summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/Makefile.ssl31
-rw-r--r--src/lib/libcrypto/dsa/dsa.h61
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c4
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c1
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c171
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c68
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c321
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c123
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c68
-rw-r--r--src/lib/libcrypto/dsa/dsatest.c28
10 files changed, 548 insertions, 328 deletions
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
index 4bc74a2f7c..b0bcf974fb 100644
--- a/src/lib/libcrypto/dsa/Makefile.ssl
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -22,8 +22,10 @@ TEST=dsatest.c
22APPS= 22APPS=
23 23
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c dsa_err.c 25LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
26LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o dsa_err.o 26 dsa_err.c dsa_ossl.c
27LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
28 dsa_err.o dsa_ossl.o
27 29
28SRC= $(LIBSRC) 30SRC= $(LIBSRC)
29 31
@@ -86,25 +88,27 @@ dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
86dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 88dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
87dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h 89dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
88dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h 90dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
89dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h 91dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
90dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h 92dsa_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
91dsa_err.o: ../../include/openssl/opensslconf.h 93dsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
94dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
95dsa_err.o: ../../include/openssl/stack.h
92dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 96dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
93dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 97dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
94dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 98dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
95dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 99dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
96dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 100dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
97dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 101dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
98dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 102dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
99dsa_gen.o: ../cryptlib.h 103dsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
100dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 104dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
101dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 105dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
102dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 106dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
103dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 107dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
104dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 108dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
105dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 109dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
106dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 110dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
107dsa_key.o: ../cryptlib.h 111dsa_key.o: ../../include/openssl/stack.h ../cryptlib.h
108dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 112dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
109dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 113dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
110dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h 114dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
@@ -113,6 +117,15 @@ dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
113dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 117dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
114dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 118dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
115dsa_lib.o: ../cryptlib.h 119dsa_lib.o: ../cryptlib.h
120dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
121dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
122dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
123dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
124dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
125dsa_ossl.o: ../../include/openssl/opensslconf.h
126dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
127dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
128dsa_ossl.o: ../cryptlib.h
116dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 129dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
117dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 130dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
118dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h 131dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 20b3f8d90a..68d9912cbc 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -74,13 +74,41 @@ extern "C" {
74#endif 74#endif
75 75
76#include <openssl/bn.h> 76#include <openssl/bn.h>
77#include <openssl/crypto.h>
77#ifndef NO_DH 78#ifndef NO_DH
78# include <openssl/dh.h> 79# include <openssl/dh.h>
79#endif 80#endif
80 81
81#define DSA_FLAG_CACHE_MONT_P 0x01 82#define DSA_FLAG_CACHE_MONT_P 0x01
82 83
83typedef struct dsa_st 84typedef struct dsa_st DSA;
85
86typedef struct DSA_SIG_st
87 {
88 BIGNUM *r;
89 BIGNUM *s;
90 } DSA_SIG;
91
92typedef struct dsa_method {
93 const char *name;
94 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
95 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
96 BIGNUM **rp);
97 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
98 DSA_SIG *sig, DSA *dsa);
99 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
100 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
101 BN_MONT_CTX *in_mont);
102 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
103 const BIGNUM *m, BN_CTX *ctx,
104 BN_MONT_CTX *m_ctx); /* Can be null */
105 int (*init)(DSA *dsa);
106 int (*finish)(DSA *dsa);
107 int flags;
108 char *app_data;
109} DSA_METHOD;
110
111struct dsa_st
84 { 112 {
85 /* This first variable is used to pick up errors where 113 /* This first variable is used to pick up errors where
86 * a DSA is passed instead of of a EVP_PKEY */ 114 * a DSA is passed instead of of a EVP_PKEY */
@@ -100,15 +128,10 @@ typedef struct dsa_st
100 int flags; 128 int flags;
101 /* Normally used to cache montgomery values */ 129 /* Normally used to cache montgomery values */
102 char *method_mont_p; 130 char *method_mont_p;
103
104 int references; 131 int references;
105 } DSA; 132 CRYPTO_EX_DATA ex_data;
106 133 DSA_METHOD *meth;
107typedef struct DSA_SIG_st 134 };
108 {
109 BIGNUM *r;
110 BIGNUM *s;
111 } DSA_SIG;
112 135
113#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ 136#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
114 (char *(*)())d2i_DSAparams,(char *)(x)) 137 (char *(*)())d2i_DSAparams,(char *)(x))
@@ -131,7 +154,14 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
131int DSA_do_verify(const unsigned char *dgst,int dgst_len, 154int DSA_do_verify(const unsigned char *dgst,int dgst_len,
132 DSA_SIG *sig,DSA *dsa); 155 DSA_SIG *sig,DSA *dsa);
133 156
157DSA_METHOD *DSA_OpenSSL(void);
158
159void DSA_set_default_method(DSA_METHOD *);
160DSA_METHOD *DSA_get_default_method(void);
161DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
162
134DSA * DSA_new(void); 163DSA * DSA_new(void);
164DSA * DSA_new_method(DSA_METHOD *meth);
135int DSA_size(DSA *); 165int DSA_size(DSA *);
136 /* next 4 return -1 on error */ 166 /* next 4 return -1 on error */
137int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); 167int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
@@ -140,6 +170,10 @@ int DSA_sign(int type,const unsigned char *dgst,int dlen,
140int DSA_verify(int type,const unsigned char *dgst,int dgst_len, 170int DSA_verify(int type,const unsigned char *dgst,int dgst_len,
141 unsigned char *sigbuf, int siglen, DSA *dsa); 171 unsigned char *sigbuf, int siglen, DSA *dsa);
142void DSA_free (DSA *r); 172void DSA_free (DSA *r);
173int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
174 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
175int DSA_set_ex_data(DSA *d, int idx, void *arg);
176void *DSA_get_ex_data(DSA *d, int idx);
143 177
144void ERR_load_DSA_strings(void ); 178void ERR_load_DSA_strings(void );
145 179
@@ -148,7 +182,7 @@ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
148DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); 182DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
149DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, 183DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
150 int *counter_ret, unsigned long *h_ret,void 184 int *counter_ret, unsigned long *h_ret,void
151 (*callback)(),char *cb_arg); 185 (*callback)(int, int, void *),void *cb_arg);
152int DSA_generate_key(DSA *a); 186int DSA_generate_key(DSA *a);
153int i2d_DSAPublicKey(DSA *a, unsigned char **pp); 187int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
154int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); 188int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
@@ -163,7 +197,11 @@ int DSAparams_print_fp(FILE *fp, DSA *x);
163int DSA_print_fp(FILE *bp, DSA *x, int off); 197int DSA_print_fp(FILE *bp, DSA *x, int off);
164#endif 198#endif
165 199
166int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg); 200#define DSS_prime_checks 50
201/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
202 * 50 rounds of Rabin-Miller */
203#define DSA_is_prime(n, callback, cb_arg) \
204 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
167 205
168#ifndef NO_DH 206#ifndef NO_DH
169/* Convert DSA structure (key or just parameters) into DH structure 207/* Convert DSA structure (key or just parameters) into DH structure
@@ -184,7 +222,6 @@ DH *DSA_dup_DH(DSA *r);
184#define DSA_F_DSAPARAMS_PRINT_FP 101 222#define DSA_F_DSAPARAMS_PRINT_FP 101
