summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/dsa.h61
-rw-r--r--src/lib/libcrypto/dsa/dsa_depr.c106
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c11
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c111
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c15
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c5
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c120
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c14
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c9
9 files changed, 295 insertions, 157 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 851e3f0445..3a8fe5b56b 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -65,6 +65,8 @@
65#ifndef HEADER_DSA_H 65#ifndef HEADER_DSA_H
66#define HEADER_DSA_H 66#define HEADER_DSA_H
67 67
68#include <openssl/e_os2.h>
69
68#ifdef OPENSSL_NO_DSA 70#ifdef OPENSSL_NO_DSA
69#error DSA is disabled. 71#error DSA is disabled.
70#endif 72#endif
@@ -72,12 +74,19 @@
72#ifndef OPENSSL_NO_BIO 74#ifndef OPENSSL_NO_BIO
73#include <openssl/bio.h> 75#include <openssl/bio.h>
74#endif 76#endif
75#include <openssl/bn.h>
76#include <openssl/crypto.h> 77#include <openssl/crypto.h>
77#include <openssl/ossl_typ.h> 78#include <openssl/ossl_typ.h>
79
80#ifndef OPENSSL_NO_DEPRECATED
81#include <openssl/bn.h>
78#ifndef OPENSSL_NO_DH 82#ifndef OPENSSL_NO_DH
79# include <openssl/dh.h> 83# include <openssl/dh.h>
80#endif 84#endif
85#endif
86
87#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
88# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
89#endif
81 90
82#define DSA_FLAG_CACHE_MONT_P 0x01 91#define DSA_FLAG_CACHE_MONT_P 0x01
83#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA 92#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
@@ -88,22 +97,13 @@
88 * be used for all exponents. 97 * be used for all exponents.
89 */ 98 */
90 99
91/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
92 * it is then the applications responsibility to ensure the external method
93 * is compliant.
94 */
95
96#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
97
98#if defined(OPENSSL_FIPS)
99#define FIPS_DSA_SIZE_T int
100#endif
101
102#ifdef __cplusplus 100#ifdef __cplusplus
103extern "C" { 101extern "C" {
104#endif 102#endif
105 103
106typedef struct dsa_st DSA; 104/* Already defined in ossl_typ.h */
105/* typedef struct dsa_st DSA; */
106/* typedef struct dsa_method DSA_METHOD; */
107 107
108typedef struct DSA_SIG_st 108typedef struct DSA_SIG_st
109 { 109 {
@@ -111,7 +111,8 @@ typedef struct DSA_SIG_st
111 BIGNUM *s; 111 BIGNUM *s;
112 } DSA_SIG; 112 } DSA_SIG;
113 113
114typedef struct dsa_method { 114struct dsa_method
115 {
115 const char *name; 116 const char *name;
116 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); 117 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
117 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, 118 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
@@ -128,7 +129,14 @@ typedef struct dsa_method {
128 int (*finish)(DSA *dsa); 129 int (*finish)(DSA *dsa);
129 int flags; 130 int flags;
130 char *app_data; 131 char *app_data;
131} DSA_METHOD; 132 /* If this is non-NULL, it is used to generate DSA parameters */
133 int (*dsa_paramgen)(DSA *dsa, int bits,
134 unsigned char *seed, int seed_len,
135 int *counter_ret, unsigned long *h_ret,
136 BN_GENCB *cb);
137 /* If this is non-NULL, it is used to generate DSA keys */
138 int (*dsa_keygen)(DSA *dsa);
139 };
132 140
133struct dsa_st 141struct dsa_st
134 { 142 {
@@ -149,7 +157,7 @@ struct dsa_st
149 157
150 int flags; 158 int flags;
151 /* Normally used to cache montgomery values */ 159 /* Normally used to cache montgomery values */
152 char *method_mont_p; 160 BN_MONT_CTX *method_mont_p;
153 int references; 161 int references;
154 CRYPTO_EX_DATA ex_data; 162 CRYPTO_EX_DATA ex_data;
155 const DSA_METHOD *meth; 163 const DSA_METHOD *meth;
@@ -157,16 +165,13 @@ struct dsa_st
157 ENGINE *engine; 165 ENGINE *engine;
158 }; 166 };
159 167
160#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ 168#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
