1 files changed, 0 insertions, 542 deletions
diff --git a/src/lib/libssl/src/fips/dsa/fips_dssvs.c b/src/lib/libssl/src/fips/dsa/fips_dssvs.c
deleted file mode 100644
index aa74e8e636..0000000000
--- a/src/lib/libssl/src/fips/dsa/fips_dssvs.c
+++ /dev/null
@@ -1,542 +0,0 @@
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-int main(int argc, char **argv)
-{
-    printf("No FIPS DSA support\n");
-    return(0);
-}
-#else
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-#include "fips_utl.h"
-static void pbn(const char *name, BIGNUM *bn)
-        {
-        int len, i;
-        unsigned char *tmp;
-        len = BN_num_bytes(bn);
-        tmp = OPENSSL_malloc(len);
-        if (!tmp)
-                {
-                fprintf(stderr, "Memory allocation error\n");
-                return;
-                }
-        BN_bn2bin(bn, tmp);
-        printf("%s = ", name);
-        for (i = 0; i < len; i++)
-                printf("%02X", tmp[i]);
-        fputs("\n", stdout);
-        OPENSSL_free(tmp);
-        return;
-        }
-void primes()
-    {
-    char buf[10240];
-    char lbuf[10240];
-    char *keyword, *value;
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-        {
-        fputs(buf,stdout);
-        if (!parse_line(&keyword, &value, lbuf, buf))
-                continue;
-        if(!strcmp(keyword,"Prime"))
-            {
-            BIGNUM *pp;
-            pp=BN_new();
-            do_hex2bn(&pp,value);
-            printf("result= %c\n",
-                   BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
-            }       
-        }
-    }
-void pqg()
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    int nmod=0;
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-        {
-        if (!parse_line(&keyword, &value, lbuf, buf))
-                {
-                fputs(buf,stdout);
-                continue;
-                }
-        if(!strcmp(keyword,"[mod"))
-            nmod=atoi(value);
-        else if(!strcmp(keyword,"N"))
-            {
-            int n=atoi(value);
-            printf("[mod = %d]\n\n",nmod);
-            while(n--)
-                {
-                unsigned char seed[20];
-                DSA *dsa;
-                int counter;
-                unsigned long h;
-                dsa = FIPS_dsa_new();
-                if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
-                        {
-                        do_print_errors();
-                        exit(1);
-                        }
-                pbn("P",dsa->p);
-                pbn("Q",dsa->q);
-                pbn("G",dsa->g);
-                pv("Seed",seed,20);
-                printf("c = %d\n",counter);
-                printf("H = %lx\n",h);
-                putc('\n',stdout);
-                }
-            }
-        else
-            fputs(buf,stdout);
-        }
-    }
-void pqgver()
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL;
-    int counter, counter2;
-    unsigned long h, h2;
-    DSA *dsa=NULL;
-    int nmod=0;
-    unsigned char seed[1024];
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-        {
-        if (!parse_line(&keyword, &value, lbuf, buf))
-                {
-                fputs(buf,stdout);
-                continue;
-                }
-        if(!strcmp(keyword,"[mod"))
-            nmod=atoi(value);
-        else if(!strcmp(keyword,"P"))
-            p=hex2bn(value);
-        else if(!strcmp(keyword,"Q"))
-            q=hex2bn(value);
-        else if(!strcmp(keyword,"G"))
-            g=hex2bn(value);
-        else if(!strcmp(keyword,"Seed"))
-            {
-            int slen = hex2bin(value, seed);
-            if (slen != 20)
-                {
-                fprintf(stderr, "Seed parse length error\n");
-                exit (1);
-                }
-            }
-        else if(!strcmp(keyword,"c"))
-            counter =atoi(buf+4);
-        else if(!strcmp(keyword,"H"))
-            {
-            h = atoi(value);
-            if (!p || !q || !g)
-                {
-                fprintf(stderr, "Parse Error\n");
-                exit (1);
-                }
-            pbn("P",p);
-            pbn("Q",q);
-            pbn("G",g);
-            pv("Seed",seed,20);
-            printf("c = %d\n",counter);
-            printf("H = %lx\n",h);
-            dsa = FIPS_dsa_new();
-            if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
-                        {
-                        do_print_errors();
-                        exit(1);
-                        }
-            if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
-                || (counter != counter2) || (h != h2))
-                printf("Result = F\n");
-            else
-                printf("Result = T\n");
-            BN_free(p);
-            BN_free(q);
-            BN_free(g);
-            p = NULL;
-            q = NULL;
-            g = NULL;
-            FIPS_dsa_free(dsa);
-            dsa = NULL;
-            }
-        }
-    }
-/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
- * algorithm tests. It is an additional test to perform sanity checks on the
- * output of the KeyPair test.
