summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/dsa/Makefile7
-rw-r--r--src/lib/libcrypto/dsa/dsa.h307
-rw-r--r--src/lib/libcrypto/dsa/dsa_ameth.c704
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c150
-rw-r--r--src/lib/libcrypto/dsa/dsa_depr.c106
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c125
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c (renamed from src/lib/libssl/src/fips/dsa/fips_dsa_gen.c)137
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c (renamed from src/lib/libssl/src/fips/dsa/fips_dsa_key.c)43
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c (renamed from src/lib/libssl/src/crypto/rsa/rsa_eng.c)293
-rw-r--r--src/lib/libcrypto/dsa/dsa_locl.h60
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c (renamed from src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c)220
-rw-r--r--src/lib/libcrypto/dsa/dsa_pmeth.c318
-rw-r--r--src/lib/libcrypto/dsa/dsa_prn.c (renamed from src/lib/libssl/src/fips/rsa/fips_rsa_lib.c)92
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c90
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c89
-rw-r--r--src/lib/libcrypto/evp/c_all.c (renamed from src/lib/libcrypto/dsa/dsa_utl.c)49
16 files changed, 2335 insertions, 455 deletions
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
index 5fef4ca5ad..8073c4ecfe 100644
--- a/src/lib/libcrypto/dsa/Makefile
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -99,9 +99,8 @@ dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
99dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 99dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
100dsa_asn1.o: ../../include/openssl/opensslconf.h 100dsa_asn1.o: ../../include/openssl/opensslconf.h
101dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 101dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
102dsa_asn1.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 102dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
103dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 103dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
104dsa_asn1.o: ../cryptlib.h dsa_asn1.c
105dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h 104dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
106dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 105dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
107dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 106dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -190,7 +189,7 @@ dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
190dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 189dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
191dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 190dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
192dsa_prn.o: ../cryptlib.h dsa_prn.c 191dsa_prn.o: ../cryptlib.h dsa_prn.c
193dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h 192dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h
194dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 193dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
195dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h 194dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
196dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 195dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
new file mode 100644
index 0000000000..ac50a5c846
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -0,0 +1,307 @@
1/* crypto/dsa/dsa.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/*
60 * The DSS routines are based on patches supplied by
61 * Steven Schoch <schoch@sheba.arc.nasa.gov>. He basically did the
62 * work and I have just tweaked them a little to fit into my
63 * stylistic vision for SSLeay :-) */
64
65#ifndef HEADER_DSA_H
66#define HEADER_DSA_H
67
68#include <openssl/e_os2.h>
69
70#ifdef OPENSSL_NO_DSA
71#error DSA is disabled.
72#endif
73
74#ifndef OPENSSL_NO_BIO
75#include <openssl/bio.h>
76#endif
77#include <openssl/crypto.h>
78#include <openssl/ossl_typ.h>
79
80#ifndef OPENSSL_NO_DEPRECATED
81#include <openssl/bn.h>
82#ifndef OPENSSL_NO_DH
83# include <openssl/dh.h>
84#endif
85#endif
86
87#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
89#endif
90
91#define DSA_FLAG_CACHE_MONT_P 0x01
92#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
93 * implementation now uses constant time
94 * modular exponentiation for secret exponents
95 * by default. This flag causes the
96 * faster variable sliding window method to
97 * be used for all exponents.
98 */
99
100#ifdef __cplusplus
101extern "C" {
102#endif
103
104/* Already defined in ossl_typ.h */
105/* typedef struct dsa_st DSA; */
106/* typedef struct dsa_method DSA_METHOD; */
107
108typedef struct DSA_SIG_st
109 {
110 BIGNUM *r;
111 BIGNUM *s;
112 } DSA_SIG;
113
114struct dsa_method
115 {
116 const char *name;
117 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
118 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
119 BIGNUM **rp);
120 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
121 DSA_SIG *sig, DSA *dsa);
122 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
123 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
124 BN_MONT_CTX *in_mont);
125 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
126 const BIGNUM *m, BN_CTX *ctx,
127 BN_MONT_CTX *m_ctx); /* Can be null */
128 int (*init)(DSA *dsa);
129 int (*finish)(DSA *dsa);
130 int flags;
131 char *app_data;
132 /* If this is non-NULL, it is used to generate DSA parameters */
133 int (*dsa_paramgen)(DSA *dsa, int bits,
134 const unsigned char *seed, int seed_len,
135 int *counter_ret, unsigned long *h_ret,
136 BN_GENCB *cb);
137 /* If this is non-NULL, it is used to generate DSA keys */
138 int (*dsa_keygen)(DSA *dsa);
139 };
140
141struct dsa_st
142 {
143 /* This first variable is used to pick up errors where
144 * a DSA is passed instead of of a EVP_PKEY */
145 int pad;
146 long version;
147 int write_params;
148 BIGNUM *p;
149 BIGNUM *q; /* == 20 */
150 BIGNUM *g;
151
152 BIGNUM *pub_key; /* y public key */
153 BIGNUM *priv_key; /* x private key */
154
155 BIGNUM *kinv; /* Signing pre-calc */
156 BIGNUM *r; /* Signing pre-calc */
157
158 int flags;
159 /* Normally used to cache montgomery values */
160 BN_MONT_CTX *method_mont_p;
161 int references;
162 CRYPTO_EX_DATA ex_data;
163 const DSA_METHOD *meth;
164 /* functional reference if 'meth' is ENGINE-provided */
165 ENGINE *engine;
166 };
167
168#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
169 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
170#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
171 (unsigned char *)(x))
172#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
173#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
174
175
176DSA *DSAparams_dup(DSA *x);
177DSA_SIG * DSA_SIG_new(void);
178void DSA_SIG_free(DSA_SIG *a);
179int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
180DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
181
182DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
183int DSA_do_verify(const unsigned char *dgst,int dgst_len,
184 DSA_SIG *sig,DSA *dsa);
185
186const DSA_METHOD *DSA_OpenSSL(void);
187
188void DSA_set_default_method(const DSA_METHOD *);
189const DSA_METHOD *DSA_get_default_method(void);
190int DSA_set_method(DSA *dsa, const DSA_METHOD *);
191
192DSA * DSA_new(void);
193DSA * DSA_new_method(ENGINE *engine);
194void DSA_free (DSA *r);
195/* "up" the DSA object's reference count */
196int DSA_up_ref(DSA *r);
197int DSA_size(const DSA *);
198 /* next 4 return -1 on error */
199int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
200int DSA_sign(int type,const unsigned char *dgst,int dlen,
201 unsigned char *sig, unsigned int *siglen, DSA *dsa);
202int DSA_verify(int type,const unsigned char *dgst,int dgst_len,
203 const unsigned char *sigbuf, int siglen, DSA *dsa);
204int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
205 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
206int DSA_set_ex_data(DSA *d, int idx, void *arg);
207void *DSA_get_ex_data(DSA *d, int idx);
208
209DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
210DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
211DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
212
213/* Deprecated version */
214#ifndef OPENSSL_NO_DEPRECATED
215DSA * DSA_generate_parameters(int bits,
216 unsigned char *seed,int seed_len,
217 int *counter_ret, unsigned long *h_ret,void
218 (*callback)(int, int, void *),void *cb_arg);
219#endif /* !defined(OPENSSL_NO_DEPRECATED) */
220
221/* New version */
222int DSA_generate_parameters_ex(DSA *dsa, int bits,
223 const unsigned char *seed,int seed_len,
224 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
225
226int DSA_generate_key(DSA *a);
227int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
228int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
229int i2d_DSAparams(const DSA *a,unsigned char **pp);
230
231#ifndef OPENSSL_NO_BIO
232int DSAparams_print(BIO *bp, const DSA *x);
233int DSA_print(BIO *bp, const DSA *x, int off);
234#endif
235#ifndef OPENSSL_NO_FP_API
236int DSAparams_print_fp(FILE *fp, const DSA *x);
237int DSA_print_fp(FILE *bp, const DSA *x, int off);
238#endif
239
240#define DSS_prime_checks 50
241/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
242 * 50 rounds of Rabin-Miller */
243#define DSA_is_prime(n, callback, cb_arg) \
244 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
245
246#ifndef OPENSSL_NO_DH
247/* Convert DSA structure (key or just parameters) into DH structure
248 * (be careful to avoid small subgroup attacks when using this!) */
249DH *DSA_dup_DH(const DSA *r);
250#endif
251
252#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
253 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
254 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
255
256#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
257#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
258#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
259
260/* BEGIN ERROR CODES */
261/* The following lines are auto generated by the script mkerr.pl. Any changes
262 * made after this point may be overwritten when the script is next run.
263 */
264void ERR_load_DSA_strings(void);
265
266/* Error codes for the DSA functions. */
267
268/* Function codes. */
269#define DSA_F_D2I_DSA_SIG 110
270#define DSA_F_DO_DSA_PRINT 104
271#define DSA_F_DSAPARAMS_PRINT 100
272#define DSA_F_DSAPARAMS_PRINT_FP 101
273#define DSA_F_DSA_DO_SIGN 112
274#define DSA_F_DSA_DO_VERIFY 113
275#define DSA_F_DSA_NEW_METHOD 103
276#define DSA_F_DSA_PARAM_DECODE 119
277#define DSA_F_DSA_PRINT_FP 105
278#define DSA_F_DSA_PRIV_DECODE 115
279#define DSA_F_DSA_PRIV_ENCODE 116
280#define DSA_F_DSA_PUB_DECODE 117
281#define DSA_F_DSA_PUB_ENCODE 118
282#define DSA_F_DSA_SIGN 106
283#define DSA_F_DSA_SIGN_SETUP 107
284#define DSA_F_DSA_SIG_NEW 109
285#define DSA_F_DSA_VERIFY 108
286#define DSA_F_I2D_DSA_SIG 111
287#define DSA_F_OLD_DSA_PRIV_DECODE 122
288#define DSA_F_PKEY_DSA_CTRL 120
289#define DSA_F_PKEY_DSA_KEYGEN 121
290#define DSA_F_SIG_CB 114
291
292/* Reason codes. */
293#define DSA_R_BAD_Q_VALUE 102
294#define DSA_R_BN_DECODE_ERROR 108
295#define DSA_R_BN_ERROR 109
296#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
297#define DSA_R_DECODE_ERROR 104
298#define DSA_R_INVALID_DIGEST_TYPE 106
299#define DSA_R_MISSING_PARAMETERS 101
300#define DSA_R_MODULUS_TOO_LARGE 103
301#define DSA_R_NO_PARAMETERS_SET 107
302#define DSA_R_PARAMETER_ENCODING_ERROR 105
303
304#ifdef __cplusplus
305}
306#endif
307#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
new file mode 100644
index 0000000000..376156ec5e
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -0,0 +1,704 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2006.