161 (char *(*)())d2i_DSAparams,(char *)(x))
162#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ 169#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
163 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) 170 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
164#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ 171#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
165 (unsigned char *)(x)) 172 (unsigned char *)(x))
166#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \ 173#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
167 (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x)) 174#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
168#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
169 (unsigned char *)(x))
170 175
171 176
172DSA_SIG * DSA_SIG_new(void); 177DSA_SIG * DSA_SIG_new(void);
@@ -204,10 +209,20 @@ void *DSA_get_ex_data(DSA *d, int idx);
204DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); 209DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
205DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); 210DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
206DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); 211DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
212
213/* Deprecated version */
214#ifndef OPENSSL_NO_DEPRECATED
207DSA * DSA_generate_parameters(int bits, 215DSA * DSA_generate_parameters(int bits,
208 unsigned char *seed,int seed_len, 216 unsigned char *seed,int seed_len,
209 int *counter_ret, unsigned long *h_ret,void 217 int *counter_ret, unsigned long *h_ret,void
210 (*callback)(int, int, void *),void *cb_arg); 218 (*callback)(int, int, void *),void *cb_arg);
219#endif /* !defined(OPENSSL_NO_DEPRECATED) */
220
221/* New version */
222int DSA_generate_parameters_ex(DSA *dsa, int bits,
223 unsigned char *seed,int seed_len,
224 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
225
211int DSA_generate_key(DSA *a); 226int DSA_generate_key(DSA *a);
212int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); 227int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
213int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); 228int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
@@ -259,8 +274,10 @@ void ERR_load_DSA_strings(void);
259#define DSA_F_SIG_CB 114 274#define DSA_F_SIG_CB 114
260 275
261/* Reason codes. */ 276/* Reason codes. */
277#define DSA_R_BAD_Q_VALUE 102
262#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 278#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
263#define DSA_R_MISSING_PARAMETERS 101 279#define DSA_R_MISSING_PARAMETERS 101
280#define DSA_R_MODULUS_TOO_LARGE 103
264 281
265#ifdef __cplusplus 282#ifdef __cplusplus
266} 283}
diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c
new file mode 100644
index 0000000000..f2da680eb4
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_depr.c
@@ -0,0 +1,106 @@
1/* crypto/dsa/dsa_depr.c */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* This file contains deprecated function(s) that are now wrappers to the new
57 * version(s). */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72static void *dummy=&dummy;
73
74#ifndef OPENSSL_NO_SHA
75
76#include <stdio.h>
77#include <time.h>
78#include "cryptlib.h"
79#include <openssl/evp.h>
80#include <openssl/bn.h>
81#include <openssl/dsa.h>
82#include <openssl/rand.h>
83#include <openssl/sha.h>
84
85#ifndef OPENSSL_NO_DEPRECATED
86DSA *DSA_generate_parameters(int bits,
87 unsigned char *seed_in, int seed_len,
88 int *counter_ret, unsigned long *h_ret,
89 void (*callback)(int, int, void *),
90 void *cb_arg)
91 {
92 BN_GENCB cb;
93 DSA *ret;
94
95 if ((ret=DSA_new()) == NULL) return NULL;
96
97 BN_GENCB_set_old(&cb, callback, cb_arg);
98
99 if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
100 counter_ret, h_ret, &cb))
101 return ret;
102 DSA_free(ret);
103 return NULL;
104 }
105#endif
106#endif