185#define DSA_F_DSA_DO_SIGN 112 223#define DSA_F_DSA_DO_SIGN 112
186#define DSA_F_DSA_DO_VERIFY 113 224#define DSA_F_DSA_DO_VERIFY 113
187#define DSA_F_DSA_IS_PRIME 102
188#define DSA_F_DSA_NEW 103 225#define DSA_F_DSA_NEW 103
189#define DSA_F_DSA_PRINT 104 226#define DSA_F_DSA_PRINT 104
190#define DSA_F_DSA_PRINT_FP 105 227#define DSA_F_DSA_PRINT_FP 105
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 7523b21654..c9b32b4db7 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -83,7 +83,7 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
83 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); 83 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
84 if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) 84 if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
85 goto err_bn; 85 goto err_bn;
86 ASN1_BIT_STRING_free(bs); 86 M_ASN1_BIT_STRING_free(bs);
87 M_ASN1_D2I_Finish_2(a); 87 M_ASN1_D2I_Finish_2(a);
88 88
89err_bn: 89err_bn:
@@ -91,6 +91,6 @@ err_bn:
91err: 91err:
92 DSAerr(DSA_F_D2I_DSA_SIG,i); 92 DSAerr(DSA_F_D2I_DSA_SIG,i);
93 if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); 93 if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret);
94 if (bs != NULL) ASN1_BIT_STRING_free(bs); 94 if (bs != NULL) M_ASN1_BIT_STRING_free(bs);
95 return(NULL); 95 return(NULL);
96} 96}
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 33a8270afd..38e4af968c 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -70,7 +70,6 @@ static ERR_STRING_DATA DSA_str_functs[]=
70{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, 70{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"},
71{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, 71{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"},
72{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, 72{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"},
73{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0), "DSA_is_prime"},
74{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, 73{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"},
75{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, 74{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
76{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, 75{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"},
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index b5e5ec06e5..2294a362d9 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -59,12 +59,18 @@
59#undef GENUINE_DSA 59#undef GENUINE_DSA
60 60
61#ifdef GENUINE_DSA 61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
62#define HASH SHA 64#define HASH SHA
63#else 65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
64#define HASH SHA1 69#define HASH SHA1
65#endif 70#endif
66 71
67#ifndef NO_SHA 72#ifndef NO_SHA
73
68#include <stdio.h> 74#include <stdio.h>
69#include <time.h> 75#include <time.h>
70#include "cryptlib.h" 76#include "cryptlib.h"
@@ -74,8 +80,9 @@
74#include <openssl/rand.h> 80#include <openssl/rand.h>
75 81
76DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, 82DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
77 int *counter_ret, unsigned long *h_ret, void (*callback)(), 83 int *counter_ret, unsigned long *h_ret,
78 char *cb_arg) 84 void (*callback)(int, int, void *),
85 void *cb_arg)
79 { 86 {
80 int ok=0; 87 int ok=0;
81 unsigned char seed[SHA_DIGEST_LENGTH]; 88 unsigned char seed[SHA_DIGEST_LENGTH];
@@ -86,47 +93,63 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
86 BN_MONT_CTX *mont=NULL; 93 BN_MONT_CTX *mont=NULL;
87 int k,n=0,i,b,m=0; 94 int k,n=0,i,b,m=0;
88 int counter=0; 95 int counter=0;
89 BN_CTX *ctx=NULL,*ctx2=NULL; 96 int r=0;
97 BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
90 unsigned int h=2; 98 unsigned int h=2;
91 DSA *ret=NULL; 99 DSA *ret=NULL;
92 100
93 if (bits < 512) bits=512; 101 if (bits < 512) bits=512;
94 bits=(bits+63)/64*64; 102 bits=(bits+63)/64*64;
95 103
104 if (seed_len < 20)
105 seed_in = NULL; /* seed buffer too small -- ignore */
106 if (seed_len > 20)
107 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
108 * but our internal buffers are restricted to 160 bits*/
96 if ((seed_in != NULL) && (seed_len == 20)) 109 if ((seed_in != NULL) && (seed_len == 20))
97 memcpy(seed,seed_in,seed_len); 110 memcpy(seed,seed_in,seed_len);
98 111
99 if ((ctx=BN_CTX_new()) == NULL) goto err; 112 if ((ctx=BN_CTX_new()) == NULL) goto err;
100 if ((ctx2=BN_CTX_new()) == NULL) goto err; 113 if ((ctx2=BN_CTX_new()) == NULL) goto err;
114 if ((ctx3=BN_CTX_new()) == NULL) goto err;
101 if ((ret=DSA_new()) == NULL) goto err; 115 if ((ret=DSA_new()) == NULL) goto err;
102 116
103 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 117 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
104 118
105 r0= &(ctx2->bn[0]); 119 BN_CTX_start(ctx2);
106 g= &(ctx2->bn[1]); 120 r0 = BN_CTX_get(ctx2);
107 W= &(ctx2->bn[2]); 121 g = BN_CTX_get(ctx2);
108 q= &(ctx2->bn[3]); 122 W = BN_CTX_get(ctx2);
109 X= &(ctx2->bn[4]); 123 q = BN_CTX_get(ctx2);
110 c= &(ctx2->bn[5]); 124 X = BN_CTX_get(ctx2);
111 p= &(ctx2->bn[6]); 125 c = BN_CTX_get(ctx2);
112 test= &(ctx2->bn[7]); 126 p = BN_CTX_get(ctx2);
127 test = BN_CTX_get(ctx2);
113 128
114 BN_lshift(test,BN_value_one(),bits-1); 129 BN_lshift(test,BN_value_one(),bits-1);
