summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/Makefile169
-rw-r--r--src/lib/libcrypto/dsa/README4
-rw-r--r--src/lib/libcrypto/dsa/dsa.h285
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c140
-rw-r--r--src/lib/libcrypto/dsa/dsa_depr.c106
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c111
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c322
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c128
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c311
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c393
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c92
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c94
-rw-r--r--src/lib/libcrypto/dsa/dsagen.c111
-rw-r--r--src/lib/libcrypto/dsa/dsatest.c260
-rw-r--r--src/lib/libcrypto/dsa/fips186a.txt122
15 files changed, 2648 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
new file mode 100644
index 0000000000..5493f19e85
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -0,0 +1,169 @@
1#
2# OpenSSL/crypto/dsa/Makefile
3#
4
5DIR= dsa
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10MAKEFILE= Makefile
11AR= ar r
12
13CFLAGS= $(INCLUDES) $(CFLAG)
14
15GENERAL=Makefile
16TEST=dsatest.c
17APPS=
18
19LIB=$(TOP)/libcrypto.a
20LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
21 dsa_err.c dsa_ossl.c dsa_depr.c
22LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
23 dsa_err.o dsa_ossl.o dsa_depr.o
24
25SRC= $(LIBSRC)
26
27EXHEADER= dsa.h
28HEADER= $(EXHEADER)
29
30ALL= $(GENERAL) $(SRC) $(HEADER)
31
32top:
33 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
34
35all: lib
36
37lib: $(LIBOBJ)
38 $(AR) $(LIB) $(LIBOBJ)
39 $(RANLIB) $(LIB) || echo Never mind.
40 @touch lib
41
42files:
43 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
44
45links:
46 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
47 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
48 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
49
50install:
51 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
52 @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
53 do \
54 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
55 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
56 done;
57
58tags:
59 ctags $(SRC)
60
61tests:
62
63lint:
64 lint -DLINT $(INCLUDES) $(SRC)>fluff
65
66depend:
67 @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
68 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
69
70dclean:
71 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
72 mv -f Makefile.new $(MAKEFILE)
73
74clean:
75 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
76
77# DO NOT DELETE THIS LINE -- make depend depends on it.
78
79dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
80dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
81dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
82dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
83dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
84dsa_asn1.o: ../../include/openssl/opensslconf.h
85dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
86dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
87dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
88dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
89dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
90dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
91dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
92dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
93dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
94dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
95dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
96dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
97dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
98dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c
99dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
100dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
101dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
102dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
103dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
104dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
105dsa_err.o: dsa_err.c
106dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
107dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
108dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
109dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
110dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
111dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
112dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
113dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
114dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
115dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
116dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c
117dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
118dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
119dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
120dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
121dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
122dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
123dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
124dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c
125dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
126dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
127dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
128dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
129dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
130dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
131dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
132dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
133dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
134dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
135dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
136dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
137dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
138dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
139dsa_lib.o: ../cryptlib.h dsa_lib.c
140dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
141dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
142dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
143dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
144dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
145dsa_ossl.o: ../../include/openssl/opensslconf.h
146dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
147dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
148dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
149dsa_ossl.o: ../cryptlib.h dsa_ossl.c
150dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
151dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
152dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
153dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
154dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
155dsa_sign.o: ../../include/openssl/opensslconf.h
156dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
157dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
158dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
159dsa_sign.o: ../cryptlib.h dsa_sign.c
160dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
161dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
162dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
163dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
164dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
165dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
166dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
167dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
168dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
169dsa_vrf.o: ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README
new file mode 100644
index 0000000000..6a7e9c170a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/README
@@ -0,0 +1,4 @@
1The stuff in here is based on patches supplied to me by
2Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
3I have since modified a them a little but a debt of gratitude
4is due for doing the initial work.
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
new file mode 100644
index 0000000000..3a8fe5b56b
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -0,0 +1,285 @@
1/* crypto/dsa/dsa.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/*
60 * The DSS routines are based on patches supplied by
61 * Steven Schoch <schoch@sheba.arc.nasa.gov>. He basically did the
62 * work and I have just tweaked them a little to fit into my
63 * stylistic vision for SSLeay :-) */
64
65#ifndef HEADER_DSA_H
66#define HEADER_DSA_H
67
68#include <openssl/e_os2.h>
69
70#ifdef OPENSSL_NO_DSA
71#error DSA is disabled.
72#endif
73
74#ifndef OPENSSL_NO_BIO
75#include <openssl/bio.h>
76#endif
77#include <openssl/crypto.h>
78#include <openssl/ossl_typ.h>
79
80#ifndef OPENSSL_NO_DEPRECATED
81#include <openssl/bn.h>
82#ifndef OPENSSL_NO_DH
83# include <openssl/dh.h>
84#endif
85#endif
86
87#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
89#endif
90
91#define DSA_FLAG_CACHE_MONT_P 0x01
92#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
93 * implementation now uses constant time
94 * modular exponentiation for secret exponents
95 * by default. This flag causes the
96 * faster variable sliding window method to
97 * be used for all exponents.