3 */
4/* ====================================================================
5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/asn1.h>
62#include <openssl/dsa.h>
63#include <openssl/bn.h>
64#ifndef OPENSSL_NO_CMS
65#include <openssl/cms.h>
66#endif
67#include "asn1_locl.h"
68
69static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
70 {
71 const unsigned char *p, *pm;
72 int pklen, pmlen;
73 int ptype;
74 void *pval;
75 ASN1_STRING *pstr;
76 X509_ALGOR *palg;
77 ASN1_INTEGER *public_key = NULL;
78
79 DSA *dsa = NULL;
80
81 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
82 return 0;
83 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
84
85
86 if (ptype == V_ASN1_SEQUENCE)
87 {
88 pstr = pval;
89 pm = pstr->data;
90 pmlen = pstr->length;
91
92 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
93 {
94 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
95 goto err;
96 }
97
98 }
99 else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
100 {
101 if (!(dsa = DSA_new()))
102 {
103 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
104 goto err;
105 }
106 }
107 else
108 {
109 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
110 goto err;
111 }
112
113 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
114 {
115 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
116 goto err;
117 }
118
119 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
120 {
121 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
122 goto err;
123 }
124
125 ASN1_INTEGER_free(public_key);
126 EVP_PKEY_assign_DSA(pkey, dsa);
127 return 1;
128
129 err:
130 if (public_key)
131 ASN1_INTEGER_free(public_key);
132 if (dsa)
133 DSA_free(dsa);
134 return 0;
135
136 }
137
138static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
139 {
140 DSA *dsa;
141 void *pval = NULL;
142 int ptype;
143 unsigned char *penc = NULL;
144 int penclen;
145
146 dsa=pkey->pkey.dsa;
147 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
148 {
149 ASN1_STRING *str;
150 str = ASN1_STRING_new();
151 str->length = i2d_DSAparams(dsa, &str->data);
152 if (str->length <= 0)
153 {
154 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
155 goto err;
156 }
157 pval = str;
158 ptype = V_ASN1_SEQUENCE;
159 }
160 else
161 ptype = V_ASN1_UNDEF;
162
163 dsa->write_params=0;
164
165 penclen = i2d_DSAPublicKey(dsa, &penc);
166
167 if (penclen <= 0)
168 {
169 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
170 goto err;
171 }
172
173 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
174 ptype, pval, penc, penclen))
175 return 1;
176
177 err:
178 if (penc)
179 OPENSSL_free(penc);
180 if (pval)
181 ASN1_STRING_free(pval);
182
183 return 0;
184 }
185
186/* In PKCS#8 DSA: you just get a private key integer and parameters in the
187 * AlgorithmIdentifier the pubkey must be recalculated.
188 */
189
190static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
191 {
192 const unsigned char *p, *pm;
193 int pklen, pmlen;
194 int ptype;
195 void *pval;
196 ASN1_STRING *pstr;
197 X509_ALGOR *palg;
198 ASN1_INTEGER *privkey = NULL;
199 BN_CTX *ctx = NULL;
200
201 STACK_OF(ASN1_TYPE) *ndsa = NULL;
202 DSA *dsa = NULL;
203
204 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
205 return 0;
206 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
207
208 /* Check for broken DSA PKCS#8, UGH! */
209 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
210 {
211 ASN1_TYPE *t1, *t2;
212 if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
213 goto decerr;
214 if (sk_ASN1_TYPE_num(ndsa) != 2)
215 goto decerr;
216 /* Handle Two broken types:
217 * SEQUENCE {parameters, priv_key}
218 * SEQUENCE {pub_key, priv_key}
219 */
220
221 t1 = sk_ASN1_TYPE_value(ndsa, 0);
222 t2 = sk_ASN1_TYPE_value(ndsa, 1);
223 if (t1->type == V_ASN1_SEQUENCE)
224 {
225 p8->broken = PKCS8_EMBEDDED_PARAM;
226 pval = t1->value.ptr;
227 }
228 else if (ptype == V_ASN1_SEQUENCE)
229 p8->broken = PKCS8_NS_DB;
230 else
231 goto decerr;
232
233 if (t2->type != V_ASN1_INTEGER)
234 goto decerr;
235
236 privkey = t2->value.integer;
237 }
238 else
239 {
240 const unsigned char *q = p;
241 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
242 goto decerr;
243 if (privkey->type == V_ASN1_NEG_INTEGER)
244 {
245 p8->broken = PKCS8_NEG_PRIVKEY;
246 ASN1_INTEGER_free(privkey);
247 if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
248 goto decerr;
249 }
250 if (ptype != V_ASN1_SEQUENCE)
251 goto decerr;
252 }
253
254 pstr = pval;
255 pm = pstr->data;
256 pmlen = pstr->length;
257 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
258 goto decerr;
259 /* We have parameters now set private key */
260 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
261 {
262 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
263 goto dsaerr;
264 }
265 /* Calculate public key */
266 if (!(dsa->pub_key = BN_new()))
267 {
268 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
269 goto dsaerr;
270 }
271 if (!(ctx = BN_CTX_new()))
272 {
273 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
274 goto dsaerr;
275 }
276
277 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
278 {
279 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
280 goto dsaerr;
281 }
282
283 EVP_PKEY_assign_DSA(pkey, dsa);
284 BN_CTX_free (ctx);
285 if(ndsa)
286 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
287 else
288 ASN1_INTEGER_free(privkey);
289
290 return 1;
291
292 decerr:
293 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
294 dsaerr:
295 BN_CTX_free (ctx);
296 if (privkey)
297 ASN1_INTEGER_free(privkey);
298 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
299 DSA_free(dsa);
300 return 0;
301 }
302
303static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
304{
305 ASN1_STRING *params = NULL;
306 ASN1_INTEGER *prkey = NULL;
307 unsigned char *dp = NULL;
308 int dplen;
309
310 params = ASN1_STRING_new();
311
312 if (!params)
313 {
314 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
315 goto err;
316 }
317
318 params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
319 if (params->length <= 0)
320 {
321 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
322 goto err;
323 }
324 params->type = V_ASN1_SEQUENCE;
325
326 /* Get private key into integer */
327 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
328
329 if (!prkey)
330 {
331 DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
332 goto err;
333 }
334
335 dplen = i2d_ASN1_INTEGER(prkey, &dp);
336
337 ASN1_INTEGER_free(prkey);
338
339 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
340 V_ASN1_SEQUENCE, params, dp, dplen))
341 goto err;
342
343 return 1;
344
345err:
346 if (dp != NULL)
347 OPENSSL_free(dp);
348 if (params != NULL)
349 ASN1_STRING_free(params);
350 if (prkey != NULL)
351 ASN1_INTEGER_free(prkey);
352 return 0;
353}
354
355static int int_dsa_size(const EVP_PKEY *pkey)
356 {
357 return(DSA_size(pkey->pkey.dsa));
358 }
359
360static int dsa_bits(const EVP_PKEY *pkey)
361 {
362 return BN_num_bits(pkey->pkey.dsa->p);
363 }
364
365static int dsa_missing_parameters(const EVP_PKEY *pkey)
366 {
367 DSA *dsa;
368 dsa=pkey->pkey.dsa;
369 if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
370 return 1;
371 return 0;
372 }
373
374static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
375 {
376 BIGNUM *a;
377
378 if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
379 return 0;
380 if (to->pkey.dsa->p != NULL)
381 BN_free(to->pkey.dsa->p);
382 to->pkey.dsa->p=a;
383
384 if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
385 return 0;
386 if (to->pkey.dsa->q != NULL)
387 BN_free(to->pkey.dsa->q);
388 to->pkey.dsa->q=a;
389
390 if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
391 return 0;
392 if (to->pkey.dsa->g != NULL)
393 BN_free(to->pkey.dsa->g);
394 to->pkey.dsa->g=a;
395 return 1;
396 }
397
398static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
399 {
400 if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
401 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
402 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
403 return 0;
404 else
405 return 1;
406 }
407
408static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
409 {
410 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
411 return 0;
412 else
413 return 1;
414 }
415
416static void int_dsa_free(EVP_PKEY *pkey)
417 {
418 DSA_free(pkey->pkey.dsa);
419 }
420
421static void update_buflen(const BIGNUM *b, size_t *pbuflen)
422 {
423 size_t i;
424 if (!b)
425 return;
426 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
427 *pbuflen = i;
428 }
429
430static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
431 {
432 unsigned char *m=NULL;
433 int ret=0;
434 size_t buf_len=0;
435 const char *ktype = NULL;
436
437 const BIGNUM *priv_key, *pub_key;
438
439 if (ptype == 2)
440 priv_key = x->priv_key;
441 else
442 priv_key = NULL;
443
444 if (ptype > 0)
445 pub_key = x->pub_key;
446 else
447 pub_key = NULL;
448
449 if (ptype == 2)
450 ktype = "Private-Key";
451 else if (ptype == 1)
452 ktype = "Public-Key";
453 else
454 ktype = "DSA-Parameters";
455
456 update_buflen(x->p, &buf_len);
457 update_buflen(x->q, &buf_len);
458 update_buflen(x->g, &buf_len);
459 update_buflen(priv_key, &buf_len);
460 update_buflen(pub_key, &buf_len);
461
462 m=(unsigned char *)OPENSSL_malloc(buf_len+10);
463 if (m == NULL)
464 {
465 DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
466 goto err;
467 }
468
469 if (priv_key)
470 {
471 if(!BIO_indent(bp,off,128))
472 goto err;
473 if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
474 <= 0) goto err;
475 }
476
477 if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
478 goto err;
479 if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
480 goto err;
481 if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err;
482 if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err;
483 if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err;
484 ret=1;
485err:
486 if (m != NULL) OPENSSL_free(m);
487 return(ret);
488 }
489
490static int dsa_param_decode(EVP_PKEY *pkey,
491 const unsigned char **pder, int derlen)
492 {
493 DSA *dsa;
494 if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
495 {
496 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
497 return 0;
498 }
