1 files changed, 80 insertions, 2 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 23fce555aa..0645facb4b 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -1,5 +1,5 @@
 /* dsa_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
@@ -61,6 +61,11 @@
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 /* Override the default new methods */
 static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -83,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
 /* Override the default free and new methods */
 static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -138,3 +143,76 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
 } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+             unsigned int *siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+        s=DSA_do_sign(dgst,dlen,dsa);
+        if (s == NULL)
+                {
+                *siglen=0;
+                return(0);
+                }
+        *siglen=i2d_DSA_SIG(s,&sig);
+        DSA_SIG_free(s);
+        return(1);
+        }
+int DSA_size(const DSA *r)
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        int ret=-1;
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+        DSA_SIG_free(s);
+        return(ret);
+        }

diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c index 23fce555aa..0645facb4b 100644 --- a/src/lib/libcrypto/dsa/dsa_asn1.c +++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -1,5 +1,5 @@
1	/* dsa_asn1.c */	1	/* dsa_asn1.c */
2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
5	/* ====================================================================	5	/* ====================================================================
@@ -61,6 +61,11 @@
61	#include <openssl/dsa.h>	61	#include <openssl/dsa.h>
62	#include <openssl/asn1.h>	62	#include <openssl/asn1.h>
63	#include <openssl/asn1t.h>	63	#include <openssl/asn1t.h>
		64	#include <openssl/bn.h>
		65	#ifdef OPENSSL_FIPS
		66	#include <openssl/fips.h>
		67	#endif
		68
64		69
65	/* Override the default new methods */	70	/* Override the default new methods */
66	static int sig_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it)	71	static int sig_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it)
@@ -83,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
83	ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)	88	ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
84	} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)	89	} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
85		90
86	IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)	91	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
87		92
88	/* Override the default free and new methods */	93	/* Override the default free and new methods */
89	static int dsa_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it)	94	static int dsa_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it)
@@ -138,3 +143,76 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
138	} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)	143	} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
139		144
140	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)	145	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
		146
		147	int DSA_sign(int type, const unsigned char dgst, int dlen, unsigned char sig,
		148	unsigned int siglen, DSA dsa)
		149	{
		150	DSA_SIG *s;
		151	#ifdef OPENSSL_FIPS
		152	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
		153	{
		154	DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
		155	return 0;
		156	}
		157	#endif
		158	s=DSA_do_sign(dgst,dlen,dsa);
		159	if (s == NULL)
		160	{
		161	*siglen=0;
		162	return(0);
		163	}
		164	*siglen=i2d_DSA_SIG(s,&sig);
		165	DSA_SIG_free(s);
		166	return(1);
		167	}
		168
		169	int DSA_size(const DSA *r)
		170	{
		171	int ret,i;
		172	ASN1_INTEGER bs;
		173	unsigned char buf[4]; /* 4 bytes looks really small.
		174	However, i2d_ASN1_INTEGER() will not look
		175	beyond the first byte, as long as the second
		176	parameter is NULL. */
		177
		178	i=BN_num_bits(r->q);
		179	bs.length=(i+7)/8;
		180	bs.data=buf;
		181	bs.type=V_ASN1_INTEGER;
		182	/* If the top bit is set the asn1 encoding is 1 larger. */
		183	buf[0]=0xff;
		184
		185	i=i2d_ASN1_INTEGER(&bs,NULL);
		186	i+=i; /* r and s */
		187	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
		188	return(ret);
		189	}
		190
		191	/* data has already been hashed (probably with SHA or SHA-1). */
		192	/* returns
		193	* 1: correct signature
		194	* 0: incorrect signature
		195	* -1: error
		196	*/
		197	int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
		198	const unsigned char sigbuf, int siglen, DSA dsa)
		199	{
		200	DSA_SIG *s;
		201	int ret=-1;
		202	#ifdef OPENSSL_FIPS
		203	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
		204	{
		205	DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
		206	return 0;
		207	}
		208	#endif
		209
		210	s = DSA_SIG_new();
		211	if (s == NULL) return(ret);
		212	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
		213	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
		214	err:
		215	DSA_SIG_free(s);
		216	return(ret);
		217	}
		218