summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_gen.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_gen.c')
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c35
1 files changed, 31 insertions, 4 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index cb0b4538a4..c398761d0d 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -81,13 +81,33 @@
81#include <openssl/sha.h> 81#include <openssl/sha.h>
82#include "dsa_locl.h" 82#include "dsa_locl.h"
83 83
84#ifdef OPENSSL_FIPS
85#include <openssl/fips.h>
86#endif
87
84int DSA_generate_parameters_ex(DSA *ret, int bits, 88int DSA_generate_parameters_ex(DSA *ret, int bits,
85 const unsigned char *seed_in, int seed_len, 89 const unsigned char *seed_in, int seed_len,
86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 90 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
87 { 91 {
92#ifdef OPENSSL_FIPS
93 if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
94 && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
95 {
96 DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
97 return 0;
98 }
99#endif
88 if(ret->meth->dsa_paramgen) 100 if(ret->meth->dsa_paramgen)
89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 101 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
90 counter_ret, h_ret, cb); 102 counter_ret, h_ret, cb);
103#ifdef OPENSSL_FIPS
104 else if (FIPS_mode())
105 {
106 return FIPS_dsa_generate_parameters_ex(ret, bits,
107 seed_in, seed_len,
108 counter_ret, h_ret, cb);
109 }
110#endif
91 else 111 else
92 { 112 {
93 const EVP_MD *evpmd; 113 const EVP_MD *evpmd;
@@ -105,12 +125,13 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
105 } 125 }
106 126
107 return dsa_builtin_paramgen(ret, bits, qbits, evpmd, 127 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
108 seed_in, seed_len, counter_ret, h_ret, cb); 128 seed_in, seed_len, NULL, counter_ret, h_ret, cb);
109 } 129 }
110 } 130 }
111 131
112int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, 132int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
113 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, 133 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
134 unsigned char *seed_out,
114 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 135 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
115 { 136 {
116 int ok=0; 137 int ok=0;
@@ -201,8 +222,10 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
201 } 222 }
202 223
203 /* step 2 */ 224 /* step 2 */
204 EVP_Digest(seed, qsize, md, NULL, evpmd, NULL); 225 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
205 EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL); 226 goto err;
227 if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
228 goto err;
206 for (i = 0; i < qsize; i++) 229 for (i = 0; i < qsize; i++)
207 md[i]^=buf2[i]; 230 md[i]^=buf2[i];
208 231
@@ -251,7 +274,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
251 break; 274 break;
252 } 275 }
253 276
254 EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL); 277 if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
278 NULL))
279 goto err;
255 280
256 /* step 8 */ 281 /* step 8 */
257 if (!BN_bin2bn(md, qsize, r0)) 282 if (!BN_bin2bn(md, qsize, r0))
@@ -332,6 +357,8 @@ err:
332 } 357 }
333 if (counter_ret != NULL) *counter_ret=counter; 358 if (counter_ret != NULL) *counter_ret=counter;
334 if (h_ret != NULL) *h_ret=h; 359 if (h_ret != NULL) *h_ret=h;
360 if (seed_out)
361 memcpy(seed_out, seed, qsize);
335 } 362 }
336 if(ctx) 363 if(ctx)
337 { 364 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:15:47 +0000