summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/dsa/dsa.h59
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c9
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c111
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c15
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c5
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c108
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c14
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c9
-rw-r--r--src/lib/libcrypto/dsa/dsatest.c35
9 files changed, 195 insertions, 170 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index aa0669eb7a..c079154625 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -65,6 +65,8 @@
65#ifndef HEADER_DSA_H 65#ifndef HEADER_DSA_H
66#define HEADER_DSA_H 66#define HEADER_DSA_H
67 67
68#include <openssl/e_os2.h>
69
68#ifdef OPENSSL_NO_DSA 70#ifdef OPENSSL_NO_DSA
69#error DSA is disabled. 71#error DSA is disabled.
70#endif 72#endif
@@ -72,12 +74,19 @@
72#ifndef OPENSSL_NO_BIO 74#ifndef OPENSSL_NO_BIO
73#include <openssl/bio.h> 75#include <openssl/bio.h>
74#endif 76#endif
75#include <openssl/bn.h>
76#include <openssl/crypto.h> 77#include <openssl/crypto.h>
77#include <openssl/ossl_typ.h> 78#include <openssl/ossl_typ.h>
79
80#ifndef OPENSSL_NO_DEPRECATED
81#include <openssl/bn.h>
78#ifndef OPENSSL_NO_DH 82#ifndef OPENSSL_NO_DH
79# include <openssl/dh.h> 83# include <openssl/dh.h>
80#endif 84#endif
85#endif
86
87#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
89#endif
81 90
82#define OPENSSL_DSA_MAX_MODULUS_BITS 3072 91#define OPENSSL_DSA_MAX_MODULUS_BITS 3072
83 92
@@ -90,22 +99,13 @@
90 * be used for all exponents. 99 * be used for all exponents.
91 */ 100 */
92 101
93/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
94 * it is then the applications responsibility to ensure the external method
95 * is compliant.
96 */
97
98#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
99
100#if defined(OPENSSL_FIPS)
101#define FIPS_DSA_SIZE_T int
102#endif
103
104#ifdef __cplusplus 102#ifdef __cplusplus
105extern "C" { 103extern "C" {
106#endif 104#endif
107 105
108typedef struct dsa_st DSA; 106/* Already defined in ossl_typ.h */
107/* typedef struct dsa_st DSA; */
108/* typedef struct dsa_method DSA_METHOD; */
109 109
110typedef struct DSA_SIG_st 110typedef struct DSA_SIG_st
111 { 111 {
@@ -113,7 +113,8 @@ typedef struct DSA_SIG_st
113 BIGNUM *s; 113 BIGNUM *s;
114 } DSA_SIG; 114 } DSA_SIG;
115 115
116typedef struct dsa_method { 116struct dsa_method
117 {
117 const char *name; 118 const char *name;
118 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); 119 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
119 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, 120 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
@@ -130,7 +131,14 @@ typedef struct dsa_method {
130 int (*finish)(DSA *dsa); 131 int (*finish)(DSA *dsa);
131 int flags; 132 int flags;
132 char *app_data; 133 char *app_data;
133} DSA_METHOD; 134 /* If this is non-NULL, it is used to generate DSA parameters */
135 int (*dsa_paramgen)(DSA *dsa, int bits,
136 unsigned char *seed, int seed_len,
137 int *counter_ret, unsigned long *h_ret,
138 BN_GENCB *cb);
139 /* If this is non-NULL, it is used to generate DSA keys */
140 int (*dsa_keygen)(DSA *dsa);
141 };
134 142
135struct dsa_st 143struct dsa_st
136 { 144 {
@@ -151,7 +159,7 @@ struct dsa_st
151 159
152 int flags; 160 int flags;
153 /* Normally used to cache montgomery values */ 161 /* Normally used to cache montgomery values */
154 char *method_mont_p; 162 BN_MONT_CTX *method_mont_p;
155 int references; 163 int references;
156 CRYPTO_EX_DATA ex_data; 164 CRYPTO_EX_DATA ex_data;
157 const DSA_METHOD *meth; 165 const DSA_METHOD *meth;
@@ -159,16 +167,13 @@ struct dsa_st
159 ENGINE *engine; 167 ENGINE *engine;
160 }; 168 };
161 169
162#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ 170#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
163 (char *(*)())d2i_DSAparams,(char *)(x))
164#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ 171#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
165 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) 172 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
166#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ 173#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
167 (unsigned char *)(x)) 174 (unsigned char *)(x))
