summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/Makefile187
-rw-r--r--src/lib/libcrypto/dsa/Makefile.ssl171
-rw-r--r--src/lib/libcrypto/dsa/README4
-rw-r--r--src/lib/libcrypto/dsa/dsa.h69
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c96
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c26
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c124
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c4
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c49
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c48
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c35
-rw-r--r--src/lib/libcrypto/dsa/dsa_utl.c95
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c37
-rw-r--r--src/lib/libcrypto/dsa/dsagen.c111
-rw-r--r--src/lib/libcrypto/dsa/dsatest.c260
-rw-r--r--src/lib/libcrypto/dsa/fips186a.txt122
16 files changed, 1218 insertions, 220 deletions
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
new file mode 100644
index 0000000000..2cc45cdc62
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -0,0 +1,187 @@
1#
2# OpenSSL/crypto/dsa/Makefile
3#
4
5DIR= dsa
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10MAKEFILE= Makefile
11AR= ar r
12
13CFLAGS= $(INCLUDES) $(CFLAG)
14
15GENERAL=Makefile
16TEST=dsatest.c
17APPS=
18
19LIB=$(TOP)/libcrypto.a
20LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
21 dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c
22LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
23 dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o
24
25SRC= $(LIBSRC)
26
27EXHEADER= dsa.h
28HEADER= $(EXHEADER)
29
30ALL= $(GENERAL) $(SRC) $(HEADER)
31
32top:
33 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
34
35all: lib
36
37lib: $(LIBOBJ)
38 $(ARX) $(LIB) $(LIBOBJ)
39 $(RANLIB) $(LIB) || echo Never mind.
40 @touch lib
41
42files:
43 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
44
45links:
46 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
47 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
48 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
49
50install:
51 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
52 @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
53 do \
54 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
55 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
56 done;
57
58tags:
59 ctags $(SRC)
60
61tests:
62
63lint:
64 lint -DLINT $(INCLUDES) $(SRC)>fluff
65
66depend:
67 @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
68 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
69
70dclean:
71 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
72 mv -f Makefile.new $(MAKEFILE)
73
74clean:
75 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
76
77# DO NOT DELETE THIS LINE -- make depend depends on it.
78
79dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
80dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
81dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
82dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
83dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
84dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
85dsa_asn1.o: ../../include/openssl/opensslconf.h
86dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
87dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
88dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
89dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
90dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
91dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
92dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
93dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
94dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
95dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
96dsa_depr.o: ../../include/openssl/opensslconf.h
97dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
98dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
99dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
100dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c
101dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
102dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
103dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
104dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
105dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
106dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
107dsa_err.o: dsa_err.c
108dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
109dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
110dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
111dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
112dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
113dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
114dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
115dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
116dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
117dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
118dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
119dsa_gen.o: ../cryptlib.h dsa_gen.c
120dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
121dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
122dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
123dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
124dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
125dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
126dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
127dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c
128dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
129dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
130dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
131dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
132dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
133dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
134dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
135dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
136dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
137dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
138dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
139dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
140dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
141dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
142dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c
143dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
144dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
145dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
146dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
147dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
148dsa_ossl.o: ../../include/openssl/opensslconf.h
149dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
150dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
151dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
152dsa_ossl.o: ../cryptlib.h dsa_ossl.c
153dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
154dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
155dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
156dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
157dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
158dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
159dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
160dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
161dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
162dsa_sign.o: ../cryptlib.h dsa_sign.c
163dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h
164dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
165dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
166dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
167dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
168dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
169dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
170dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
171dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
172dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
173dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
174dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
175dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
176dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
177dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c
178dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
179dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
180dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
181dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
182dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
183dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
184dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
185dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
186dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
187dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..e5f8a8cf51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -0,0 +1,171 @@
1#
2# SSLeay/crypto/dsa/Makefile
3#
4
5DIR= dsa
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKE= make -f Makefile.ssl
14MAKEDEPPROG= makedepend
15MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
16MAKEFILE= Makefile.ssl
17AR= ar r
18
19CFLAGS= $(INCLUDES) $(CFLAG)
20
21GENERAL=Makefile
22TEST=dsatest.c
23APPS=
24
25LIB=$(TOP)/libcrypto.a
26LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
27 dsa_err.c dsa_ossl.c
28LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
29 dsa_err.o dsa_ossl.o
30
31SRC= $(LIBSRC)
32
33EXHEADER= dsa.h
34HEADER= $(EXHEADER)
35
36ALL= $(GENERAL) $(SRC) $(HEADER)
37
38top:
39 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
40
41all: lib
42
43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) || echo Never mind.
46 @touch lib
47
48files:
49 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
50
51links:
52 @sh $(TOP)/util/point.sh Makefile.ssl Makefile
53 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
54 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
55 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
56
57install:
58 @for i in $(EXHEADER) ; \
59 do \
60 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
61 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
62 done;
63
64tags:
65 ctags $(SRC)
66
67tests:
68
69lint:
70 lint -DLINT $(INCLUDES) $(SRC)>fluff
71
72depend:
73 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
74
75dclean:
76 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
77 mv -f Makefile.new $(MAKEFILE)
78
79clean:
80 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
81
82# DO NOT DELETE THIS LINE -- make depend depends on it.
83
84dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
85dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
86dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
87dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
88dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
89dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
90dsa_asn1.o: ../../include/openssl/opensslconf.h
91dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
92dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
93dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
94dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
95dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
96dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
97dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
98dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
99dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
100dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
101dsa_err.o: dsa_err.c
102dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
103dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
104dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
105dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
106dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
107dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
108dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
109dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
110dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
111dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
112dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
113dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
114dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
115dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
116dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
117dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
118dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
119dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
120dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
121dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
122dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
123dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
124dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
125dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
126dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
127dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
128dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
129dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
130dsa_key.o: ../cryptlib.h dsa_key.c
131dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
132dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
133dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
134dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
135dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
136dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
137dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
138dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
139dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
140dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
141dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
142dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
143dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
144dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
145dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
146dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
147dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
148dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
149dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
150dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
151dsa_ossl.o: ../cryptlib.h dsa_ossl.c
152dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
153dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
154dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
155dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
156dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
157dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
158dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
159dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
160dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
161dsa_sign.o: ../cryptlib.h dsa_sign.c
162dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
163dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
164dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
165dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
166dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
167dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
168dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
169dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
170dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
171dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README
new file mode 100644
index 0000000000..6a7e9c170a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/README
@@ -0,0 +1,4 @@
1The stuff in here is based on patches supplied to me by
2Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
3I have since modified a them a little but a debt of gratitude
4is due for doing the initial work.
