summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/dsa/dsa_ameth.c459
-rw-r--r--src/lib/libcrypto/dsa/dsa_asn1.c86
-rw-r--r--src/lib/libcrypto/dsa/dsa_depr.c35
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c274
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c78
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c251
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c392
-rw-r--r--src/lib/libcrypto/dsa/dsa_pmeth.c162
-rw-r--r--src/lib/libcrypto/dsa/dsa_prn.c63
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c35
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c10
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_ameth.c459
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_asn1.c86
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_depr.c35
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_gen.c274
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_key.c78
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_lib.c251
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_ossl.c392
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_pmeth.c162
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_prn.c63
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_sign.c35
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_vrf.c10
22 files changed, 1878 insertions, 1812 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index d11565a737..c6707b9427 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ameth.c,v 1.8 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_ameth.c,v 1.9 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -67,8 +67,9 @@
67#endif 67#endif
68#include "asn1_locl.h" 68#include "asn1_locl.h"
69 69
70static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 70static int
71 { 71dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
72{
72 const unsigned char *p, *pm; 73 const unsigned char *p, *pm;
73 int pklen, pmlen; 74 int pklen, pmlen;
74 int ptype; 75 int ptype;
@@ -83,112 +84,99 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
83 return 0; 84 return 0;
84 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 85 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
85 86
86 87 if (ptype == V_ASN1_SEQUENCE) {
87 if (ptype == V_ASN1_SEQUENCE)
88 {
89 pstr = pval; 88 pstr = pval;
90 pm = pstr->data; 89 pm = pstr->data;
91 pmlen = pstr->length; 90 pmlen = pstr->length;
92 91
93 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) 92 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
94 {
95 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); 93 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
96 goto err; 94 goto err;
97 }
98
99 } 95 }
100 else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) 96 } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
101 { 97 if (!(dsa = DSA_new())) {
102 if (!(dsa = DSA_new()))
103 {
104 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); 98 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
105 goto err; 99 goto err;
106 } 100 }
107 } 101 } else {
108 else
109 {
110 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); 102 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
111 goto err; 103 goto err;
112 } 104 }
113 105
114 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) 106 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
115 {
116 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); 107 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
117 goto err; 108 goto err;
118 } 109 }
119 110
120 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) 111 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
121 {
122 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); 112 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
123 goto err; 113 goto err;
124 } 114 }
125 115
126 ASN1_INTEGER_free(public_key); 116 ASN1_INTEGER_free(public_key);
127 EVP_PKEY_assign_DSA(pkey, dsa); 117 EVP_PKEY_assign_DSA(pkey, dsa);
128 return 1; 118 return 1;
129 119
130 err: 120err:
131 if (public_key) 121 if (public_key)
132 ASN1_INTEGER_free(public_key); 122 ASN1_INTEGER_free(public_key);
133 if (dsa) 123 if (dsa)
134 DSA_free(dsa); 124 DSA_free(dsa);
135 return 0; 125 return 0;
126}
136 127
137 } 128static int
138 129dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
139static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 130{
140 {
141 DSA *dsa; 131 DSA *dsa;
142 void *pval = NULL; 132 void *pval = NULL;
143 int ptype; 133 int ptype;
144 unsigned char *penc = NULL; 134 unsigned char *penc = NULL;
145 int penclen; 135 int penclen;
146 136
147 dsa=pkey->pkey.dsa; 137 dsa = pkey->pkey.dsa;
148 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) 138 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
149 {
150 ASN1_STRING *str; 139 ASN1_STRING *str;
140
151 str = ASN1_STRING_new(); 141 str = ASN1_STRING_new();
152 str->length = i2d_DSAparams(dsa, &str->data); 142 str->length = i2d_DSAparams(dsa, &str->data);
153 if (str->length <= 0) 143 if (str->length <= 0) {
154 {
155 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 144 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
156 goto err; 145 goto err;
157 } 146 }
158 pval = str; 147 pval = str;
159 ptype = V_ASN1_SEQUENCE; 148 ptype = V_ASN1_SEQUENCE;
160 } 149 } else
161 else
162 ptype = V_ASN1_UNDEF; 150 ptype = V_ASN1_UNDEF;
163 151
164 dsa->write_params=0; 152 dsa->write_params = 0;
165 153
166 penclen = i2d_DSAPublicKey(dsa, &penc); 154 penclen = i2d_DSAPublicKey(dsa, &penc);
167 155
168 if (penclen <= 0) 156 if (penclen <= 0) {
169 {
170 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 157 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
171 goto err; 158 goto err;
172 } 159 }
173 160
174 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), 161 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,
175 ptype, pval, penc, penclen)) 162 penc, penclen))
176 return 1; 163 return 1;
177 164
178 err: 165err:
179 free(penc); 166 free(penc);
180 if (pval) 167 if (pval)
181 ASN1_STRING_free(pval); 168 ASN1_STRING_free(pval);
182 169
183 return 0; 170 return 0;
184 } 171}
185 172
186/* In PKCS#8 DSA: you just get a private key integer and parameters in the 173/* In PKCS#8 DSA: you just get a private key integer and parameters in the
187 * AlgorithmIdentifier the pubkey must be recalculated. 174 * AlgorithmIdentifier the pubkey must be recalculated.