168#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \ 175#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
169 (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x)) 176#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
170#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
171 (unsigned char *)(x))
172 177
173 178
174DSA_SIG * DSA_SIG_new(void); 179DSA_SIG * DSA_SIG_new(void);
@@ -206,10 +211,20 @@ void *DSA_get_ex_data(DSA *d, int idx);
206DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); 211DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
207DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); 212DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
208DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); 213DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
214
215/* Deprecated version */
216#ifndef OPENSSL_NO_DEPRECATED
209DSA * DSA_generate_parameters(int bits, 217DSA * DSA_generate_parameters(int bits,
210 unsigned char *seed,int seed_len, 218 unsigned char *seed,int seed_len,
211 int *counter_ret, unsigned long *h_ret,void 219 int *counter_ret, unsigned long *h_ret,void
212 (*callback)(int, int, void *),void *cb_arg); 220 (*callback)(int, int, void *),void *cb_arg);
221#endif /* !defined(OPENSSL_NO_DEPRECATED) */
222
223/* New version */
224int DSA_generate_parameters_ex(DSA *dsa, int bits,
225 unsigned char *seed,int seed_len,
226 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
227
213int DSA_generate_key(DSA *a); 228int DSA_generate_key(DSA *a);
214int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); 229int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
215int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); 230int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index d7fac69154..768711994b 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -100,15 +100,12 @@ static ERR_STRING_DATA DSA_str_reasons[]=
100 100
101void ERR_load_DSA_strings(void) 101void ERR_load_DSA_strings(void)
102 { 102 {
103 static int init=1; 103#ifndef OPENSSL_NO_ERR
104 104
105 if (init) 105 if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
106 { 106 {
107 init=0;
108#ifndef OPENSSL_NO_ERR
109 ERR_load_strings(0,DSA_str_functs); 107 ERR_load_strings(0,DSA_str_functs);
110 ERR_load_strings(0,DSA_str_reasons); 108 ERR_load_strings(0,DSA_str_reasons);
111#endif
112
113 } 109 }
110#endif
114 } 111 }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index e40afeea51..ca0b86a6cf 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -69,6 +69,8 @@
69#define HASH EVP_sha1() 69#define HASH EVP_sha1()
70#endif 70#endif
71 71
72#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
73
72#ifndef OPENSSL_NO_SHA 74#ifndef OPENSSL_NO_SHA
73 75
74#include <stdio.h> 76#include <stdio.h>
@@ -80,12 +82,24 @@
80#include <openssl/rand.h> 82#include <openssl/rand.h>
81#include <openssl/sha.h> 83#include <openssl/sha.h>
82 84
83#ifndef OPENSSL_FIPS 85static int dsa_builtin_paramgen(DSA *ret, int bits,
84DSA *DSA_generate_parameters(int bits, 86 unsigned char *seed_in, int seed_len,
87 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
88
89int DSA_generate_parameters_ex(DSA *ret, int bits,
90 unsigned char *seed_in, int seed_len,
91 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
92 {
93 if(ret->meth->dsa_paramgen)
94 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
95 counter_ret, h_ret, cb);
96 return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
97 counter_ret, h_ret, cb);
98 }
99
100static int dsa_builtin_paramgen(DSA *ret, int bits,
85 unsigned char *seed_in, int seed_len, 101 unsigned char *seed_in, int seed_len,
86 int *counter_ret, unsigned long *h_ret, 102 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
87 void (*callback)(int, int, void *),
88 void *cb_arg)
89 { 103 {
90 int ok=0; 104 int ok=0;
91 unsigned char seed[SHA_DIGEST_LENGTH]; 105 unsigned char seed[SHA_DIGEST_LENGTH];
@@ -97,40 +111,43 @@ DSA *DSA_generate_parameters(int bits,
97 int k,n=0,i,b,m=0; 111 int k,n=0,i,b,m=0;
98 int counter=0; 112 int counter=0;
99 int r=0; 113 int r=0;
100 BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; 114 BN_CTX *ctx=NULL;
101 unsigned int h=2; 115 unsigned int h=2;
102 DSA *ret=NULL;
103 116
104 if (bits < 512) bits=512; 117 if (bits < 512) bits=512;
105 bits=(bits+63)/64*64; 118 bits=(bits+63)/64*64;
106 119
107 if (seed_len < 20) 120 /* NB: seed_len == 0 is special case: copy generated seed to
121 * seed_in if it is not NULL.