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index fd42053572..768711994b 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -89,8 +89,10 @@ static ERR_STRING_DATA DSA_str_functs[]=
89 89
90static ERR_STRING_DATA DSA_str_reasons[]= 90static ERR_STRING_DATA DSA_str_reasons[]=
91 { 91 {
92{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
92{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, 93{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
93{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, 94{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
95{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
94{0,NULL} 96{0,NULL}
95 }; 97 };
96 98
@@ -98,15 +100,12 @@ static ERR_STRING_DATA DSA_str_reasons[]=
98 100
99void ERR_load_DSA_strings(void) 101void ERR_load_DSA_strings(void)
100 { 102 {
101 static int init=1; 103#ifndef OPENSSL_NO_ERR
102 104
103 if (init) 105 if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
104 { 106 {
105 init=0;
106#ifndef OPENSSL_NO_ERR
107 ERR_load_strings(0,DSA_str_functs); 107 ERR_load_strings(0,DSA_str_functs);
108 ERR_load_strings(0,DSA_str_reasons); 108 ERR_load_strings(0,DSA_str_reasons);
109#endif
110
111 } 109 }
110#endif
112 } 111 }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index e40afeea51..ca0b86a6cf 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -69,6 +69,8 @@
69#define HASH EVP_sha1() 69#define HASH EVP_sha1()
70#endif 70#endif
71 71
72#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
73
72#ifndef OPENSSL_NO_SHA 74#ifndef OPENSSL_NO_SHA
73 75
74#include <stdio.h> 76#include <stdio.h>
@@ -80,12 +82,24 @@
80#include <openssl/rand.h> 82#include <openssl/rand.h>
81#include <openssl/sha.h> 83#include <openssl/sha.h>
82 84
83#ifndef OPENSSL_FIPS 85static int dsa_builtin_paramgen(DSA *ret, int bits,
84DSA *DSA_generate_parameters(int bits, 86 unsigned char *seed_in, int seed_len,
87 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
88
89int DSA_generate_parameters_ex(DSA *ret, int bits,
90 unsigned char *seed_in, int seed_len,
91 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
92 {
93 if(ret->meth->dsa_paramgen)
94 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
95 counter_ret, h_ret, cb);
96 return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
97 counter_ret, h_ret, cb);
98 }
99
100static int dsa_builtin_paramgen(DSA *ret, int bits,
85 unsigned char *seed_in, int seed_len, 101 unsigned char *seed_in, int seed_len,
86 int *counter_ret, unsigned long *h_ret, 102 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
87 void (*callback)(int, int, void *),
88 void *cb_arg)
89 { 103 {
90 int ok=0; 104 int ok=0;
91 unsigned char seed[SHA_DIGEST_LENGTH]; 105 unsigned char seed[SHA_DIGEST_LENGTH];
@@ -97,40 +111,43 @@ DSA *DSA_generate_parameters(int bits,
97 int k,n=0,i,b,m=0; 111 int k,n=0,i,b,m=0;
98 int counter=0; 112 int counter=0;
99 int r=0; 113 int r=0;
100 BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; 114 BN_CTX *ctx=NULL;
101 unsigned int h=2; 115 unsigned int h=2;
102 DSA *ret=NULL;
103 116
104 if (bits < 512) bits=512; 117 if (bits < 512) bits=512;
105 bits=(bits+63)/64*64; 118 bits=(bits+63)/64*64;
106 119
107 if (seed_len < 20) 120 /* NB: seed_len == 0 is special case: copy generated seed to
121 * seed_in if it is not NULL.
122 */
123 if (seed_len && (seed_len < 20))
108 seed_in = NULL; /* seed buffer too small -- ignore */ 124 seed_in = NULL; /* seed buffer too small -- ignore */
109 if (seed_len > 20) 125 if (seed_len > 20)
110 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 126 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
111 * but our internal buffers are restricted to 160 bits*/ 127 * but our internal buffers are restricted to 160 bits*/
112 if ((seed_in != NULL) && (seed_len == 20)) 128 if ((seed_in != NULL) && (seed_len == 20))
129 {
113 memcpy(seed,seed_in,seed_len); 130 memcpy(seed,seed_in,seed_len);
131 /* set seed_in to NULL to avoid it being copied back */
132 seed_in = NULL;
133 }
114 134
115 if ((ctx=BN_CTX_new()) == NULL) goto err; 135 if ((ctx=BN_CTX_new()) == NULL) goto err;