115 130
116 for (;;) 131 for (;;)
117 { 132 {
118 for (;;) 133 for (;;) /* find q */
119 { 134 {
135 int seed_is_random;
136
120 /* step 1 */ 137 /* step 1 */
121 if (callback != NULL) callback(0,m++,cb_arg); 138 if (callback != NULL) callback(0,m++,cb_arg);
122 139
123 if (!seed_len) 140 if (!seed_len)
124 RAND_bytes(seed,SHA_DIGEST_LENGTH); 141 {
142 RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
143 seed_is_random = 1;
144 }
125 else 145 else
126 seed_len=0; 146 {
127 147 seed_is_random = 0;
148 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
149 }
128 memcpy(buf,seed,SHA_DIGEST_LENGTH); 150 memcpy(buf,seed,SHA_DIGEST_LENGTH);
129 memcpy(buf2,seed,SHA_DIGEST_LENGTH); 151 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
152 /* precompute "SEED + 1" for step 7: */
130 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 153 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
131 { 154 {
132 buf[i]++; 155 buf[i]++;
@@ -142,10 +165,15 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
142 /* step 3 */ 165 /* step 3 */
143 md[0]|=0x80; 166 md[0]|=0x80;
144 md[SHA_DIGEST_LENGTH-1]|=0x01; 167 md[SHA_DIGEST_LENGTH-1]|=0x01;
145 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort(); 168 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
146 169
147 /* step 4 */ 170 /* step 4 */
148 if (DSA_is_prime(q,callback,cb_arg) > 0) break; 171 r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
172 if (r > 0)
173 break;
174 if (r != 0)
175 goto err;
176
149 /* do a callback call */ 177 /* do a callback call */
150 /* step 5 */ 178 /* step 5 */
151 } 179 }
@@ -155,16 +183,22 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
155 183
156 /* step 6 */ 184 /* step 6 */
157 counter=0; 185 counter=0;
186 /* "offset = 2" */
158 187
159 n=(bits-1)/160; 188 n=(bits-1)/160;
160 b=(bits-1)-n*160; 189 b=(bits-1)-n*160;
161 190
162 for (;;) 191 for (;;)
163 { 192 {
193 if (callback != NULL && counter != 0)
194 callback(0,counter,cb_arg);
195
164 /* step 7 */ 196 /* step 7 */
165 BN_zero(W); 197 BN_zero(W);
198 /* now 'buf' contains "SEED + offset - 1" */
166 for (k=0; k<=n; k++) 199 for (k=0; k<=n; k++)
167 { 200 {
201 /* obtain "SEED + offset + k" by incrementing: */
168 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) 202 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
169 { 203 {
170 buf[i]++; 204 buf[i]++;
@@ -174,7 +208,8 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
174 HASH(buf,SHA_DIGEST_LENGTH,md); 208 HASH(buf,SHA_DIGEST_LENGTH,md);
175 209
176 /* step 8 */ 210 /* step 8 */
177 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort(); 211 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
212 goto err;
178 BN_lshift(r0,r0,160*k); 213 BN_lshift(r0,r0,160*k);
179 BN_add(W,W,r0); 214 BN_add(W,W,r0);
180 } 215 }
@@ -194,23 +229,25 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
194 if (BN_cmp(p,test) >= 0) 229 if (BN_cmp(p,test) >= 0)
195 { 230 {
196 /* step 11 */ 231 /* step 11 */
197 if (DSA_is_prime(p,callback,cb_arg) > 0) 232 r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
198 goto end; 233 if (r > 0)
234 goto end; /* found it */
235 if (r != 0)
236 goto err;
199 } 237 }
200 238
201 /* step 13 */ 239 /* step 13 */
202 counter++; 240 counter++;
241 /* "offset = offset + n + 1" */
203 242
204 /* step 14 */ 243 /* step 14 */
205 if (counter >= 4096) break; 244 if (counter >= 4096) break;
206
207 if (callback != NULL) callback(0,counter,cb_arg);
208 } 245 }
209 } 246 }
210end: 247end:
211 if (callback != NULL) callback(2,1,cb_arg); 248 if (callback != NULL) callback(2,1,cb_arg);
212 249
213 /* We now need to gernerate g */ 250 /* We now need to generate g */
214 /* Set r0=(p-1)/q */ 251 /* Set r0=(p-1)/q */
215 BN_sub(test,p,BN_value_one()); 252 BN_sub(test,p,BN_value_one());
216 BN_div(r0,NULL,test,q,ctx); 253 BN_div(r0,NULL,test,q,ctx);
@@ -245,89 +282,13 @@ err:
245 if (h_ret != NULL) *h_ret=h; 282 if (h_ret != NULL) *h_ret=h;
246 } 283 }
247 if (ctx != NULL) BN_CTX_free(ctx); 284 if (ctx != NULL) BN_CTX_free(ctx);
248 if (ctx != NULL) BN_CTX_free(ctx2); 285 if (ctx2 != NULL)
249 if (mont != NULL) BN_MONT_CTX_free(mont);
250 return(ok?ret:NULL);
251 }
252
253int DSA_is_prime(BIGNUM *w, void (*callback)(), char *cb_arg)
254 {
255 int ok= -1,j,i,n;
256 BN_CTX *ctx=NULL,*ctx2=NULL;
257 BIGNUM *w_1,*b,*m,*z,*tmp,*mont_1;
258 int a;
259 BN_MONT_CTX *mont=NULL;
260
261 if (!BN_is_bit_set(w,0)) return(0);
262
263 if ((ctx=BN_CTX_new()) == NULL) goto err;
264 if ((ctx2=BN_CTX_new()) == NULL) goto err;
265 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
266
267 m= &(ctx2->bn[2]);
268 b= &(ctx2->bn[3]);
269 z= &(ctx2->bn[4]);
270 w_1= &(ctx2->bn[5]);
271 tmp= &(ctx2->bn[6]);
272 mont_1= &(ctx2->bn[7]);
273
274 /* step 1 */
275 n=50;
276
277 /* step 2 */
278 if (!BN_sub(w_1,w,BN_value_one())) goto err;
279 for (a=1; !BN_is_bit_set(w_1,a); a++)
280 ;
281 if (!BN_rshift(m,w_1,a)) goto err;
282
283 BN_MONT_CTX_set(mont,w,ctx);
284 BN_to_montgomery(mont_1,BN_value_one(),mont,ctx);
285 BN_to_montgomery(w_1,w_1,mont,ctx);
286 for (i=1; i < n; i++)
287 { 286 {
288 /* step 3 */ 287 BN_CTX_end(ctx2);
289 BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0); 288 BN_CTX_free(ctx2);