122 */
123 if (seed_len && (seed_len < 20))
108 seed_in = NULL; /* seed buffer too small -- ignore */ 124 seed_in = NULL; /* seed buffer too small -- ignore */
109 if (seed_len > 20) 125 if (seed_len > 20)
110 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 126 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
111 * but our internal buffers are restricted to 160 bits*/ 127 * but our internal buffers are restricted to 160 bits*/
112 if ((seed_in != NULL) && (seed_len == 20)) 128 if ((seed_in != NULL) && (seed_len == 20))
129 {
113 memcpy(seed,seed_in,seed_len); 130 memcpy(seed,seed_in,seed_len);
131 /* set seed_in to NULL to avoid it being copied back */
132 seed_in = NULL;
133 }
114 134
115 if ((ctx=BN_CTX_new()) == NULL) goto err; 135 if ((ctx=BN_CTX_new()) == NULL) goto err;
116 if ((ctx2=BN_CTX_new()) == NULL) goto err;
117 if ((ctx3=BN_CTX_new()) == NULL) goto err;
118 if ((ret=DSA_new()) == NULL) goto err;
119 136
120 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 137 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
121 138
122 BN_CTX_start(ctx2); 139 BN_CTX_start(ctx);
123 r0 = BN_CTX_get(ctx2); 140 r0 = BN_CTX_get(ctx);
124 g = BN_CTX_get(ctx2); 141 g = BN_CTX_get(ctx);
125 W = BN_CTX_get(ctx2); 142 W = BN_CTX_get(ctx);
126 q = BN_CTX_get(ctx2); 143 q = BN_CTX_get(ctx);
127 X = BN_CTX_get(ctx2); 144 X = BN_CTX_get(ctx);
128 c = BN_CTX_get(ctx2); 145 c = BN_CTX_get(ctx);
129 p = BN_CTX_get(ctx2); 146 p = BN_CTX_get(ctx);
130 test = BN_CTX_get(ctx2); 147 test = BN_CTX_get(ctx);
131 if (test == NULL) goto err;
132 148
133 if (!BN_lshift(test,BN_value_one(),bits-1)) goto err; 149 if (!BN_lshift(test,BN_value_one(),bits-1))
150 goto err;
134 151
135 for (;;) 152 for (;;)
136 { 153 {
@@ -139,7 +156,8 @@ DSA *DSA_generate_parameters(int bits,
139 int seed_is_random; 156 int seed_is_random;
140 157
141 /* step 1 */ 158 /* step 1 */
142 if (callback != NULL) callback(0,m++,cb_arg); 159 if(!BN_GENCB_call(cb, 0, m++))
160 goto err;
143 161
144 if (!seed_len) 162 if (!seed_len)
145 { 163 {
@@ -172,7 +190,8 @@ DSA *DSA_generate_parameters(int bits,
172 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; 190 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
173 191
174 /* step 4 */ 192 /* step 4 */
175 r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); 193 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
194 seed_is_random, cb);
176 if (r > 0) 195 if (r > 0)
177 break; 196 break;
178 if (r != 0) 197 if (r != 0)
@@ -182,8 +201,8 @@ DSA *DSA_generate_parameters(int bits,
182 /* step 5 */ 201 /* step 5 */
183 } 202 }
184 203
185 if (callback != NULL) callback(2,0,cb_arg); 204 if(!BN_GENCB_call(cb, 2, 0)) goto err;
186 if (callback != NULL) callback(3,0,cb_arg); 205 if(!BN_GENCB_call(cb, 3, 0)) goto err;
187 206
188 /* step 6 */ 207 /* step 6 */
189 counter=0; 208 counter=0;
@@ -194,11 +213,11 @@ DSA *DSA_generate_parameters(int bits,
194 213
195 for (;;) 214 for (;;)
196 { 215 {
197 if (callback != NULL && counter != 0) 216 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
198 callback(0,counter,cb_arg); 217 goto err;
199 218
200 /* step 7 */ 219 /* step 7 */
201 if (!BN_zero(W)) goto err; 220 BN_zero(W);
202 /* now 'buf' contains "SEED + offset - 1" */ 221 /* now 'buf' contains "SEED + offset - 1" */
203 for (k=0; k<=n; k++) 222 for (k=0; k<=n; k++)
204 { 223 {
@@ -233,7 +252,8 @@ DSA *DSA_generate_parameters(int bits,
233 if (BN_cmp(p,test) >= 0) 252 if (BN_cmp(p,test) >= 0)
234 { 253 {
235 /* step 11 */ 254 /* step 11 */
236 r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); 255 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
256 ctx, 1, cb);
237 if (r > 0) 257 if (r > 0)
238 goto end; /* found it */ 258 goto end; /* found it */
239 if (r != 0) 259 if (r != 0)
@@ -249,7 +269,8 @@ DSA *DSA_generate_parameters(int bits,
249 } 269 }
250 } 270 }
251end: 271end:
252 if (callback != NULL) callback(2,1,cb_arg); 272 if(!BN_GENCB_call(cb, 2, 1))
273 goto err;
253 274
254 /* We now need to generate g */ 275 /* We now need to generate g */