- */
-static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
-                                                        BN_CTX *ctx)
-    {
-    BIGNUM *rem = NULL;
-    if (BN_num_bits(p) != nmod)
-        return 0;
-    if (BN_num_bits(q) != 160)
-        return 0;
-    if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
-        return 0;
-    if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
-        return 0;
-    rem = BN_new();
-    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
-        || (BN_cmp(g, BN_value_one()) <= 0)
-        || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
-        {
-        BN_free(rem);
-        return 0;
-        }
-    /* Todo: check g */
-    BN_free(rem);
-    return 1;
-    }
-void keyver()
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
-    BIGNUM *Y2;
-    BN_CTX *ctx = NULL;
-    int nmod=0, paramcheck = 0;
-    ctx = BN_CTX_new();
-    Y2 = BN_new();
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-        {
-        if (!parse_line(&keyword, &value, lbuf, buf))
-                {
-                fputs(buf,stdout);
-                continue;
-                }
-        if(!strcmp(keyword,"[mod"))
-            {
-            if (p)
-                BN_free(p);
-            p = NULL;
-            if (q)
-                BN_free(q);
-            q = NULL;
-            if (g)
-                BN_free(g);
-            g = NULL;
-            paramcheck = 0;
-            nmod=atoi(value);
-            }
-        else if(!strcmp(keyword,"P"))
-            p=hex2bn(value);
-        else if(!strcmp(keyword,"Q"))
-            q=hex2bn(value);
-        else if(!strcmp(keyword,"G"))
-            g=hex2bn(value);
-        else if(!strcmp(keyword,"X"))
-            X=hex2bn(value);
-        else if(!strcmp(keyword,"Y"))
-            {
-            Y=hex2bn(value);
-            if (!p || !q || !g || !X || !Y)
-                {
-                fprintf(stderr, "Parse Error\n");
-                exit (1);
-                }
-            pbn("P",p);
-            pbn("Q",q);
-            pbn("G",g);
-            pbn("X",X);
-            pbn("Y",Y);
-            if (!paramcheck)
-                {
-                if (dss_paramcheck(nmod, p, q, g, ctx))
-                        paramcheck = 1;
-                else
-                        paramcheck = -1;
-                }
-            if (paramcheck != 1)
-                printf("Result = F\n");
-            else
-                {
-                if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
-                        printf("Result = F\n");
-                else
-                        printf("Result = T\n");
-                }
-            BN_free(X);
-            BN_free(Y);
-            X = NULL;
-            Y = NULL;
-            }
-        }
-        if (p)
-            BN_free(p);
-        if (q)
-            BN_free(q);
-        if (g)
-            BN_free(g);
-        if (Y2)
-            BN_free(Y2);
-    }
-void keypair()
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    int nmod=0;
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-        {
-        if (!parse_line(&keyword, &value, lbuf, buf))
-                {
-                fputs(buf,stdout);
-                continue;
-                }
-        if(!strcmp(keyword,"[mod"))
-            nmod=atoi(value);
-        else if(!strcmp(keyword,"N"))