499 EVP_PKEY_assign_DSA(pkey, dsa);
500 return 1;
501 }
502
503static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
504 {
505 return i2d_DSAparams(pkey->pkey.dsa, pder);
506 }
507
508static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
509 ASN1_PCTX *ctx)
510 {
511 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
512 }
513
514static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
515 ASN1_PCTX *ctx)
516 {
517 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
518 }
519
520
521static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
522 ASN1_PCTX *ctx)
523 {
524 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
525 }
526
527static int old_dsa_priv_decode(EVP_PKEY *pkey,
528 const unsigned char **pder, int derlen)
529 {
530 DSA *dsa;
531 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
532 {
533 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
534 return 0;
535 }
536 EVP_PKEY_assign_DSA(pkey, dsa);
537 return 1;
538 }
539
540static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
541 {
542 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
543 }
544
545static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
546 const ASN1_STRING *sig,
547 int indent, ASN1_PCTX *pctx)
548 {
549 DSA_SIG *dsa_sig;
550 const unsigned char *p;
551 if (!sig)
552 {
553 if (BIO_puts(bp, "\n") <= 0)
554 return 0;
555 else
556 return 1;
557 }
558 p = sig->data;
559 dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
560 if (dsa_sig)
561 {
562 int rv = 0;
563 size_t buf_len = 0;
564 unsigned char *m=NULL;
565 update_buflen(dsa_sig->r, &buf_len);
566 update_buflen(dsa_sig->s, &buf_len);
567 m = OPENSSL_malloc(buf_len+10);
568 if (m == NULL)
569 {
570 DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
571 goto err;
572 }
573
574 if (BIO_write(bp, "\n", 1) != 1)
575 goto err;
576
577 if (!ASN1_bn_print(bp,"r: ",dsa_sig->r,m,indent))
578 goto err;
579 if (!ASN1_bn_print(bp,"s: ",dsa_sig->s,m,indent))
580 goto err;
581 rv = 1;
582 err:
583 if (m)
584 OPENSSL_free(m);
585 DSA_SIG_free(dsa_sig);
586 return rv;
587 }
588 return X509_signature_dump(bp, sig, indent);
589 }
590
591static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
592 {
593 switch (op)
594 {
595 case ASN1_PKEY_CTRL_PKCS7_SIGN:
596 if (arg1 == 0)
597 {
598 int snid, hnid;
599 X509_ALGOR *alg1, *alg2;
600 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
601 if (alg1 == NULL || alg1->algorithm == NULL)
602 return -1;
603 hnid = OBJ_obj2nid(alg1->algorithm);
604 if (hnid == NID_undef)
605 return -1;
606 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
607 return -1;
608 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
609 }
610 return 1;
611#ifndef OPENSSL_NO_CMS
612 case ASN1_PKEY_CTRL_CMS_SIGN:
613 if (arg1 == 0)
614 {
615 int snid, hnid;
616 X509_ALGOR *alg1, *alg2;
617 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
618 if (alg1 == NULL || alg1->algorithm == NULL)
619 return -1;
620 hnid = OBJ_obj2nid(alg1->algorithm);
621 if (hnid == NID_undef)
622 return -1;
623 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
624 return -1;
625 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
626 }
627 return 1;
628#endif
629
630 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
631 *(int *)arg2 = NID_sha1;
632 return 2;
633
634 default:
635 return -2;
636
637 }
638
639 }
640
641/* NB these are sorted in pkey_id order, lowest first */
642
643const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
644 {
645
646 {
647 EVP_PKEY_DSA2,
648 EVP_PKEY_DSA,
649 ASN1_PKEY_ALIAS
650 },
651
652 {
653 EVP_PKEY_DSA1,
654 EVP_PKEY_DSA,
655 ASN1_PKEY_ALIAS
656 },
657
658 {
659 EVP_PKEY_DSA4,
660 EVP_PKEY_DSA,
661 ASN1_PKEY_ALIAS
662 },
663
664 {
665 EVP_PKEY_DSA3,
666 EVP_PKEY_DSA,
667 ASN1_PKEY_ALIAS
668 },
669
670 {
671 EVP_PKEY_DSA,
672 EVP_PKEY_DSA,
673 0,
674
675 "DSA",
676 "OpenSSL DSA method",
677
678 dsa_pub_decode,
679 dsa_pub_encode,
680 dsa_pub_cmp,
681 dsa_pub_print,
682
683 dsa_priv_decode,
684 dsa_priv_encode,
685 dsa_priv_print,
686
687 int_dsa_size,
688 dsa_bits,
689
690 dsa_param_decode,
691 dsa_param_encode,
692 dsa_missing_parameters,
693 dsa_copy_parameters,
694 dsa_cmp_parameters,
695 dsa_param_print,
696 dsa_sig_print,
697
698 int_dsa_free,
699 dsa_pkey_ctrl,
700 old_dsa_priv_decode,
701 old_dsa_priv_encode
702 }
703 };
704
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000000..c37460b2d6
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -0,0 +1,150 @@
1/* dsa_asn1.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/dsa.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64
65/* Override the default new methods */
66static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
67 void *exarg)
68{
69 if(operation == ASN1_OP_NEW_PRE) {
70 DSA_SIG *sig;
71 sig = OPENSSL_malloc(sizeof(DSA_SIG));
72 if (!sig)
73 {
74 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
75 return 0;
76 }
77 sig->r = NULL;
78 sig->s = NULL;
79 *pval = (ASN1_VALUE *)sig;
80 return 2;
81 }
82 return 1;
83}
84
85ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
86 ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
87 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
88} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
89
90IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
91
92/* Override the default free and new methods */
93static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
94 void *exarg)
95{
96 if(operation == ASN1_OP_NEW_PRE) {
97 *pval = (ASN1_VALUE *)DSA_new();
98 if(*pval) return 2;
99 return 0;
100 } else if(operation == ASN1_OP_FREE_PRE) {
101 DSA_free((DSA *)*pval);
102 *pval = NULL;
103 return 2;
104 }
105 return 1;
106}
107
108ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
109 ASN1_SIMPLE(DSA, version, LONG),
110 ASN1_SIMPLE(DSA, p, BIGNUM),
111 ASN1_SIMPLE(DSA, q, BIGNUM),
112 ASN1_SIMPLE(DSA, g, BIGNUM),
113 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
114 ASN1_SIMPLE(DSA, priv_key, BIGNUM)
115} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
116
117IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
118
119ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
120 ASN1_SIMPLE(DSA, p, BIGNUM),
121 ASN1_SIMPLE(DSA, q, BIGNUM),
122 ASN1_SIMPLE(DSA, g, BIGNUM),
123} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
124
125IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
126
127/* DSA public key is a bit trickier... its effectively a CHOICE type
128 * decided by a field called write_params which can either write out
129 * just the public key as an INTEGER or the parameters and public key
130 * in a SEQUENCE
131 */
132
133ASN1_SEQUENCE(dsa_pub_internal) = {
134 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
135 ASN1_SIMPLE(DSA, p, BIGNUM),
136 ASN1_SIMPLE(DSA, q, BIGNUM),
137 ASN1_SIMPLE(DSA, g, BIGNUM)
138} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
139
140ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
141 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
142 ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
143} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
144
145IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
146
147DSA *DSAparams_dup(DSA *dsa)
148 {
149 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
150 }
diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c
new file mode 100644
index 0000000000..f2da680eb4
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_depr.c
@@ -0,0 +1,106 @@
1/* crypto/dsa/dsa_depr.c */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* This file contains deprecated function(s) that are now wrappers to the new
57 * version(s). */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72static void *dummy=&dummy;
73
74#ifndef OPENSSL_NO_SHA
75
76#include <stdio.h>
77#include <time.h>
78#include "cryptlib.h"
79#include <openssl/evp.h>
80#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h>
83#include <openssl/sha.h>
84
85#ifndef OPENSSL_NO_DEPRECATED
86DSA *DSA_generate_parameters(int bits,
87 unsigned char *seed_in, int seed_len,
88 int *counter_ret, unsigned long *h_ret,
89 void (*callback)(int, int, void *),
90 void *cb_arg)
91 {
92 BN_GENCB cb;
93 DSA *ret;
94
95 if ((ret=DSA_new()) == NULL) return NULL;
96
97 BN_GENCB_set_old(&cb, callback, cb_arg);
98
99 if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
100 counter_ret, h_ret, &cb))
101 return ret;
102 DSA_free(ret);
103 return NULL;
104 }
105#endif
106#endif
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..bba984e92e
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -0,0 +1,125 @@
1/* crypto/dsa/dsa_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/dsa.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
70
71static ERR_STRING_DATA DSA_str_functs[]=
72 {
73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
74{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
76{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
77{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
78{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
79{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
80{ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "DSA_PARAM_DECODE"},
81{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
82{ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "DSA_PRIV_DECODE"},
83{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "DSA_PRIV_ENCODE"},
84{ERR_FUNC(DSA_F_DSA_PUB_DECODE), "DSA_PUB_DECODE"},
85{ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "DSA_PUB_ENCODE"},
86{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
87{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
88{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
89{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
90{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
91{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
92{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
93{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
94{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
95{0,NULL}
96 };
97
98static ERR_STRING_DATA DSA_str_reasons[]=
99 {
100{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
101{ERR_REASON(DSA_R_BN_DECODE_ERROR) ,"bn decode error"},