290 /* BN_set_word(b,0x10001L); */
291
292 /* step 4 */
293 j=0;
294 if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err;
295
296 if (!BN_to_montgomery(z,z,mont,ctx)) goto err;
297
298 /* step 5 */
299 for (;;)
300 {
301 if (((j == 0) && (BN_cmp(z,mont_1) == 0)) ||
302 (BN_cmp(z,w_1) == 0))
303 break;
304
305 /* step 6 */
306 if ((j > 0) && (BN_cmp(z,mont_1) == 0))
307 {
308 ok=0;
309 goto err;
310 }
311
312 j++;
313 if (j >= a)
314 {
315 ok=0;
316 goto err;
317 }
318
319 if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err;
320 if (callback != NULL) callback(1,j,cb_arg);
321 }
322 } 289 }
323 290 if (ctx3 != NULL) BN_CTX_free(ctx3);
324 ok=1; 291 if (mont != NULL) BN_MONT_CTX_free(mont);
325err: 292 return(ok?ret:NULL);
326 if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
327 BN_CTX_free(ctx);
328 BN_CTX_free(ctx2);
329 BN_MONT_CTX_free(mont);
330
331 return(ok);
332 } 293 }
333#endif 294#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index ce8e204f7e..224e412afc 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -66,7 +66,38 @@
66 66
67const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; 67const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
68 68
69static DSA_METHOD *default_DSA_method;
70static int dsa_meth_num = 0;
71static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
72
73void DSA_set_default_method(DSA_METHOD *meth)
74{
75 default_DSA_method = meth;
76}
77
78DSA_METHOD *DSA_get_default_method(void)
79{
80 if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
81 return default_DSA_method;
82}
83
69DSA *DSA_new(void) 84DSA *DSA_new(void)
85{
86 return DSA_new_method(NULL);
87}
88
89DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
90{
91 DSA_METHOD *mtmp;
92 mtmp = dsa->meth;
93 if (mtmp->finish) mtmp->finish(dsa);
94 dsa->meth = meth;
95 if (meth->init) meth->init(dsa);
96 return mtmp;
97}
98
99
100DSA *DSA_new_method(DSA_METHOD *meth)
70 { 101 {
71 DSA *ret; 102 DSA *ret;
72 103
@@ -76,13 +107,15 @@ DSA *DSA_new(void)
76 DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); 107 DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
77 return(NULL); 108 return(NULL);
78 } 109 }
110 if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
111 if(meth) ret->meth = meth;
112 else ret->meth = default_DSA_method;
79 ret->pad=0; 113 ret->pad=0;
80 ret->version=0; 114 ret->version=0;
81 ret->write_params=1; 115 ret->write_params=1;
82 ret->p=NULL; 116 ret->p=NULL;
83 ret->q=NULL; 117 ret->q=NULL;
84 ret->g=NULL; 118 ret->g=NULL;
85 ret->flags=DSA_FLAG_CACHE_MONT_P;
86 119
87 ret->pub_key=NULL; 120 ret->pub_key=NULL;
88 ret->priv_key=NULL; 121 ret->priv_key=NULL;
@@ -92,6 +125,15 @@ DSA *DSA_new(void)
92 ret->method_mont_p=NULL; 125 ret->method_mont_p=NULL;
93 126
94 ret->references=1; 127 ret->references=1;
128 ret->flags=ret->meth->flags;
129 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
130 {
131 Free(ret);
132 ret=NULL;
133 }
134 else
135 CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
136
95 return(ret); 137 return(ret);
96 } 138 }
97 139
@@ -114,6 +156,10 @@ void DSA_free(DSA *r)
114 } 156 }
115#endif 157#endif
116 158
159 CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
160
161 if(r->meth->finish) r->meth->finish(r);
162
117 if (r->p != NULL) BN_clear_free(r->p); 163 if (r->p != NULL) BN_clear_free(r->p);
118 if (r->q != NULL) BN_clear_free(r->q); 164 if (r->q != NULL) BN_clear_free(r->q);
119 if (r->g != NULL) BN_clear_free(r->g); 165 if (r->g != NULL) BN_clear_free(r->g);
@@ -121,8 +167,6 @@ void DSA_free(DSA *r)
121 if (r->priv_key != NULL) BN_clear_free(r->priv_key); 167 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
122 if (r->kinv != NULL) BN_clear_free(r->kinv); 168 if (r->kinv != NULL) BN_clear_free(r->kinv);
123 if (r->r != NULL) BN_clear_free(r->r); 169 if (r->r != NULL) BN_clear_free(r->r);
124 if (r->method_mont_p != NULL)
125 BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
126 Free(r); 170 Free(r);
127 } 171 }
128 172
@@ -145,6 +189,24 @@ int DSA_size(DSA *r)
145 return(ret); 189 return(ret);
146 } 190 }
147 191
192int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
193 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
194 {
195 dsa_meth_num++;
196 return(CRYPTO_get_ex_new_index(dsa_meth_num-1,
197 &dsa_meth,argl,argp,new_func,dup_func,free_func));
198 }
199
200int DSA_set_ex_data(DSA *d, int idx, void *arg)
201 {
202 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
203 }
204
205void *DSA_get_ex_data(DSA *d, int idx)
206 {
207 return(CRYPTO_get_ex_data(&d->ex_data,idx));
208 }
209
148#ifndef NO_DH 210#ifndef NO_DH
149DH *DSA_dup_DH(DSA *r) 211DH *DSA_dup_DH(DSA *r)
150 { 212 {
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..b51cf6ad8d
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,321 @@
1/* crypto/dsa/dsa_ossl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/bn.h>
64#include <openssl/dsa.h>
65#include <openssl/rand.h>
66#include <openssl/asn1.h>
67
68static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
69static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
70static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
71 DSA *dsa);
72static int dsa_init(DSA *dsa);
73static int dsa_finish(DSA *dsa);
