4 files changed, 21 insertions, 53 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 8b966871b4..dc04eba032 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.31 2024/03/02 09:33:14 tb Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.32 2024/05/11 06:43:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -75,24 +75,19 @@ int
 DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
    int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
 {
-        if (ret->meth->dsa_paramgen)
+        const EVP_MD *evpmd;
-                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+        size_t qbits;
-                    counter_ret, h_ret, cb);
-        else {
+        if (bits >= 2048) {
-                const EVP_MD *evpmd;
+                qbits = 256;
-                size_t qbits;
+                evpmd = EVP_sha256();
+        } else {
-                if (bits >= 2048) {
+                qbits = 160;
-                        qbits = 256;
+                evpmd = EVP_sha1();
-                        evpmd = EVP_sha256();
-                } else {
-                        qbits = 160;
-                        evpmd = EVP_sha1();
-                }
-                return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in,
-                    seed_len, NULL, counter_ret, h_ret, cb);
        }
+        return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len,
+            NULL, counter_ret, h_ret, cb);
 }
 LCRYPTO_ALIAS(DSA_generate_parameters_ex);
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 46ec9cfce9..5fbedcf705 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_key.c,v 1.36 2024/05/10 04:53:55 tb Exp $ */
+/* $OpenBSD: dsa_key.c,v 1.37 2024/05/11 06:43:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -76,9 +76,6 @@ DSA_generate_key(DSA *dsa)
        BN_CTX *ctx = NULL;
        int ok = 0;
-        if (dsa->meth->dsa_keygen != NULL)
-                return dsa->meth->dsa_keygen(dsa);
        if ((priv_key = BN_new()) == NULL)
                goto err;
        if ((pub_key = BN_new()) == NULL)
diff --git a/src/lib/libcrypto/dsa/dsa_local.h b/src/lib/libcrypto/dsa/dsa_local.h
index 3e688b8ce6..46248f0edf 100644
--- a/src/lib/libcrypto/dsa/dsa_local.h
+++ b/src/lib/libcrypto/dsa/dsa_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_local.h,v 1.3 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: dsa_local.h,v 1.4 2024/05/11 06:43:50 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
@@ -69,20 +69,9 @@ struct dsa_method {
            BIGNUM **rp);
        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
            DSA_SIG *sig, DSA *dsa);
-        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-            BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-            BN_MONT_CTX *in_mont);
-        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-            const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */
        int (*init)(DSA *dsa);
        int (*finish)(DSA *dsa);
        int flags;
-        char *app_data;
-        /* If this is non-NULL, it is used to generate DSA parameters */
-        int (*dsa_paramgen)(DSA *dsa, int bits, const unsigned char *seed,
-            int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-        /* If this is non-NULL, it is used to generate DSA keys */
-        int (*dsa_keygen)(DSA *dsa);
 } /* DSA_METHOD */;
 struct dsa_st {
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 943d038796..c53c8b9001 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.55 2024/05/09 20:57:49 tb Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.56 2024/05/11 06:43:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -268,15 +268,8 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
            !bn_copy(k, BN_num_bits(l) > q_bits ? l : m))
                goto err;
-        if (dsa->meth->bn_mod_exp != NULL) {
+        if (!BN_mod_exp_mont_ct(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
-                if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                goto err;
-                    dsa->method_mont_p))
-                        goto err;
-        } else {
-                if (!BN_mod_exp_mont_ct(r, dsa->g, k, dsa->p, ctx,
-                    dsa->method_mont_p))
-                        goto err;
-        }
        if (!BN_mod_ct(r, r, dsa->q, ctx))
                goto err;
@@ -372,15 +365,9 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
                        goto err;
        }
-        if (dsa->meth->dsa_mod_exp != NULL) {
+        if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p,
-                if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key,
+            ctx, mont))
-                    u2, dsa->p, ctx, mont))
+                goto err;
-                        goto err;
-        } else {
-                if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2,
-                    dsa->p, ctx, mont))
-                        goto err;
-        }
        /* let u1 = u1 mod q */
        if (!BN_mod_ct(u1, t1, dsa->q, ctx))

diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index 8b966871b4..dc04eba032 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_gen.c,v 1.31 2024/03/02 09:33:14 tb Exp $ */	1	/* $OpenBSD: dsa_gen.c,v 1.32 2024/05/11 06:43:50 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -75,24 +75,19 @@ int
75	DSA_generate_parameters_ex(DSA ret, int bits, const unsigned char seed_in,	75	DSA_generate_parameters_ex(DSA ret, int bits, const unsigned char seed_in,
76	int seed_len, int counter_ret, unsigned long h_ret, BN_GENCB *cb)	76	int seed_len, int counter_ret, unsigned long h_ret, BN_GENCB *cb)
77	{	77	{
78	if (ret->meth->dsa_paramgen)	78	const EVP_MD *evpmd;
79	return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,	79	size_t qbits;
80	counter_ret, h_ret, cb);	80
81	else {	81	if (bits >= 2048) {
82	const EVP_MD *evpmd;	82	qbits = 256;
83	size_t qbits;	83	evpmd = EVP_sha256();
84		84	} else {
85	if (bits >= 2048) {	85	qbits = 160;
86	qbits = 256;	86	evpmd = EVP_sha1();
87	evpmd = EVP_sha256();
88	} else {
89	qbits = 160;
90	evpmd = EVP_sha1();
91	}
92
93	return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in,
94	seed_len, NULL, counter_ret, h_ret, cb);
95	}	87	}
		88
		89	return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len,
		90	NULL, counter_ret, h_ret, cb);
96	}	91	}
97	LCRYPTO_ALIAS(DSA_generate_parameters_ex);	92	LCRYPTO_ALIAS(DSA_generate_parameters_ex);
98		93


diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index 46ec9cfce9..5fbedcf705 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_key.c,v 1.36 2024/05/10 04:53:55 tb Exp $ */	1	/* $OpenBSD: dsa_key.c,v 1.37 2024/05/11 06:43:50 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -76,9 +76,6 @@ DSA_generate_key(DSA *dsa)
76	BN_CTX *ctx = NULL;	76	BN_CTX *ctx = NULL;
77	int ok = 0;	77	int ok = 0;
78		78
79	if (dsa->meth->dsa_keygen != NULL)
80	return dsa->meth->dsa_keygen(dsa);
81
82	if ((priv_key = BN_new()) == NULL)	79	if ((priv_key = BN_new()) == NULL)
83	goto err;	80	goto err;
84	if ((pub_key = BN_new()) == NULL)	81	if ((pub_key = BN_new()) == NULL)


diff --git a/src/lib/libcrypto/dsa/dsa_local.h b/src/lib/libcrypto/dsa/dsa_local.h index 3e688b8ce6..46248f0edf 100644 --- a/src/lib/libcrypto/dsa/dsa_local.h +++ b/src/lib/libcrypto/dsa/dsa_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_local.h,v 1.3 2023/11/29 21:35:57 tb Exp $ */	1	/* $OpenBSD: dsa_local.h,v 1.4 2024/05/11 06:43:50 tb Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2007 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -69,20 +69,9 @@ struct dsa_method {
69	BIGNUM **rp);	69	BIGNUM **rp);
70	int (dsa_do_verify)(const unsigned char dgst, int dgst_len,	70	int (dsa_do_verify)(const unsigned char dgst, int dgst_len,
71	DSA_SIG sig, DSA dsa);	71	DSA_SIG sig, DSA dsa);
72	int (dsa_mod_exp)(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM *p1,
73	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx,
74	BN_MONT_CTX *in_mont);
75	int (bn_mod_exp)(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM *p,
76	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX m_ctx); / Can be null */
77	int (init)(DSA dsa);	72	int (init)(DSA dsa);
78	int (finish)(DSA dsa);	73	int (finish)(DSA dsa);
79	int flags;	74	int flags;
80	char *app_data;
81	/* If this is non-NULL, it is used to generate DSA parameters */
82	int (dsa_paramgen)(DSA dsa, int bits, const unsigned char *seed,
83	int seed_len, int counter_ret, unsigned long h_ret, BN_GENCB *cb);
84	/* If this is non-NULL, it is used to generate DSA keys */
85	int (dsa_keygen)(DSA dsa);
86	} /* DSA_METHOD */;	75	} /* DSA_METHOD */;
87		76
88	struct dsa_st {	77	struct dsa_st {


diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 943d038796..c53c8b9001 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_ossl.c,v 1.55 2024/05/09 20:57:49 tb Exp $ */	1	/* $OpenBSD: dsa_ossl.c,v 1.56 2024/05/11 06:43:50 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -268,15 +268,8 @@ dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
268	!bn_copy(k, BN_num_bits(l) > q_bits ? l : m))	268	!bn_copy(k, BN_num_bits(l) > q_bits ? l : m))
269	goto err;	269	goto err;
270		270
271	if (dsa->meth->bn_mod_exp != NULL) {	271	if (!BN_mod_exp_mont_ct(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
272	if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,	272	goto err;
273	dsa->method_mont_p))
274	goto err;
275	} else {
276	if (!BN_mod_exp_mont_ct(r, dsa->g, k, dsa->p, ctx,
277	dsa->method_mont_p))
278	goto err;
279	}
280		273
281	if (!BN_mod_ct(r, r, dsa->q, ctx))	274	if (!BN_mod_ct(r, r, dsa->q, ctx))
282	goto err;	275	goto err;
@@ -372,15 +365,9 @@ dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig, DSA *dsa)
372	goto err;	365	goto err;
373	}	366	}
374		367
375	if (dsa->meth->dsa_mod_exp != NULL) {	368	if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p,
376	if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key,	369	ctx, mont))
377	u2, dsa->p, ctx, mont))	370	goto err;
378	goto err;
379	} else {
380	if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2,
381	dsa->p, ctx, mont))
382	goto err;
383	}
384		371
385	/* let u1 = u1 mod q */	372	/* let u1 = u1 mod q */
386	if (!BN_mod_ct(u1, t1, dsa->q, ctx))	373	if (!BN_mod_ct(u1, t1, dsa->q, ctx))