188 */ 175 */
189 176
190static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 177static int
191 { 178dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
179{
192 const unsigned char *p, *pm; 180 const unsigned char *p, *pm;
193 int pklen, pmlen; 181 int pklen, pmlen;
194 int ptype; 182 int ptype;
@@ -197,7 +185,6 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
197 X509_ALGOR *palg; 185 X509_ALGOR *palg;
198 ASN1_INTEGER *privkey = NULL; 186 ASN1_INTEGER *privkey = NULL;
199 BN_CTX *ctx = NULL; 187 BN_CTX *ctx = NULL;
200
201 STACK_OF(ASN1_TYPE) *ndsa = NULL; 188 STACK_OF(ASN1_TYPE) *ndsa = NULL;
202 DSA *dsa = NULL; 189 DSA *dsa = NULL;
203 190
@@ -206,26 +193,24 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
206 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 193 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
207 194
208 /* Check for broken DSA PKCS#8, UGH! */ 195 /* Check for broken DSA PKCS#8, UGH! */
209 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) 196 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
210 {
211 ASN1_TYPE *t1, *t2; 197 ASN1_TYPE *t1, *t2;
212 if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) 198 if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
213 goto decerr; 199 goto decerr;
214 if (sk_ASN1_TYPE_num(ndsa) != 2) 200 if (sk_ASN1_TYPE_num(ndsa) != 2)
215 goto decerr; 201 goto decerr;
216 /* Handle Two broken types: 202 /*
203 * Handle Two broken types:
217 * SEQUENCE {parameters, priv_key} 204 * SEQUENCE {parameters, priv_key}
218 * SEQUENCE {pub_key, priv_key} 205 * SEQUENCE {pub_key, priv_key}
219 */ 206 */
220 207
221 t1 = sk_ASN1_TYPE_value(ndsa, 0); 208 t1 = sk_ASN1_TYPE_value(ndsa, 0);
222 t2 = sk_ASN1_TYPE_value(ndsa, 1); 209 t2 = sk_ASN1_TYPE_value(ndsa, 1);
223 if (t1->type == V_ASN1_SEQUENCE) 210 if (t1->type == V_ASN1_SEQUENCE) {
224 {
225 p8->broken = PKCS8_EMBEDDED_PARAM; 211 p8->broken = PKCS8_EMBEDDED_PARAM;
226 pval = t1->value.ptr; 212 pval = t1->value.ptr;
227 } 213 } else if (ptype == V_ASN1_SEQUENCE)
228 else if (ptype == V_ASN1_SEQUENCE)
229 p8->broken = PKCS8_NS_DB; 214 p8->broken = PKCS8_NS_DB;
230 else 215 else
231 goto decerr; 216 goto decerr;
@@ -234,22 +219,20 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
234 goto decerr; 219 goto decerr;
235 220
236 privkey = t2->value.integer; 221 privkey = t2->value.integer;
237 } 222 } else {
238 else
239 {
240 const unsigned char *q = p; 223 const unsigned char *q = p;
224
241 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) 225 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
242 goto decerr; 226 goto decerr;
243 if (privkey->type == V_ASN1_NEG_INTEGER) 227 if (privkey->type == V_ASN1_NEG_INTEGER) {
244 {
245 p8->broken = PKCS8_NEG_PRIVKEY; 228 p8->broken = PKCS8_NEG_PRIVKEY;
246 ASN1_INTEGER_free(privkey); 229 ASN1_INTEGER_free(privkey);
247 if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) 230 if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))
248 goto decerr; 231 goto decerr;
249 } 232 }
250 if (ptype != V_ASN1_SEQUENCE) 233 if (ptype != V_ASN1_SEQUENCE)
251 goto decerr; 234 goto decerr;
252 } 235 }
253 236
254 pstr = pval; 237 pstr = pval;
255 pm = pstr->data; 238 pm = pstr->data;
@@ -257,50 +240,47 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
257 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) 240 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
258 goto decerr; 241 goto decerr;
259 /* We have parameters now set private key */ 242 /* We have parameters now set private key */
260 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) 243 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
261 {
262 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); 244 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
263 goto dsaerr; 245 goto dsaerr;
264 } 246 }
265 /* Calculate public key */ 247 /* Calculate public key */
266 if (!(dsa->pub_key = BN_new())) 248 if (!(dsa->pub_key = BN_new())) {
267 {
268 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); 249 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
269 goto dsaerr; 250 goto dsaerr;
270 } 251 }
271 if (!(ctx = BN_CTX_new())) 252 if (!(ctx = BN_CTX_new())) {