116 if ((ctx2=BN_CTX_new()) == NULL) goto err;
117 if ((ctx3=BN_CTX_new()) == NULL) goto err;
118 if ((ret=DSA_new()) == NULL) goto err;
119 136
120 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 137 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
121 138
122 BN_CTX_start(ctx2); 139 BN_CTX_start(ctx);
123 r0 = BN_CTX_get(ctx2); 140 r0 = BN_CTX_get(ctx);
124 g = BN_CTX_get(ctx2); 141 g = BN_CTX_get(ctx);
125 W = BN_CTX_get(ctx2); 142 W = BN_CTX_get(ctx);
126 q = BN_CTX_get(ctx2); 143 q = BN_CTX_get(ctx);
127 X = BN_CTX_get(ctx2); 144 X = BN_CTX_get(ctx);
128 c = BN_CTX_get(ctx2); 145 c = BN_CTX_get(ctx);
129 p = BN_CTX_get(ctx2); 146 p = BN_CTX_get(ctx);
130 test = BN_CTX_get(ctx2); 147 test = BN_CTX_get(ctx);
131 if (test == NULL) goto err;
132 148
133 if (!BN_lshift(test,BN_value_one(),bits-1)) goto err; 149 if (!BN_lshift(test,BN_value_one(),bits-1))
150 goto err;
134 151
135 for (;;) 152 for (;;)
136 { 153 {
@@ -139,7 +156,8 @@ DSA *DSA_generate_parameters(int bits,
139 int seed_is_random; 156 int seed_is_random;
140 157
141 /* step 1 */ 158 /* step 1 */
142 if (callback != NULL) callback(0,m++,cb_arg); 159 if(!BN_GENCB_call(cb, 0, m++))
160 goto err;
143 161
144 if (!seed_len) 162 if (!seed_len)
145 { 163 {
@@ -172,7 +190,8 @@ DSA *DSA_generate_parameters(int bits,
172 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; 190 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
173 191
174 /* step 4 */ 192 /* step 4 */
175 r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); 193 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
194 seed_is_random, cb);
176 if (r > 0) 195 if (r > 0)
177 break; 196 break;
178 if (r != 0) 197 if (r != 0)
@@ -182,8 +201,8 @@ DSA *DSA_generate_parameters(int bits,
182 /* step 5 */ 201 /* step 5 */
183 } 202 }
184 203
185 if (callback != NULL) callback(2,0,cb_arg); 204 if(!BN_GENCB_call(cb, 2, 0)) goto err;
186 if (callback != NULL) callback(3,0,cb_arg); 205 if(!BN_GENCB_call(cb, 3, 0)) goto err;
187 206
188 /* step 6 */ 207 /* step 6 */
189 counter=0; 208 counter=0;
@@ -194,11 +213,11 @@ DSA *DSA_generate_parameters(int bits,
194 213
195 for (;;) 214 for (;;)
196 { 215 {
197 if (callback != NULL && counter != 0) 216 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
198 callback(0,counter,cb_arg); 217 goto err;
199 218
200 /* step 7 */ 219 /* step 7 */
201 if (!BN_zero(W)) goto err; 220 BN_zero(W);
202 /* now 'buf' contains "SEED + offset - 1" */ 221 /* now 'buf' contains "SEED + offset - 1" */
203 for (k=0; k<=n; k++) 222 for (k=0; k<=n; k++)
204 { 223 {
@@ -233,7 +252,8 @@ DSA *DSA_generate_parameters(int bits,
233 if (BN_cmp(p,test) >= 0) 252 if (BN_cmp(p,test) >= 0)
234 { 253 {
235 /* step 11 */ 254 /* step 11 */
236 r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); 255 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
256 ctx, 1, cb);
237 if (r > 0) 257 if (r > 0)
238 goto end; /* found it */ 258 goto end; /* found it */
239 if (r != 0) 259 if (r != 0)
@@ -249,7 +269,8 @@ DSA *DSA_generate_parameters(int bits,
249 } 269 }
250 } 270 }
251end: 271end:
252 if (callback != NULL) callback(2,1,cb_arg); 272 if(!BN_GENCB_call(cb, 2, 1))
273 goto err;
253 274
254 /* We now need to generate g */ 275 /* We now need to generate g */
255 /* Set r0=(p-1)/q */ 276 /* Set r0=(p-1)/q */
@@ -268,16 +289,16 @@ end:
268 h++; 289 h++;
269 } 290 }
270 291
271 if (callback != NULL) callback(3,1,cb_arg); 292 if(!BN_GENCB_call(cb, 3, 1))
293 goto err;
272 294
273 ok=1; 295 ok=1;
274err: 296err:
275 if (!ok) 297 if (ok)
276 {
277 if (ret != NULL) DSA_free(ret);
278 }
279 else
280 { 298 {
299 if(ret->p) BN_free(ret->p);
300 if(ret->q) BN_free(ret->q);
301 if(ret->g) BN_free(ret->g);
281 ret->p=BN_dup(p); 302 ret->p=BN_dup(p);
282 ret->q=BN_dup(q); 303 ret->q=BN_dup(q);
283 ret->g=BN_dup(g); 304 ret->g=BN_dup(g);
@@ -286,20 +307,16 @@ err:
286 ok=0; 307 ok=0;
287 goto err; 308 goto err;
288 } 309 }
289 if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); 310 if (seed_in != NULL) memcpy(seed_in,seed,20);