255 /* Set r0=(p-1)/q */ 276 /* Set r0=(p-1)/q */
@@ -268,16 +289,16 @@ end:
268 h++; 289 h++;
269 } 290 }
270 291
271 if (callback != NULL) callback(3,1,cb_arg); 292 if(!BN_GENCB_call(cb, 3, 1))
293 goto err;
272 294
273 ok=1; 295 ok=1;
274err: 296err:
275 if (!ok) 297 if (ok)
276 {
277 if (ret != NULL) DSA_free(ret);
278 }
279 else
280 { 298 {
299 if(ret->p) BN_free(ret->p);
300 if(ret->q) BN_free(ret->q);
301 if(ret->g) BN_free(ret->g);
281 ret->p=BN_dup(p); 302 ret->p=BN_dup(p);
282 ret->q=BN_dup(q); 303 ret->q=BN_dup(q);
283 ret->g=BN_dup(g); 304 ret->g=BN_dup(g);
@@ -286,20 +307,16 @@ err:
286 ok=0; 307 ok=0;
287 goto err; 308 goto err;
288 } 309 }
289 if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); 310 if (seed_in != NULL) memcpy(seed_in,seed,20);
290 if (counter_ret != NULL) *counter_ret=counter; 311 if (counter_ret != NULL) *counter_ret=counter;
291 if (h_ret != NULL) *h_ret=h; 312 if (h_ret != NULL) *h_ret=h;
292 } 313 }
293 if (ctx != NULL) BN_CTX_free(ctx); 314 if(ctx)
294 if (ctx2 != NULL)
295 { 315 {
296 BN_CTX_end(ctx2); 316 BN_CTX_end(ctx);
297 BN_CTX_free(ctx2); 317 BN_CTX_free(ctx);
298 } 318 }
299 if (ctx3 != NULL) BN_CTX_free(ctx3);
300 if (mont != NULL) BN_MONT_CTX_free(mont); 319 if (mont != NULL) BN_MONT_CTX_free(mont);
301 return(ok?ret:NULL); 320 return ok;
302 } 321 }
303#endif /* ndef OPENSSL_FIPS */ 322#endif
304#endif /* ndef OPENSSL_NO_SHA */
305
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 980b6dc2d3..c4aa86bc6d 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -56,17 +56,25 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA
60#include <stdio.h> 59#include <stdio.h>
61#include <time.h> 60#include <time.h>
62#include "cryptlib.h" 61#include "cryptlib.h"
62#ifndef OPENSSL_NO_SHA
63#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66 66
67#ifndef OPENSSL_FIPS 67static int dsa_builtin_keygen(DSA *dsa);
68
68int DSA_generate_key(DSA *dsa) 69int DSA_generate_key(DSA *dsa)
69 { 70 {
71 if(dsa->meth->dsa_keygen)
72 return dsa->meth->dsa_keygen(dsa);
73 return dsa_builtin_keygen(dsa);
74 }
75
76static int dsa_builtin_keygen(DSA *dsa)
77 {
70 int ok=0; 78 int ok=0;
71 BN_CTX *ctx=NULL; 79 BN_CTX *ctx=NULL;
72 BIGNUM *pub_key=NULL,*priv_key=NULL; 80 BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -99,7 +107,7 @@ int DSA_generate_key(DSA *dsa)
99 { 107 {
100 BN_init(&local_prk); 108 BN_init(&local_prk);
101 prk = &local_prk; 109 prk = &local_prk;
102 BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); 110 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
103 } 111 }
104 else 112 else
105 prk = priv_key; 113 prk = priv_key;
@@ -118,4 +126,3 @@ err:
118 return(ok); 126 return(ok);
119 } 127 }
120#endif 128#endif
121#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 4171af24c6..e9b75902db 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -66,8 +66,11 @@
66#ifndef OPENSSL_NO_ENGINE 66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif 68#endif
69#ifndef OPENSSL_NO_DH
70#include <openssl/dh.h>
71#endif
69 72
70const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; 73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
71 74
72static const DSA_METHOD *default_DSA_method = NULL; 75static const DSA_METHOD *default_DSA_method = NULL;
73 76
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 5de5fc7e91..75ff7cc4af 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,33 +65,63 @@
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67 67
68#ifndef OPENSSL_FIPS
69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 70static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
72 DSA *dsa); 71 DSA *dsa);
73static int dsa_init(DSA *dsa); 72static int dsa_init(DSA *dsa);
74static int dsa_finish(DSA *dsa); 73static int dsa_finish(DSA *dsa);
75static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
76 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
77 BN_MONT_CTX *in_mont);
78static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
79 const BIGNUM *m, BN_CTX *ctx,
80 BN_MONT_CTX *m_ctx);
81 74