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index ac50a5c846..702c50d6dc 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -88,6 +88,8 @@
88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
89#endif 89#endif
90 90
91#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
92
91#define DSA_FLAG_CACHE_MONT_P 0x01 93#define DSA_FLAG_CACHE_MONT_P 0x01
92#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA 94#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
93 * implementation now uses constant time 95 * implementation now uses constant time
@@ -97,6 +99,25 @@
97 * be used for all exponents. 99 * be used for all exponents.
98 */ 100 */
99 101
102/* If this flag is set the DSA method is FIPS compliant and can be used
103 * in FIPS mode. This is set in the validated module method. If an
104 * application sets this flag in its own methods it is its reposibility
105 * to ensure the result is compliant.
106 */
107
108#define DSA_FLAG_FIPS_METHOD 0x0400
109
110/* If this flag is set the operations normally disabled in FIPS mode are
111 * permitted it is then the applications responsibility to ensure that the
112 * usage is compliant.
113 */
114
115#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
116
117#ifdef OPENSSL_FIPS
118#define FIPS_DSA_SIZE_T int
119#endif
120
100#ifdef __cplusplus 121#ifdef __cplusplus
101extern "C" { 122extern "C" {
102#endif 123#endif
@@ -118,7 +139,7 @@ struct dsa_method
118 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, 139 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
119 BIGNUM **rp); 140 BIGNUM **rp);
120 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, 141 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
121 DSA_SIG *sig, DSA *dsa); 142 DSA_SIG *sig, DSA *dsa);
122 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, 143 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
123 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, 144 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
124 BN_MONT_CTX *in_mont); 145 BN_MONT_CTX *in_mont);
@@ -131,7 +152,7 @@ struct dsa_method
131 char *app_data; 152 char *app_data;
132 /* If this is non-NULL, it is used to generate DSA parameters */ 153 /* If this is non-NULL, it is used to generate DSA parameters */
133 int (*dsa_paramgen)(DSA *dsa, int bits, 154 int (*dsa_paramgen)(DSA *dsa, int bits,
134 const unsigned char *seed, int seed_len, 155 unsigned char *seed, int seed_len,
135 int *counter_ret, unsigned long *h_ret, 156 int *counter_ret, unsigned long *h_ret,
136 BN_GENCB *cb); 157 BN_GENCB *cb);
137 /* If this is non-NULL, it is used to generate DSA keys */ 158 /* If this is non-NULL, it is used to generate DSA keys */
@@ -165,6 +186,7 @@ struct dsa_st
165 ENGINE *engine; 186 ENGINE *engine;
166 }; 187 };
167 188
189#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
168#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ 190#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
169 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) 191 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
170#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ 192#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@@ -173,7 +195,6 @@ struct dsa_st
173#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) 195#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
174 196
175 197
176DSA *DSAparams_dup(DSA *x);
177DSA_SIG * DSA_SIG_new(void); 198DSA_SIG * DSA_SIG_new(void);
178void DSA_SIG_free(DSA_SIG *a); 199void DSA_SIG_free(DSA_SIG *a);
179int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); 200int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
@@ -189,6 +210,11 @@ void DSA_set_default_method(const DSA_METHOD *);
189const DSA_METHOD *DSA_get_default_method(void); 210const DSA_METHOD *DSA_get_default_method(void);
190int DSA_set_method(DSA *dsa, const DSA_METHOD *); 211int DSA_set_method(DSA *dsa, const DSA_METHOD *);
191 212
213#ifdef OPENSSL_FIPS
214DSA * FIPS_dsa_new(void);
215void FIPS_dsa_free (DSA *r);
216#endif
217
192DSA * DSA_new(void); 218DSA * DSA_new(void);
193DSA * DSA_new_method(ENGINE *engine); 219DSA * DSA_new_method(ENGINE *engine);
194void DSA_free (DSA *r); 220void DSA_free (DSA *r);
@@ -220,7 +246,7 @@ DSA * DSA_generate_parameters(int bits,
220 246
221/* New version */ 247/* New version */
222int DSA_generate_parameters_ex(DSA *dsa, int bits, 248int DSA_generate_parameters_ex(DSA *dsa, int bits,
223 const unsigned char *seed,int seed_len, 249 unsigned char *seed,int seed_len,
224 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); 250 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
225 251
226int DSA_generate_key(DSA *a); 252int DSA_generate_key(DSA *a);
@@ -249,13 +275,10 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off);
249DH *DSA_dup_DH(const DSA *r); 275DH *DSA_dup_DH(const DSA *r);
250#endif 276#endif
251 277
252#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ 278#ifdef OPENSSL_FIPS
253 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ 279int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
254 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) 280int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
255 281#endif
256#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
257#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
258#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
