1 files changed, 14 insertions, 34 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 4fead07e80..412cf1d88b 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -61,15 +61,16 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
-#include <openssl/sha.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                         DSA *dsa);
+                  DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
@@ -134,7 +135,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        BIGNUM m;
        BIGNUM xr;
        BN_CTX *ctx=NULL;
-        int reason=ERR_R_BN_LIB;
+        int i,reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
        BN_init(&m);
@@ -149,9 +150,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        s=BN_new();
        if (s == NULL) goto err;
-        /* reject a excessive digest length (currently at most
+        i=BN_num_bytes(dsa->q); /* should be 20 */
-         * dsa-with-SHA256 is supported) */
+        if ((dlen > i) || (dlen > 50))
-        if (dlen > SHA256_DIGEST_LENGTH)
                {
                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
                goto err;
@@ -172,14 +172,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                dsa->r=NULL;
                }
-        
+        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
-        if (dlen > BN_num_bytes(dsa->q))
-                /* if the digest length is greater than the size of q use the
-                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
-                 * fips 186-3, 4.2 */
-                dlen = BN_num_bytes(dsa->q);
-        if (BN_bin2bn(dgst,dlen,&m) == NULL)
-                goto err;
        /* Compute  s = inv(k) (m + xr) mod q */
        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -290,31 +283,30 @@ err:
        if (!ret)
                {
                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-                if (r != NULL)
+                if (kinv != NULL) BN_clear_free(kinv);
-                        BN_clear_free(r);
+                if (r != NULL) BN_clear_free(r);
                }
        if (ctx_in == NULL) BN_CTX_free(ctx);
+        if (kinv != NULL) BN_clear_free(kinv);
        BN_clear_free(&k);
        BN_clear_free(&kq);
        return(ret);
        }
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                         DSA *dsa)
+                  DSA *dsa)
        {
        BN_CTX *ctx;
        BIGNUM u1,u2,t1;
        BN_MONT_CTX *mont=NULL;
-        int ret = -1, i;
+        int ret = -1;
        if (!dsa->p || !dsa->q || !dsa->g)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
                return -1;
                }
-        i = BN_num_bits(dsa->q);
+        if (BN_num_bits(dsa->q) != 160)
-        /* fips 186-3 allows only different sizes for q */
-        if (i != 160 && i != 224 && i != 256)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
                return -1;
@@ -326,14 +318,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                return -1;
                }
-        /* reject a excessive digest length (currently at most
-         * dsa-with-SHA256 is supported) */
-        if (dgst_len > SHA256_DIGEST_LENGTH)
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                return -1;
-                }
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);
@@ -358,11 +342,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
        /* save M in u1 */
-        if (dgst_len > (i >> 3))
-                /* if the digest length is greater than the size of q use the
-                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
-                 * fips 186-3, 4.2 */
-                dgst_len = (i >> 3);
        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
        /* u1 = M * w mod q */
@@ -414,3 +393,4 @@ static int dsa_finish(DSA *dsa)
        return(1);
 }
+#endif

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 4fead07e80..412cf1d88b 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -61,15 +61,16 @@
61	#include <stdio.h>	61	#include <stdio.h>
62	#include "cryptlib.h"	62	#include "cryptlib.h"
63	#include <openssl/bn.h>	63	#include <openssl/bn.h>
64	#include <openssl/sha.h>
65	#include <openssl/dsa.h>	64	#include <openssl/dsa.h>
66	#include <openssl/rand.h>	65	#include <openssl/rand.h>
67	#include <openssl/asn1.h>	66	#include <openssl/asn1.h>
68		67
		68	#ifndef OPENSSL_FIPS
		69
69	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);	70	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);
70	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);	71	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);
