1 files changed, 54 insertions, 54 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 75ff7cc4af..5de5fc7e91 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,63 +65,33 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
 static DSA_METHOD openssl_dsa_meth = {
 "OpenSSL DSA method",
 dsa_do_sign,
 dsa_sign_setup,
 dsa_do_verify,
-NULL, /* dsa_mod_exp, */
+dsa_mod_exp,
-NULL, /* dsa_bn_mod_exp, */
+dsa_bn_mod_exp,
 dsa_init,
 dsa_finish,
 0,
-NULL,
-NULL,
 NULL
 };
-/* These macro wrappers replace attempts to use the dsa_mod_exp() and
- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
- * having a the macro work as an expression by bundling an "err_instr". So;
- * 
- *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
- *                 dsa->method_mont_p)) goto err;
- *
- * can be replaced by;
- *
- *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
- *                 dsa->method_mont_p);
- */
-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
-        do { \
-        int _tmp_res53; \
-        if((dsa)->meth->dsa_mod_exp) \
-                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
-                                (a2), (p2), (m), (ctx), (in_mont)); \
-        else \
-                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
-                                (m), (ctx), (in_mont)); \
-        if(!_tmp_res53) err_instr; \
-        } while(0)
-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
-        do { \
-        int _tmp_res53; \
-        if((dsa)->meth->bn_mod_exp) \
-                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
-                                (m), (ctx), (m_ctx)); \
-        else \
-                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-        if(!_tmp_res53) err_instr; \
-        } while(0)
 const DSA_METHOD *DSA_OpenSSL(void)
 {
        return &openssl_dsa_meth;
@@ -229,12 +199,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        while (BN_is_zero(&k));
        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
                {
-                BN_set_flags(&k, BN_FLG_CONSTTIME);
+                BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
                }
        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-                if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
                                                CRYPTO_LOCK_DSA,
                                                dsa->p, ctx))
                        goto err;
@@ -264,8 +234,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                {
                K = &k;
                }
-        DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
-                        dsa->method_mont_p);
+                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
        /* Compute  part of 's = inv(k) (m + xr) mod q' */
@@ -322,14 +292,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-            BN_ucmp(sig->r, dsa->q) >= 0)
                {
                ret = 0;
                goto err;
                }
-        if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+        if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-            BN_ucmp(sig->s, dsa->q) >= 0)
                {
                ret = 0;
                goto err;
@@ -351,25 +319,43 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                mont = BN_MONT_CTX_set_locked(
+                                        (BN_MONT_CTX **)&dsa->method_mont_p,
                                        CRYPTO_LOCK_DSA, dsa->p, ctx);
                if (!mont)
                        goto err;
                }
+#if 0
-        DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
+        {
+        BIGNUM t2;
+        BN_init(&t2);
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+        BN_free(&t2);
+        }
+        /* let u1 = u1 mod q */
+        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+        {
+        if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+                                                dsa->p,ctx,mont)) goto err;
        /* BN_copy(&u1,&t1); */
        /* let u1 = u1 mod q */
        if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+        }
+#endif
        /* V is now in u1.  If the signature is correct, it will be
         * equal to R. */
        ret=(BN_ucmp(&u1, sig->r) == 0);
        err:
-        /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
-           there is no error in BN. Test should be ret == -1 (Ben) */
        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
        if (ctx != NULL) BN_CTX_free(ctx);
        BN_free(&u1);
@@ -387,7 +373,21 @@ static int dsa_init(DSA *dsa)
 static int dsa_finish(DSA *dsa)
 {
        if(dsa->method_mont_p)
-                BN_MONT_CTX_free(dsa->method_mont_p);
+                BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
        return(1);
 }
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont)
+{
+        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+        
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx)
+{
+        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+#endif

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 75ff7cc4af..5de5fc7e91 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,63 +65,33 @@
65	#include <openssl/rand.h>	65	#include <openssl/rand.h>
66	#include <openssl/asn1.h>	66	#include <openssl/asn1.h>
67		67
		68	#ifndef OPENSSL_FIPS
68	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);	69	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);
69	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);	70	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);
70	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	71	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
71	DSA *dsa);	72	DSA *dsa);
72	static int dsa_init(DSA *dsa);	73	static int dsa_init(DSA *dsa);
73	static int dsa_finish(DSA *dsa);	74	static int dsa_finish(DSA *dsa);
		75	static int dsa_mod_exp(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM p1,
		76	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx,
		77	BN_MONT_CTX *in_mont);
		78	static int dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
		79	const BIGNUM m, BN_CTX ctx,
		80	BN_MONT_CTX *m_ctx);
74		81
75	static DSA_METHOD openssl_dsa_meth = {	82	static DSA_METHOD openssl_dsa_meth = {
76	"OpenSSL DSA method",	83	"OpenSSL DSA method",