259 282
260/* BEGIN ERROR CODES */ 283/* BEGIN ERROR CODES */
261/* The following lines are auto generated by the script mkerr.pl. Any changes 284/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -267,39 +290,33 @@ void ERR_load_DSA_strings(void);
267 290
268/* Function codes. */ 291/* Function codes. */
269#define DSA_F_D2I_DSA_SIG 110 292#define DSA_F_D2I_DSA_SIG 110
270#define DSA_F_DO_DSA_PRINT 104
271#define DSA_F_DSAPARAMS_PRINT 100 293#define DSA_F_DSAPARAMS_PRINT 100
272#define DSA_F_DSAPARAMS_PRINT_FP 101 294#define DSA_F_DSAPARAMS_PRINT_FP 101
295#define DSA_F_DSA_BUILTIN_KEYGEN 119
296#define DSA_F_DSA_BUILTIN_PARAMGEN 118
273#define DSA_F_DSA_DO_SIGN 112 297#define DSA_F_DSA_DO_SIGN 112
274#define DSA_F_DSA_DO_VERIFY 113 298#define DSA_F_DSA_DO_VERIFY 113
299#define DSA_F_DSA_GENERATE_PARAMETERS 117
275#define DSA_F_DSA_NEW_METHOD 103 300#define DSA_F_DSA_NEW_METHOD 103
276#define DSA_F_DSA_PARAM_DECODE 119 301#define DSA_F_DSA_PRINT 104
277#define DSA_F_DSA_PRINT_FP 105 302#define DSA_F_DSA_PRINT_FP 105
278#define DSA_F_DSA_PRIV_DECODE 115 303#define DSA_F_DSA_SET_DEFAULT_METHOD 115
279#define DSA_F_DSA_PRIV_ENCODE 116 304#define DSA_F_DSA_SET_METHOD 116
280#define DSA_F_DSA_PUB_DECODE 117
281#define DSA_F_DSA_PUB_ENCODE 118
282#define DSA_F_DSA_SIGN 106 305#define DSA_F_DSA_SIGN 106
283#define DSA_F_DSA_SIGN_SETUP 107 306#define DSA_F_DSA_SIGN_SETUP 107
284#define DSA_F_DSA_SIG_NEW 109 307#define DSA_F_DSA_SIG_NEW 109
285#define DSA_F_DSA_VERIFY 108 308#define DSA_F_DSA_VERIFY 108
286#define DSA_F_I2D_DSA_SIG 111 309#define DSA_F_I2D_DSA_SIG 111
287#define DSA_F_OLD_DSA_PRIV_DECODE 122
288#define DSA_F_PKEY_DSA_CTRL 120
289#define DSA_F_PKEY_DSA_KEYGEN 121
290#define DSA_F_SIG_CB 114 310#define DSA_F_SIG_CB 114
291 311
292/* Reason codes. */ 312/* Reason codes. */
293#define DSA_R_BAD_Q_VALUE 102 313#define DSA_R_BAD_Q_VALUE 102
294#define DSA_R_BN_DECODE_ERROR 108
295#define DSA_R_BN_ERROR 109
296#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 314#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
297#define DSA_R_DECODE_ERROR 104 315#define DSA_R_KEY_SIZE_TOO_SMALL 106
298#define DSA_R_INVALID_DIGEST_TYPE 106
299#define DSA_R_MISSING_PARAMETERS 101 316#define DSA_R_MISSING_PARAMETERS 101
300#define DSA_R_MODULUS_TOO_LARGE 103 317#define DSA_R_MODULUS_TOO_LARGE 103
301#define DSA_R_NO_PARAMETERS_SET 107 318#define DSA_R_NON_FIPS_METHOD 104
302#define DSA_R_PARAMETER_ENCODING_ERROR 105 319#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
303 320
304#ifdef __cplusplus 321#ifdef __cplusplus
305} 322}
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index c37460b2d6..0645facb4b 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -61,23 +61,24 @@
61#include <openssl/dsa.h> 61#include <openssl/dsa.h>
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64#include <openssl/bn.h>
65#ifdef OPENSSL_FIPS
66#include <openssl/fips.h>
67#endif
68
64 69
65/* Override the default new methods */ 70/* Override the default new methods */
66static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 71static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
67 void *exarg)
68{ 72{
69 if(operation == ASN1_OP_NEW_PRE) { 73 if(operation == ASN1_OP_NEW_PRE) {
70 DSA_SIG *sig; 74 DSA_SIG *sig;
71 sig = OPENSSL_malloc(sizeof(DSA_SIG)); 75 sig = OPENSSL_malloc(sizeof(DSA_SIG));
72 if (!sig)
73 {
74 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
75 return 0;
76 }
77 sig->r = NULL; 76 sig->r = NULL;
78 sig->s = NULL; 77 sig->s = NULL;
79 *pval = (ASN1_VALUE *)sig; 78 *pval = (ASN1_VALUE *)sig;
80 return 2; 79 if(sig) return 2;
80 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
81 return 0;
81 } 82 }
82 return 1; 83 return 1;
83} 84}
@@ -87,11 +88,10 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
87 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) 88 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
88} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) 89} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
89 90
90IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) 91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
91 92
92/* Override the default free and new methods */ 93/* Override the default free and new methods */
93static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 94static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
94 void *exarg)
95{ 95{
96 if(operation == ASN1_OP_NEW_PRE) { 96 if(operation == ASN1_OP_NEW_PRE) {
97 *pval = (ASN1_VALUE *)DSA_new(); 97 *pval = (ASN1_VALUE *)DSA_new();
@@ -144,7 +144,75 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
144 144
145IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) 145IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
146 146
147DSA *DSAparams_dup(DSA *dsa) 147int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
148 unsigned int *siglen, DSA *dsa)
149 {
150 DSA_SIG *s;
151#ifdef OPENSSL_FIPS
152 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
153 {
154 DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
155 return 0;
156 }
157#endif
158 s=DSA_do_sign(dgst,dlen,dsa);
159 if (s == NULL)
160 {
161 *siglen=0;
162 return(0);
163 }
164 *siglen=i2d_DSA_SIG(s,&sig);
165 DSA_SIG_free(s);
166 return(1);
167 }
168
169int DSA_size(const DSA *r)
170 {
171 int ret,i;
172 ASN1_INTEGER bs;
173 unsigned char buf[4]; /* 4 bytes looks really small.