74static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
75 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
76 BN_MONT_CTX *in_mont);
77static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
78 const BIGNUM *m, BN_CTX *ctx,
79 BN_MONT_CTX *m_ctx);
80
81static DSA_METHOD openssl_dsa_meth = {
82"OpenSSL DSA method",
83dsa_do_sign,
84dsa_sign_setup,
85dsa_do_verify,
86dsa_mod_exp,
87dsa_bn_mod_exp,
88dsa_init,
89dsa_finish,
900,
91NULL
92};
93
94DSA_METHOD *DSA_OpenSSL(void)
95{
96 return &openssl_dsa_meth;
97}
98
99static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
100 {
101 BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
102 BIGNUM m;
103 BIGNUM xr;
104 BN_CTX *ctx=NULL;
105 int i,reason=ERR_R_BN_LIB;
106 DSA_SIG *ret=NULL;
107
108 BN_init(&m);
109 BN_init(&xr);
110 s=BN_new();
111 if (s == NULL) goto err;
112
113 i=BN_num_bytes(dsa->q); /* should be 20 */
114 if ((dlen > i) || (dlen > 50))
115 {
116 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
117 goto err;
118 }
119
120 ctx=BN_CTX_new();
121 if (ctx == NULL) goto err;
122
123 if ((dsa->kinv == NULL) || (dsa->r == NULL))
124 {
125 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
126 }
127 else
128 {
129 kinv=dsa->kinv;
130 dsa->kinv=NULL;
131 r=dsa->r;
132 dsa->r=NULL;
133 }
134
135 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
136
137 /* Compute s = inv(k) (m + xr) mod q */
138 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
139 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
140 if (BN_cmp(s,dsa->q) > 0)
141 BN_sub(s,s,dsa->q);
142 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
143
144 ret=DSA_SIG_new();
145 if (ret == NULL) goto err;
146 ret->r = r;
147 ret->s = s;
148
149err:
150 if (!ret)
151 {
152 DSAerr(DSA_F_DSA_DO_SIGN,reason);
153 BN_free(r);
154 BN_free(s);
155 }
156 if (ctx != NULL) BN_CTX_free(ctx);
157 BN_clear_free(&m);
158 BN_clear_free(&xr);
159 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
160 BN_clear_free(kinv);
161 return(ret);
162 }
163
164static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
165 {
166 BN_CTX *ctx;
167 BIGNUM k,*kinv=NULL,*r=NULL;
168 int ret=0;
169
170 if (ctx_in == NULL)
171 {
172 if ((ctx=BN_CTX_new()) == NULL) goto err;
173 }
174 else
175 ctx=ctx_in;
176
177 BN_init(&k);
178 if ((r=BN_new()) == NULL) goto err;
179 kinv=NULL;
180
181 /* Get random k */
182 for (;;)
183 {
184 if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
185 if (BN_cmp(&k,dsa->q) >= 0)
186 BN_sub(&k,&k,dsa->q);
187 if (!BN_is_zero(&k)) break;
188 }
189
190 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
191 {
192 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
193 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
194 dsa->p,ctx)) goto err;
195 }
196
197 /* Compute r = (g^k mod p) mod q */
198 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
199 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
200 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
201
202 /* Compute part of 's = inv(k) (m + xr) mod q' */
203 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
204
205 if (*kinvp != NULL) BN_clear_free(*kinvp);
206 *kinvp=kinv;
207 kinv=NULL;
208 if (*rp != NULL) BN_clear_free(*rp);
209 *rp=r;
210 ret=1;
211err:
212 if (!ret)
213 {
214 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
215 if (kinv != NULL) BN_clear_free(kinv);
216 if (r != NULL) BN_clear_free(r);
217 }
218 if (ctx_in == NULL) BN_CTX_free(ctx);
219 if (kinv != NULL) BN_clear_free(kinv);
220 BN_clear_free(&k);
221 return(ret);
222 }
223
224static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
225 DSA *dsa)
226 {
227 BN_CTX *ctx;
228 BIGNUM u1,u2,t1;
229 BN_MONT_CTX *mont=NULL;
230 int ret = -1;
231
232 if ((ctx=BN_CTX_new()) == NULL) goto err;
233 BN_init(&u1);
234 BN_init(&u2);
235 BN_init(&t1);
236
237 /* Calculate W = inv(S) mod Q
238 * save W in u2 */
239 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
240
241 /* save M in u1 */
242 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
243
244 /* u1 = M * w mod q */
245 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
246
247 /* u2 = r * w mod q */
248 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
249
250 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
251 {
252 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
253 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
254 dsa->p,ctx)) goto err;
255 }
256 mont=(BN_MONT_CTX *)dsa->method_mont_p;
257
258#if 0
259 {
260 BIGNUM t2;
261
262 BN_init(&t2);
263 /* v = ( g^u1 * y^u2 mod p ) mod q */
264 /* let t1 = g ^ u1 mod p */
265 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
266 /* let t2 = y ^ u2 mod p */
267 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
268 /* let u1 = t1 * t2 mod p */
269 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
270 BN_free(&t2);
271 }
272 /* let u1 = u1 mod q */
273 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
274#else
275 {
276 if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
277 dsa->p,ctx,mont)) goto err;
278 /* BN_copy(&u1,&t1); */
279 /* let u1 = u1 mod q */
280 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
281 }
282#endif
283 /* V is now in u1. If the signature is correct, it will be