290 if (counter_ret != NULL) *counter_ret=counter; 311 if (counter_ret != NULL) *counter_ret=counter;
291 if (h_ret != NULL) *h_ret=h; 312 if (h_ret != NULL) *h_ret=h;
292 } 313 }
293 if (ctx != NULL) BN_CTX_free(ctx); 314 if(ctx)
294 if (ctx2 != NULL)
295 { 315 {
296 BN_CTX_end(ctx2); 316 BN_CTX_end(ctx);
297 BN_CTX_free(ctx2); 317 BN_CTX_free(ctx);
298 } 318 }
299 if (ctx3 != NULL) BN_CTX_free(ctx3);
300 if (mont != NULL) BN_MONT_CTX_free(mont); 319 if (mont != NULL) BN_MONT_CTX_free(mont);
301 return(ok?ret:NULL); 320 return ok;
302 } 321 }
303#endif /* ndef OPENSSL_FIPS */ 322#endif
304#endif /* ndef OPENSSL_NO_SHA */
305
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 980b6dc2d3..c4aa86bc6d 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -56,17 +56,25 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA
60#include <stdio.h> 59#include <stdio.h>
61#include <time.h> 60#include <time.h>
62#include "cryptlib.h" 61#include "cryptlib.h"
62#ifndef OPENSSL_NO_SHA
63#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66 66
67#ifndef OPENSSL_FIPS 67static int dsa_builtin_keygen(DSA *dsa);
68
68int DSA_generate_key(DSA *dsa) 69int DSA_generate_key(DSA *dsa)
69 { 70 {
71 if(dsa->meth->dsa_keygen)
72 return dsa->meth->dsa_keygen(dsa);
73 return dsa_builtin_keygen(dsa);
74 }
75
76static int dsa_builtin_keygen(DSA *dsa)
77 {
70 int ok=0; 78 int ok=0;
71 BN_CTX *ctx=NULL; 79 BN_CTX *ctx=NULL;
72 BIGNUM *pub_key=NULL,*priv_key=NULL; 80 BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -99,7 +107,7 @@ int DSA_generate_key(DSA *dsa)
99 { 107 {
100 BN_init(&local_prk); 108 BN_init(&local_prk);
101 prk = &local_prk; 109 prk = &local_prk;
102 BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); 110 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
103 } 111 }
104 else 112 else
105 prk = priv_key; 113 prk = priv_key;
@@ -118,4 +126,3 @@ err:
118 return(ok); 126 return(ok);
119 } 127 }
120#endif 128#endif
121#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 4171af24c6..e9b75902db 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -66,8 +66,11 @@
66#ifndef OPENSSL_NO_ENGINE 66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif 68#endif
69#ifndef OPENSSL_NO_DH
70#include <openssl/dh.h>
71#endif
69 72
70const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; 73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
71 74
72static const DSA_METHOD *default_DSA_method = NULL; 75static const DSA_METHOD *default_DSA_method = NULL;
73 76
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 12509a7083..75ff7cc4af 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,33 +65,63 @@
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67 67
68#ifndef OPENSSL_FIPS
69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 70static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
72 DSA *dsa); 71 DSA *dsa);
73static int dsa_init(DSA *dsa); 72static int dsa_init(DSA *dsa);
74static int dsa_finish(DSA *dsa); 73static int dsa_finish(DSA *dsa);
75static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
76 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
77 BN_MONT_CTX *in_mont);
78static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
79 const BIGNUM *m, BN_CTX *ctx,
80 BN_MONT_CTX *m_ctx);
81 74
82static DSA_METHOD openssl_dsa_meth = { 75static DSA_METHOD openssl_dsa_meth = {
83"OpenSSL DSA method", 76"OpenSSL DSA method",
84dsa_do_sign, 77dsa_do_sign,
85dsa_sign_setup, 78dsa_sign_setup,
86dsa_do_verify, 79dsa_do_verify,
87dsa_mod_exp, 80NULL, /* dsa_mod_exp, */
88dsa_bn_mod_exp, 81NULL, /* dsa_bn_mod_exp, */
89dsa_init, 82dsa_init,
90dsa_finish, 83dsa_finish,
910, 840,
85NULL,
86NULL,
92NULL 87NULL
93}; 88};
94 89
90/* These macro wrappers replace attempts to use the dsa_mod_exp() and
91 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
92 * having a the macro work as an expression by bundling an "err_instr". So;
93 *
94 * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
95 * dsa->method_mont_p)) goto err;
96 *
97 * can be replaced by;