102{ERR_REASON(DSA_R_BN_ERROR) ,"bn error"},
103{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
104{ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"},
105{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
106{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
107{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
108{ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"},
109{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
110{0,NULL}
111 };
112
113#endif
114
115void ERR_load_DSA_strings(void)
116 {
117#ifndef OPENSSL_NO_ERR
118
119 if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
120 {
121 ERR_load_strings(0,DSA_str_functs);
122 ERR_load_strings(0,DSA_str_reasons);
123 }
124#endif
125 }
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 0cecf34ab2..cb0b4538a4 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -74,83 +74,88 @@
74#ifndef OPENSSL_NO_SHA 74#ifndef OPENSSL_NO_SHA
75 75
76#include <stdio.h> 76#include <stdio.h>
77#include <time.h> 77#include "cryptlib.h"
78#include <string.h>
79#include <openssl/evp.h> 78#include <openssl/evp.h>
80#include <openssl/bn.h> 79#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h> 80#include <openssl/rand.h>
83#include <openssl/sha.h> 81#include <openssl/sha.h>
84#include <openssl/err.h> 82#include "dsa_locl.h"
85
86#ifdef OPENSSL_FIPS
87
88static int dsa_builtin_paramgen(DSA *ret, int bits,
89 unsigned char *seed_in, int seed_len,
90 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
91 83
92int DSA_generate_parameters_ex(DSA *ret, int bits, 84int DSA_generate_parameters_ex(DSA *ret, int bits,
93 unsigned char *seed_in, int seed_len, 85 const unsigned char *seed_in, int seed_len,
94 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
95 { 87 {
96 if(ret->meth->dsa_paramgen) 88 if(ret->meth->dsa_paramgen)
97 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
98 counter_ret, h_ret, cb); 90 counter_ret, h_ret, cb);
99 return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, 91 else
100 counter_ret, h_ret, cb); 92 {
93 const EVP_MD *evpmd;
94 size_t qbits = bits >= 2048 ? 256 : 160;
95
96 if (bits >= 2048)
97 {
98 qbits = 256;
99 evpmd = EVP_sha256();
100 }
101 else
102 {
103 qbits = 160;
104 evpmd = EVP_sha1();
105 }
106
107 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
108 seed_in, seed_len, counter_ret, h_ret, cb);
109 }
101 } 110 }
102 111
103static int dsa_builtin_paramgen(DSA *ret, int bits, 112int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
104 unsigned char *seed_in, int seed_len, 113 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
105 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 114 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
106 { 115 {
107 int ok=0; 116 int ok=0;
108 unsigned char seed[SHA_DIGEST_LENGTH]; 117 unsigned char seed[SHA256_DIGEST_LENGTH];
109 unsigned char md[SHA_DIGEST_LENGTH]; 118 unsigned char md[SHA256_DIGEST_LENGTH];
110 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; 119 unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
111 BIGNUM *r0,*W,*X,*c,*test; 120 BIGNUM *r0,*W,*X,*c,*test;
112 BIGNUM *g=NULL,*q=NULL,*p=NULL; 121 BIGNUM *g=NULL,*q=NULL,*p=NULL;
113 BN_MONT_CTX *mont=NULL; 122 BN_MONT_CTX *mont=NULL;
114 int k,n=0,i,b,m=0; 123 int i, k, n=0, m=0, qsize = qbits >> 3;
115 int counter=0; 124 int counter=0;
116 int r=0; 125 int r=0;
117 BN_CTX *ctx=NULL; 126 BN_CTX *ctx=NULL;
118 unsigned int h=2; 127 unsigned int h=2;
119 128
120 if(FIPS_selftest_failed()) 129 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
121 { 130 qsize != SHA256_DIGEST_LENGTH)
122 FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN, 131 /* invalid q size */
123 FIPS_R_FIPS_SELFTEST_FAILED); 132 return 0;
124 goto err;
125 }
126 133
127 if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) 134 if (evpmd == NULL)
128 { 135 /* use SHA1 as default */
129 DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL); 136 evpmd = EVP_sha1();
130 goto err;
131 }
132 137
133 if (bits < 512) bits=512; 138 if (bits < 512)
134 bits=(bits+63)/64*64; 139 bits = 512;
140
141 bits = (bits+63)/64*64;
135 142
136 /* NB: seed_len == 0 is special case: copy generated seed to 143 /* NB: seed_len == 0 is special case: copy generated seed to
137 * seed_in if it is not NULL. 144 * seed_in if it is not NULL.
138 */ 145 */
139 if (seed_len && (seed_len < 20)) 146 if (seed_len && (seed_len < (size_t)qsize))
140 seed_in = NULL; /* seed buffer too small -- ignore */ 147 seed_in = NULL; /* seed buffer too small -- ignore */
141 if (seed_len > 20) 148 if (seed_len > (size_t)qsize)
142 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 149 seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
143 * but our internal buffers are restricted to 160 bits*/ 150 * but our internal buffers are restricted to 160 bits*/
144 if ((seed_in != NULL) && (seed_len == 20)) 151 if (seed_in != NULL)
145 { 152 memcpy(seed, seed_in, seed_len);
146 memcpy(seed,seed_in,seed_len); 153
147 /* set seed_in to NULL to avoid it being copied back */ 154 if ((ctx=BN_CTX_new()) == NULL)
148 seed_in = NULL; 155 goto err;
149 }
150
151 if ((ctx=BN_CTX_new()) == NULL) goto err;
152 156
153 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 157 if ((mont=BN_MONT_CTX_new()) == NULL)
158 goto err;
154 159
155 BN_CTX_start(ctx); 160 BN_CTX_start(ctx);
156 r0 = BN_CTX_get(ctx); 161 r0 = BN_CTX_get(ctx);
@@ -177,7 +182,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
177 182
178 if (!seed_len) 183 if (!seed_len)
179 { 184 {
180 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); 185 RAND_pseudo_bytes(seed, qsize);
181 seed_is_random = 1; 186 seed_is_random = 1;
182 } 187 }
183 else 188 else
@@ -185,25 +190,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
185 seed_is_random = 0; 190 seed_is_random = 0;
186 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ 191 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
187 } 192 }
188 memcpy(buf,seed,SHA_DIGEST_LENGTH); 193 memcpy(buf , seed, qsize);
189 memcpy(buf2,seed,SHA_DIGEST_LENGTH); 194 memcpy(buf2, seed, qsize);
190 /* precompute "SEED + 1" for step 7: */ 195 /* precompute "SEED + 1" for step 7: */
191 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 196 for (i = qsize-1; i >= 0; i--)
192 { 197 {
193 buf[i]++; 198 buf[i]++;
194 if (buf[i] != 0) break; 199 if (buf[i] != 0)
200 break;
195 } 201 }
196 202
197 /* step 2 */ 203 /* step 2 */
198 EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); 204 EVP_Digest(seed, qsize, md, NULL, evpmd, NULL);
199 EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); 205 EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL);
200 for (i=0; i<SHA_DIGEST_LENGTH; i++) 206 for (i = 0; i < qsize; i++)
201 md[i]^=buf2[i]; 207 md[i]^=buf2[i];
202 208
203 /* step 3 */ 209 /* step 3 */
204 md[0]|=0x80; 210 md[0] |= 0x80;
205 md[SHA_DIGEST_LENGTH-1]|=0x01; 211 md[qsize-1] |= 0x01;
206 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; 212 if (!BN_bin2bn(md, qsize, q))
213 goto err;
207 214
208 /* step 4 */ 215 /* step 4 */
209 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, 216 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
@@ -225,7 +232,6 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
225 /* "offset = 2" */ 232 /* "offset = 2" */
226 233
227 n=(bits-1)/160; 234 n=(bits-1)/160;
228 b=(bits-1)-n*160;
229 235
230 for (;;) 236 for (;;)
231 { 237 {
@@ -238,18 +244,19 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
238 for (k=0; k<=n; k++) 244 for (k=0; k<=n; k++)
239 { 245 {
240 /* obtain "SEED + offset + k" by incrementing: */ 246 /* obtain "SEED + offset + k" by incrementing: */
241 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 247 for (i = qsize-1; i >= 0; i--)
242 { 248 {
243 buf[i]++; 249 buf[i]++;
244 if (buf[i] != 0) break; 250 if (buf[i] != 0)
251 break;
245 } 252 }
246 253
247 EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); 254 EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
248 255
249 /* step 8 */ 256 /* step 8 */
250 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) 257 if (!BN_bin2bn(md, qsize, r0))
251 goto err; 258 goto err;
252 if (!BN_lshift(r0,r0,160*k)) goto err; 259 if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
253 if (!BN_add(W,W,r0)) goto err; 260 if (!BN_add(W,W,r0)) goto err;
254 } 261 }
255 262
@@ -323,7 +330,6 @@ err:
323 ok=0; 330 ok=0;
324 goto err; 331 goto err;
325 } 332 }
326 if (seed_in != NULL) memcpy(seed_in,seed,20);
327 if (counter_ret != NULL) *counter_ret=counter; 333 if (counter_ret != NULL) *counter_ret=counter;
328 if (h_ret != NULL) *h_ret=h; 334 if (h_ret != NULL) *h_ret=h;
329 } 335 }
@@ -336,4 +342,3 @@ err:
336 return ok; 342 return ok;
337 } 343 }
338#endif 344#endif
339#endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index b5f8cfa1d0..c4aa86bc6d 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -58,43 +58,14 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include "cryptlib.h"
61#ifndef OPENSSL_NO_SHA 62#ifndef OPENSSL_NO_SHA
62#include <openssl/bn.h> 63#include <openssl/bn.h>
63#include <openssl/dsa.h> 64#include <openssl/dsa.h>
64#include <openssl/rand.h> 65#include <openssl/rand.h>
65#include <openssl/err.h>
66#include <openssl/evp.h>
67#include <openssl/fips.h>
68#include "fips_locl.h"
69
70#ifdef OPENSSL_FIPS
71
72static int fips_dsa_pairwise_fail = 0;
73
74void FIPS_corrupt_dsa_keygen(void)
75 {
76 fips_dsa_pairwise_fail = 1;
77 }
78 66
79static int dsa_builtin_keygen(DSA *dsa); 67static int dsa_builtin_keygen(DSA *dsa);
80 68
81int fips_check_dsa(DSA *dsa)
82 {
83 EVP_PKEY pk;
84 unsigned char tbs[] = "DSA Pairwise Check Data";
85 pk.type = EVP_PKEY_DSA;
86 pk.pkey.dsa = dsa;
87
88 if (!fips_pkey_signature_test(&pk, tbs, -1,
89 NULL, 0, EVP_dss1(), 0, NULL))
90 {
91 FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
92 fips_set_selftest_fail();
93 return 0;
94 }
95 return 1;
96 }
97
98int DSA_generate_key(DSA *dsa) 69int DSA_generate_key(DSA *dsa)
99 { 70 {
100 if(dsa->meth->dsa_keygen) 71 if(dsa->meth->dsa_keygen)
@@ -108,12 +79,6 @@ static int dsa_builtin_keygen(DSA *dsa)
108 BN_CTX *ctx=NULL; 79 BN_CTX *ctx=NULL;
109 BIGNUM *pub_key=NULL,*priv_key=NULL; 80 BIGNUM *pub_key=NULL,*priv_key=NULL;
110 81