272 {
273 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); 253 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
274 goto dsaerr; 254 goto dsaerr;
275 } 255 }
276 256
277 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) 257 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
278 {
279 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); 258 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
280 goto dsaerr; 259 goto dsaerr;
281 } 260 }
282 261
283 EVP_PKEY_assign_DSA(pkey, dsa); 262 EVP_PKEY_assign_DSA(pkey, dsa);
284 BN_CTX_free (ctx); 263 BN_CTX_free (ctx);
285 if(ndsa) 264 if (ndsa)
286 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 265 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
287 else 266 else
288 ASN1_INTEGER_free(privkey); 267 ASN1_INTEGER_free(privkey);
289 268
290 return 1; 269 return 1;
291 270
292 decerr: 271decerr:
293 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); 272 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
294 dsaerr: 273dsaerr:
295 BN_CTX_free (ctx); 274 BN_CTX_free (ctx);
296 if (privkey) 275 if (privkey)
297 ASN1_INTEGER_free(privkey); 276 ASN1_INTEGER_free(privkey);
298 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 277 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
299 DSA_free(dsa); 278 DSA_free(dsa);
300 return 0; 279 return 0;
301 } 280}
302 281
303static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 282static int
283dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
304{ 284{
305 ASN1_STRING *params = NULL; 285 ASN1_STRING *params = NULL;
306 ASN1_INTEGER *prkey = NULL; 286 ASN1_INTEGER *prkey = NULL;
@@ -308,36 +288,31 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
308 int dplen; 288 int dplen;
309 289
310 params = ASN1_STRING_new(); 290 params = ASN1_STRING_new();
311 291 if (!params) {
312 if (!params) 292 DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
313 {
314 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
315 goto err; 293 goto err;
316 } 294 }
317 295
318 params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data); 296 params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
319 if (params->length <= 0) 297 if (params->length <= 0) {
320 { 298 DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
321 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
322 goto err; 299 goto err;
323 } 300 }
324 params->type = V_ASN1_SEQUENCE; 301 params->type = V_ASN1_SEQUENCE;
325 302
326 /* Get private key into integer */ 303 /* Get private key into integer */
327 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); 304 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
328 305 if (!prkey) {
329 if (!prkey) 306 DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
330 {
331 DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
332 goto err; 307 goto err;
333 } 308 }
334 309
335 dplen = i2d_ASN1_INTEGER(prkey, &dp); 310 dplen = i2d_ASN1_INTEGER(prkey, &dp);
336 311
337 ASN1_INTEGER_free(prkey); 312 ASN1_INTEGER_free(prkey);
338 313
339 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, 314 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE,
340 V_ASN1_SEQUENCE, params, dp, dplen)) 315 params, dp, dplen))
341 goto err; 316 goto err;
342 317
343 return 1; 318 return 1;
@@ -351,88 +326,98 @@ err:
351 return 0; 326 return 0;
352} 327}
353 328
354static int int_dsa_size(const EVP_PKEY *pkey) 329static int
355 { 330int_dsa_size(const EVP_PKEY *pkey)
356 return(DSA_size(pkey->pkey.dsa)); 331{
357 } 332 return DSA_size(pkey->pkey.dsa);
333}
358 334
359static int dsa_bits(const EVP_PKEY *pkey) 335static int
360 { 336dsa_bits(const EVP_PKEY *pkey)
337{
361 return BN_num_bits(pkey->pkey.dsa->p); 338 return BN_num_bits(pkey->pkey.dsa->p);
362 } 339}
363 340
364static int dsa_missing_parameters(const EVP_PKEY *pkey) 341static int
365 { 342dsa_missing_parameters(const EVP_PKEY *pkey)
343{
366 DSA *dsa; 344 DSA *dsa;
367 dsa=pkey->pkey.dsa; 345
368 if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) 346 dsa = pkey->pkey.dsa;
369 return 1; 347 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
348 return 1;