284 * equal to R. */
285 ret=(BN_ucmp(&u1, sig->r) == 0);
286
287 err:
288 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
289 if (ctx != NULL) BN_CTX_free(ctx);
290 BN_free(&u1);
291 BN_free(&u2);
292 BN_free(&t1);
293 return(ret);
294 }
295
296static int dsa_init(DSA *dsa)
297{
298 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
299 return(1);
300}
301
302static int dsa_finish(DSA *dsa)
303{
304 if(dsa->method_mont_p)
305 BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
306 return(1);
307}
308
309static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
310 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
311 BN_MONT_CTX *in_mont)
312{
313 return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
314}
315
316static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
317 const BIGNUM *m, BN_CTX *ctx,
318 BN_MONT_CTX *m_ctx)
319{
320 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
321}
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 774c161964..89205026f0 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -67,73 +67,9 @@
67 67
68DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 68DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
69 { 69 {
70 BIGNUM *kinv=NULL,*r=NULL,*s=NULL; 70 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
71 BIGNUM m;
72 BIGNUM xr;
73 BN_CTX *ctx=NULL;
74 int i,reason=ERR_R_BN_LIB;
75 DSA_SIG *ret=NULL;
76
77 BN_init(&m);
78 BN_init(&xr);
79 s=BN_new();
80 if (s == NULL) goto err;
81
82 i=BN_num_bytes(dsa->q); /* should be 20 */
83 if ((dlen > i) || (dlen > 50))
84 {
85 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
86 goto err;
87 }
88
89 ctx=BN_CTX_new();
90 if (ctx == NULL) goto err;
91
92 if ((dsa->kinv == NULL) || (dsa->r == NULL))
93 {
94 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
95 }
96 else
97 {
98 kinv=dsa->kinv;
99 dsa->kinv=NULL;
100 r=dsa->r;
101 dsa->r=NULL;
102 }
103
104 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
105
106 /* Compute s = inv(k) (m + xr) mod q */
107 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
108 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
109 if (BN_cmp(s,dsa->q) > 0)
110 BN_sub(s,s,dsa->q);
111 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
112
113 ret=DSA_SIG_new();
114 if (ret == NULL) goto err;
115 ret->r = r;
116 ret->s = s;
117
118err:
119 if (!ret)
120 {
121 DSAerr(DSA_F_DSA_DO_SIGN,reason);
122 BN_free(r);
123 BN_free(s);
124 }
125 if (ctx != NULL) BN_CTX_free(ctx);
126 BN_clear_free(&m);
127 BN_clear_free(&xr);
128 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
129 BN_clear_free(kinv);
130 return(ret);
131 } 71 }
132 72
133/* data has already been hashed (probably with SHA or SHA-1). */
134
135/* unsigned char *sig: out */
136/* unsigned int *siglen: out */
137int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 73int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
138 unsigned int *siglen, DSA *dsa) 74 unsigned int *siglen, DSA *dsa)
139 { 75 {
@@ -151,61 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
151 87
152int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 88int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
153 { 89 {
154 BN_CTX *ctx; 90 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
155 BIGNUM k,*kinv=NULL,*r=NULL;
156 int ret=0;
157
158 if (ctx_in == NULL)
159 {
160 if ((ctx=BN_CTX_new()) == NULL) goto err;
161 }
162 else
163 ctx=ctx_in;
164
165 BN_init(&k);
166 if ((r=BN_new()) == NULL) goto err;
167 kinv=NULL;
168
169 /* Get random k */
170 for (;;)
171 {
172 if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
173 if (BN_cmp(&k,dsa->q) >= 0)
174 BN_sub(&k,&k,dsa->q);
175 if (!BN_is_zero(&k)) break;
176 }
177
178 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
179 {
180 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
181 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
182 dsa->p,ctx)) goto err;
183 }
184
185 /* Compute r = (g^k mod p) mod q */
186 if (!BN_mod_exp_mont(r,dsa->g,&k,dsa->p,ctx,
187 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
188 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
189
190 /* Compute part of 's = inv(k) (m + xr) mod q' */
191 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
192
193 if (*kinvp != NULL) BN_clear_free(*kinvp);
194 *kinvp=kinv;
195 kinv=NULL;
196 if (*rp != NULL) BN_clear_free(*rp);
197 *rp=r;
198 ret=1;
199err:
200 if (!ret)
201 {
202 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
203 if (kinv != NULL) BN_clear_free(kinv);
204 if (r != NULL) BN_clear_free(r);
205 }
206 if (ctx_in == NULL) BN_CTX_free(ctx);
207 if (kinv != NULL) BN_clear_free(kinv);
208 BN_clear_free(&k);
209 return(ret);
210 } 91 }
211 92
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index ff552208aa..03277f80fd 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -69,73 +69,7 @@
69int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 69int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
70 DSA *dsa) 70 DSA *dsa)
71 { 71 {
72 BN_CTX *ctx; 72 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
73 BIGNUM u1,u2,t1;
74 BN_MONT_CTX *mont=NULL;
75 int ret = -1;
76
77 if ((ctx=BN_CTX_new()) == NULL) goto err;
78 BN_init(&u1);
79 BN_init(&u2);