111 if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
112 {
113 DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
114 goto err;
115 }
116
117 if ((ctx=BN_CTX_new()) == NULL) goto err; 82 if ((ctx=BN_CTX_new()) == NULL) goto err;
118 83
119 if (dsa->priv_key == NULL) 84 if (dsa->priv_key == NULL)
@@ -152,10 +117,6 @@ static int dsa_builtin_keygen(DSA *dsa)
152 117
153 dsa->priv_key=priv_key; 118 dsa->priv_key=priv_key;
154 dsa->pub_key=pub_key; 119 dsa->pub_key=pub_key;
155 if (fips_dsa_pairwise_fail)
156 BN_add_word(dsa->pub_key, 1);
157 if(!fips_check_dsa(dsa))
158 goto err;
159 ok=1; 120 ok=1;
160 121
161err: 122err:
@@ -165,5 +126,3 @@ err:
165 return(ok); 126 return(ok);
166 } 127 }
167#endif 128#endif
168
169#endif
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eng.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 383a7045b2..e9b75902db 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eng.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
1/* crypto/rsa/rsa_lib.c */ 1/* crypto/dsa/dsa_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,120 +56,90 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
59#include <stdio.h> 61#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h" 62#include "cryptlib.h"
62#include <openssl/lhash.h>
63#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/rsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/asn1.h>
66#ifndef OPENSSL_NO_ENGINE 66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif 68#endif
69#ifndef OPENSSL_NO_DH
70#include <openssl/dh.h>
71#endif
69 72
70const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; 73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
71
72static const RSA_METHOD *default_RSA_meth=NULL;
73
74RSA *RSA_new(void)
75 {
76 RSA *r=RSA_new_method(NULL);
77 74
78 return r; 75static const DSA_METHOD *default_DSA_method = NULL;
79 }
80 76
81void RSA_set_default_method(const RSA_METHOD *meth) 77void DSA_set_default_method(const DSA_METHOD *meth)
82 { 78 {
83#ifdef OPENSSL_FIPS 79 default_DSA_method = meth;
84 if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
85 {
86 RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
87 return;
88 }
89#endif
90 default_RSA_meth = meth;
91 } 80 }
92 81
93const RSA_METHOD *RSA_get_default_method(void) 82const DSA_METHOD *DSA_get_default_method(void)
94 { 83 {
95 if (default_RSA_meth == NULL) 84 if(!default_DSA_method)
96 { 85 default_DSA_method = DSA_OpenSSL();
97#ifdef RSA_NULL 86 return default_DSA_method;
98 default_RSA_meth=RSA_null_method();
99#else
100#if 0 /* was: #ifdef RSAref */
101 default_RSA_meth=RSA_PKCS1_RSAref();
102#else
103 default_RSA_meth=RSA_PKCS1_SSLeay();
104#endif
105#endif
106 }
107
108 return default_RSA_meth;
109 } 87 }
110 88
111const RSA_METHOD *RSA_get_method(const RSA *rsa) 89DSA *DSA_new(void)
112 { 90 {
113 return rsa->meth; 91 return DSA_new_method(NULL);
114 } 92 }
115 93
116int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) 94int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
117 { 95 {
118 /* NB: The caller is specifically setting a method, so it's not up to us 96 /* NB: The caller is specifically setting a method, so it's not up to us
119 * to deal with which ENGINE it comes from. */ 97 * to deal with which ENGINE it comes from. */
120 const RSA_METHOD *mtmp; 98 const DSA_METHOD *mtmp;
121#ifdef OPENSSL_FIPS 99 mtmp = dsa->meth;
122 if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) 100 if (mtmp->finish) mtmp->finish(dsa);
123 {
124 RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
125 return 0;
126 }
127#endif
128 mtmp = rsa->meth;
129 if (mtmp->finish) mtmp->finish(rsa);
130#ifndef OPENSSL_NO_ENGINE 101#ifndef OPENSSL_NO_ENGINE
131 if (rsa->engine) 102 if (dsa->engine)
132 { 103 {
133 ENGINE_finish(rsa->engine); 104 ENGINE_finish(dsa->engine);
134 rsa->engine = NULL; 105 dsa->engine = NULL;
135 } 106 }
136#endif 107#endif
137 rsa->meth = meth; 108 dsa->meth = meth;
138 if (meth->init) meth->init(rsa); 109 if (meth->init) meth->init(dsa);
139 return 1; 110 return 1;
140 } 111 }
141 112
142RSA *RSA_new_method(ENGINE *engine) 113DSA *DSA_new_method(ENGINE *engine)
143 { 114 {
144 RSA *ret; 115 DSA *ret;
145 116
146 ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); 117 ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
147 if (ret == NULL) 118 if (ret == NULL)
148 { 119 {
149 RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); 120 DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
150 return NULL; 121 return(NULL);
151 } 122 }
152 123 ret->meth = DSA_get_default_method();
153 ret->meth = RSA_get_default_method();
154#ifndef OPENSSL_NO_ENGINE 124#ifndef OPENSSL_NO_ENGINE
155 if (engine) 125 if (engine)
156 { 126 {
157 if (!ENGINE_init(engine)) 127 if (!ENGINE_init(engine))
158 { 128 {
159 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); 129 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
160 OPENSSL_free(ret); 130 OPENSSL_free(ret);
161 return NULL; 131 return NULL;
162 } 132 }
163 ret->engine = engine; 133 ret->engine = engine;
164 } 134 }
165 else 135 else
166 ret->engine = ENGINE_get_default_RSA(); 136 ret->engine = ENGINE_get_default_DSA();
167 if(ret->engine) 137 if(ret->engine)
168 { 138 {
169 ret->meth = ENGINE_get_RSA(ret->engine); 139 ret->meth = ENGINE_get_DSA(ret->engine);
170 if(!ret->meth) 140 if(!ret->meth)
171 { 141 {
172 RSAerr(RSA_F_RSA_NEW_METHOD, 142 DSAerr(DSA_F_DSA_NEW_METHOD,
173 ERR_R_ENGINE_LIB); 143 ERR_R_ENGINE_LIB);
174 ENGINE_finish(ret->engine); 144 ENGINE_finish(ret->engine);
175 OPENSSL_free(ret); 145 OPENSSL_free(ret);
@@ -177,172 +147,165 @@ RSA *RSA_new_method(ENGINE *engine)
177 } 147 }
178 } 148 }
179#endif 149#endif
180#ifdef OPENSSL_FIPS
181 if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
182 {
183 RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
184#ifndef OPENSSL_NO_ENGINE
185 if (ret->engine)
186 ENGINE_finish(ret->engine);
187#endif
188 OPENSSL_free(ret);
189 return NULL;
190 }
191#endif
192 150
193 ret->pad=0; 151 ret->pad=0;
194 ret->version=0; 152 ret->version=0;
195 ret->n=NULL; 153 ret->write_params=1;
196 ret->e=NULL;
197 ret->d=NULL;
198 ret->p=NULL; 154 ret->p=NULL;
199 ret->q=NULL; 155 ret->q=NULL;
200 ret->dmp1=NULL; 156 ret->g=NULL;
201 ret->dmq1=NULL; 157
202 ret->iqmp=NULL; 158 ret->pub_key=NULL;
159 ret->priv_key=NULL;
160
161 ret->kinv=NULL;
162 ret->r=NULL;
163 ret->method_mont_p=NULL;
164
203 ret->references=1; 165 ret->references=1;
204 ret->_method_mod_n=NULL;
205 ret->_method_mod_p=NULL;
206 ret->_method_mod_q=NULL;
207 ret->blinding=NULL;
208 ret->mt_blinding=NULL;
209 ret->bignum_data=NULL;
210 ret->flags=ret->meth->flags; 166 ret->flags=ret->meth->flags;
211 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); 167 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
212 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 168 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
213 { 169 {
214#ifndef OPENSSL_NO_ENGINE 170#ifndef OPENSSL_NO_ENGINE
215 if (ret->engine) 171 if (ret->engine)
216 ENGINE_finish(ret->engine); 172 ENGINE_finish(ret->engine);
217#endif 173#endif
218 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); 174 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
219 OPENSSL_free(ret); 175 OPENSSL_free(ret);
220 ret=NULL; 176 ret=NULL;
221 } 177 }
178
222 return(ret); 179 return(ret);
223 } 180 }
224 181
225void RSA_free(RSA *r) 182void DSA_free(DSA *r)
226 { 183 {
227 int i; 184 int i;
228 185
229 if (r == NULL) return; 186 if (r == NULL) return;
230 187
231 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); 188 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
232#ifdef REF_PRINT 189#ifdef REF_PRINT
233 REF_PRINT("RSA",r); 190 REF_PRINT("DSA",r);
234#endif 191#endif
235 if (i > 0) return; 192 if (i > 0) return;
236#ifdef REF_CHECK 193#ifdef REF_CHECK
237 if (i < 0) 194 if (i < 0)
238 { 195 {
239 fprintf(stderr,"RSA_free, bad reference count\n"); 196 fprintf(stderr,"DSA_free, bad reference count\n");
240 abort(); 197 abort();
241 } 198 }
242#endif 199#endif
243 200
244 if (r->meth->finish) 201 if(r->meth->finish)
245 r->meth->finish(r); 202 r->meth->finish(r);
246#ifndef OPENSSL_NO_ENGINE 203#ifndef OPENSSL_NO_ENGINE
247 if (r->engine) 204 if(r->engine)
248 ENGINE_finish(r->engine); 205 ENGINE_finish(r->engine);
249#endif 206#endif
250 207
251 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); 208 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
252 209
253 if (r->n != NULL) BN_clear_free(r->n);
254 if (r->e != NULL) BN_clear_free(r->e);
255 if (r->d != NULL) BN_clear_free(r->d);
256 if (r->p != NULL) BN_clear_free(r->p); 210 if (r->p != NULL) BN_clear_free(r->p);
257 if (r->q != NULL) BN_clear_free(r->q); 211 if (r->q != NULL) BN_clear_free(r->q);
258 if (r->dmp1 != NULL) BN_clear_free(r->dmp1); 212 if (r->g != NULL) BN_clear_free(r->g);
259 if (r->dmq1 != NULL) BN_clear_free(r->dmq1); 213 if (r->pub_key != NULL) BN_clear_free(r->pub_key);
260 if (r->iqmp != NULL) BN_clear_free(r->iqmp); 214 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
261 if (r->blinding != NULL) BN_BLINDING_free(r->blinding); 215 if (r->kinv != NULL) BN_clear_free(r->kinv);
262 if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); 216 if (r->r != NULL) BN_clear_free(r->r);
263 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
264 OPENSSL_free(r); 217 OPENSSL_free(r);
265 } 218 }
266 219
267int RSA_up_ref(RSA *r) 220int DSA_up_ref(DSA *r)
268 { 221 {
269 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); 222 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
270#ifdef REF_PRINT 223#ifdef REF_PRINT
271 REF_PRINT("RSA",r); 224 REF_PRINT("DSA",r);
272#endif 225#endif
273#ifdef REF_CHECK 226#ifdef REF_CHECK
274 if (i < 2) 227 if (i < 2)
275 { 228 {
276 fprintf(stderr, "RSA_up_ref, bad reference count\n"); 229 fprintf(stderr, "DSA_up_ref, bad reference count\n");
277 abort(); 230 abort();
278 } 231 }
279#endif 232#endif
280 return ((i > 1) ? 1 : 0); 233 return ((i > 1) ? 1 : 0);
281 } 234 }
282 235
283int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 236int DSA_size(const DSA *r)
237 {
238 int ret,i;
239 ASN1_INTEGER bs;
240 unsigned char buf[4]; /* 4 bytes looks really small.