174 However, i2d_ASN1_INTEGER() will not look
175 beyond the first byte, as long as the second
176 parameter is NULL. */
177
178 i=BN_num_bits(r->q);
179 bs.length=(i+7)/8;
180 bs.data=buf;
181 bs.type=V_ASN1_INTEGER;
182 /* If the top bit is set the asn1 encoding is 1 larger. */
183 buf[0]=0xff;
184
185 i=i2d_ASN1_INTEGER(&bs,NULL);
186 i+=i; /* r and s */
187 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
188 return(ret);
189 }
190
191/* data has already been hashed (probably with SHA or SHA-1). */
192/* returns
193 * 1: correct signature
194 * 0: incorrect signature
195 * -1: error
196 */
197int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
198 const unsigned char *sigbuf, int siglen, DSA *dsa)
148 { 199 {
149 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); 200 DSA_SIG *s;
201 int ret=-1;
202#ifdef OPENSSL_FIPS
203 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
204 {
205 DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
206 return 0;
207 }
208#endif
209
210 s = DSA_SIG_new();
211 if (s == NULL) return(ret);
212 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
213 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
214err:
215 DSA_SIG_free(s);
216 return(ret);
150 } 217 }
218
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index bba984e92e..872839af94 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/dsa/dsa_err.c */ 1/* crypto/dsa/dsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -71,26 +71,23 @@
71static ERR_STRING_DATA DSA_str_functs[]= 71static ERR_STRING_DATA DSA_str_functs[]=
72 { 72 {
73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, 73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
74{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, 74{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
76{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, 75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
76{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
77{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
77{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, 78{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
78{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, 79{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
80{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
79{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, 81{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
80{ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "DSA_PARAM_DECODE"}, 82{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
81{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, 83{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
82{ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "DSA_PRIV_DECODE"}, 84{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"},
83{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "DSA_PRIV_ENCODE"}, 85{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"},
84{ERR_FUNC(DSA_F_DSA_PUB_DECODE), "DSA_PUB_DECODE"},
85{ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "DSA_PUB_ENCODE"},
86{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, 86{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
87{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, 87{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
88{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, 88{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
89{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, 89{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
90{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, 90{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
91{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
92{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
93{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
94{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, 91{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
95{0,NULL} 92{0,NULL}
96 }; 93 };
@@ -98,15 +95,12 @@ static ERR_STRING_DATA DSA_str_functs[]=
98static ERR_STRING_DATA DSA_str_reasons[]= 95static ERR_STRING_DATA DSA_str_reasons[]=
99 { 96 {
100{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, 97{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
101{ERR_REASON(DSA_R_BN_DECODE_ERROR) ,"bn decode error"},
102{ERR_REASON(DSA_R_BN_ERROR) ,"bn error"},
103{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, 98{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
104{ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"}, 99{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
105{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
106{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, 100{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
107{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 101{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
108{ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"}, 102{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"},
109{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, 103{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
110{0,NULL} 104{0,NULL}
111 }; 105 };
112 106
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 0fcd25f8b0..6f1728e3cf 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -74,88 +74,69 @@
74#ifndef OPENSSL_NO_SHA 74#ifndef OPENSSL_NO_SHA
75 75
76#include <stdio.h> 76#include <stdio.h>
77#include <time.h>
77#include "cryptlib.h" 78#include "cryptlib.h"
78#include <openssl/evp.h> 79#include <openssl/evp.h>
79#include <openssl/bn.h> 80#include <openssl/bn.h>
81#include <openssl/dsa.h>
80#include <openssl/rand.h> 82#include <openssl/rand.h>
81#include <openssl/sha.h> 83#include <openssl/sha.h>
82#include "dsa_locl.h" 84
85#ifndef OPENSSL_FIPS
86
87static int dsa_builtin_paramgen(DSA *ret, int bits,
88 unsigned char *seed_in, int seed_len,
89 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
83 90
84int DSA_generate_parameters_ex(DSA *ret, int bits, 91int DSA_generate_parameters_ex(DSA *ret, int bits,
85 const unsigned char *seed_in, int seed_len, 92 unsigned char *seed_in, int seed_len,
86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 93 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
87 { 94 {
88 if(ret->meth->dsa_paramgen) 95 if(ret->meth->dsa_paramgen)
89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 96 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
90 counter_ret, h_ret, cb); 97 counter_ret, h_ret, cb);
91 else 98 return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
92 { 99 counter_ret, h_ret, cb);
93 const EVP_MD *evpmd;
94 size_t qbits = bits >= 2048 ? 256 : 160;
95
96 if (bits >= 2048)
97 {
98 qbits = 256;
99 evpmd = EVP_sha256();
100 }
101 else
102 {
103 qbits = 160;
104 evpmd = EVP_sha1();
105 }
106
107 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
108 seed_in, seed_len, counter_ret, h_ret, cb);
109 }
110 } 100 }
111 101
112int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, 102static int dsa_builtin_paramgen(DSA *ret, int bits,
113 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, 103 unsigned char *seed_in, int seed_len,
114 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 104 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
115 { 105 {
116 int ok=0; 106 int ok=0;
117 unsigned char seed[SHA256_DIGEST_LENGTH]; 107 unsigned char seed[SHA_DIGEST_LENGTH];
118 unsigned char md[SHA256_DIGEST_LENGTH]; 108 unsigned char md[SHA_DIGEST_LENGTH];
119 unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; 109 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
120 BIGNUM *r0,*W,*X,*c,*test; 110 BIGNUM *r0,*W,*X,*c,*test;
121 BIGNUM *g=NULL,*q=NULL,*p=NULL; 111 BIGNUM *g=NULL,*q=NULL,*p=NULL;
122 BN_MONT_CTX *mont=NULL; 112 BN_MONT_CTX *mont=NULL;
123 int i, k,n=0,b,m=0, qsize = qbits >> 3; 113 int k,n=0,i,b,m=0;
124 int counter=0; 114 int counter=0;
125 int r=0; 115 int r=0;
126 BN_CTX *ctx=NULL; 116 BN_CTX *ctx=NULL;
127 unsigned int h=2; 117 unsigned int h=2;
128 118
129 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && 119 if (bits < 512) bits=512;
130 qsize != SHA256_DIGEST_LENGTH) 120 bits=(bits+63)/64*64;
131 /* invalid q size */
132 return 0;
133
134 if (evpmd == NULL)
135 /* use SHA1 as default */
136 evpmd = EVP_sha1();
137
138 if (bits < 512)
139 bits = 512;
140
141 bits = (bits+63)/64*64;
142 121
143 /* NB: seed_len == 0 is special case: copy generated seed to 122 /* NB: seed_len == 0 is special case: copy generated seed to
144 * seed_in if it is not NULL. 123 * seed_in if it is not NULL.