98 */
99
100#ifdef __cplusplus
101extern "C" {
102#endif
103
104/* Already defined in ossl_typ.h */
105/* typedef struct dsa_st DSA; */
106/* typedef struct dsa_method DSA_METHOD; */
107
108typedef struct DSA_SIG_st
109 {
110 BIGNUM *r;
111 BIGNUM *s;
112 } DSA_SIG;
113
114struct dsa_method
115 {
116 const char *name;
117 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
118 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
119 BIGNUM **rp);
120 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
121 DSA_SIG *sig, DSA *dsa);
122 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
123 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
124 BN_MONT_CTX *in_mont);
125 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
126 const BIGNUM *m, BN_CTX *ctx,
127 BN_MONT_CTX *m_ctx); /* Can be null */
128 int (*init)(DSA *dsa);
129 int (*finish)(DSA *dsa);
130 int flags;
131 char *app_data;
132 /* If this is non-NULL, it is used to generate DSA parameters */
133 int (*dsa_paramgen)(DSA *dsa, int bits,
134 unsigned char *seed, int seed_len,
135 int *counter_ret, unsigned long *h_ret,
136 BN_GENCB *cb);
137 /* If this is non-NULL, it is used to generate DSA keys */
138 int (*dsa_keygen)(DSA *dsa);
139 };
140
141struct dsa_st
142 {
143 /* This first variable is used to pick up errors where
144 * a DSA is passed instead of of a EVP_PKEY */
145 int pad;
146 long version;
147 int write_params;
148 BIGNUM *p;
149 BIGNUM *q; /* == 20 */
150 BIGNUM *g;
151
152 BIGNUM *pub_key; /* y public key */
153 BIGNUM *priv_key; /* x private key */
154
155 BIGNUM *kinv; /* Signing pre-calc */
156 BIGNUM *r; /* Signing pre-calc */
157
158 int flags;
159 /* Normally used to cache montgomery values */
160 BN_MONT_CTX *method_mont_p;
161 int references;
162 CRYPTO_EX_DATA ex_data;
163 const DSA_METHOD *meth;
164 /* functional reference if 'meth' is ENGINE-provided */
165 ENGINE *engine;
166 };
167
168#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
169#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
170 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
171#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
172 (unsigned char *)(x))
173#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
174#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
175
176
177DSA_SIG * DSA_SIG_new(void);
178void DSA_SIG_free(DSA_SIG *a);
179int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
180DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
181
182DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
183int DSA_do_verify(const unsigned char *dgst,int dgst_len,
184 DSA_SIG *sig,DSA *dsa);
185
186const DSA_METHOD *DSA_OpenSSL(void);
187
188void DSA_set_default_method(const DSA_METHOD *);
189const DSA_METHOD *DSA_get_default_method(void);
190int DSA_set_method(DSA *dsa, const DSA_METHOD *);
191
192DSA * DSA_new(void);
193DSA * DSA_new_method(ENGINE *engine);
194void DSA_free (DSA *r);
195/* "up" the DSA object's reference count */
196int DSA_up_ref(DSA *r);
197int DSA_size(const DSA *);
198 /* next 4 return -1 on error */
199int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
200int DSA_sign(int type,const unsigned char *dgst,int dlen,
201 unsigned char *sig, unsigned int *siglen, DSA *dsa);
202int DSA_verify(int type,const unsigned char *dgst,int dgst_len,
203 const unsigned char *sigbuf, int siglen, DSA *dsa);
204int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
205 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
206int DSA_set_ex_data(DSA *d, int idx, void *arg);
207void *DSA_get_ex_data(DSA *d, int idx);
208
209DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
210DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
211DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
212
213/* Deprecated version */
214#ifndef OPENSSL_NO_DEPRECATED
215DSA * DSA_generate_parameters(int bits,
216 unsigned char *seed,int seed_len,
217 int *counter_ret, unsigned long *h_ret,void
218 (*callback)(int, int, void *),void *cb_arg);
219#endif /* !defined(OPENSSL_NO_DEPRECATED) */
220
221/* New version */
222int DSA_generate_parameters_ex(DSA *dsa, int bits,
223 unsigned char *seed,int seed_len,
224 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
225
226int DSA_generate_key(DSA *a);
227int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
228int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
229int i2d_DSAparams(const DSA *a,unsigned char **pp);
230
231#ifndef OPENSSL_NO_BIO
232int DSAparams_print(BIO *bp, const DSA *x);
233int DSA_print(BIO *bp, const DSA *x, int off);
234#endif
235#ifndef OPENSSL_NO_FP_API
236int DSAparams_print_fp(FILE *fp, const DSA *x);
237int DSA_print_fp(FILE *bp, const DSA *x, int off);
238#endif
239
240#define DSS_prime_checks 50
241/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
242 * 50 rounds of Rabin-Miller */
243#define DSA_is_prime(n, callback, cb_arg) \
244 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
245
246#ifndef OPENSSL_NO_DH
247/* Convert DSA structure (key or just parameters) into DH structure
248 * (be careful to avoid small subgroup attacks when using this!) */
249DH *DSA_dup_DH(const DSA *r);
250#endif
251
252/* BEGIN ERROR CODES */
253/* The following lines are auto generated by the script mkerr.pl. Any changes
254 * made after this point may be overwritten when the script is next run.
255 */
256void ERR_load_DSA_strings(void);
257
258/* Error codes for the DSA functions. */
259
260/* Function codes. */
261#define DSA_F_D2I_DSA_SIG 110
262#define DSA_F_DSAPARAMS_PRINT 100
263#define DSA_F_DSAPARAMS_PRINT_FP 101
264#define DSA_F_DSA_DO_SIGN 112
265#define DSA_F_DSA_DO_VERIFY 113
266#define DSA_F_DSA_NEW_METHOD 103
267#define DSA_F_DSA_PRINT 104
268#define DSA_F_DSA_PRINT_FP 105
269#define DSA_F_DSA_SIGN 106
270#define DSA_F_DSA_SIGN_SETUP 107
271#define DSA_F_DSA_SIG_NEW 109
272#define DSA_F_DSA_VERIFY 108
273#define DSA_F_I2D_DSA_SIG 111
274#define DSA_F_SIG_CB 114
275
276/* Reason codes. */
277#define DSA_R_BAD_Q_VALUE 102
278#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
279#define DSA_R_MISSING_PARAMETERS 101
280#define DSA_R_MODULUS_TOO_LARGE 103
281
282#ifdef __cplusplus
283}
284#endif
285#endif
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000000..23fce555aa
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -0,0 +1,140 @@
1/* dsa_asn1.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/dsa.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64
65/* Override the default new methods */
66static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
67{
68 if(operation == ASN1_OP_NEW_PRE) {
69 DSA_SIG *sig;
70 sig = OPENSSL_malloc(sizeof(DSA_SIG));