-            {
-            DSA *dsa;
-            int n=atoi(value);
-            printf("[mod = %d]\n\n",nmod);
-            dsa = FIPS_dsa_new();
-            if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
-                {
-                do_print_errors();
-                exit(1);
-                }
-            pbn("P",dsa->p);
-            pbn("Q",dsa->q);
-            pbn("G",dsa->g);
-            putc('\n',stdout);
-            while(n--)
-                {
-                if (!DSA_generate_key(dsa))
-                        {
-                        do_print_errors();
-                        exit(1);
-                        }
-                pbn("X",dsa->priv_key);
-                pbn("Y",dsa->pub_key);
-                putc('\n',stdout);
-                }
-            }
-        }
-    }
-void siggen()
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    int nmod=0;
-    DSA *dsa=NULL;
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-        {
-        if (!parse_line(&keyword, &value, lbuf, buf))
-                {
-                fputs(buf,stdout);
-                continue;
-                }
-        if(!strcmp(keyword,"[mod"))
-            {
-            nmod=atoi(value);
-            printf("[mod = %d]\n\n",nmod);
-            if (dsa)
-                FIPS_dsa_free(dsa);
-            dsa = FIPS_dsa_new();
-            if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
-                {
-                do_print_errors();
-                exit(1);
-                }
-            pbn("P",dsa->p);
-            pbn("Q",dsa->q);
-            pbn("G",dsa->g);
-            putc('\n',stdout);
-            }
-        else if(!strcmp(keyword,"Msg"))
-            {
-            unsigned char msg[1024];
-            unsigned char sbuf[60];
-            unsigned int slen;
-            int n;
-            EVP_PKEY pk;
-            EVP_MD_CTX mctx;
-            DSA_SIG *sig;
-            EVP_MD_CTX_init(&mctx);
-            n=hex2bin(value,msg);
-            pv("Msg",msg,n);
-            if (!DSA_generate_key(dsa))
-                {
-                do_print_errors();
-                exit(1);
-                }
-            pk.type = EVP_PKEY_DSA;
-            pk.pkey.dsa = dsa;
-            pbn("Y",dsa->pub_key);
-            EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
-            EVP_SignUpdate(&mctx, msg, n);
-            EVP_SignFinal(&mctx, sbuf, &slen, &pk);
-            sig = DSA_SIG_new();
-            FIPS_dsa_sig_decode(sig, sbuf, slen);
-            pbn("R",sig->r);
-            pbn("S",sig->s);
-            putc('\n',stdout);
-            DSA_SIG_free(sig);
-            EVP_MD_CTX_cleanup(&mctx);
-            }
-        }
-        if (dsa)
-                FIPS_dsa_free(dsa);
-    }
-void sigver()
-    {
-    DSA *dsa=NULL;
-    char buf[1024];
-    char lbuf[1024];
-    unsigned char msg[1024];
-    char *keyword, *value;
-    int nmod=0, n=0;
-    DSA_SIG sg, *sig = &sg;
-    sig->r = NULL;
-    sig->s = NULL;
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-        {
-        if (!parse_line(&keyword, &value, lbuf, buf))
-                {
-                fputs(buf,stdout);
-                continue;
-                }
-        if(!strcmp(keyword,"[mod"))
-            {
-            nmod=atoi(value);
-            if(dsa)
-                FIPS_dsa_free(dsa);