71	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	72	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
72	DSA *dsa);	73	DSA *dsa);
73	static int dsa_init(DSA *dsa);	74	static int dsa_init(DSA *dsa);
74	static int dsa_finish(DSA *dsa);	75	static int dsa_finish(DSA *dsa);
75		76
@@ -134,7 +135,7 @@ static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
134	BIGNUM m;	135	BIGNUM m;
135	BIGNUM xr;	136	BIGNUM xr;
136	BN_CTX *ctx=NULL;	137	BN_CTX *ctx=NULL;
137	int reason=ERR_R_BN_LIB;	138	int i,reason=ERR_R_BN_LIB;
138	DSA_SIG *ret=NULL;	139	DSA_SIG *ret=NULL;
139		140
140	BN_init(&m);	141	BN_init(&m);
@@ -149,9 +150,8 @@ static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
149	s=BN_new();	150	s=BN_new();
150	if (s == NULL) goto err;	151	if (s == NULL) goto err;
151		152
152	/* reject a excessive digest length (currently at most	153	i=BN_num_bytes(dsa->q); /* should be 20 */
153	* dsa-with-SHA256 is supported) */	154	if ((dlen > i) \|\| (dlen > 50))
154	if (dlen > SHA256_DIGEST_LENGTH)
155	{	155	{
156	reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;	156	reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
157	goto err;	157	goto err;
@@ -172,14 +172,7 @@ static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
172	dsa->r=NULL;	172	dsa->r=NULL;
173	}	173	}
174		174
175		175	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
176	if (dlen > BN_num_bytes(dsa->q))
177	/* if the digest length is greater than the size of q use the
178	* BN_num_bits(dsa->q) leftmost bits of the digest, see
179	* fips 186-3, 4.2 */
180	dlen = BN_num_bytes(dsa->q);
181	if (BN_bin2bn(dgst,dlen,&m) == NULL)
182	goto err;
183		176
184	/* Compute s = inv(k) (m + xr) mod q */	177	/* Compute s = inv(k) (m + xr) mod q */
185	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */	178	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -290,31 +283,30 @@ err:
290	if (!ret)	283	if (!ret)
291	{	284	{
292	DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);	285	DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
293	if (r != NULL)	286	if (kinv != NULL) BN_clear_free(kinv);
294	BN_clear_free(r);	287	if (r != NULL) BN_clear_free(r);
295	}	288	}
296	if (ctx_in == NULL) BN_CTX_free(ctx);	289	if (ctx_in == NULL) BN_CTX_free(ctx);
		290	if (kinv != NULL) BN_clear_free(kinv);
297	BN_clear_free(&k);	291	BN_clear_free(&k);
298	BN_clear_free(&kq);	292	BN_clear_free(&kq);
299	return(ret);	293	return(ret);
300	}	294	}
301		295
302	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	296	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
303	DSA *dsa)	297	DSA *dsa)
304	{	298	{
305	BN_CTX *ctx;	299	BN_CTX *ctx;
306	BIGNUM u1,u2,t1;	300	BIGNUM u1,u2,t1;
307	BN_MONT_CTX *mont=NULL;	301	BN_MONT_CTX *mont=NULL;
308	int ret = -1, i;	302	int ret = -1;
309	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)	303	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)
310	{	304	{
311	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);	305	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
312	return -1;	306	return -1;
313	}	307	}
314		308
315	i = BN_num_bits(dsa->q);	309	if (BN_num_bits(dsa->q) != 160)
316	/* fips 186-3 allows only different sizes for q */
317	if (i != 160 && i != 224 && i != 256)
318	{	310	{
319	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);	311	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
320	return -1;	312	return -1;
@@ -326,14 +318,6 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
326	return -1;	318	return -1;
327	}	319	}
328		320
329	/* reject a excessive digest length (currently at most
330	* dsa-with-SHA256 is supported) */
331	if (dgst_len > SHA256_DIGEST_LENGTH)
332	{
333	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
334	return -1;
335	}
336
337	BN_init(&u1);	321	BN_init(&u1);
338	BN_init(&u2);	322	BN_init(&u2);
339	BN_init(&t1);	323	BN_init(&t1);
@@ -358,11 +342,6 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
358	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;	342	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
359		343
360	/* save M in u1 */	344	/* save M in u1 */
361	if (dgst_len > (i >> 3))
362	/* if the digest length is greater than the size of q use the
363	* BN_num_bits(dsa->q) leftmost bits of the digest, see
364	* fips 186-3, 4.2 */
365	dgst_len = (i >> 3);
366	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;	345	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
367		346
368	/* u1 = M * w mod q */	347	/* u1 = M * w mod q */
@@ -414,3 +393,4 @@ static int dsa_finish(DSA *dsa)
414	return(1);	393	return(1);
415	}	394	}
416		395
		396	#endif