145 */ 124 */
146 if (seed_len && (seed_len < (size_t)qsize)) 125 if (seed_len && (seed_len < 20))
147 seed_in = NULL; /* seed buffer too small -- ignore */ 126 seed_in = NULL; /* seed buffer too small -- ignore */
148 if (seed_len > (size_t)qsize) 127 if (seed_len > 20)
149 seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 128 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
150 * but our internal buffers are restricted to 160 bits*/ 129 * but our internal buffers are restricted to 160 bits*/
151 if (seed_in != NULL) 130 if ((seed_in != NULL) && (seed_len == 20))
152 memcpy(seed, seed_in, seed_len); 131 {
153 132 memcpy(seed,seed_in,seed_len);
154 if ((ctx=BN_CTX_new()) == NULL) 133 /* set seed_in to NULL to avoid it being copied back */
155 goto err; 134 seed_in = NULL;
135 }
156 136
157 if ((mont=BN_MONT_CTX_new()) == NULL) 137 if ((ctx=BN_CTX_new()) == NULL) goto err;
158 goto err; 138
139 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
159 140
160 BN_CTX_start(ctx); 141 BN_CTX_start(ctx);
161 r0 = BN_CTX_get(ctx); 142 r0 = BN_CTX_get(ctx);
@@ -182,7 +163,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
182 163
183 if (!seed_len) 164 if (!seed_len)
184 { 165 {
185 RAND_pseudo_bytes(seed, qsize); 166 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
186 seed_is_random = 1; 167 seed_is_random = 1;
187 } 168 }
188 else 169 else
@@ -190,27 +171,25 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
190 seed_is_random = 0; 171 seed_is_random = 0;
191 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ 172 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
192 } 173 }
193 memcpy(buf , seed, qsize); 174 memcpy(buf,seed,SHA_DIGEST_LENGTH);
194 memcpy(buf2, seed, qsize); 175 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
195 /* precompute "SEED + 1" for step 7: */ 176 /* precompute "SEED + 1" for step 7: */
196 for (i = qsize-1; i >= 0; i--) 177 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
197 { 178 {
198 buf[i]++; 179 buf[i]++;
199 if (buf[i] != 0) 180 if (buf[i] != 0) break;
200 break;
201 } 181 }
202 182
203 /* step 2 */ 183 /* step 2 */
204 EVP_Digest(seed, qsize, md, NULL, evpmd, NULL); 184 EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
205 EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL); 185 EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
206 for (i = 0; i < qsize; i++) 186 for (i=0; i<SHA_DIGEST_LENGTH; i++)
207 md[i]^=buf2[i]; 187 md[i]^=buf2[i];
208 188
209 /* step 3 */ 189 /* step 3 */
210 md[0] |= 0x80; 190 md[0]|=0x80;
211 md[qsize-1] |= 0x01; 191 md[SHA_DIGEST_LENGTH-1]|=0x01;
212 if (!BN_bin2bn(md, qsize, q)) 192 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
213 goto err;
214 193
215 /* step 4 */ 194 /* step 4 */
216 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, 195 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
@@ -245,19 +224,18 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
245 for (k=0; k<=n; k++) 224 for (k=0; k<=n; k++)
246 { 225 {
247 /* obtain "SEED + offset + k" by incrementing: */ 226 /* obtain "SEED + offset + k" by incrementing: */
248 for (i = qsize-1; i >= 0; i--) 227 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
249 { 228 {
250 buf[i]++; 229 buf[i]++;
251 if (buf[i] != 0) 230 if (buf[i] != 0) break;
252 break;
253 } 231 }
254 232
255 EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL); 233 EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
256 234
257 /* step 8 */ 235 /* step 8 */
258 if (!BN_bin2bn(md, qsize, r0)) 236 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
259 goto err; 237 goto err;
260 if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; 238 if (!BN_lshift(r0,r0,160*k)) goto err;
261 if (!BN_add(W,W,r0)) goto err; 239 if (!BN_add(W,W,r0)) goto err;
262 } 240 }
263 241
@@ -331,6 +309,7 @@ err:
331 ok=0; 309 ok=0;
332 goto err; 310 goto err;
333 } 311 }
312 if (seed_in != NULL) memcpy(seed_in,seed,20);
334 if (counter_ret != NULL) *counter_ret=counter; 313 if (counter_ret != NULL) *counter_ret=counter;
335 if (h_ret != NULL) *h_ret=h; 314 if (h_ret != NULL) *h_ret=h;
336 } 315 }
@@ -343,3 +322,4 @@ err:
343 return ok; 322 return ok;
344 } 323 }
345#endif 324#endif
325#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index c4aa86bc6d..5e39124230 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,6 +64,8 @@
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66 66
67#ifndef OPENSSL_FIPS
68
67static int dsa_builtin_keygen(DSA *dsa); 69static int dsa_builtin_keygen(DSA *dsa);
68 70
69int DSA_generate_key(DSA *dsa) 71int DSA_generate_key(DSA *dsa)
@@ -126,3 +128,5 @@ err:
126 return(ok); 128 return(ok);
127 } 129 }
128#endif 130#endif
131
132#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index e9b75902db..7ac9dc8c89 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -76,6 +76,14 @@ static const DSA_METHOD *default_DSA_method = NULL;
76 76
77void DSA_set_default_method(const DSA_METHOD *meth) 77void DSA_set_default_method(const DSA_METHOD *meth)
78 { 78 {
79#ifdef OPENSSL_FIPS
80 if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
81 {
82 DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
83 return;
84 }
85#endif
86
79 default_DSA_method = meth; 87 default_DSA_method = meth;
80 } 88 }
81 89
@@ -96,6 +104,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
96 /* NB: The caller is specifically setting a method, so it's not up to us 104 /* NB: The caller is specifically setting a method, so it's not up to us
97 * to deal with which ENGINE it comes from. */ 105 * to deal with which ENGINE it comes from. */
98 const DSA_METHOD *mtmp; 106 const DSA_METHOD *mtmp;
107#ifdef OPENSSL_FIPS
108 if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
109 {
110 DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
111 return 0;
112 }
113#endif
99 mtmp = dsa->meth; 114 mtmp = dsa->meth;
100 if (mtmp->finish) mtmp->finish(dsa); 115 if (mtmp->finish) mtmp->finish(dsa);
101#ifndef OPENSSL_NO_ENGINE 116#ifndef OPENSSL_NO_ENGINE
@@ -147,6 +162,18 @@ DSA *DSA_new_method(ENGINE *engine)
147 } 162 }
148 } 163 }
149#endif 164#endif
165#ifdef OPENSSL_FIPS
166 if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
167 {
168 DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
169#ifndef OPENSSL_NO_ENGINE
170 if (ret->engine)
171 ENGINE_finish(ret->engine);
172#endif
173 OPENSSL_free(ret);
174 return NULL;
175 }
176#endif
150 177
151 ret->pad=0; 178 ret->pad=0;
152 ret->version=0; 179 ret->version=0;
@@ -233,28 +260,6 @@ int DSA_up_ref(DSA *r)
233 return ((i > 1) ? 1 : 0); 260 return ((i > 1) ? 1 : 0);
234 } 261 }
235 262
236int DSA_size(const DSA *r)
237 {
238 int ret,i;
239 ASN1_INTEGER bs;
240 unsigned char buf[4]; /* 4 bytes looks really small.