98 *
99 * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
100 * dsa->method_mont_p);
101 */
102
103#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
104 do { \
105 int _tmp_res53; \
106 if((dsa)->meth->dsa_mod_exp) \
107 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
108 (a2), (p2), (m), (ctx), (in_mont)); \
109 else \
110 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
111 (m), (ctx), (in_mont)); \
112 if(!_tmp_res53) err_instr; \
113 } while(0)
114#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
115 do { \
116 int _tmp_res53; \
117 if((dsa)->meth->bn_mod_exp) \
118 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
119 (m), (ctx), (m_ctx)); \
120 else \
121 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
122 if(!_tmp_res53) err_instr; \
123 } while(0)
124
95const DSA_METHOD *DSA_OpenSSL(void) 125const DSA_METHOD *DSA_OpenSSL(void)
96{ 126{
97 return &openssl_dsa_meth; 127 return &openssl_dsa_meth;
@@ -199,12 +229,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
199 while (BN_is_zero(&k)); 229 while (BN_is_zero(&k));
200 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 230 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
201 { 231 {
202 BN_set_flags(&k, BN_FLG_EXP_CONSTTIME); 232 BN_set_flags(&k, BN_FLG_CONSTTIME);
203 } 233 }
204 234
205 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 235 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
206 { 236 {
207 if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, 237 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
208 CRYPTO_LOCK_DSA, 238 CRYPTO_LOCK_DSA,
209 dsa->p, ctx)) 239 dsa->p, ctx))
210 goto err; 240 goto err;
@@ -234,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
234 { 264 {
235 K = &k; 265 K = &k;
236 } 266 }
237 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx, 267 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
238 (BN_MONT_CTX *)dsa->method_mont_p)) goto err; 268 dsa->method_mont_p);
239 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 269 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
240 270
241 /* Compute part of 's = inv(k) (m + xr) mod q' */ 271 /* Compute part of 's = inv(k) (m + xr) mod q' */
@@ -274,18 +304,32 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
274 return -1; 304 return -1;
275 } 305 }
276 306
307 if (BN_num_bits(dsa->q) != 160)
308 {
309 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
310 return -1;
311 }
312
313 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
314 {
315 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
316 return -1;
317 }
318
277 BN_init(&u1); 319 BN_init(&u1);
278 BN_init(&u2); 320 BN_init(&u2);
279 BN_init(&t1); 321 BN_init(&t1);
280 322
281 if ((ctx=BN_CTX_new()) == NULL) goto err; 323 if ((ctx=BN_CTX_new()) == NULL) goto err;
282 324
283 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) 325 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
326 BN_ucmp(sig->r, dsa->q) >= 0)
284 { 327 {
285 ret = 0; 328 ret = 0;
286 goto err; 329 goto err;
287 } 330 }
288 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) 331 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
332 BN_ucmp(sig->s, dsa->q) >= 0)
289 { 333 {
290 ret = 0; 334 ret = 0;
291 goto err; 335 goto err;
@@ -307,43 +351,25 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
307 351
308 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 352 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
309 { 353 {
310 mont = BN_MONT_CTX_set_locked( 354 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
311 (BN_MONT_CTX **)&dsa->method_mont_p,
312 CRYPTO_LOCK_DSA, dsa->p, ctx); 355 CRYPTO_LOCK_DSA, dsa->p, ctx);
313 if (!mont) 356 if (!mont)
314 goto err; 357 goto err;
315 } 358 }
316 359
317#if 0 360
318 { 361 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
319 BIGNUM t2;
320
321 BN_init(&t2);
322 /* v = ( g^u1 * y^u2 mod p ) mod q */
323 /* let t1 = g ^ u1 mod p */
324 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
325 /* let t2 = y ^ u2 mod p */