241 However, i2d_ASN1_INTEGER() will not look
242 beyond the first byte, as long as the second
243 parameter is NULL. */
244
245 i=BN_num_bits(r->q);
246 bs.length=(i+7)/8;
247 bs.data=buf;
248 bs.type=V_ASN1_INTEGER;
249 /* If the top bit is set the asn1 encoding is 1 larger. */
250 buf[0]=0xff;
251
252 i=i2d_ASN1_INTEGER(&bs,NULL);
253 i+=i; /* r and s */
254 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
255 return(ret);
256 }
257
258int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
284 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 259 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
285 { 260 {
286 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, 261 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
287 new_func, dup_func, free_func); 262 new_func, dup_func, free_func);
288 } 263 }
289 264
290int RSA_set_ex_data(RSA *r, int idx, void *arg) 265int DSA_set_ex_data(DSA *d, int idx, void *arg)
291 { 266 {
292 return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); 267 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
293 } 268 }
294 269
295void *RSA_get_ex_data(const RSA *r, int idx) 270void *DSA_get_ex_data(DSA *d, int idx)
296 { 271 {
297 return(CRYPTO_get_ex_data(&r->ex_data,idx)); 272 return(CRYPTO_get_ex_data(&d->ex_data,idx));
298 } 273 }
299 274
300int RSA_flags(const RSA *r) 275#ifndef OPENSSL_NO_DH
276DH *DSA_dup_DH(const DSA *r)
301 { 277 {
302 return((r == NULL)?0:r->meth->flags); 278 /* DSA has p, q, g, optional pub_key, optional priv_key.
303 } 279 * DH has p, optional length, g, optional pub_key, optional priv_key.
280 */
304 281
305int RSA_memory_lock(RSA *r) 282 DH *ret = NULL;
306 { 283
307 int i,j,k,off; 284 if (r == NULL)
308 char *p; 285 goto err;
309 BIGNUM *bn,**t[6],*b; 286 ret = DH_new();
310 BN_ULONG *ul; 287 if (ret == NULL)
311 288 goto err;
312 if (r->d == NULL) return(1); 289 if (r->p != NULL)
313 t[0]= &r->d; 290 if ((ret->p = BN_dup(r->p)) == NULL)
314 t[1]= &r->p; 291 goto err;
315 t[2]= &r->q; 292 if (r->q != NULL)
316 t[3]= &r->dmp1; 293 ret->length = BN_num_bits(r->q);
317 t[4]= &r->dmq1; 294 if (r->g != NULL)
318 t[5]= &r->iqmp; 295 if ((ret->g = BN_dup(r->g)) == NULL)
319 k=sizeof(BIGNUM)*6; 296 goto err;
320 off=k/sizeof(BN_ULONG)+1; 297 if (r->pub_key != NULL)
321 j=1; 298 if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
322 for (i=0; i<6; i++) 299 goto err;
323 j+= (*t[i])->top; 300 if (r->priv_key != NULL)
324 if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) 301 if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
325 { 302 goto err;
326 RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
327 return(0);
328 }
329 bn=(BIGNUM *)p;
330 ul=(BN_ULONG *)&(p[off]);
331 for (i=0; i<6; i++)
332 {
333 b= *(t[i]);
334 *(t[i])= &(bn[i]);
335 memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
336 bn[i].flags=BN_FLG_STATIC_DATA;
337 bn[i].d=ul;
338 memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
339 ul+=b->top;
340 BN_clear_free(b);
341 }
342
343 /* I should fix this so it can still be done */
344 r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
345 303
346 r->bignum_data=p; 304 return ret;
347 return(1); 305
306 err:
307 if (ret != NULL)
308 DH_free(ret);
309 return NULL;
348 } 310 }
311#endif
diff --git a/src/lib/libcrypto/dsa/dsa_locl.h b/src/lib/libcrypto/dsa/dsa_locl.h
new file mode 100644
index 0000000000..21e2e45242
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_locl.h
@@ -0,0 +1,60 @@
1/* ====================================================================
2 * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/dsa.h>
56
57int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
58 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
59 unsigned char *seed_out,
60 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
diff --git a/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index f8f3a39343..a3ddd7d281 100644
--- a/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -59,78 +59,84 @@
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h> 61#include <stdio.h>
62#include "cryptlib.h"
62#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/sha.h>
63#include <openssl/dsa.h> 65#include <openssl/dsa.h>
64#include <openssl/rand.h> 66#include <openssl/rand.h>
65#include <openssl/asn1.h> 67#include <openssl/asn1.h>
66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h>
68#endif
69#include <openssl/fips.h>
70 68
71#ifdef OPENSSL_FIPS 69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
72
73static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa);
74static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
75static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig, 71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
76 DSA *dsa); 72 DSA *dsa);
77static int dsa_init(DSA *dsa); 73static int dsa_init(DSA *dsa);
78static int dsa_finish(DSA *dsa); 74static int dsa_finish(DSA *dsa);
79static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, 75
80 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, 76static DSA_METHOD openssl_dsa_meth = {
81 BN_MONT_CTX *in_mont); 77"OpenSSL DSA method",
82static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
83 const BIGNUM *m, BN_CTX *ctx,
84 BN_MONT_CTX *m_ctx);
85
86static const DSA_METHOD openssl_dsa_meth = {
87"OpenSSL FIPS DSA method",
88dsa_do_sign, 78dsa_do_sign,
89dsa_sign_setup, 79dsa_sign_setup,
90dsa_do_verify, 80dsa_do_verify,
91dsa_mod_exp, 81NULL, /* dsa_mod_exp, */
92dsa_bn_mod_exp, 82NULL, /* dsa_bn_mod_exp, */
93dsa_init, 83dsa_init,
94dsa_finish, 84dsa_finish,
950, 850,
86NULL,
87NULL,
96NULL 88NULL
97}; 89};
98 90
99int FIPS_dsa_check(struct dsa_st *dsa) 91/* These macro wrappers replace attempts to use the dsa_mod_exp() and
100 { 92 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
101 if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign 93 * having a the macro work as an expression by bundling an "err_instr". So;
102 || dsa->meth->dsa_sign_setup != dsa_sign_setup 94 *
103 || dsa->meth->dsa_mod_exp != dsa_mod_exp 95 * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
104 || dsa->meth->bn_mod_exp != dsa_bn_mod_exp 96 * dsa->method_mont_p)) goto err;
105 || dsa->meth->init != dsa_init 97 *
106 || dsa->meth->finish != dsa_finish) 98 * can be replaced by;
107 { 99 *
108 FIPSerr(FIPS_F_FIPS_DSA_CHECK,FIPS_R_NON_FIPS_METHOD); 100 * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
109 return 0; 101 * dsa->method_mont_p);
110 } 102 */
111 return 1; 103
112 } 104#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
105 do { \
106 int _tmp_res53; \
107 if((dsa)->meth->dsa_mod_exp) \
108 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
109 (a2), (p2), (m), (ctx), (in_mont)); \
110 else \
111 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
112 (m), (ctx), (in_mont)); \
113 if(!_tmp_res53) err_instr; \
114 } while(0)
115#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
116 do { \
117 int _tmp_res53; \
118 if((dsa)->meth->bn_mod_exp) \
119 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
120 (m), (ctx), (m_ctx)); \
121 else \
122 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
123 if(!_tmp_res53) err_instr; \
124 } while(0)
113 125
114const DSA_METHOD *DSA_OpenSSL(void) 126const DSA_METHOD *DSA_OpenSSL(void)
115{ 127{
116 return &openssl_dsa_meth; 128 return &openssl_dsa_meth;
117} 129}
118 130
119static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa) 131static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
120 { 132 {
121 BIGNUM *kinv=NULL,*r=NULL,*s=NULL; 133 BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
122 BIGNUM m; 134 BIGNUM m;
123 BIGNUM xr; 135 BIGNUM xr;
124 BN_CTX *ctx=NULL; 136 BN_CTX *ctx=NULL;
125 int i,reason=ERR_R_BN_LIB; 137 int reason=ERR_R_BN_LIB;
126 DSA_SIG *ret=NULL; 138 DSA_SIG *ret=NULL;
127 139
128 if(FIPS_selftest_failed())
129 {
130 FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
131 return NULL;
132 }
133
134 BN_init(&m); 140 BN_init(&m);
135 BN_init(&xr); 141 BN_init(&xr);
136 142
@@ -142,26 +148,35 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
142 148
143 s=BN_new(); 149 s=BN_new();
144 if (s == NULL) goto err; 150 if (s == NULL) goto err;
145
146 i=BN_num_bytes(dsa->q); /* should be 20 */
147 if ((dlen > i) || (dlen > 50))
148 {
149 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
150 goto err;
151 }
152
153 ctx=BN_CTX_new(); 151 ctx=BN_CTX_new();
154 if (ctx == NULL) goto err; 152 if (ctx == NULL) goto err;
155 153