71 sig->r = NULL;
72 sig->s = NULL;
73 *pval = (ASN1_VALUE *)sig;
74 if(sig) return 2;
75 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
76 return 0;
77 }
78 return 1;
79}
80
81ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
82 ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
83 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
84} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
85
86IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
87
88/* Override the default free and new methods */
89static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
90{
91 if(operation == ASN1_OP_NEW_PRE) {
92 *pval = (ASN1_VALUE *)DSA_new();
93 if(*pval) return 2;
94 return 0;
95 } else if(operation == ASN1_OP_FREE_PRE) {
96 DSA_free((DSA *)*pval);
97 *pval = NULL;
98 return 2;
99 }
100 return 1;
101}
102
103ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
104 ASN1_SIMPLE(DSA, version, LONG),
105 ASN1_SIMPLE(DSA, p, BIGNUM),
106 ASN1_SIMPLE(DSA, q, BIGNUM),
107 ASN1_SIMPLE(DSA, g, BIGNUM),
108 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
109 ASN1_SIMPLE(DSA, priv_key, BIGNUM)
110} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
111
112IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
113
114ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
115 ASN1_SIMPLE(DSA, p, BIGNUM),
116 ASN1_SIMPLE(DSA, q, BIGNUM),
117 ASN1_SIMPLE(DSA, g, BIGNUM),
118} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
119
120IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
121
122/* DSA public key is a bit trickier... its effectively a CHOICE type
123 * decided by a field called write_params which can either write out
124 * just the public key as an INTEGER or the parameters and public key
125 * in a SEQUENCE
126 */
127
128ASN1_SEQUENCE(dsa_pub_internal) = {
129 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
130 ASN1_SIMPLE(DSA, p, BIGNUM),
131 ASN1_SIMPLE(DSA, q, BIGNUM),
132 ASN1_SIMPLE(DSA, g, BIGNUM)
133} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
134
135ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
136 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
137 ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
138} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
139
140IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c
new file mode 100644
index 0000000000..f2da680eb4
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_depr.c
@@ -0,0 +1,106 @@
1/* crypto/dsa/dsa_depr.c */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* This file contains deprecated function(s) that are now wrappers to the new
57 * version(s). */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72static void *dummy=&dummy;
73
74#ifndef OPENSSL_NO_SHA
75
76#include <stdio.h>
77#include <time.h>
78#include "cryptlib.h"
79#include <openssl/evp.h>
80#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h>
83#include <openssl/sha.h>
84
85#ifndef OPENSSL_NO_DEPRECATED
86DSA *DSA_generate_parameters(int bits,
87 unsigned char *seed_in, int seed_len,
88 int *counter_ret, unsigned long *h_ret,
89 void (*callback)(int, int, void *),
90 void *cb_arg)
91 {
92 BN_GENCB cb;
93 DSA *ret;
94
95 if ((ret=DSA_new()) == NULL) return NULL;
96
97 BN_GENCB_set_old(&cb, callback, cb_arg);
98
99 if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
100 counter_ret, h_ret, &cb))
101 return ret;
102 DSA_free(ret);
103 return NULL;
104 }
105#endif
106#endif
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..768711994b
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -0,0 +1,111 @@
1/* crypto/dsa/dsa_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/dsa.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
70
71static ERR_STRING_DATA DSA_str_functs[]=
72 {
73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
74{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
76{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
77{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
78{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
79{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
80{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
81{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
82{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
83{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
84{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
85{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
86{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
87{0,NULL}
88 };
89
90static ERR_STRING_DATA DSA_str_reasons[]=
91 {
92{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
93{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
94{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
95{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
96{0,NULL}
97 };
98
99#endif
100
101void ERR_load_DSA_strings(void)
102 {
103#ifndef OPENSSL_NO_ERR
104
105 if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
106 {
107 ERR_load_strings(0,DSA_str_functs);
108 ERR_load_strings(0,DSA_str_reasons);
109 }
110#endif
111 }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000..ca0b86a6cf
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -0,0 +1,322 @@
1/* crypto/dsa/dsa_gen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
73
74#ifndef OPENSSL_NO_SHA
75
76#include <stdio.h>
77#include <time.h>
78#include "cryptlib.h"
79#include <openssl/evp.h>
80#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h>
83#include <openssl/sha.h>
84
85static int dsa_builtin_paramgen(DSA *ret, int bits,
86 unsigned char *seed_in, int seed_len,
87 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
88
89int DSA_generate_parameters_ex(DSA *ret, int bits,
90 unsigned char *seed_in, int seed_len,
91 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
92 {
93 if(ret->meth->dsa_paramgen)
94 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
95 counter_ret, h_ret, cb);
96 return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
97 counter_ret, h_ret, cb);
98 }
99
100static int dsa_builtin_paramgen(DSA *ret, int bits,
101 unsigned char *seed_in, int seed_len,
102 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
103 {
104 int ok=0;
105 unsigned char seed[SHA_DIGEST_LENGTH];
106 unsigned char md[SHA_DIGEST_LENGTH];
107 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
108 BIGNUM *r0,*W,*X,*c,*test;
109 BIGNUM *g=NULL,*q=NULL,*p=NULL;
110 BN_MONT_CTX *mont=NULL;
111 int k,n=0,i,b,m=0;
112 int counter=0;
113 int r=0;
114 BN_CTX *ctx=NULL;
115 unsigned int h=2;
116
117 if (bits < 512) bits=512;
118 bits=(bits+63)/64*64;
119
120 /* NB: seed_len == 0 is special case: copy generated seed to
121 * seed_in if it is not NULL.