82static DSA_METHOD openssl_dsa_meth = { 75static DSA_METHOD openssl_dsa_meth = {
83"OpenSSL DSA method", 76"OpenSSL DSA method",
84dsa_do_sign, 77dsa_do_sign,
85dsa_sign_setup, 78dsa_sign_setup,
86dsa_do_verify, 79dsa_do_verify,
87dsa_mod_exp, 80NULL, /* dsa_mod_exp, */
88dsa_bn_mod_exp, 81NULL, /* dsa_bn_mod_exp, */
89dsa_init, 82dsa_init,
90dsa_finish, 83dsa_finish,
910, 840,
85NULL,
86NULL,
92NULL 87NULL
93}; 88};
94 89
90/* These macro wrappers replace attempts to use the dsa_mod_exp() and
91 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
92 * having a the macro work as an expression by bundling an "err_instr". So;
93 *
94 * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
95 * dsa->method_mont_p)) goto err;
96 *
97 * can be replaced by;
98 *
99 * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
100 * dsa->method_mont_p);
101 */
102
103#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
104 do { \
105 int _tmp_res53; \
106 if((dsa)->meth->dsa_mod_exp) \
107 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
108 (a2), (p2), (m), (ctx), (in_mont)); \
109 else \
110 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
111 (m), (ctx), (in_mont)); \
112 if(!_tmp_res53) err_instr; \
113 } while(0)
114#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
115 do { \
116 int _tmp_res53; \
117 if((dsa)->meth->bn_mod_exp) \
118 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
119 (m), (ctx), (m_ctx)); \
120 else \
121 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
122 if(!_tmp_res53) err_instr; \
123 } while(0)
124
95const DSA_METHOD *DSA_OpenSSL(void) 125const DSA_METHOD *DSA_OpenSSL(void)
96{ 126{
97 return &openssl_dsa_meth; 127 return &openssl_dsa_meth;
@@ -199,12 +229,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
199 while (BN_is_zero(&k)); 229 while (BN_is_zero(&k));
200 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 230 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
201 { 231 {
202 BN_set_flags(&k, BN_FLG_EXP_CONSTTIME); 232 BN_set_flags(&k, BN_FLG_CONSTTIME);
203 } 233 }
204 234
205 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 235 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
206 { 236 {
207 if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, 237 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
208 CRYPTO_LOCK_DSA, 238 CRYPTO_LOCK_DSA,
209 dsa->p, ctx)) 239 dsa->p, ctx))
210 goto err; 240 goto err;
@@ -234,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
234 { 264 {
235 K = &k; 265 K = &k;
236 } 266 }
237 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx, 267 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
238 (BN_MONT_CTX *)dsa->method_mont_p)) goto err; 268 dsa->method_mont_p);
239 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 269 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
240 270
241 /* Compute part of 's = inv(k) (m + xr) mod q' */ 271 /* Compute part of 's = inv(k) (m + xr) mod q' */
@@ -292,12 +322,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
292 322
293 if ((ctx=BN_CTX_new()) == NULL) goto err; 323 if ((ctx=BN_CTX_new()) == NULL) goto err;
294 324
295 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) 325 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
326 BN_ucmp(sig->r, dsa->q) >= 0)
296 { 327 {
297 ret = 0; 328 ret = 0;
298 goto err; 329 goto err;
299 } 330 }
300 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) 331 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
332 BN_ucmp(sig->s, dsa->q) >= 0)
301 { 333 {
302 ret = 0; 334 ret = 0;
303 goto err; 335 goto err;
@@ -319,43 +351,25 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
319 351
320 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 352 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
321 { 353 {
322 mont = BN_MONT_CTX_set_locked( 354 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
323 (BN_MONT_CTX **)&dsa->method_mont_p,
324 CRYPTO_LOCK_DSA, dsa->p, ctx); 355 CRYPTO_LOCK_DSA, dsa->p, ctx);
325 if (!mont) 356 if (!mont)
326 goto err; 357 goto err;
327 } 358 }
328 359
329#if 0 360