241 However, i2d_ASN1_INTEGER() will not look
242 beyond the first byte, as long as the second
243 parameter is NULL. */
244
245 i=BN_num_bits(r->q);
246 bs.length=(i+7)/8;
247 bs.data=buf;
248 bs.type=V_ASN1_INTEGER;
249 /* If the top bit is set the asn1 encoding is 1 larger. */
250 buf[0]=0xff;
251
252 i=i2d_ASN1_INTEGER(&bs,NULL);
253 i+=i; /* r and s */
254 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
255 return(ret);
256 }
257
258int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 263int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
259 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 264 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
260 { 265 {
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 4fead07e80..412cf1d88b 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -61,15 +61,16 @@
61#include <stdio.h> 61#include <stdio.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/sha.h>
65#include <openssl/dsa.h> 64#include <openssl/dsa.h>
66#include <openssl/rand.h> 65#include <openssl/rand.h>
67#include <openssl/asn1.h> 66#include <openssl/asn1.h>
68 67
68#ifndef OPENSSL_FIPS
69
69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 70static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 71static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 72static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
72 DSA *dsa); 73 DSA *dsa);
73static int dsa_init(DSA *dsa); 74static int dsa_init(DSA *dsa);
74static int dsa_finish(DSA *dsa); 75static int dsa_finish(DSA *dsa);
75 76
@@ -134,7 +135,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
134 BIGNUM m; 135 BIGNUM m;
135 BIGNUM xr; 136 BIGNUM xr;
136 BN_CTX *ctx=NULL; 137 BN_CTX *ctx=NULL;
137 int reason=ERR_R_BN_LIB; 138 int i,reason=ERR_R_BN_LIB;
138 DSA_SIG *ret=NULL; 139 DSA_SIG *ret=NULL;
139 140
140 BN_init(&m); 141 BN_init(&m);
@@ -149,9 +150,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
149 s=BN_new(); 150 s=BN_new();
150 if (s == NULL) goto err; 151 if (s == NULL) goto err;
151 152
152 /* reject a excessive digest length (currently at most 153 i=BN_num_bytes(dsa->q); /* should be 20 */
153 * dsa-with-SHA256 is supported) */ 154 if ((dlen > i) || (dlen > 50))
154 if (dlen > SHA256_DIGEST_LENGTH)
155 { 155 {
156 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; 156 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
157 goto err; 157 goto err;
@@ -172,14 +172,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
172 dsa->r=NULL; 172 dsa->r=NULL;
173 } 173 }
174 174
175 175 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
176 if (dlen > BN_num_bytes(dsa->q))
177 /* if the digest length is greater than the size of q use the
178 * BN_num_bits(dsa->q) leftmost bits of the digest, see
179 * fips 186-3, 4.2 */
180 dlen = BN_num_bytes(dsa->q);
181 if (BN_bin2bn(dgst,dlen,&m) == NULL)
182 goto err;
183 176
184 /* Compute s = inv(k) (m + xr) mod q */ 177 /* Compute s = inv(k) (m + xr) mod q */
185 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ 178 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -290,31 +283,30 @@ err:
290 if (!ret) 283 if (!ret)
291 { 284 {
292 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); 285 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
293 if (r != NULL) 286 if (kinv != NULL) BN_clear_free(kinv);
294 BN_clear_free(r); 287 if (r != NULL) BN_clear_free(r);
295 } 288 }
296 if (ctx_in == NULL) BN_CTX_free(ctx); 289 if (ctx_in == NULL) BN_CTX_free(ctx);
290 if (kinv != NULL) BN_clear_free(kinv);
297 BN_clear_free(&k); 291 BN_clear_free(&k);
298 BN_clear_free(&kq); 292 BN_clear_free(&kq);
299 return(ret); 293 return(ret);
300 } 294 }
301 295
302static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 296static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
303 DSA *dsa) 297 DSA *dsa)
304 { 298 {
305 BN_CTX *ctx; 299 BN_CTX *ctx;
306 BIGNUM u1,u2,t1; 300 BIGNUM u1,u2,t1;
307 BN_MONT_CTX *mont=NULL; 301 BN_MONT_CTX *mont=NULL;
308 int ret = -1, i; 302 int ret = -1;
309 if (!dsa->p || !dsa->q || !dsa->g) 303 if (!dsa->p || !dsa->q || !dsa->g)
310 { 304 {
311 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); 305 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
312 return -1; 306 return -1;
313 } 307 }
314 308
315 i = BN_num_bits(dsa->q); 309 if (BN_num_bits(dsa->q) != 160)
316 /* fips 186-3 allows only different sizes for q */
317 if (i != 160 && i != 224 && i != 256)
318 { 310 {
319 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); 311 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
320 return -1; 312 return -1;
@@ -326,14 +318,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
326 return -1; 318 return -1;
327 } 319 }
328 320
329 /* reject a excessive digest length (currently at most
330 * dsa-with-SHA256 is supported) */
331 if (dgst_len > SHA256_DIGEST_LENGTH)
332 {
333 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
334 return -1;
335 }
336
337 BN_init(&u1); 321 BN_init(&u1);
338 BN_init(&u2); 322 BN_init(&u2);
339 BN_init(&t1); 323 BN_init(&t1);
@@ -358,11 +342,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
358 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 342 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
359 343
360 /* save M in u1 */ 344 /* save M in u1 */
361 if (dgst_len > (i >> 3))
362 /* if the digest length is greater than the size of q use the
363 * BN_num_bits(dsa->q) leftmost bits of the digest, see
364 * fips 186-3, 4.2 */
365 dgst_len = (i >> 3);
366 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; 345 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
367 346
368 /* u1 = M * w mod q */ 347 /* u1 = M * w mod q */
@@ -414,3 +393,4 @@ static int dsa_finish(DSA *dsa)
414 return(1); 393 return(1);
415} 394}
416 395
396#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 17555e5892..4cfbbe57a8 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -58,33 +58,38 @@
58 58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h>
61#include "cryptlib.h" 62#include "cryptlib.h"
63#include <openssl/bn.h>
62#include <openssl/dsa.h> 64#include <openssl/dsa.h>
63#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
64 70
65DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
66 {
67 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
68 }
69 71
70int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
71 unsigned int *siglen, DSA *dsa)
72 { 73 {
73 DSA_SIG *s; 74#ifdef OPENSSL_FIPS