-            dsa=FIPS_dsa_new();
-            }
-        else if(!strcmp(keyword,"P"))
-            dsa->p=hex2bn(value);
-        else if(!strcmp(keyword,"Q"))
-            dsa->q=hex2bn(value);
-        else if(!strcmp(keyword,"G"))
-            {
-            dsa->g=hex2bn(value);
-            printf("[mod = %d]\n\n",nmod);
-            pbn("P",dsa->p);
-            pbn("Q",dsa->q);
-            pbn("G",dsa->g);
-            putc('\n',stdout);
-            }
-        else if(!strcmp(keyword,"Msg"))
-            {
-            n=hex2bin(value,msg);
-            pv("Msg",msg,n);
-            }
-        else if(!strcmp(keyword,"Y"))
-            dsa->pub_key=hex2bn(value);
-        else if(!strcmp(keyword,"R"))
-            sig->r=hex2bn(value);
-        else if(!strcmp(keyword,"S"))
-            {
-            EVP_MD_CTX mctx;
-            EVP_PKEY pk;
-            unsigned char sigbuf[60];
-            unsigned int slen;
-            int r;
-            EVP_MD_CTX_init(&mctx);
-            pk.type = EVP_PKEY_DSA;
-            pk.pkey.dsa = dsa;
-            sig->s=hex2bn(value);
-        
-            pbn("Y",dsa->pub_key);
-            pbn("R",sig->r);
-            pbn("S",sig->s);
-            slen = FIPS_dsa_sig_encode(sigbuf, sig);
-            EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
-            EVP_VerifyUpdate(&mctx, msg, n);
-            r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
-            EVP_MD_CTX_cleanup(&mctx);
-        
-            printf("Result = %c\n", r == 1 ? 'P' : 'F');
-            putc('\n',stdout);
-            }
-        }
-    }
-int main(int argc,char **argv)
-    {
-    if(argc != 2)
-        {
-        fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
-        exit(1);
-        }
-    if(!FIPS_mode_set(1))
-        {
-        do_print_errors();
-        exit(1);
-        }
-    if(!strcmp(argv[1],"prime"))
-        primes();
-    else if(!strcmp(argv[1],"pqg"))
-        pqg();
-    else if(!strcmp(argv[1],"pqgver"))
-        pqgver();
-    else if(!strcmp(argv[1],"keypair"))
-        keypair();
-    else if(!strcmp(argv[1],"keyver"))
-        keyver();
-    else if(!strcmp(argv[1],"siggen"))
-        siggen();
-    else if(!strcmp(argv[1],"sigver"))
-        sigver();
-    else
-        {
-        fprintf(stderr,"Don't know how to %s.\n",argv[1]);
-        exit(1);
-        }
-    return 0;
-    }
-#endif

diff --git a/src/lib/libssl/src/fips/dsa/fips_dssvs.c b/src/lib/libssl/src/fips/dsa/fips_dssvs.c deleted file mode 100644 index aa74e8e636..0000000000 --- a/src/lib/libssl/src/fips/dsa/fips_dssvs.c +++ /dev/null
@@ -1,542 +0,0 @@
1	#include <openssl/opensslconf.h>
2
3	#ifndef OPENSSL_FIPS
4	#include <stdio.h>
5
6	int main(int argc, char **argv)
7	{
8	printf("No FIPS DSA support\n");
9	return(0);
10	}
11	#else
12
13	#include <openssl/bn.h>
14	#include <openssl/dsa.h>
15	#include <openssl/fips.h>
16	#include <openssl/err.h>
17	#include <openssl/evp.h>
18	#include <string.h>
19	#include <ctype.h>
20
21	#include "fips_utl.h"
22
23	static void pbn(const char name, BIGNUM bn)
24	{
25	int len, i;
26	unsigned char *tmp;
27	len = BN_num_bytes(bn);
28	tmp = OPENSSL_malloc(len);
29	if (!tmp)
30	{
31	fprintf(stderr, "Memory allocation error\n");
32	return;
33	}
34	BN_bn2bin(bn, tmp);
35	printf("%s = ", name);
36	for (i = 0; i < len; i++)
37	printf("%02X", tmp[i]);