122 */
123 if (seed_len && (seed_len < 20))
124 seed_in = NULL; /* seed buffer too small -- ignore */
125 if (seed_len > 20)
126 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
127 * but our internal buffers are restricted to 160 bits*/
128 if ((seed_in != NULL) && (seed_len == 20))
129 {
130 memcpy(seed,seed_in,seed_len);
131 /* set seed_in to NULL to avoid it being copied back */
132 seed_in = NULL;
133 }
134
135 if ((ctx=BN_CTX_new()) == NULL) goto err;
136
137 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
138
139 BN_CTX_start(ctx);
140 r0 = BN_CTX_get(ctx);
141 g = BN_CTX_get(ctx);
142 W = BN_CTX_get(ctx);
143 q = BN_CTX_get(ctx);
144 X = BN_CTX_get(ctx);
145 c = BN_CTX_get(ctx);
146 p = BN_CTX_get(ctx);
147 test = BN_CTX_get(ctx);
148
149 if (!BN_lshift(test,BN_value_one(),bits-1))
150 goto err;
151
152 for (;;)
153 {
154 for (;;) /* find q */
155 {
156 int seed_is_random;
157
158 /* step 1 */
159 if(!BN_GENCB_call(cb, 0, m++))
160 goto err;
161
162 if (!seed_len)
163 {
164 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
165 seed_is_random = 1;
166 }
167 else
168 {
169 seed_is_random = 0;
170 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
171 }
172 memcpy(buf,seed,SHA_DIGEST_LENGTH);
173 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
174 /* precompute "SEED + 1" for step 7: */
175 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
176 {
177 buf[i]++;
178 if (buf[i] != 0) break;
179 }
180
181 /* step 2 */
182 EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
183 EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
184 for (i=0; i<SHA_DIGEST_LENGTH; i++)
185 md[i]^=buf2[i];
186
187 /* step 3 */
188 md[0]|=0x80;
189 md[SHA_DIGEST_LENGTH-1]|=0x01;
190 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
191
192 /* step 4 */
193 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
194 seed_is_random, cb);
195 if (r > 0)
196 break;
197 if (r != 0)
198 goto err;
199
200 /* do a callback call */
201 /* step 5 */
202 }
203
204 if(!BN_GENCB_call(cb, 2, 0)) goto err;
205 if(!BN_GENCB_call(cb, 3, 0)) goto err;
206
207 /* step 6 */
208 counter=0;
209 /* "offset = 2" */
210
211 n=(bits-1)/160;
212 b=(bits-1)-n*160;
213
214 for (;;)
215 {
216 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
217 goto err;
218
219 /* step 7 */
220 BN_zero(W);
221 /* now 'buf' contains "SEED + offset - 1" */
222 for (k=0; k<=n; k++)
223 {
224 /* obtain "SEED + offset + k" by incrementing: */
225 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
226 {
227 buf[i]++;
228 if (buf[i] != 0) break;
229 }
230
231 EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
232
233 /* step 8 */
234 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
235 goto err;
236 if (!BN_lshift(r0,r0,160*k)) goto err;
237 if (!BN_add(W,W,r0)) goto err;
238 }
239
240 /* more of step 8 */
241 if (!BN_mask_bits(W,bits-1)) goto err;
242 if (!BN_copy(X,W)) goto err;
243 if (!BN_add(X,X,test)) goto err;
244
245 /* step 9 */
246 if (!BN_lshift1(r0,q)) goto err;
247 if (!BN_mod(c,X,r0,ctx)) goto err;
248 if (!BN_sub(r0,c,BN_value_one())) goto err;
249 if (!BN_sub(p,X,r0)) goto err;
250
251 /* step 10 */
252 if (BN_cmp(p,test) >= 0)
253 {
254 /* step 11 */
255 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
256 ctx, 1, cb);
257 if (r > 0)
258 goto end; /* found it */
259 if (r != 0)
260 goto err;
261 }
262
263 /* step 13 */
264 counter++;
265 /* "offset = offset + n + 1" */
266
267 /* step 14 */
268 if (counter >= 4096) break;
269 }
270 }
271end:
272 if(!BN_GENCB_call(cb, 2, 1))
273 goto err;
274
275 /* We now need to generate g */
276 /* Set r0=(p-1)/q */
277 if (!BN_sub(test,p,BN_value_one())) goto err;
278 if (!BN_div(r0,NULL,test,q,ctx)) goto err;
279
280 if (!BN_set_word(test,h)) goto err;
281 if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
282
283 for (;;)
284 {
285 /* g=test^r0%p */
286 if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
287 if (!BN_is_one(g)) break;
288 if (!BN_add(test,test,BN_value_one())) goto err;
289 h++;
290 }
291
292 if(!BN_GENCB_call(cb, 3, 1))
293 goto err;
294
295 ok=1;
296err:
297 if (ok)
298 {
299 if(ret->p) BN_free(ret->p);
300 if(ret->q) BN_free(ret->q);
301 if(ret->g) BN_free(ret->g);
302 ret->p=BN_dup(p);
303 ret->q=BN_dup(q);
304 ret->g=BN_dup(g);
305 if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
306 {
307 ok=0;
308 goto err;
309 }
310 if (seed_in != NULL) memcpy(seed_in,seed,20);
311 if (counter_ret != NULL) *counter_ret=counter;
312 if (h_ret != NULL) *h_ret=h;
313 }
314 if(ctx)
315 {
316 BN_CTX_end(ctx);
317 BN_CTX_free(ctx);
318 }
319 if (mont != NULL) BN_MONT_CTX_free(mont);
320 return ok;
321 }
322#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
new file mode 100644
index 0000000000..c4aa86bc6d
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -0,0 +1,128 @@
1/* crypto/dsa/dsa_key.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include "cryptlib.h"
62#ifndef OPENSSL_NO_SHA
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66
67static int dsa_builtin_keygen(DSA *dsa);
68
69int DSA_generate_key(DSA *dsa)
70 {
71 if(dsa->meth->dsa_keygen)
72 return dsa->meth->dsa_keygen(dsa);
73 return dsa_builtin_keygen(dsa);
74 }
75
76static int dsa_builtin_keygen(DSA *dsa)
77 {
78 int ok=0;
79 BN_CTX *ctx=NULL;
80 BIGNUM *pub_key=NULL,*priv_key=NULL;
81
82 if ((ctx=BN_CTX_new()) == NULL) goto err;
83
84 if (dsa->priv_key == NULL)
85 {
86 if ((priv_key=BN_new()) == NULL) goto err;
87 }
88 else
89 priv_key=dsa->priv_key;
90
91 do
92 if (!BN_rand_range(priv_key,dsa->q)) goto err;
93 while (BN_is_zero(priv_key));
94
95 if (dsa->pub_key == NULL)
96 {
97 if ((pub_key=BN_new()) == NULL) goto err;
98 }
99 else
100 pub_key=dsa->pub_key;
101
102 {
103 BIGNUM local_prk;