74 RAND_seed(dgst, dlen); 75 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
75 s=DSA_do_sign(dgst,dlen,dsa);
76 if (s == NULL)
77 { 76 {
78 *siglen=0; 77 DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
79 return(0); 78 return NULL;
80 } 79 }
81 *siglen=i2d_DSA_SIG(s,&sig); 80#endif
82 DSA_SIG_free(s); 81 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
83 return(1);
84 } 82 }
85 83
86int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 84int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
87 { 85 {
86#ifdef OPENSSL_FIPS
87 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
88 {
89 DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
90 return 0;
91 }
92#endif
88 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 93 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
89 } 94 }
90 95
diff --git a/src/lib/libcrypto/dsa/dsa_utl.c b/src/lib/libcrypto/dsa/dsa_utl.c
new file mode 100644
index 0000000000..24c021d120
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_utl.c
@@ -0,0 +1,95 @@
1/* crypto/dsa/dsa_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/asn1.h>
66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h>
68#endif
69#ifndef OPENSSL_NO_DH
70#include <openssl/dh.h>
71#endif
72
73DSA_SIG *DSA_SIG_new(void)
74 {
75 DSA_SIG *sig;
76 sig = OPENSSL_malloc(sizeof(DSA_SIG));
77 if (!sig)
78 return NULL;
79 sig->r = NULL;
80 sig->s = NULL;
81 return sig;
82 }
83
84void DSA_SIG_free(DSA_SIG *sig)
85 {
86 if (sig)
87 {
88 if (sig->r)
89 BN_free(sig->r);
90 if (sig->s)
91 BN_free(sig->s);
92 OPENSSL_free(sig);
93 }
94 }
95
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index 226a75ff3f..c75e423048 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -58,32 +58,27 @@
58 58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60 60
61#include <stdio.h>
61#include "cryptlib.h" 62#include "cryptlib.h"
63#include <openssl/bn.h>
62#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
70
71#include <openssl/asn1_mac.h>
63 72
64int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 73int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
65 DSA *dsa) 74 DSA *dsa)
66 { 75 {
76#ifdef OPENSSL_FIPS
77 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
78 {
79 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
80 return 0;
81 }
82#endif
67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 83 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
68 } 84 }
69
70/* data has already been hashed (probably with SHA or SHA-1). */
71/* returns
72 * 1: correct signature
73 * 0: incorrect signature
74 * -1: error
75 */
76int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
77 const unsigned char *sigbuf, int siglen, DSA *dsa)
78 {
79 DSA_SIG *s;
80 int ret=-1;
81
82 s = DSA_SIG_new();
83 if (s == NULL) return(ret);
84 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
85 ret=DSA_do_verify(dgst,dgst_len,s,dsa);
86err:
87 DSA_SIG_free(s);
88 return(ret);
89 }
diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c
new file mode 100644
index 0000000000..1b6a1cca0f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsagen.c
@@ -0,0 +1,111 @@
1/* crypto/dsa/dsagen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/dsa.h>
61
62#define TEST
63#define GENUINE_DSA
64
65#ifdef GENUINE_DSA
66#define LAST_VALUE 0xbd
67#else
68#define LAST_VALUE 0xd3
69#endif
70
71#ifdef TEST
72unsigned char seed[20]={
73 0xd5,0x01,0x4e,0x4b,
74 0x60,0xef,0x2b,0xa8,
75 0xb6,0x21,0x1b,0x40,
76 0x62,0xba,0x32,0x24,
77 0xe0,0x42,0x7d,LAST_VALUE};
78#endif
79
80int cb(int p, int n)
81 {
82 char c='*';
83
84 if (p == 0) c='.';
85 if (p == 1) c='+';
86 if (p == 2) c='*';
87 if (p == 3) c='\n';
88 printf("%c",c);
89 fflush(stdout);
90 }
91
92main()
93 {
94 int i;
95 BIGNUM *n;
96 BN_CTX *ctx;
97 unsigned char seed_buf[20];
98 DSA *dsa;
99 int counter,h;
100 BIO *bio_err=NULL;
101
102 if (bio_err == NULL)
103 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
104
105 memcpy(seed_buf,seed,20);
106 dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
107
108 if (dsa == NULL)
109 DSA_print(bio_err,dsa,0);
110 }
111
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
new file mode 100644
index 0000000000..912317bb44
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -0,0 +1,260 @@
1/* crypto/dsa/dsatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Until the key-gen callbacks are modified to use newer prototypes, we allow
60 * deprecated functions for openssl-internal code */
61#ifdef OPENSSL_NO_DEPRECATED
62#undef OPENSSL_NO_DEPRECATED
63#endif
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68#include <sys/types.h>
69#include <sys/stat.h>
70
71#include "../e_os.h"
72
73#include <openssl/crypto.h>
74#include <openssl/rand.h>
75#include <openssl/bio.h>
76#include <openssl/err.h>
77#include <openssl/bn.h>
78
79#ifdef OPENSSL_NO_DSA
80int main(int argc, char *argv[])
81{
82 printf("No DSA support\n");
83 return(0);
84}
85#else
86#include <openssl/dsa.h>
87
88#ifdef OPENSSL_SYS_WIN16
89#define MS_CALLBACK _far _loadds
90#else
91#define MS_CALLBACK
92#endif
93
94static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
95
96/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
97 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
98static unsigned char seed[20]={
99 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
100 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
101 };
102
103static unsigned char out_p[]={
104 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
105 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
106 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
107 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
108 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
109 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
110 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
111 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
112 };
113
114static unsigned char out_q[]={
115 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
116 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
117 0xda,0xce,0x91,0x5f,
118 };
119
120static unsigned char out_g[]={
121 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
122 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
123 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
124 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
125 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
126 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