38	fputs("\n", stdout);
39	OPENSSL_free(tmp);
40	return;
41	}
42
43	void primes()
44	{
45	char buf[10240];
46	char lbuf[10240];
47	char keyword, value;
48
49	while(fgets(buf,sizeof buf,stdin) != NULL)
50	{
51	fputs(buf,stdout);
52	if (!parse_line(&keyword, &value, lbuf, buf))
53	continue;
54	if(!strcmp(keyword,"Prime"))
55	{
56	BIGNUM *pp;
57
58	pp=BN_new();
59	do_hex2bn(&pp,value);
60	printf("result= %c\n",
61	BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
62	}
63	}
64	}
65
66	void pqg()
67	{
68	char buf[1024];
69	char lbuf[1024];
70	char keyword, value;
71	int nmod=0;
72
73	while(fgets(buf,sizeof buf,stdin) != NULL)
74	{
75	if (!parse_line(&keyword, &value, lbuf, buf))
76	{
77	fputs(buf,stdout);
78	continue;
79	}
80	if(!strcmp(keyword,"[mod"))
81	nmod=atoi(value);
82	else if(!strcmp(keyword,"N"))
83	{
84	int n=atoi(value);
85
86	printf("[mod = %d]\n\n",nmod);
87
88	while(n--)
89	{
90	unsigned char seed[20];
91	DSA *dsa;
92	int counter;
93	unsigned long h;
94	dsa = FIPS_dsa_new();
95
96	if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
97	{
98	do_print_errors();
99	exit(1);
100	}
101	pbn("P",dsa->p);
102	pbn("Q",dsa->q);
103	pbn("G",dsa->g);
104	pv("Seed",seed,20);
105	printf("c = %d\n",counter);
106	printf("H = %lx\n",h);
107	putc('\n',stdout);
108	}
109	}
110	else
111	fputs(buf,stdout);
112	}
113	}
114
115	void pqgver()
116	{
117	char buf[1024];
118	char lbuf[1024];
119	char keyword, value;
120	BIGNUM p = NULL, q = NULL, *g = NULL;
121	int counter, counter2;
122	unsigned long h, h2;
123	DSA *dsa=NULL;
124	int nmod=0;
125	unsigned char seed[1024];
126
127	while(fgets(buf,sizeof buf,stdin) != NULL)
128	{
129	if (!parse_line(&keyword, &value, lbuf, buf))
130	{
131	fputs(buf,stdout);
132	continue;
133	}
134	if(!strcmp(keyword,"[mod"))
135	nmod=atoi(value);
136	else if(!strcmp(keyword,"P"))
137	p=hex2bn(value);
138	else if(!strcmp(keyword,"Q"))
139	q=hex2bn(value);
140	else if(!strcmp(keyword,"G"))
141	g=hex2bn(value);
142	else if(!strcmp(keyword,"Seed"))
143	{
144	int slen = hex2bin(value, seed);
145	if (slen != 20)
146	{
147	fprintf(stderr, "Seed parse length error\n");
148	exit (1);
149	}
150	}
151	else if(!strcmp(keyword,"c"))
152	counter =atoi(buf+4);
153	else if(!strcmp(keyword,"H"))
154	{
155	h = atoi(value);
156	if (!p \|\| !q \|\| !g)
157	{
158	fprintf(stderr, "Parse Error\n");
159	exit (1);
160	}
161	pbn("P",p);
162	pbn("Q",q);
163	pbn("G",g);
164	pv("Seed",seed,20);
165	printf("c = %d\n",counter);
166	printf("H = %lx\n",h);
167	dsa = FIPS_dsa_new();
168	if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
169	{
170	do_print_errors();
171	exit(1);
172	}
173	if (BN_cmp(dsa->p, p) \|\| BN_cmp(dsa->q, q) \|\| BN_cmp(dsa->g, g)
174	\|\| (counter != counter2) \|\| (h != h2))
175	printf("Result = F\n");
176	else
177	printf("Result = T\n");
178	BN_free(p);
179	BN_free(q);
180	BN_free(g);
181	p = NULL;
182	q = NULL;
183	g = NULL;
184	FIPS_dsa_free(dsa);
185	dsa = NULL;
186	}
187	}
188	}
189
190	/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
191	* algorithm tests. It is an additional test to perform sanity checks on the
192	* output of the KeyPair test.
193	*/
194
195	static int dss_paramcheck(int nmod, BIGNUM p, BIGNUM q, BIGNUM *g,
196	BN_CTX *ctx)
197	{
198	BIGNUM *rem = NULL;
199	if (BN_num_bits(p) != nmod)
200	return 0;
201	if (BN_num_bits(q) != 160)
202	return 0;
203	if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
