summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_ossl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c39
1 files changed, 31 insertions, 8 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index b51cf6ad8d..37dd5fc994 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#include <openssl/engine.h>
67 68
68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -91,7 +92,7 @@ dsa_finish,
91NULL 92NULL
92}; 93};
93 94
94DSA_METHOD *DSA_OpenSSL(void) 95const DSA_METHOD *DSA_OpenSSL(void)
95{ 96{
96 return &openssl_dsa_meth; 97 return &openssl_dsa_meth;
97} 98}
@@ -105,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
105 int i,reason=ERR_R_BN_LIB; 106 int i,reason=ERR_R_BN_LIB;
106 DSA_SIG *ret=NULL; 107 DSA_SIG *ret=NULL;
107 108
109 if (!dsa->p || !dsa->q || !dsa->g)
110 {
111 reason=DSA_R_MISSING_PARAMETERS;
112 goto err;
113 }
108 BN_init(&m); 114 BN_init(&m);
109 BN_init(&xr); 115 BN_init(&xr);
110 s=BN_new(); 116 s=BN_new();
@@ -167,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
167 BIGNUM k,*kinv=NULL,*r=NULL; 173 BIGNUM k,*kinv=NULL,*r=NULL;
168 int ret=0; 174 int ret=0;
169 175
176 if (!dsa->p || !dsa->q || !dsa->g)
177 {
178 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
179 return 0;
180 }
170 if (ctx_in == NULL) 181 if (ctx_in == NULL)
171 { 182 {
172 if ((ctx=BN_CTX_new()) == NULL) goto err; 183 if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -179,13 +190,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
179 kinv=NULL; 190 kinv=NULL;
180 191
181 /* Get random k */ 192 /* Get random k */
182 for (;;) 193 do
183 { 194 if (!BN_rand_range(&k, dsa->q)) goto err;
184 if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; 195 while (BN_is_zero(&k));
185 if (BN_cmp(&k,dsa->q) >= 0)
186 BN_sub(&k,&k,dsa->q);
187 if (!BN_is_zero(&k)) break;
188 }
189 196
190 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) 197 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
191 { 198 {
@@ -228,12 +235,28 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
228 BIGNUM u1,u2,t1; 235 BIGNUM u1,u2,t1;
229 BN_MONT_CTX *mont=NULL; 236 BN_MONT_CTX *mont=NULL;
230 int ret = -1; 237 int ret = -1;
238 if (!dsa->p || !dsa->q || !dsa->g)
239 {
240 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
241 return -1;
242 }
231 243
232 if ((ctx=BN_CTX_new()) == NULL) goto err; 244 if ((ctx=BN_CTX_new()) == NULL) goto err;
233 BN_init(&u1); 245 BN_init(&u1);
234 BN_init(&u2); 246 BN_init(&u2);
235 BN_init(&t1); 247 BN_init(&t1);
236 248
249 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
250 {
251 ret = 0;
252 goto err;
253 }
254 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
255 {
256 ret = 0;
257 goto err;
258 }
259
237 /* Calculate W = inv(S) mod Q 260 /* Calculate W = inv(S) mod Q
238 * save W in u2 */ 261 * save W in u2 */
239 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 262 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-07 02:16:38 +0000