104 BIGNUM *prk;
105
106 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
107 {
108 BN_init(&local_prk);
109 prk = &local_prk;
110 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
111 }
112 else
113 prk = priv_key;
114
115 if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
116 }
117
118 dsa->priv_key=priv_key;
119 dsa->pub_key=pub_key;
120 ok=1;
121
122err:
123 if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
124 if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
125 if (ctx != NULL) BN_CTX_free(ctx);
126 return(ok);
127 }
128#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000..e9b75902db
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -0,0 +1,311 @@
1/* crypto/dsa/dsa_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/asn1.h>
66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h>
68#endif
69#ifndef OPENSSL_NO_DH
70#include <openssl/dh.h>
71#endif
72
73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
74
75static const DSA_METHOD *default_DSA_method = NULL;
76
77void DSA_set_default_method(const DSA_METHOD *meth)
78 {
79 default_DSA_method = meth;
80 }
81
82const DSA_METHOD *DSA_get_default_method(void)
83 {
84 if(!default_DSA_method)
85 default_DSA_method = DSA_OpenSSL();
86 return default_DSA_method;
87 }
88
89DSA *DSA_new(void)
90 {
91 return DSA_new_method(NULL);
92 }
93
94int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
95 {
96 /* NB: The caller is specifically setting a method, so it's not up to us
97 * to deal with which ENGINE it comes from. */
98 const DSA_METHOD *mtmp;
99 mtmp = dsa->meth;
100 if (mtmp->finish) mtmp->finish(dsa);
101#ifndef OPENSSL_NO_ENGINE
102 if (dsa->engine)
103 {
104 ENGINE_finish(dsa->engine);
105 dsa->engine = NULL;
106 }
107#endif
108 dsa->meth = meth;
109 if (meth->init) meth->init(dsa);
110 return 1;
111 }
112
113DSA *DSA_new_method(ENGINE *engine)
114 {
115 DSA *ret;
116
117 ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
118 if (ret == NULL)
119 {
120 DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
121 return(NULL);
122 }
123 ret->meth = DSA_get_default_method();
124#ifndef OPENSSL_NO_ENGINE
125 if (engine)
126 {
127 if (!ENGINE_init(engine))
128 {
129 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
130 OPENSSL_free(ret);
131 return NULL;
132 }
133 ret->engine = engine;
134 }
135 else
136 ret->engine = ENGINE_get_default_DSA();
137 if(ret->engine)
138 {
139 ret->meth = ENGINE_get_DSA(ret->engine);
140 if(!ret->meth)
141 {
142 DSAerr(DSA_F_DSA_NEW_METHOD,
143 ERR_R_ENGINE_LIB);
144 ENGINE_finish(ret->engine);
145 OPENSSL_free(ret);
146 return NULL;
147 }
148 }
149#endif
150
151 ret->pad=0;
152 ret->version=0;
153 ret->write_params=1;
154 ret->p=NULL;
155 ret->q=NULL;
156 ret->g=NULL;
157
158 ret->pub_key=NULL;
159 ret->priv_key=NULL;
160
161 ret->kinv=NULL;
162 ret->r=NULL;
163 ret->method_mont_p=NULL;
164
165 ret->references=1;
166 ret->flags=ret->meth->flags;
167 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
168 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
169 {
170#ifndef OPENSSL_NO_ENGINE
171 if (ret->engine)
172 ENGINE_finish(ret->engine);
173#endif
174 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
175 OPENSSL_free(ret);
176 ret=NULL;
177 }
178
179 return(ret);
180 }
181
182void DSA_free(DSA *r)
183 {
184 int i;
185
186 if (r == NULL) return;
187
188 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
189#ifdef REF_PRINT
190 REF_PRINT("DSA",r);
191#endif
192 if (i > 0) return;
193#ifdef REF_CHECK
194 if (i < 0)
195 {
196 fprintf(stderr,"DSA_free, bad reference count\n");
197 abort();
198 }
199#endif
200
201 if(r->meth->finish)
202 r->meth->finish(r);
203#ifndef OPENSSL_NO_ENGINE
204 if(r->engine)
205 ENGINE_finish(r->engine);
206#endif
207
208 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
209
210 if (r->p != NULL) BN_clear_free(r->p);
211 if (r->q != NULL) BN_clear_free(r->q);
212 if (r->g != NULL) BN_clear_free(r->g);
213 if (r->pub_key != NULL) BN_clear_free(r->pub_key);
214 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
215 if (r->kinv != NULL) BN_clear_free(r->kinv);
216 if (r->r != NULL) BN_clear_free(r->r);
217 OPENSSL_free(r);
218 }
219
220int DSA_up_ref(DSA *r)
221 {
222 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
223#ifdef REF_PRINT
224 REF_PRINT("DSA",r);
225#endif
226#ifdef REF_CHECK
227 if (i < 2)
228 {
229 fprintf(stderr, "DSA_up_ref, bad reference count\n");
230 abort();
231 }
232#endif
233 return ((i > 1) ? 1 : 0);
234 }
235
236int DSA_size(const DSA *r)
237 {
238 int ret,i;
239 ASN1_INTEGER bs;
240 unsigned char buf[4]; /* 4 bytes looks really small.
241 However, i2d_ASN1_INTEGER() will not look
242 beyond the first byte, as long as the second
243 parameter is NULL. */
244
245 i=BN_num_bits(r->q);
246 bs.length=(i+7)/8;
247 bs.data=buf;
248 bs.type=V_ASN1_INTEGER;
249 /* If the top bit is set the asn1 encoding is 1 larger. */
250 buf[0]=0xff;
251
252 i=i2d_ASN1_INTEGER(&bs,NULL);
253 i+=i; /* r and s */
254 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
255 return(ret);
256 }
257
258int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
259 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
260 {
261 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
262 new_func, dup_func, free_func);
263 }
264
265int DSA_set_ex_data(DSA *d, int idx, void *arg)
266 {
267 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
268 }
269
270void *DSA_get_ex_data(DSA *d, int idx)
271 {
272 return(CRYPTO_get_ex_data(&d->ex_data,idx));
273 }
274
275#ifndef OPENSSL_NO_DH
276DH *DSA_dup_DH(const DSA *r)
277 {
278 /* DSA has p, q, g, optional pub_key, optional priv_key.
279 * DH has p, optional length, g, optional pub_key, optional priv_key.