204	return 0;
205	if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
206	return 0;
207	rem = BN_new();
208	if (!BN_mod(rem, p, q, ctx) \|\| !BN_is_one(rem)
209	\|\| (BN_cmp(g, BN_value_one()) <= 0)
210	\|\| !BN_mod_exp(rem, g, q, p, ctx) \|\| !BN_is_one(rem))
211	{
212	BN_free(rem);
213	return 0;
214	}
215	/* Todo: check g */
216	BN_free(rem);
217	return 1;
218	}
219
220	void keyver()
221	{
222	char buf[1024];
223	char lbuf[1024];
224	char keyword, value;
225	BIGNUM p = NULL, q = NULL, g = NULL, X = NULL, *Y = NULL;
226	BIGNUM *Y2;
227	BN_CTX *ctx = NULL;
228	int nmod=0, paramcheck = 0;
229
230	ctx = BN_CTX_new();
231	Y2 = BN_new();
232
233	while(fgets(buf,sizeof buf,stdin) != NULL)
234	{
235	if (!parse_line(&keyword, &value, lbuf, buf))
236	{
237	fputs(buf,stdout);
238	continue;
239	}
240	if(!strcmp(keyword,"[mod"))
241	{
242	if (p)
243	BN_free(p);
244	p = NULL;
245	if (q)
246	BN_free(q);
247	q = NULL;
248	if (g)
249	BN_free(g);
250	g = NULL;
251	paramcheck = 0;
252	nmod=atoi(value);
253	}
254	else if(!strcmp(keyword,"P"))
255	p=hex2bn(value);
256	else if(!strcmp(keyword,"Q"))
257	q=hex2bn(value);
258	else if(!strcmp(keyword,"G"))
259	g=hex2bn(value);
260	else if(!strcmp(keyword,"X"))
261	X=hex2bn(value);
262	else if(!strcmp(keyword,"Y"))
263	{
264	Y=hex2bn(value);
265	if (!p \|\| !q \|\| !g \|\| !X \|\| !Y)
266	{
267	fprintf(stderr, "Parse Error\n");
268	exit (1);
269	}
270	pbn("P",p);
271	pbn("Q",q);
272	pbn("G",g);
273	pbn("X",X);
274	pbn("Y",Y);
275	if (!paramcheck)
276	{
277	if (dss_paramcheck(nmod, p, q, g, ctx))
278	paramcheck = 1;
279	else
280	paramcheck = -1;
281	}
282	if (paramcheck != 1)
283	printf("Result = F\n");
284	else
285	{
286	if (!BN_mod_exp(Y2, g, X, p, ctx) \|\| BN_cmp(Y2, Y))
287	printf("Result = F\n");
288	else
289	printf("Result = T\n");
290	}
291	BN_free(X);
292	BN_free(Y);
293	X = NULL;
294	Y = NULL;
295	}
296	}
297	if (p)
298	BN_free(p);
299	if (q)
300	BN_free(q);
301	if (g)
302	BN_free(g);
303	if (Y2)
304	BN_free(Y2);
305	}
306
307	void keypair()
308	{
309	char buf[1024];
310	char lbuf[1024];
311	char keyword, value;
312	int nmod=0;
313
314	while(fgets(buf,sizeof buf,stdin) != NULL)
315	{
316	if (!parse_line(&keyword, &value, lbuf, buf))
317	{
318	fputs(buf,stdout);
319	continue;
320	}
321	if(!strcmp(keyword,"[mod"))
322	nmod=atoi(value);
323	else if(!strcmp(keyword,"N"))
324	{
325	DSA *dsa;
326	int n=atoi(value);
327
328	printf("[mod = %d]\n\n",nmod);
329	dsa = FIPS_dsa_new();
330	if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
331	{
332	do_print_errors();
333	exit(1);
334	}
335	pbn("P",dsa->p);
336	pbn("Q",dsa->q);
337	pbn("G",dsa->g);
338	putc('\n',stdout);
339
340	while(n--)
341	{
342	if (!DSA_generate_key(dsa))
343	{
344	do_print_errors();
345	exit(1);
346	}
347
348	pbn("X",dsa->priv_key);
349	pbn("Y",dsa->pub_key);
350	putc('\n',stdout);
351	}
352	}
353	}
354	}
355
356	void siggen()
357	{
358	char buf[1024];
359	char lbuf[1024];
360	char keyword, value;
361	int nmod=0;
362	DSA *dsa=NULL;
363
364	while(fgets(buf,sizeof buf,stdin) != NULL)
365	{
366	if (!parse_line(&keyword, &value, lbuf, buf))
367	{
368	fputs(buf,stdout);
369	continue;
370	}
371	if(!strcmp(keyword,"[mod"))
372	{
373	nmod=atoi(value);
374	printf("[mod = %d]\n\n",nmod);
375	if (dsa)
376	FIPS_dsa_free(dsa);
377	dsa = FIPS_dsa_new();
378	if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