127 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
128 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
129 };
130
131static const unsigned char str1[]="12345678901234567890";
132
133static const char rnd_seed[] = "string to make the random number generator think it has entropy";
134
135static BIO *bio_err=NULL;
136
137int main(int argc, char **argv)
138 {
139 BN_GENCB cb;
140 DSA *dsa=NULL;
141 int counter,ret=0,i,j;
142 unsigned char buf[256];
143 unsigned long h;
144 unsigned char sig[256];
145 unsigned int siglen;
146
147 if (bio_err == NULL)
148 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
149
150 CRYPTO_malloc_debug_init();
151 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
152 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
153
154 ERR_load_crypto_strings();
155 RAND_seed(rnd_seed, sizeof rnd_seed);
156
157 BIO_printf(bio_err,"test generation of DSA parameters\n");
158
159 BN_GENCB_set(&cb, dsa_cb, bio_err);
160 if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
161 seed, 20, &counter, &h, &cb))
162 goto end;
163
164 BIO_printf(bio_err,"seed\n");
165 for (i=0; i<20; i+=4)
166 {
167 BIO_printf(bio_err,"%02X%02X%02X%02X ",
168 seed[i],seed[i+1],seed[i+2],seed[i+3]);
169 }
170 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
171
172 if (dsa == NULL) goto end;
173 DSA_print(bio_err,dsa,0);
174 if (counter != 105)
175 {
176 BIO_printf(bio_err,"counter should be 105\n");
177 goto end;
178 }
179 if (h != 2)
180 {
181 BIO_printf(bio_err,"h should be 2\n");
182 goto end;
183 }
184
185 i=BN_bn2bin(dsa->q,buf);
186 j=sizeof(out_q);
187 if ((i != j) || (memcmp(buf,out_q,i) != 0))
188 {
189 BIO_printf(bio_err,"q value is wrong\n");
190 goto end;
191 }
192
193 i=BN_bn2bin(dsa->p,buf);
194 j=sizeof(out_p);
195 if ((i != j) || (memcmp(buf,out_p,i) != 0))
196 {
197 BIO_printf(bio_err,"p value is wrong\n");
198 goto end;
199 }
200
201 i=BN_bn2bin(dsa->g,buf);
202 j=sizeof(out_g);
203 if ((i != j) || (memcmp(buf,out_g,i) != 0))
204 {
205 BIO_printf(bio_err,"g value is wrong\n");
206 goto end;
207 }
208
209 dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
210 DSA_generate_key(dsa);
211 DSA_sign(0, str1, 20, sig, &siglen, dsa);
212 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
213 ret=1;
214
215 dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
216 DSA_generate_key(dsa);
217 DSA_sign(0, str1, 20, sig, &siglen, dsa);
218 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
219 ret=1;
220
221end:
222 if (!ret)
223 ERR_print_errors(bio_err);
224 if (dsa != NULL) DSA_free(dsa);
225 CRYPTO_cleanup_all_ex_data();
226 ERR_remove_state(0);
227 ERR_free_strings();
228 CRYPTO_mem_leaks(bio_err);
229 if (bio_err != NULL)
230 {
231 BIO_free(bio_err);
232 bio_err = NULL;
233 }
234#ifdef OPENSSL_SYS_NETWARE
235 if (!ret) printf("ERROR\n");
236#endif
237 EXIT(!ret);
238 return(0);
239 }
240
241static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
242 {
243 char c='*';
244 static int ok=0,num=0;
245
246 if (p == 0) { c='.'; num++; };
247 if (p == 1) c='+';
248 if (p == 2) { c='*'; ok++; }
249 if (p == 3) c='\n';
250 BIO_write(arg->arg,&c,1);
251 (void)BIO_flush(arg->arg);
252
253 if (!ok && (p == 0) && (num > 1))
254 {
255 BIO_printf((BIO *)arg,"error in dsatest\n");
256 return 0;
257 }
258 return 1;
259 }
260#endif
diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt
new file mode 100644
index 0000000000..3a2e0a0d51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
1The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
2examples. This is an updated version that uses SHA-1 (FIPS 180-1)
3supplied to me by Wei Dai
4--
5 APPENDIX 5. EXAMPLE OF THE DSA
6
7
8This appendix is for informational purposes only and is not required to meet
9the standard.
10
11Let L = 512 (size of p). The values in this example are expressed in
12hexadecimal notation. The p and q given here were generated by the prime
13generation standard described in appendix 2 using the 160-bit SEED:
14
15 d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
16
17With this SEED, the algorithm found p and q when the counter was at 105.
18
19x was generated by the algorithm described in appendix 3, section 3.1, using
20the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
21
22XSEED =
23
24 bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
25
26t =
27 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
28
29x = G(t,XSEED) mod q
30
31k was generated by the algorithm described in appendix 3, section 3.2, using
32the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
33
34KSEED =
35
36 687a66d9 0648f993 867e121f 4ddf9ddb 01205584
37
38t =
39 EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
40
41k = G(t,KSEED) mod q
42
43Finally:
44
45h = 2
46
47p =
48 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
49 cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
50 49693dfb f83724c2 ec0736ee 31c80291
51
52
53q =
54 c773218c 737ec8ee 993b4f2d ed30f48e dace915f
55
56
57g =
58 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
59 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
60 c42e9f6f 464b088c c572af53 e6d78802
61
62
63x =
64 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
65
66
67k =
68 358dad57 1462710f 50e254cf 1a376b2b deaadfbf
69
70
71kinv =
72
73 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
74
75M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
76
77SHA(M) =
78
79 a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
80
81
82y =
83
84 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
85 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
86 858fba33 f44c0669 9630a76b 030ee333
87
88
89r =
90 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
91
92s =
93 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
94
95
96w =
97 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
98
99
100u1 =
101 bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
102
103
104u2 =
105 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
106
107
108gu1 mod p =
109
110 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
111 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
112 6f96662a 1987a21b e4ec1071 010b6069
113
114
115yu2 mod p =
116
117 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
118 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67
119 c19441f4 22bf3c34 08aeba1f 0a4dbec7
120
121v =
122 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0