326 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
327 /* let u1 = t1 * t2 mod p */
328 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
329 BN_free(&t2);
330 }
331 /* let u1 = u1 mod q */
332 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
333#else
334 {
335 if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
336 dsa->p,ctx,mont)) goto err;
337 /* BN_copy(&u1,&t1); */ 362 /* BN_copy(&u1,&t1); */
338 /* let u1 = u1 mod q */ 363 /* let u1 = u1 mod q */
339 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; 364 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
340 } 365
341#endif
342 /* V is now in u1. If the signature is correct, it will be 366 /* V is now in u1. If the signature is correct, it will be
343 * equal to R. */ 367 * equal to R. */
344 ret=(BN_ucmp(&u1, sig->r) == 0); 368 ret=(BN_ucmp(&u1, sig->r) == 0);
345 369
346 err: 370 err:
371 /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
372 there is no error in BN. Test should be ret == -1 (Ben) */
347 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); 373 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
348 if (ctx != NULL) BN_CTX_free(ctx); 374 if (ctx != NULL) BN_CTX_free(ctx);
349 BN_free(&u1); 375 BN_free(&u1);
@@ -361,21 +387,7 @@ static int dsa_init(DSA *dsa)
361static int dsa_finish(DSA *dsa) 387static int dsa_finish(DSA *dsa)
362{ 388{
363 if(dsa->method_mont_p) 389 if(dsa->method_mont_p)
364 BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); 390 BN_MONT_CTX_free(dsa->method_mont_p);
365 return(1); 391 return(1);
366} 392}
367 393
368static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
369 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
370 BN_MONT_CTX *in_mont)
371{
372 return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
373}
374
375static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
376 const BIGNUM *m, BN_CTX *ctx,
377 BN_MONT_CTX *m_ctx)
378{
379 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
380}
381#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 37c65efb20..89205026f0 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -64,18 +64,9 @@
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#ifndef OPENSSL_NO_ENGINE
68#include <openssl/engine.h>
69#endif
70#include <openssl/fips.h>
71 67
72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 68DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
73 { 69 {
74#ifdef OPENSSL_FIPS
75 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
76 && !FIPS_dsa_check(dsa))
77 return NULL;
78#endif
79 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 70 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
80 } 71 }
81 72
@@ -96,11 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
96 87
97int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 88int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
98 { 89 {
99#ifdef OPENSSL_FIPS
100 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
101 && !FIPS_dsa_check(dsa))
102 return 0;
103#endif
104 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 90 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
105 } 91 }
106 92
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c9784bed48..c4aeddd056 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -65,19 +65,10 @@
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66#include <openssl/asn1.h> 66#include <openssl/asn1.h>
67#include <openssl/asn1_mac.h> 67#include <openssl/asn1_mac.h>
68#ifndef OPENSSL_NO_ENGINE
69#include <openssl/engine.h>
70#endif
71#include <openssl/fips.h>
72 68
73int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 69int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
74 DSA *dsa) 70 DSA *dsa)
75 { 71 {
76#ifdef OPENSSL_FIPS
77 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
78 && !FIPS_dsa_check(dsa))
79 return -1;
80#endif
81 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 72 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
82 } 73 }
83 74
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 05:25:16 +0000