330 { 361 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
331 BIGNUM t2;
332
333 BN_init(&t2);
334 /* v = ( g^u1 * y^u2 mod p ) mod q */
335 /* let t1 = g ^ u1 mod p */
336 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
337 /* let t2 = y ^ u2 mod p */
338 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
339 /* let u1 = t1 * t2 mod p */
340 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
341 BN_free(&t2);
342 }
343 /* let u1 = u1 mod q */
344 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
345#else
346 {
347 if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
348 dsa->p,ctx,mont)) goto err;
349 /* BN_copy(&u1,&t1); */ 362 /* BN_copy(&u1,&t1); */
350 /* let u1 = u1 mod q */ 363 /* let u1 = u1 mod q */
351 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; 364 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
352 } 365
353#endif
354 /* V is now in u1. If the signature is correct, it will be 366 /* V is now in u1. If the signature is correct, it will be
355 * equal to R. */ 367 * equal to R. */
356 ret=(BN_ucmp(&u1, sig->r) == 0); 368 ret=(BN_ucmp(&u1, sig->r) == 0);
357 369
358 err: 370 err:
371 /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
372 there is no error in BN. Test should be ret == -1 (Ben) */
359 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); 373 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
360 if (ctx != NULL) BN_CTX_free(ctx); 374 if (ctx != NULL) BN_CTX_free(ctx);
361 BN_free(&u1); 375 BN_free(&u1);
@@ -373,21 +387,7 @@ static int dsa_init(DSA *dsa)
373static int dsa_finish(DSA *dsa) 387static int dsa_finish(DSA *dsa)
374{ 388{
375 if(dsa->method_mont_p) 389 if(dsa->method_mont_p)
376 BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); 390 BN_MONT_CTX_free(dsa->method_mont_p);
377 return(1); 391 return(1);
378} 392}
379 393
380static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
381 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
382 BN_MONT_CTX *in_mont)
383{
384 return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
385}
386
387static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
388 const BIGNUM *m, BN_CTX *ctx,
389 BN_MONT_CTX *m_ctx)
390{
391 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
392}
393#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 37c65efb20..89205026f0 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -64,18 +64,9 @@
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#ifndef OPENSSL_NO_ENGINE
68#include <openssl/engine.h>
69#endif
70#include <openssl/fips.h>
71 67
72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 68DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
73 { 69 {
74#ifdef OPENSSL_FIPS
75 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
76 && !FIPS_dsa_check(dsa))
77 return NULL;
78#endif
79 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 70 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
80 } 71 }
81 72
@@ -96,11 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
96 87
97int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 88int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
98 { 89 {
99#ifdef OPENSSL_FIPS
100 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
101 && !FIPS_dsa_check(dsa))
102 return 0;
103#endif
104 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 90 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
105 } 91 }
106 92
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c9784bed48..c4aeddd056 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -65,19 +65,10 @@
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#include <openssl/asn1_mac.h> 67#include <openssl/asn1_mac.h>
68#ifndef OPENSSL_NO_ENGINE
69#include <openssl/engine.h>
70#endif
71#include <openssl/fips.h>
72 68
73int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 69int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
74 DSA *dsa) 70 DSA *dsa)
75 { 71 {
76#ifdef OPENSSL_FIPS
77 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
78 && !FIPS_dsa_check(dsa))
79 return -1;
80#endif