80 BN_init(&t1);
81
82 /* Calculate W = inv(S) mod Q
83 * save W in u2 */
84 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
85
86 /* save M in u1 */
87 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
88
89 /* u1 = M * w mod q */
90 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
91
92 /* u2 = r * w mod q */
93 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
94
95 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
96 {
97 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
98 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
99 dsa->p,ctx)) goto err;
100 }
101 mont=(BN_MONT_CTX *)dsa->method_mont_p;
102
103#if 0
104 {
105 BIGNUM t2;
106
107 BN_init(&t2);
108 /* v = ( g^u1 * y^u2 mod p ) mod q */
109 /* let t1 = g ^ u1 mod p */
110 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
111 /* let t2 = y ^ u2 mod p */
112 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
113 /* let u1 = t1 * t2 mod p */
114 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
115 BN_free(&t2);
116 }
117 /* let u1 = u1 mod q */
118 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
119#else
120 {
121 if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont))
122 goto err;
123 /* BN_copy(&u1,&t1); */
124 /* let u1 = u1 mod q */
125 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
126 }
127#endif
128 /* V is now in u1. If the signature is correct, it will be
129 * equal to R. */
130 ret=(BN_ucmp(&u1, sig->r) == 0);
131
132 err:
133 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
134 if (ctx != NULL) BN_CTX_free(ctx);
135 BN_free(&u1);
136 BN_free(&u2);
137 BN_free(&t1);
138 return(ret);
139 } 73 }
140 74
141/* data has already been hashed (probably with SHA or SHA-1). */ 75/* data has already been hashed (probably with SHA or SHA-1). */
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index fc25c9a1b7..309a7cda89 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -84,7 +84,10 @@ int main(int argc, char *argv[])
84#define MS_CALLBACK 84#define MS_CALLBACK
85#endif 85#endif
86 86
87static void MS_CALLBACK dsa_cb(int p, int n, char *arg); 87static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
88
89/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
90 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
88static unsigned char seed[20]={ 91static unsigned char seed[20]={
89 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, 92 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
90 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, 93 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
@@ -120,6 +123,8 @@ static unsigned char out_g[]={
120 123
121static const unsigned char str1[]="12345678901234567890"; 124static const unsigned char str1[]="12345678901234567890";
122 125
126static const char rnd_seed[] = "string to make the random number generator think it has entropy";
127
123static BIO *bio_err=NULL; 128static BIO *bio_err=NULL;
124 129
125int main(int argc, char **argv) 130int main(int argc, char **argv)
@@ -131,15 +136,17 @@ int main(int argc, char **argv)
131 unsigned char sig[256]; 136 unsigned char sig[256];
132 unsigned int siglen; 137 unsigned int siglen;
133 138
139 ERR_load_crypto_strings();
140 RAND_seed(rnd_seed, sizeof rnd_seed);
141
134 if (bio_err == NULL) 142 if (bio_err == NULL)
135 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 143 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
136 144
137 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 145 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
138 146
139 BIO_printf(bio_err,"test generation of DSA parameters\n"); 147 BIO_printf(bio_err,"test generation of DSA parameters\n");
140 BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n"); 148
141 dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb, 149 dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
142 (char *)bio_err);
143 150
144 BIO_printf(bio_err,"seed\n"); 151 BIO_printf(bio_err,"seed\n");
145 for (i=0; i<20; i+=4) 152 for (i=0; i<20; i+=4)
@@ -193,13 +200,18 @@ end:
193 if (!ret) 200 if (!ret)
194 ERR_print_errors(bio_err); 201 ERR_print_errors(bio_err);
195 if (dsa != NULL) DSA_free(dsa); 202 if (dsa != NULL) DSA_free(dsa);
203 ERR_remove_state(0);
196 CRYPTO_mem_leaks(bio_err); 204 CRYPTO_mem_leaks(bio_err);
197 if (bio_err != NULL) BIO_free(bio_err); 205 if (bio_err != NULL)
206 {
207 BIO_free(bio_err);
208 bio_err = NULL;
209 }
198 exit(!ret); 210 exit(!ret);
199 return(0); 211 return(0);
200 } 212 }
201 213
202static void MS_CALLBACK dsa_cb(int p, int n, char *arg) 214static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
203 { 215 {
204 char c='*'; 216 char c='*';
205 static int ok=0,num=0; 217 static int ok=0,num=0;
@@ -208,8 +220,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
208 if (p == 1) c='+'; 220 if (p == 1) c='+';
209 if (p == 2) { c='*'; ok++; } 221 if (p == 2) { c='*'; ok++; }
210 if (p == 3) c='\n'; 222 if (p == 3) c='\n';
211 BIO_write((BIO *)arg,&c,1); 223 BIO_write(arg,&c,1);
212 (void)BIO_flush((BIO *)arg); 224 (void)BIO_flush(arg);
213 225
214 if (!ok && (p == 0) && (num > 1)) 226 if (!ok && (p == 0) && (num > 1))
215 { 227 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 04:26:08 +0000