280 */
281
282 DH *ret = NULL;
283
284 if (r == NULL)
285 goto err;
286 ret = DH_new();
287 if (ret == NULL)
288 goto err;
289 if (r->p != NULL)
290 if ((ret->p = BN_dup(r->p)) == NULL)
291 goto err;
292 if (r->q != NULL)
293 ret->length = BN_num_bits(r->q);
294 if (r->g != NULL)
295 if ((ret->g = BN_dup(r->g)) == NULL)
296 goto err;
297 if (r->pub_key != NULL)
298 if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
299 goto err;
300 if (r->priv_key != NULL)
301 if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
302 goto err;
303
304 return ret;
305
306 err:
307 if (ret != NULL)
308 DH_free(ret);
309 return NULL;
310 }
311#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..75ff7cc4af
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,393 @@
1/* crypto/dsa/dsa_ossl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67
68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
70static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
71 DSA *dsa);
72static int dsa_init(DSA *dsa);
73static int dsa_finish(DSA *dsa);
74
75static DSA_METHOD openssl_dsa_meth = {
76"OpenSSL DSA method",
77dsa_do_sign,
78dsa_sign_setup,
79dsa_do_verify,
80NULL, /* dsa_mod_exp, */
81NULL, /* dsa_bn_mod_exp, */
82dsa_init,
83dsa_finish,
840,
85NULL,
86NULL,
87NULL
88};
89
90/* These macro wrappers replace attempts to use the dsa_mod_exp() and
91 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
92 * having a the macro work as an expression by bundling an "err_instr". So;
93 *
94 * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
95 * dsa->method_mont_p)) goto err;
96 *
97 * can be replaced by;
98 *
99 * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
100 * dsa->method_mont_p);
101 */
102
103#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
104 do { \
105 int _tmp_res53; \
106 if((dsa)->meth->dsa_mod_exp) \
107 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
108 (a2), (p2), (m), (ctx), (in_mont)); \
109 else \
110 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
111 (m), (ctx), (in_mont)); \
112 if(!_tmp_res53) err_instr; \
113 } while(0)
114#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
115 do { \
116 int _tmp_res53; \
117 if((dsa)->meth->bn_mod_exp) \
118 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
119 (m), (ctx), (m_ctx)); \
120 else \
121 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
122 if(!_tmp_res53) err_instr; \
123 } while(0)
124
125const DSA_METHOD *DSA_OpenSSL(void)
126{
127 return &openssl_dsa_meth;
128}
129
130static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
131 {
132 BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
133 BIGNUM m;
134 BIGNUM xr;
135 BN_CTX *ctx=NULL;
136 int i,reason=ERR_R_BN_LIB;
137 DSA_SIG *ret=NULL;
138
139 BN_init(&m);
140 BN_init(&xr);
141
142 if (!dsa->p || !dsa->q || !dsa->g)
143 {
144 reason=DSA_R_MISSING_PARAMETERS;
145 goto err;
146 }
147
148 s=BN_new();
149 if (s == NULL) goto err;
150
151 i=BN_num_bytes(dsa->q); /* should be 20 */
152 if ((dlen > i) || (dlen > 50))
153 {
154 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
155 goto err;
156 }
157
158 ctx=BN_CTX_new();
159 if (ctx == NULL) goto err;
160
161 if ((dsa->kinv == NULL) || (dsa->r == NULL))
162 {
163 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
164 }
165 else
166 {
167 kinv=dsa->kinv;
168 dsa->kinv=NULL;
169 r=dsa->r;
170 dsa->r=NULL;
171 }
172
173 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
174
175 /* Compute s = inv(k) (m + xr) mod q */
176 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
177 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
178 if (BN_cmp(s,dsa->q) > 0)
179 BN_sub(s,s,dsa->q);
180 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
181
182 ret=DSA_SIG_new();
183 if (ret == NULL) goto err;
184 ret->r = r;
185 ret->s = s;
186
187err:
188 if (!ret)
189 {
190 DSAerr(DSA_F_DSA_DO_SIGN,reason);
191 BN_free(r);
192 BN_free(s);
193 }
194 if (ctx != NULL) BN_CTX_free(ctx);
195 BN_clear_free(&m);
196 BN_clear_free(&xr);
197 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
198 BN_clear_free(kinv);
199 return(ret);
200 }
201
202static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
203 {
204 BN_CTX *ctx;
205 BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
206 int ret=0;
207
208 if (!dsa->p || !dsa->q || !dsa->g)
209 {
210 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
211 return 0;
212 }
213
214 BN_init(&k);
215 BN_init(&kq);
216
217 if (ctx_in == NULL)
218 {
219 if ((ctx=BN_CTX_new()) == NULL) goto err;
220 }
221 else
222 ctx=ctx_in;
223
224 if ((r=BN_new()) == NULL) goto err;
225
226 /* Get random k */
227 do
228 if (!BN_rand_range(&k, dsa->q)) goto err;
229 while (BN_is_zero(&k));
230 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
231 {
232 BN_set_flags(&k, BN_FLG_CONSTTIME);
233 }
234
235 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
236 {
237 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
238 CRYPTO_LOCK_DSA,
239 dsa->p, ctx))
240 goto err;
241 }
242
243 /* Compute r = (g^k mod p) mod q */
244
245 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
246 {
247 if (!BN_copy(&kq, &k)) goto err;
248
249 /* We do not want timing information to leak the length of k,
250 * so we compute g^k using an equivalent exponent of fixed length.