81 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 72 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
82 } 73 }
83 74
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index 55a3756aff..912317bb44 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -56,6 +56,12 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* Until the key-gen callbacks are modified to use newer prototypes, we allow
60 * deprecated functions for openssl-internal code */
61#ifdef OPENSSL_NO_DEPRECATED
62#undef OPENSSL_NO_DEPRECATED
63#endif
64
59#include <stdio.h> 65#include <stdio.h>
60#include <stdlib.h> 66#include <stdlib.h>
61#include <string.h> 67#include <string.h>
@@ -68,6 +74,7 @@
68#include <openssl/rand.h> 74#include <openssl/rand.h>
69#include <openssl/bio.h> 75#include <openssl/bio.h>
70#include <openssl/err.h> 76#include <openssl/err.h>
77#include <openssl/bn.h>
71 78
72#ifdef OPENSSL_NO_DSA 79#ifdef OPENSSL_NO_DSA
73int main(int argc, char *argv[]) 80int main(int argc, char *argv[])
@@ -84,7 +91,7 @@ int main(int argc, char *argv[])
84#define MS_CALLBACK 91#define MS_CALLBACK
85#endif 92#endif
86 93
87static void MS_CALLBACK dsa_cb(int p, int n, void *arg); 94static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
88 95
89/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to 96/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
90 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ 97 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@@ -129,6 +136,7 @@ static BIO *bio_err=NULL;
129 136
130int main(int argc, char **argv) 137int main(int argc, char **argv)
131 { 138 {
139 BN_GENCB cb;
132 DSA *dsa=NULL; 140 DSA *dsa=NULL;
133 int counter,ret=0,i,j; 141 int counter,ret=0,i,j;
134 unsigned char buf[256]; 142 unsigned char buf[256];
@@ -148,7 +156,10 @@ int main(int argc, char **argv)
148 156
149 BIO_printf(bio_err,"test generation of DSA parameters\n"); 157 BIO_printf(bio_err,"test generation of DSA parameters\n");
150 158
151 dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); 159 BN_GENCB_set(&cb, dsa_cb, bio_err);
160 if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
161 seed, 20, &counter, &h, &cb))
162 goto end;
152 163
153 BIO_printf(bio_err,"seed\n"); 164 BIO_printf(bio_err,"seed\n");
154 for (i=0; i<20; i+=4) 165 for (i=0; i<20; i+=4)
@@ -156,7 +167,7 @@ int main(int argc, char **argv)
156 BIO_printf(bio_err,"%02X%02X%02X%02X ", 167 BIO_printf(bio_err,"%02X%02X%02X%02X ",
157 seed[i],seed[i+1],seed[i+2],seed[i+3]); 168 seed[i],seed[i+1],seed[i+2],seed[i+3]);
158 } 169 }
159 BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); 170 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
160 171
161 if (dsa == NULL) goto end; 172 if (dsa == NULL) goto end;
162 DSA_print(bio_err,dsa,0); 173 DSA_print(bio_err,dsa,0);
@@ -220,17 +231,14 @@ end:
220 BIO_free(bio_err); 231 BIO_free(bio_err);
221 bio_err = NULL; 232 bio_err = NULL;
222 } 233 }
234#ifdef OPENSSL_SYS_NETWARE
235 if (!ret) printf("ERROR\n");
236#endif
223 EXIT(!ret); 237 EXIT(!ret);
224 return(0); 238 return(0);
225 } 239 }
226 240
227static int cb_exit(int ec) 241static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
228 {
229 EXIT(ec);
230 return(0); /* To keep some compilers quiet */
231 }
232
233static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
234 { 242 {
235 char c='*'; 243 char c='*';
236 static int ok=0,num=0; 244 static int ok=0,num=0;
@@ -239,13 +247,14 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
239 if (p == 1) c='+'; 247 if (p == 1) c='+';
240 if (p == 2) { c='*'; ok++; } 248 if (p == 2) { c='*'; ok++; }
241 if (p == 3) c='\n'; 249 if (p == 3) c='\n';
242 BIO_write(arg,&c,1); 250 BIO_write(arg->arg,&c,1);
243 (void)BIO_flush(arg); 251 (void)BIO_flush(arg->arg);
244 252
245 if (!ok && (p == 0) && (num > 1)) 253 if (!ok && (p == 0) && (num > 1))
246 { 254 {
247 BIO_printf((BIO *)arg,"error in dsatest\n"); 255 BIO_printf((BIO *)arg,"error in dsatest\n");
248 cb_exit(1); 256 return 0;
249 } 257 }
258 return 1;
250 } 259 }
251#endif 260#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 20:38:18 +0000