379	{
380	do_print_errors();
381	exit(1);
382	}
383	pbn("P",dsa->p);
384	pbn("Q",dsa->q);
385	pbn("G",dsa->g);
386	putc('\n',stdout);
387	}
388	else if(!strcmp(keyword,"Msg"))
389	{
390	unsigned char msg[1024];
391	unsigned char sbuf[60];
392	unsigned int slen;
393	int n;
394	EVP_PKEY pk;
395	EVP_MD_CTX mctx;
396	DSA_SIG *sig;
397	EVP_MD_CTX_init(&mctx);
398
399	n=hex2bin(value,msg);
400	pv("Msg",msg,n);
401
402	if (!DSA_generate_key(dsa))
403	{
404	do_print_errors();
405	exit(1);
406	}
407	pk.type = EVP_PKEY_DSA;
408	pk.pkey.dsa = dsa;
409	pbn("Y",dsa->pub_key);
410
411	EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
412	EVP_SignUpdate(&mctx, msg, n);
413	EVP_SignFinal(&mctx, sbuf, &slen, &pk);
414
415	sig = DSA_SIG_new();
416	FIPS_dsa_sig_decode(sig, sbuf, slen);
417
418	pbn("R",sig->r);
419	pbn("S",sig->s);
420	putc('\n',stdout);
421	DSA_SIG_free(sig);
422	EVP_MD_CTX_cleanup(&mctx);
423	}
424	}
425	if (dsa)
426	FIPS_dsa_free(dsa);
427	}
428
429	void sigver()
430	{
431	DSA *dsa=NULL;
432	char buf[1024];
433	char lbuf[1024];
434	unsigned char msg[1024];
435	char keyword, value;
436	int nmod=0, n=0;
437	DSA_SIG sg, *sig = &sg;
438
439	sig->r = NULL;
440	sig->s = NULL;
441
442	while(fgets(buf,sizeof buf,stdin) != NULL)
443	{
444	if (!parse_line(&keyword, &value, lbuf, buf))
445	{
446	fputs(buf,stdout);
447	continue;
448	}
449	if(!strcmp(keyword,"[mod"))
450	{
451	nmod=atoi(value);
452	if(dsa)
453	FIPS_dsa_free(dsa);
454	dsa=FIPS_dsa_new();
455	}
456	else if(!strcmp(keyword,"P"))
457	dsa->p=hex2bn(value);
458	else if(!strcmp(keyword,"Q"))
459	dsa->q=hex2bn(value);
460	else if(!strcmp(keyword,"G"))
461	{
462	dsa->g=hex2bn(value);
463
464	printf("[mod = %d]\n\n",nmod);
465	pbn("P",dsa->p);
466	pbn("Q",dsa->q);
467	pbn("G",dsa->g);
468	putc('\n',stdout);
469	}
470	else if(!strcmp(keyword,"Msg"))
471	{
472	n=hex2bin(value,msg);
473	pv("Msg",msg,n);
474	}
475	else if(!strcmp(keyword,"Y"))
476	dsa->pub_key=hex2bn(value);
477	else if(!strcmp(keyword,"R"))
478	sig->r=hex2bn(value);
479	else if(!strcmp(keyword,"S"))
480	{
481	EVP_MD_CTX mctx;
482	EVP_PKEY pk;
483	unsigned char sigbuf[60];
484	unsigned int slen;
485	int r;
486	EVP_MD_CTX_init(&mctx);
487	pk.type = EVP_PKEY_DSA;
488	pk.pkey.dsa = dsa;
489	sig->s=hex2bn(value);
490
491	pbn("Y",dsa->pub_key);
492	pbn("R",sig->r);
493	pbn("S",sig->s);
494
495	slen = FIPS_dsa_sig_encode(sigbuf, sig);
496	EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
497	EVP_VerifyUpdate(&mctx, msg, n);
498	r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
499	EVP_MD_CTX_cleanup(&mctx);
500
501	printf("Result = %c\n", r == 1 ? 'P' : 'F');
502	putc('\n',stdout);
503	}
504	}
505	}
506
507	int main(int argc,char **argv)
508	{
509	if(argc != 2)
510	{
511	fprintf(stderr,"%s [prime\|pqg\|pqgver\|keypair\|siggen\|sigver]\n",argv[0]);
512	exit(1);
513	}
514	if(!FIPS_mode_set(1))
515	{
516	do_print_errors();
517	exit(1);
518	}
519	if(!strcmp(argv[1],"prime"))
520	primes();
521	else if(!strcmp(argv[1],"pqg"))
522	pqg();
523	else if(!strcmp(argv[1],"pqgver"))
524	pqgver();
525	else if(!strcmp(argv[1],"keypair"))
526	keypair();
527	else if(!strcmp(argv[1],"keyver"))
528	keyver();
529	else if(!strcmp(argv[1],"siggen"))
530	siggen();
531	else if(!strcmp(argv[1],"sigver"))
532	sigver();
533	else
534	{
535	fprintf(stderr,"Don't know how to %s.\n",argv[1]);
536	exit(1);
537	}
538
539	return 0;
540	}
541
542	#endif