251 *
252 * (This is a kludge that we need because the BN_mod_exp_mont()
253 * does not let us specify the desired timing behaviour.) */
254
255 if (!BN_add(&kq, &kq, dsa->q)) goto err;
256 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
257 {
258 if (!BN_add(&kq, &kq, dsa->q)) goto err;
259 }
260
261 K = &kq;
262 }
263 else
264 {
265 K = &k;
266 }
267 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
268 dsa->method_mont_p);
269 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
270
271 /* Compute part of 's = inv(k) (m + xr) mod q' */
272 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
273
274 if (*kinvp != NULL) BN_clear_free(*kinvp);
275 *kinvp=kinv;
276 kinv=NULL;
277 if (*rp != NULL) BN_clear_free(*rp);
278 *rp=r;
279 ret=1;
280err:
281 if (!ret)
282 {
283 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
284 if (kinv != NULL) BN_clear_free(kinv);
285 if (r != NULL) BN_clear_free(r);
286 }
287 if (ctx_in == NULL) BN_CTX_free(ctx);
288 if (kinv != NULL) BN_clear_free(kinv);
289 BN_clear_free(&k);
290 BN_clear_free(&kq);
291 return(ret);
292 }
293
294static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
295 DSA *dsa)
296 {
297 BN_CTX *ctx;
298 BIGNUM u1,u2,t1;
299 BN_MONT_CTX *mont=NULL;
300 int ret = -1;
301 if (!dsa->p || !dsa->q || !dsa->g)
302 {
303 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
304 return -1;
305 }
306
307 if (BN_num_bits(dsa->q) != 160)
308 {
309 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
310 return -1;
311 }
312
313 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
314 {
315 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
316 return -1;
317 }
318
319 BN_init(&u1);
320 BN_init(&u2);
321 BN_init(&t1);
322
323 if ((ctx=BN_CTX_new()) == NULL) goto err;
324
325 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
326 BN_ucmp(sig->r, dsa->q) >= 0)
327 {
328 ret = 0;
329 goto err;
330 }
331 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
332 BN_ucmp(sig->s, dsa->q) >= 0)
333 {
334 ret = 0;
335 goto err;
336 }
337
338 /* Calculate W = inv(S) mod Q
339 * save W in u2 */
340 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
341
342 /* save M in u1 */
343 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
344
345 /* u1 = M * w mod q */
346 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
347
348 /* u2 = r * w mod q */
349 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
350
351
352 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
353 {
354 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
355 CRYPTO_LOCK_DSA, dsa->p, ctx);
356 if (!mont)
357 goto err;
358 }
359
360
361 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
362 /* BN_copy(&u1,&t1); */
363 /* let u1 = u1 mod q */
364 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
365
366 /* V is now in u1. If the signature is correct, it will be
367 * equal to R. */
368 ret=(BN_ucmp(&u1, sig->r) == 0);
369
370 err:
371 /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
372 there is no error in BN. Test should be ret == -1 (Ben) */
373 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
374 if (ctx != NULL) BN_CTX_free(ctx);
375 BN_free(&u1);
376 BN_free(&u2);
377 BN_free(&t1);
378 return(ret);
379 }
380
381static int dsa_init(DSA *dsa)
382{
383 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
384 return(1);
385}
386
387static int dsa_finish(DSA *dsa)
388{
389 if(dsa->method_mont_p)
390 BN_MONT_CTX_free(dsa->method_mont_p);
391 return(1);
392}
393
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..89205026f0
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -0,0 +1,92 @@
1/* crypto/dsa/dsa_sign.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67
68DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
69 {
70 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
71 }
72
73int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
74 unsigned int *siglen, DSA *dsa)
75 {
76 DSA_SIG *s;
77 s=DSA_do_sign(dgst,dlen,dsa);
78 if (s == NULL)
79 {
80 *siglen=0;
81 return(0);
82 }
83 *siglen=i2d_DSA_SIG(s,&sig);
84 DSA_SIG_free(s);
85 return(1);
86 }
87
88int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
89 {
90 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
91 }
92
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..c4aeddd056
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -0,0 +1,94 @@
1/* crypto/dsa/dsa_vrf.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67#include <openssl/asn1_mac.h>
68
69int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
70 DSA *dsa)
71 {
72 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
73 }
74
75/* data has already been hashed (probably with SHA or SHA-1). */
76/* returns
77 * 1: correct signature
78 * 0: incorrect signature
79 * -1: error
80 */
81int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
82 const unsigned char *sigbuf, int siglen, DSA *dsa)
83 {
84 DSA_SIG *s;
85 int ret=-1;
86
87 s = DSA_SIG_new();
88 if (s == NULL) return(ret);
89 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
90 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
91err:
92 DSA_SIG_free(s);
93 return(ret);
94 }
diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c
new file mode 100644
index 0000000000..1b6a1cca0f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsagen.c
@@ -0,0 +1,111 @@
1/* crypto/dsa/dsagen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/dsa.h>
61
62#define TEST
63#define GENUINE_DSA
64
65#ifdef GENUINE_DSA
66#define LAST_VALUE 0xbd
67#else
68#define LAST_VALUE 0xd3
69#endif
70
71#ifdef TEST
72unsigned char seed[20]={
73 0xd5,0x01,0x4e,0x4b,
74 0x60,0xef,0x2b,0xa8,
75 0xb6,0x21,0x1b,0x40,
76 0x62,0xba,0x32,0x24,
77 0xe0,0x42,0x7d,LAST_VALUE};
78#endif
79
80int cb(int p, int n)
81 {
82 char c='*';
83
84 if (p == 0) c='.';
85 if (p == 1) c='+';
86 if (p == 2) c='*';
87 if (p == 3) c='\n';
88 printf("%c",c);
89 fflush(stdout);
90 }
91
92main()
93 {
94 int i;
95 BIGNUM *n;
96 BN_CTX *ctx;
97 unsigned char seed_buf[20];
98 DSA *dsa;
99 int counter,h;
100 BIO *bio_err=NULL;
101
102 if (bio_err == NULL)
103 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
104
105 memcpy(seed_buf,seed,20);
106 dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
107
108 if (dsa == NULL)
109 DSA_print(bio_err,dsa,0);
110 }
111
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
new file mode 100644
index 0000000000..912317bb44
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -0,0 +1,260 @@
1/* crypto/dsa/dsatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Until the key-gen callbacks are modified to use newer prototypes, we allow
60 * deprecated functions for openssl-internal code */
61#ifdef OPENSSL_NO_DEPRECATED
62#undef OPENSSL_NO_DEPRECATED
63#endif
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68#include <sys/types.h>
69#include <sys/stat.h>
70
71#include "../e_os.h"
72
73#include <openssl/crypto.h>
74#include <openssl/rand.h>
75#include <openssl/bio.h>
76#include <openssl/err.h>
77#include <openssl/bn.h>
78
79#ifdef OPENSSL_NO_DSA
80int main(int argc, char *argv[])
81{
82 printf("No DSA support\n");
83 return(0);
84}
85#else
86#include <openssl/dsa.h>
87
88#ifdef OPENSSL_SYS_WIN16
89#define MS_CALLBACK _far _loadds
90#else
91#define MS_CALLBACK
92#endif
93
94static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
95
96/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
97 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
98static unsigned char seed[20]={
99 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
100 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