77	dsa_do_sign,	84	dsa_do_sign,
78	dsa_sign_setup,	85	dsa_sign_setup,
79	dsa_do_verify,	86	dsa_do_verify,
80	NULL, /* dsa_mod_exp, */	87	dsa_mod_exp,
81	NULL, /* dsa_bn_mod_exp, */	88	dsa_bn_mod_exp,
82	dsa_init,	89	dsa_init,
83	dsa_finish,	90	dsa_finish,
84	0,	91	0,
85	NULL,
86	NULL,
87	NULL	92	NULL
88	};	93	};
89		94
90	/* These macro wrappers replace attempts to use the dsa_mod_exp() and
91	* bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
92	* having a the macro work as an expression by bundling an "err_instr". So;
93	*
94	* if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
95	* dsa->method_mont_p)) goto err;
96	*
97	* can be replaced by;
98	*
99	* DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
100	* dsa->method_mont_p);
101	*/
102
103	#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
104	do { \
105	int _tmp_res53; \
106	if((dsa)->meth->dsa_mod_exp) \
107	_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
108	(a2), (p2), (m), (ctx), (in_mont)); \
109	else \
110	_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
111	(m), (ctx), (in_mont)); \
112	if(!_tmp_res53) err_instr; \
113	} while(0)
114	#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
115	do { \
116	int _tmp_res53; \
117	if((dsa)->meth->bn_mod_exp) \
118	_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
119	(m), (ctx), (m_ctx)); \
120	else \
121	_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
122	if(!_tmp_res53) err_instr; \
123	} while(0)
124
125	const DSA_METHOD *DSA_OpenSSL(void)	95	const DSA_METHOD *DSA_OpenSSL(void)
126	{	96	{
127	return &openssl_dsa_meth;	97	return &openssl_dsa_meth;
@@ -229,12 +199,12 @@ static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
229	while (BN_is_zero(&k));	199	while (BN_is_zero(&k));
230	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)	200	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
231	{	201	{
232	BN_set_flags(&k, BN_FLG_CONSTTIME);	202	BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
233	}	203	}
234		204
235	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)	205	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
236	{	206	{
237	if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,	207	if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
238	CRYPTO_LOCK_DSA,	208	CRYPTO_LOCK_DSA,
239	dsa->p, ctx))	209	dsa->p, ctx))
240	goto err;	210	goto err;
@@ -264,8 +234,8 @@ static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
264	{	234	{
265	K = &k;	235	K = &k;
266	}	236	}
267	DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,	237	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
268	dsa->method_mont_p);	238	(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
269	if (!BN_mod(r,r,dsa->q,ctx)) goto err;	239	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
270		240
271	/* Compute part of 's = inv(k) (m + xr) mod q' */	241	/* Compute part of 's = inv(k) (m + xr) mod q' */
@@ -322,14 +292,12 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
322		292
323	if ((ctx=BN_CTX_new()) == NULL) goto err;	293	if ((ctx=BN_CTX_new()) == NULL) goto err;
324		294
325	if (BN_is_zero(sig->r) \|\| BN_is_negative(sig->r) \|\|	295	if (BN_is_zero(sig->r) \|\| sig->r->neg \|\| BN_ucmp(sig->r, dsa->q) >= 0)
326	BN_ucmp(sig->r, dsa->q) >= 0)
327	{	296	{
328	ret = 0;	297	ret = 0;
329	goto err;	298	goto err;
330	}	299	}
331	if (BN_is_zero(sig->s) \|\| BN_is_negative(sig->s) \|\|	300	if (BN_is_zero(sig->s) \|\| sig->s->neg \|\| BN_ucmp(sig->s, dsa->q) >= 0)
332	BN_ucmp(sig->s, dsa->q) >= 0)
333	{	301	{
334	ret = 0;	302	ret = 0;
335	goto err;	303	goto err;
@@ -351,25 +319,43 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
351		319
352	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)	320	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
353	{	321	{
354	mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,	322	mont = BN_MONT_CTX_set_locked(
		323	(BN_MONT_CTX **)&dsa->method_mont_p,
355	CRYPTO_LOCK_DSA, dsa->p, ctx);	324	CRYPTO_LOCK_DSA, dsa->p, ctx);
356	if (!mont)	325	if (!mont)
357	goto err;	326	goto err;
358	}	327	}
359		328
360		329	#if 0
361	DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);	330	{
		331	BIGNUM t2;
		332
		333	BN_init(&t2);
		334	/* v = ( g^u1 * y^u2 mod p ) mod q */
		335	/* let t1 = g ^ u1 mod p */
		336	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
		337	/* let t2 = y ^ u2 mod p */
		338	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
		339	/* let u1 = t1 * t2 mod p */
		340	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
		341	BN_free(&t2);
		342	}
		343	/* let u1 = u1 mod q */
		344	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
		345	#else
		346	{
		347	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
		348	dsa->p,ctx,mont)) goto err;
362	/* BN_copy(&u1,&t1); */	349	/* BN_copy(&u1,&t1); */
363	/* let u1 = u1 mod q */	350	/* let u1 = u1 mod q */
364	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;	351	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
365		352	}
		353	#endif
366	/* V is now in u1. If the signature is correct, it will be	354	/* V is now in u1. If the signature is correct, it will be
367	* equal to R. */	355	* equal to R. */
368	ret=(BN_ucmp(&u1, sig->r) == 0);	356	ret=(BN_ucmp(&u1, sig->r) == 0);
369		357
370	err:	358	err:
371	/* XXX: surely this is wrong - if ret is 0, it just didn't verify;
372	there is no error in BN. Test should be ret == -1 (Ben) */
373	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);	359	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
374	if (ctx != NULL) BN_CTX_free(ctx);	360	if (ctx != NULL) BN_CTX_free(ctx);
375	BN_free(&u1);	361	BN_free(&u1);
@@ -387,7 +373,21 @@ static int dsa_init(DSA *dsa)
387	static int dsa_finish(DSA *dsa)	373	static int dsa_finish(DSA *dsa)
388	{	374	{
389	if(dsa->method_mont_p)	375	if(dsa->method_mont_p)
390	BN_MONT_CTX_free(dsa->method_mont_p);	376	BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
391	return(1);	377	return(1);
392	}	378	}
393		379
		380	static int dsa_mod_exp(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM p1,
		381	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx,
		382	BN_MONT_CTX *in_mont)
		383	{
		384	return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
		385	}
		386
		387	static int dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
		388	const BIGNUM m, BN_CTX ctx,
		389	BN_MONT_CTX *m_ctx)
		390	{
		391	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
		392	}
		393	#endif