth =
282 {
283 EVP_PKEY_DSA,
284 EVP_PKEY_FLAG_AUTOARGLEN,
285 pkey_dsa_init,
286 pkey_dsa_copy,
287 pkey_dsa_cleanup,
288
289 0,
290 pkey_dsa_paramgen,
291
292 0,
293 pkey_dsa_keygen,
294
295 0,
296 pkey_dsa_sign,
297
298 0,
299 pkey_dsa_verify,
300
301 0,0,
302
303 0,0,0,0,
304
305 0,0,
306
307 0,0,
308
309 0,0,
310
311 pkey_dsa_ctrl,
312 pkey_dsa_ctrl_str
313
314
315 };
diff --git a/src/lib/libcrypto/dsa/dsa_prn.c b/src/lib/libcrypto/dsa/dsa_prn.c
new file mode 100644
index 0000000000..6f29f5e240
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_prn.c
@@ -0,0 +1,121 @@
1/* crypto/dsa/dsa_prn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/dsa.h>
63
64#ifndef OPENSSL_NO_FP_API
65int DSA_print_fp(FILE *fp, const DSA *x, int off)
66 {
67 BIO *b;
68 int ret;
69
70 if ((b=BIO_new(BIO_s_file())) == NULL)
71 {
72 DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
73 return(0);
74 }
75 BIO_set_fp(b,fp,BIO_NOCLOSE);
76 ret=DSA_print(b,x,off);
77 BIO_free(b);
78 return(ret);
79 }
80
81int DSAparams_print_fp(FILE *fp, const DSA *x)
82 {
83 BIO *b;
84 int ret;
85
86 if ((b=BIO_new(BIO_s_file())) == NULL)
87 {
88 DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
89 return(0);
90 }
91 BIO_set_fp(b,fp,BIO_NOCLOSE);
92 ret=DSAparams_print(b, x);
93 BIO_free(b);
94 return(ret);
95 }
96#endif
97
98int DSA_print(BIO *bp, const DSA *x, int off)
99 {
100 EVP_PKEY *pk;
101 int ret;
102 pk = EVP_PKEY_new();
103 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
104 return 0;
105 ret = EVP_PKEY_print_private(bp, pk, off, NULL);
106 EVP_PKEY_free(pk);
107 return ret;
108 }
109
110int DSAparams_print(BIO *bp, const DSA *x)
111 {
112 EVP_PKEY *pk;
113 int ret;
114 pk = EVP_PKEY_new();
115 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
116 return 0;
117 ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
118 EVP_PKEY_free(pk);
119 return ret;
120 }
121
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 4cfbbe57a8..17555e5892 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -58,38 +58,33 @@
58 58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h>
62#include "cryptlib.h" 61#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h> 62#include <openssl/dsa.h>
65#include <openssl/rand.h> 63#include <openssl/rand.h>
66#include <openssl/asn1.h>
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
70
71 64
72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 65DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
73 { 66 {
74#ifdef OPENSSL_FIPS
75 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
76 {
77 DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
78 return NULL;
79 }
80#endif
81 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 67 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
82 } 68 }
83 69
84int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 70int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
71 unsigned int *siglen, DSA *dsa)
85 { 72 {
86#ifdef OPENSSL_FIPS 73 DSA_SIG *s;
87 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) 74 RAND_seed(dgst, dlen);
75 s=DSA_do_sign(dgst,dlen,dsa);
76 if (s == NULL)
88 { 77 {
89 DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 78 *siglen=0;
90 return 0; 79 return(0);
91 } 80 }
92#endif 81 *siglen=i2d_DSA_SIG(s,&sig);
82 DSA_SIG_free(s);
83 return(1);
84 }
85
86int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
87 {
93 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 88 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
94 } 89 }
95 90
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c75e423048..226a75ff3f 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -58,27 +58,32 @@
58 58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h>
62#include "cryptlib.h" 61#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h> 62#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
70
71#include <openssl/asn1_mac.h>
72 63
73int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 64int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
74 DSA *dsa) 65 DSA *dsa)
75 { 66 {
76#ifdef OPENSSL_FIPS
77 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
78 {
79 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
80 return 0;
81 }
82#endif
83 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
84 } 68 }
69
70/* data has already been hashed (probably with SHA or SHA-1). */
71/* returns
72 * 1: correct signature
73 * 0: incorrect signature
74 * -1: error
75 */
76int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
77 const unsigned char *sigbuf, int siglen, DSA *dsa)
78 {
79 DSA_SIG *s;
80 int ret=-1;
81
82 s = DSA_SIG_new();
83 if (s == NULL) return(ret);
84 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
85 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
86err:
87 DSA_SIG_free(s);
88 return(ret);
89 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-03 22:20:33 +0000