156 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; 154 if ((dsa->kinv == NULL) || (dsa->r == NULL))
155 {
156 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
157 }
158 else
159 {
160 kinv=dsa->kinv;
161 dsa->kinv=NULL;
162 r=dsa->r;
163 dsa->r=NULL;
164 }
157 165
158 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; 166
167 if (dlen > BN_num_bytes(dsa->q))
168 /* if the digest length is greater than the size of q use the
169 * BN_num_bits(dsa->q) leftmost bits of the digest, see
170 * fips 186-3, 4.2 */
171 dlen = BN_num_bytes(dsa->q);
172 if (BN_bin2bn(dgst,dlen,&m) == NULL)
173 goto err;
159 174
160 /* Compute s = inv(k) (m + xr) mod q */ 175 /* Compute s = inv(k) (m + xr) mod q */
161 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ 176 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
162 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ 177 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
163 if (BN_cmp(s,dsa->q) > 0) 178 if (BN_cmp(s,dsa->q) > 0)
164 BN_sub(s,s,dsa->q); 179 if (!BN_sub(s,s,dsa->q)) goto err;
165 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; 180 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
166 181
167 ret=DSA_SIG_new(); 182 ret=DSA_SIG_new();
@@ -214,12 +229,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
214 while (BN_is_zero(&k)); 229 while (BN_is_zero(&k));
215 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 230 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
216 { 231 {
217 BN_set_flags(&k, BN_FLG_EXP_CONSTTIME); 232 BN_set_flags(&k, BN_FLG_CONSTTIME);
218 } 233 }
219 234
220 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 235 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
221 { 236 {
222 if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, 237 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
223 CRYPTO_LOCK_DSA, 238 CRYPTO_LOCK_DSA,
224 dsa->p, ctx)) 239 dsa->p, ctx))
225 goto err; 240 goto err;
@@ -249,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
249 { 264 {
250 K = &k; 265 K = &k;
251 } 266 }
252 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx, 267 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
253 (BN_MONT_CTX *)dsa->method_mont_p)) goto err; 268 dsa->method_mont_p);
254 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 269 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
255 270
256 /* Compute part of 's = inv(k) (m + xr) mod q' */ 271 /* Compute part of 's = inv(k) (m + xr) mod q' */
@@ -266,48 +281,55 @@ err:
266 if (!ret) 281 if (!ret)
267 { 282 {
268 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); 283 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
269 if (kinv != NULL) BN_clear_free(kinv); 284 if (r != NULL)
270 if (r != NULL) BN_clear_free(r); 285 BN_clear_free(r);
271 } 286 }
272 if (ctx_in == NULL) BN_CTX_free(ctx); 287 if (ctx_in == NULL) BN_CTX_free(ctx);
273 if (kinv != NULL) BN_clear_free(kinv);
274 BN_clear_free(&k); 288 BN_clear_free(&k);
275 BN_clear_free(&kq); 289 BN_clear_free(&kq);
276 return(ret); 290 return(ret);
277 } 291 }
278 292
279static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig, 293static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
280 DSA *dsa) 294 DSA *dsa)
281 { 295 {
282 BN_CTX *ctx; 296 BN_CTX *ctx;
283 BIGNUM u1,u2,t1; 297 BIGNUM u1,u2,t1;
284 BN_MONT_CTX *mont=NULL; 298 BN_MONT_CTX *mont=NULL;
285 int ret = -1; 299 int ret = -1, i;
286
287 if (!dsa->p || !dsa->q || !dsa->g) 300 if (!dsa->p || !dsa->q || !dsa->g)
288 { 301 {
289 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); 302 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
290 return -1; 303 return -1;
291 } 304 }
292 305
293 if(FIPS_selftest_failed()) 306 i = BN_num_bits(dsa->q);
294 { 307 /* fips 186-3 allows only different sizes for q */
295 FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED); 308 if (i != 160 && i != 224 && i != 256)
296 return -1; 309 {
297 } 310 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
311 return -1;
312 }
298 313
314 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
315 {
316 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
317 return -1;
318 }
299 BN_init(&u1); 319 BN_init(&u1);
300 BN_init(&u2); 320 BN_init(&u2);
301 BN_init(&t1); 321 BN_init(&t1);
302 322
303 if ((ctx=BN_CTX_new()) == NULL) goto err; 323 if ((ctx=BN_CTX_new()) == NULL) goto err;
304 324
305 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) 325 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
326 BN_ucmp(sig->r, dsa->q) >= 0)
306 { 327 {
307 ret = 0; 328 ret = 0;
308 goto err; 329 goto err;
309 } 330 }
310 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) 331 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
332 BN_ucmp(sig->s, dsa->q) >= 0)
311 { 333 {
312 ret = 0; 334 ret = 0;
313 goto err; 335 goto err;
@@ -318,6 +340,11 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS
318 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 340 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
319 341
320 /* save M in u1 */ 342 /* save M in u1 */
343 if (dgst_len > (i >> 3))
344 /* if the digest length is greater than the size of q use the
345 * BN_num_bits(dsa->q) leftmost bits of the digest, see
346 * fips 186-3, 4.2 */
347 dgst_len = (i >> 3);
321 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; 348 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
322 349
323 /* u1 = M * w mod q */ 350 /* u1 = M * w mod q */
@@ -329,43 +356,25 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS
329 356
330 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 357 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
331 { 358 {
332 mont = BN_MONT_CTX_set_locked( 359 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
333 (BN_MONT_CTX **)&dsa->method_mont_p,
334 CRYPTO_LOCK_DSA, dsa->p, ctx); 360 CRYPTO_LOCK_DSA, dsa->p, ctx);
335 if (!mont) 361 if (!mont)
336 goto err; 362 goto err;
337 } 363 }
338 364
339#if 0 365
340 { 366 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
341 BIGNUM t2;
342
343 BN_init(&t2);
344 /* v = ( g^u1 * y^u2 mod p ) mod q */
345 /* let t1 = g ^ u1 mod p */
346 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
347 /* let t2 = y ^ u2 mod p */
348 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
349 /* let u1 = t1 * t2 mod p */
350 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
351 BN_free(&t2);
352 }
353 /* let u1 = u1 mod q */
354 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
355#else
356 {
357 if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
358 dsa->p,ctx,mont)) goto err;
359 /* BN_copy(&u1,&t1); */ 367 /* BN_copy(&u1,&t1); */
360 /* let u1 = u1 mod q */ 368 /* let u1 = u1 mod q */
361 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; 369 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
362 } 370
363#endif
364 /* V is now in u1. If the signature is correct, it will be 371 /* V is now in u1. If the signature is correct, it will be
365 * equal to R. */ 372 * equal to R. */
366 ret=(BN_ucmp(&u1, sig->r) == 0); 373 ret=(BN_ucmp(&u1, sig->r) == 0);
367 374
368 err: 375 err:
376 /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
377 there is no error in BN. Test should be ret == -1 (Ben) */
369 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); 378 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
370 if (ctx != NULL) BN_CTX_free(ctx); 379 if (ctx != NULL) BN_CTX_free(ctx);
371 BN_free(&u1); 380 BN_free(&u1);
@@ -383,26 +392,7 @@ static int dsa_init(DSA *dsa)
383static int dsa_finish(DSA *dsa) 392static int dsa_finish(DSA *dsa)
384{ 393{
385 if(dsa->method_mont_p) 394 if(dsa->method_mont_p)
386 BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); 395 BN_MONT_CTX_free(dsa->method_mont_p);
387 return(1); 396 return(1);
388} 397}
389 398
390static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
391 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
392 BN_MONT_CTX *in_mont)
393{
394 return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
395}
396
397static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
398 const BIGNUM *m, BN_CTX *ctx,
399 BN_MONT_CTX *m_ctx)
400{
401 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
402}
403
404#else /* ndef OPENSSL_FIPS */
405
406static void *dummy=&dummy;
407
408#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
new file mode 100644
index 0000000000..715d8d675b
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -0,0 +1,318 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2006.