101 };
102
103static unsigned char out_p[]={
104 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
105 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
106 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
107 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
108 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
109 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
110 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
111 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
112 };
113
114static unsigned char out_q[]={
115 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
116 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
117 0xda,0xce,0x91,0x5f,
118 };
119
120static unsigned char out_g[]={
121 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
122 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
123 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
124 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
125 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
126 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
127 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
128 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
129 };
130
131static const unsigned char str1[]="12345678901234567890";
132
133static const char rnd_seed[] = "string to make the random number generator think it has entropy";
134
135static BIO *bio_err=NULL;
136
137int main(int argc, char **argv)
138 {
139 BN_GENCB cb;
140 DSA *dsa=NULL;
141 int counter,ret=0,i,j;
142 unsigned char buf[256];
143 unsigned long h;
144 unsigned char sig[256];
145 unsigned int siglen;
146
147 if (bio_err == NULL)
148 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
149
150 CRYPTO_malloc_debug_init();
151 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
152 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
153
154 ERR_load_crypto_strings();
155 RAND_seed(rnd_seed, sizeof rnd_seed);
156
157 BIO_printf(bio_err,"test generation of DSA parameters\n");
158
159 BN_GENCB_set(&cb, dsa_cb, bio_err);
160 if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
161 seed, 20, &counter, &h, &cb))
162 goto end;
163
164 BIO_printf(bio_err,"seed\n");
165 for (i=0; i<20; i+=4)
166 {
167 BIO_printf(bio_err,"%02X%02X%02X%02X ",
168 seed[i],seed[i+1],seed[i+2],seed[i+3]);
169 }
170 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
171
172 if (dsa == NULL) goto end;
173 DSA_print(bio_err,dsa,0);
174 if (counter != 105)
175 {
176 BIO_printf(bio_err,"counter should be 105\n");
177 goto end;
178 }
179 if (h != 2)
180 {
181 BIO_printf(bio_err,"h should be 2\n");
182 goto end;
183 }
184
185 i=BN_bn2bin(dsa->q,buf);
186 j=sizeof(out_q);
187 if ((i != j) || (memcmp(buf,out_q,i) != 0))
188 {
189 BIO_printf(bio_err,"q value is wrong\n");
190 goto end;
191 }
192
193 i=BN_bn2bin(dsa->p,buf);
194 j=sizeof(out_p);
195 if ((i != j) || (memcmp(buf,out_p,i) != 0))
196 {
197 BIO_printf(bio_err,"p value is wrong\n");
198 goto end;
199 }
200
201 i=BN_bn2bin(dsa->g,buf);
202 j=sizeof(out_g);
203 if ((i != j) || (memcmp(buf,out_g,i) != 0))
204 {
205 BIO_printf(bio_err,"g value is wrong\n");
206 goto end;
207 }
208
209 dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
210 DSA_generate_key(dsa);
211 DSA_sign(0, str1, 20, sig, &siglen, dsa);
212 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
213 ret=1;
214
215 dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
216 DSA_generate_key(dsa);
217 DSA_sign(0, str1, 20, sig, &siglen, dsa);
218 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
219 ret=1;
220
221end:
222 if (!ret)
223 ERR_print_errors(bio_err);
224 if (dsa != NULL) DSA_free(dsa);
225 CRYPTO_cleanup_all_ex_data();
226 ERR_remove_state(0);
227 ERR_free_strings();
228 CRYPTO_mem_leaks(bio_err);
229 if (bio_err != NULL)
230 {
231 BIO_free(bio_err);
232 bio_err = NULL;
233 }
234#ifdef OPENSSL_SYS_NETWARE
235 if (!ret) printf("ERROR\n");
236#endif
237 EXIT(!ret);
238 return(0);
239 }
240
241static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
242 {
243 char c='*';
244 static int ok=0,num=0;
245
246 if (p == 0) { c='.'; num++; };
247 if (p == 1) c='+';
248 if (p == 2) { c='*'; ok++; }
249 if (p == 3) c='\n';
250 BIO_write(arg->arg,&c,1);
251 (void)BIO_flush(arg->arg);
252
253 if (!ok && (p == 0) && (num > 1))
254 {
255 BIO_printf((BIO *)arg,"error in dsatest\n");
256 return 0;
257 }
258 return 1;
259 }
260#endif
diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt
new file mode 100644
index 0000000000..3a2e0a0d51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
1The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
2examples. This is an updated version that uses SHA-1 (FIPS 180-1)
3supplied to me by Wei Dai
4--
5 APPENDIX 5. EXAMPLE OF THE DSA
6
7
8This appendix is for informational purposes only and is not required to meet
9the standard.
10
11Let L = 512 (size of p). The values in this example are expressed in
12hexadecimal notation. The p and q given here were generated by the prime
13generation standard described in appendix 2 using the 160-bit SEED:
14
15 d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
16
17With this SEED, the algorithm found p and q when the counter was at 105.
18
19x was generated by the algorithm described in appendix 3, section 3.1, using
20the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
21
22XSEED =
23
24 bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
25
26t =
27 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
28
29x = G(t,XSEED) mod q
30
31k was generated by the algorithm described in appendix 3, section 3.2, using
32the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
33
34KSEED =
35
36 687a66d9 0648f993 867e121f 4ddf9ddb 01205584
37
38t =
39 EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
40
41k = G(t,KSEED) mod q
42
43Finally:
44
45h = 2
46
47p =
48 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
49 cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
50 49693dfb f83724c2 ec0736ee 31c80291
51
52
53q =
54 c773218c 737ec8ee 993b4f2d ed30f48e dace915f
55
56
57g =
58 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
59 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
60 c42e9f6f 464b088c c572af53 e6d78802
61
62
63x =
64 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
65
66
67k =
68 358dad57 1462710f 50e254cf 1a376b2b deaadfbf
69
70
71kinv =
72
73 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
74
75M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
76
77SHA(M) =
78
79 a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
80
81
82y =
83
84 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
85 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
86 858fba33 f44c0669 9630a76b 030ee333
87
88
89r =
90 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
91
92s =
93 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
94
95
96w =
97 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
98
99
100u1 =
101 bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
102
103
104u2 =
105 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
106
107
108gu1 mod p =
109
110 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
111 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
112 6f96662a 1987a21b e4ec1071 010b6069
113
114
115yu2 mod p =
116
117 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
118 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67
119 c19441f4 22bf3c34 08aeba1f 0a4dbec7
120
121v =
122 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 22:07:00 +0000