3 */
4/* ====================================================================
5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include "cryptlib.h"
60#include <openssl/asn1t.h>
61#include <openssl/x509.h>
62#include <openssl/evp.h>
63#include <openssl/bn.h>
64#include "evp_locl.h"
65#include "dsa_locl.h"
66
67/* DSA pkey context structure */
68
69typedef struct
70 {
71 /* Parameter gen parameters */
72 int nbits; /* size of p in bits (default: 1024) */
73 int qbits; /* size of q in bits (default: 160) */
74 const EVP_MD *pmd; /* MD for parameter generation */
75 /* Keygen callback info */
76 int gentmp[2];
77 /* message digest */
78 const EVP_MD *md; /* MD for the signature */
79 } DSA_PKEY_CTX;
80
81static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
82 {
83 DSA_PKEY_CTX *dctx;
84 dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
85 if (!dctx)
86 return 0;
87 dctx->nbits = 1024;
88 dctx->qbits = 160;
89 dctx->pmd = NULL;
90 dctx->md = NULL;
91
92 ctx->data = dctx;
93 ctx->keygen_info = dctx->gentmp;
94 ctx->keygen_info_count = 2;
95
96 return 1;
97 }
98
99static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
100 {
101 DSA_PKEY_CTX *dctx, *sctx;
102 if (!pkey_dsa_init(dst))
103 return 0;
104 sctx = src->data;
105 dctx = dst->data;
106 dctx->nbits = sctx->nbits;
107 dctx->qbits = sctx->qbits;
108 dctx->pmd = sctx->pmd;
109 dctx->md = sctx->md;
110 return 1;
111 }
112
113static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
114 {
115 DSA_PKEY_CTX *dctx = ctx->data;
116 if (dctx)
117 OPENSSL_free(dctx);
118 }
119
120static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
121 const unsigned char *tbs, size_t tbslen)
122 {
123 int ret, type;
124 unsigned int sltmp;
125 DSA_PKEY_CTX *dctx = ctx->data;
126 DSA *dsa = ctx->pkey->pkey.dsa;
127
128 if (dctx->md)
129 type = EVP_MD_type(dctx->md);
130 else
131 type = NID_sha1;
132
133 ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
134
135 if (ret <= 0)
136 return ret;
137 *siglen = sltmp;
138 return 1;
139 }
140
141static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
142 const unsigned char *sig, size_t siglen,
143 const unsigned char *tbs, size_t tbslen)
144 {
145 int ret, type;
146 DSA_PKEY_CTX *dctx = ctx->data;
147 DSA *dsa = ctx->pkey->pkey.dsa;
148
149 if (dctx->md)
150 type = EVP_MD_type(dctx->md);
151 else
152 type = NID_sha1;
153
154 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
155
156 return ret;
157 }
158
159static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
160 {
161 DSA_PKEY_CTX *dctx = ctx->data;
162 switch (type)
163 {
164 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
165 if (p1 < 256)
166 return -2;
167 dctx->nbits = p1;
168 return 1;
169
170 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
171 if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
172 return -2;
173 dctx->qbits = p1;
174 return 1;
175
176 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
177 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
178 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
179 EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
180 {
181 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
182 return 0;
183 }
184 dctx->md = p2;
185 return 1;
186
187 case EVP_PKEY_CTRL_MD:
188 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
189 EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
190 EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
191 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
192 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
193 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
194 EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
195 {
196 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
197 return 0;
198 }
199 dctx->md = p2;
200 return 1;
201
202 case EVP_PKEY_CTRL_DIGESTINIT:
203 case EVP_PKEY_CTRL_PKCS7_SIGN:
204 case EVP_PKEY_CTRL_CMS_SIGN:
205 return 1;
206
207 case EVP_PKEY_CTRL_PEER_KEY:
208 DSAerr(DSA_F_PKEY_DSA_CTRL,
209 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
210 return -2;
211 default:
212 return -2;
213
214 }
215 }
216
217static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
218 const char *type, const char *value)
219 {
220 if (!strcmp(type, "dsa_paramgen_bits"))
221 {
222 int nbits;
223 nbits = atoi(value);
224 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
225 }
226 if (!strcmp(type, "dsa_paramgen_q_bits"))
227 {
228 int qbits = atoi(value);
229 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
230 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
231 }
232 if (!strcmp(type, "dsa_paramgen_md"))
233 {
234 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
235 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
236 (void *)EVP_get_digestbyname(value));
237 }
238 return -2;
239 }
240
241static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
242 {
243 DSA *dsa = NULL;
244 DSA_PKEY_CTX *dctx = ctx->data;
245 BN_GENCB *pcb, cb;
246 int ret;
247 if (ctx->pkey_gencb)
248 {
249 pcb = &cb;
250 evp_pkey_set_cb_translate(pcb, ctx);
251 }
252 else
253 pcb = NULL;
254 dsa = DSA_new();
255 if (!dsa)
256 return 0;
257 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
258 NULL, 0, NULL, NULL, NULL, pcb);
259 if (ret)
260 EVP_PKEY_assign_DSA(pkey, dsa);
261 else
262 DSA_free(dsa);
263 return ret;
264 }
265
266static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
267 {
268 DSA *dsa = NULL;
269 if (ctx->pkey == NULL)
270 {
271 DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
272 return 0;
273 }
274 dsa = DSA_new();
275 if (!dsa)
276 return 0;
277 EVP_PKEY_assign_DSA(pkey, dsa);
278 /* Note: if error return, pkey is freed by parent routine */
279 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
280 return 0;
281 return DSA_generate_key(pkey->pkey.dsa);
282 }
283
284const EVP_PKEY_METHOD dsa_pkey_meth =
285 {
286 EVP_PKEY_DSA,
287 EVP_PKEY_FLAG_AUTOARGLEN,
288 pkey_dsa_init,
289 pkey_dsa_copy,
290 pkey_dsa_cleanup,
291
292 0,
293 pkey_dsa_paramgen,
294
295 0,
296 pkey_dsa_keygen,
297
298 0,
299 pkey_dsa_sign,
300
301 0,
302 pkey_dsa_verify,
303
304 0,0,
305
306 0,0,0,0,
307
308 0,0,
309
310 0,0,
311
312 0,0,
313
314 pkey_dsa_ctrl,
315 pkey_dsa_ctrl_str
316
317
318 };
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_lib.c b/src/lib/libcrypto/dsa/dsa_prn.c
index a37ad3e540..6f29f5e240 100644
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_prn.c
@@ -1,9 +1,9 @@
1/* fips_rsa_sign.c */ 1/* crypto/dsa/dsa_prn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2007. 3 * project 2006.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2007 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -56,46 +56,66 @@
56 * 56 *
57 */ 57 */
58 58
59#include <string.h> 59#include <stdio.h>
60#include "cryptlib.h"
60#include <openssl/evp.h> 61#include <openssl/evp.h>
61#include <openssl/rsa.h> 62#include <openssl/dsa.h>
62#include <openssl/bn.h>
63#include <openssl/err.h>
64 63
65/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to 64#ifndef OPENSSL_NO_FP_API
66 * reduce external dependencies. 65int DSA_print_fp(FILE *fp, const DSA *x, int off)
67 */ 66 {
67 BIO *b;
68 int ret;
68 69
69RSA *FIPS_rsa_new(void) 70 if ((b=BIO_new(BIO_s_file())) == NULL)
71 {
72 DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
73 return(0);
74 }
75 BIO_set_fp(b,fp,BIO_NOCLOSE);
76 ret=DSA_print(b,x,off);
77 BIO_free(b);
78 return(ret);
79 }
80
81int DSAparams_print_fp(FILE *fp, const DSA *x)
70 { 82 {
71 RSA *ret; 83 BIO *b;
72 ret = OPENSSL_malloc(sizeof(RSA)); 84 int ret;
73 if (!ret) 85
74 return NULL; 86 if ((b=BIO_new(BIO_s_file())) == NULL)
75 memset(ret, 0, sizeof(RSA)); 87 {
76 ret->meth = RSA_PKCS1_SSLeay(); 88 DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
77 if (ret->meth->init) 89 return(0);
78 ret->meth->init(ret); 90 }
91 BIO_set_fp(b,fp,BIO_NOCLOSE);
92 ret=DSAparams_print(b, x);
93 BIO_free(b);
94 return(ret);
95 }
96#endif
97
98int DSA_print(BIO *bp, const DSA *x, int off)
99 {
100 EVP_PKEY *pk;
101 int ret;
102 pk = EVP_PKEY_new();
103 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
104 return 0;
105 ret = EVP_PKEY_print_private(bp, pk, off, NULL);
106 EVP_PKEY_free(pk);
79 return ret; 107 return ret;
80 } 108 }
81 109
82void FIPS_rsa_free(RSA *r) 110int DSAparams_print(BIO *bp, const DSA *x)
83 { 111 {
84 if (!r) 112 EVP_PKEY *pk;
85 return; 113 int ret;
86 if (r->meth->finish) 114 pk = EVP_PKEY_new();
87 r->meth->finish(r); 115 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
88 if (r->n != NULL) BN_clear_free(r->n); 116 return 0;
89 if (r->e != NULL) BN_clear_free(r->e); 117 ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
90 if (r->d != NULL) BN_clear_free(r->d); 118 EVP_PKEY_free(pk);
91 if (r->p != NULL) BN_clear_free(r->p); 119 return ret;
92 if (r->q != NULL) BN_clear_free(r->q);
93 if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
94 if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
95 if (r->iqmp != NULL) BN_clear_free(r->iqmp);
96 if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
97 if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
98 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
99 OPENSSL_free(r);
100 } 120 }
101 121
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..17555e5892
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -0,0 +1,90 @@
1/* crypto/dsa/dsa_sign.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include "cryptlib.h"
62#include <openssl/dsa.h>
63#include <openssl/rand.h>
64
65DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
66 {
67 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
68 }
69
70int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
71 unsigned int *siglen, DSA *dsa)
72 {
73 DSA_SIG *s;
74 RAND_seed(dgst, dlen);
75 s=DSA_do_sign(dgst,dlen,dsa);
76 if (s == NULL)
77 {
78 *siglen=0;
79 return(0);
80 }
81 *siglen=i2d_DSA_SIG(s,&sig);
82 DSA_SIG_free(s);
83 return(1);
84 }
85
86int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
87 {
88 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
89 }
90
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..226a75ff3f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -0,0 +1,89 @@
1/* crypto/dsa/dsa_vrf.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include "cryptlib.h"
62#include <openssl/dsa.h>
63
64int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
65 DSA *dsa)
66 {
67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
68 }
69
70/* data has already been hashed (probably with SHA or SHA-1). */
71/* returns
72 * 1: correct signature
73 * 0: incorrect signature
74 * -1: error
75 */
76int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
77 const unsigned char *sigbuf, int siglen, DSA *dsa)
78 {
79 DSA_SIG *s;
80 int ret=-1;
81
82 s = DSA_SIG_new();
83 if (s == NULL) return(ret);
84 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
85 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
86err:
87 DSA_SIG_free(s);
88 return(ret);
89 }
diff --git a/src/lib/libcrypto/dsa/dsa_utl.c b/src/lib/libcrypto/evp/c_all.c
index 24c021d120..766c4cecdf 100644
--- a/src/lib/libcrypto/dsa/dsa_utl.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -1,4 +1,4 @@
1/* crypto/dsa/dsa_lib.c */ 1/* crypto/evp/c_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,40 +56,35 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h> 59#include <stdio.h>
62#include "cryptlib.h" 60#include "cryptlib.h"
63#include <openssl/bn.h> 61#include <openssl/evp.h>
64#include <openssl/dsa.h>
65#include <openssl/asn1.h>
66#ifndef OPENSSL_NO_ENGINE 62#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h> 63#include <openssl/engine.h>
68#endif 64#endif
69#ifndef OPENSSL_NO_DH
70#include <openssl/dh.h>
71#endif
72 65
73DSA_SIG *DSA_SIG_new(void) 66#if 0
67#undef OpenSSL_add_all_algorithms
68
69void OpenSSL_add_all_algorithms(void)
74 { 70 {
75 DSA_SIG *sig; 71 OPENSSL_add_all_algorithms_noconf();
76 sig = OPENSSL_malloc(sizeof(DSA_SIG));
77 if (!sig)
78 return NULL;
79 sig->r = NULL;
80 sig->s = NULL;
81 return sig;
82 } 72 }
73#endif
83 74
84void DSA_SIG_free(DSA_SIG *sig) 75void OPENSSL_add_all_algorithms_noconf(void)
85 { 76 {
86 if (sig) 77 /*
87 { 78 * For the moment OPENSSL_cpuid_setup does something
88 if (sig->r) 79 * only on IA-32, but we reserve the option for all
89 BN_free(sig->r); 80 * platforms...
90 if (sig->s) 81 */
91 BN_free(sig->s); 82 OPENSSL_cpuid_setup();
92 OPENSSL_free(sig); 83 OpenSSL_add_all_ciphers();
93 } 84 OpenSSL_add_all_digests();
85#ifndef OPENSSL_NO_ENGINE
86# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
87 ENGINE_setup_bsd_cryptodev();
88# endif
89#endif
94 } 90 }
95
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-20 18:25:54 +0000