370 return 0; 349 return 0;
371 } 350}
372 351
373static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) 352static int
374 { 353dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
354{
375 BIGNUM *a; 355 BIGNUM *a;
376 356
377 if ((a=BN_dup(from->pkey.dsa->p)) == NULL) 357 if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
378 return 0; 358 return 0;
379 if (to->pkey.dsa->p != NULL) 359 if (to->pkey.dsa->p != NULL)
380 BN_free(to->pkey.dsa->p); 360 BN_free(to->pkey.dsa->p);
381 to->pkey.dsa->p=a; 361 to->pkey.dsa->p = a;
382 362
383 if ((a=BN_dup(from->pkey.dsa->q)) == NULL) 363 if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
384 return 0; 364 return 0;
385 if (to->pkey.dsa->q != NULL) 365 if (to->pkey.dsa->q != NULL)
386 BN_free(to->pkey.dsa->q); 366 BN_free(to->pkey.dsa->q);
387 to->pkey.dsa->q=a; 367 to->pkey.dsa->q = a;
388 368
389 if ((a=BN_dup(from->pkey.dsa->g)) == NULL) 369 if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
390 return 0; 370 return 0;
391 if (to->pkey.dsa->g != NULL) 371 if (to->pkey.dsa->g != NULL)
392 BN_free(to->pkey.dsa->g); 372 BN_free(to->pkey.dsa->g);
393 to->pkey.dsa->g=a; 373 to->pkey.dsa->g = a;
394 return 1; 374 return 1;
395 } 375}
396 376
397static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) 377static int
398 { 378dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
399 if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || 379{
400 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || 380 if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
401 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) 381 BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
382 BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
402 return 0; 383 return 0;
403 else 384 else
404 return 1; 385 return 1;
405 } 386}
406 387
407static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 388static int
408 { 389dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
409 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) 390{
391 if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
410 return 0; 392 return 0;
411 else 393 else
412 return 1; 394 return 1;
413 } 395}
414 396
415static void int_dsa_free(EVP_PKEY *pkey) 397static void
416 { 398int_dsa_free(EVP_PKEY *pkey)
399{
417 DSA_free(pkey->pkey.dsa); 400 DSA_free(pkey->pkey.dsa);
418 } 401}
419 402
420static void update_buflen(const BIGNUM *b, size_t *pbuflen) 403static void
421 { 404update_buflen(const BIGNUM *b, size_t *pbuflen)
405{
422 size_t i; 406 size_t i;
407
423 if (!b) 408 if (!b)
424 return; 409 return;
425 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 410 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
426 *pbuflen = i; 411 *pbuflen = i;
427 } 412}
428 413
429static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) 414static int
430 { 415do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
431 unsigned char *m=NULL; 416{
432 int ret=0; 417 unsigned char *m = NULL;
433 size_t buf_len=0; 418 int ret = 0;
419 size_t buf_len = 0;
434 const char *ktype = NULL; 420 const char *ktype = NULL;
435
436 const BIGNUM *priv_key, *pub_key; 421 const BIGNUM *priv_key, *pub_key;
437 422
438 if (ptype == 2) 423 if (ptype == 2)
@@ -458,183 +443,187 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
458 update_buflen(priv_key, &buf_len); 443 update_buflen(priv_key, &buf_len);
459 update_buflen(pub_key, &buf_len); 444 update_buflen(pub_key, &buf_len);
460 445
461 m = malloc(buf_len+10); 446 m = malloc(buf_len + 10);
462 if (m == NULL) 447 if (m == NULL) {
463 { 448 DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
464 DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
465 goto err; 449 goto err;
466 } 450 }
467 451
468 if (priv_key) 452 if (priv_key) {
469 { 453 if (!BIO_indent(bp, off, 128))
470 if(!BIO_indent(bp,off,128)) 454 goto err;
471 goto err; 455 if (BIO_printf(bp, "%s: (%d bit)\n", ktype,
472 if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p)) 456 BN_num_bits(x->p)) <= 0)
473 <= 0) goto err; 457 goto err;
474 } 458 }
475 459
476 if (!ASN1_bn_print(bp,"priv:",priv_key,m,off)) 460 if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
461 goto err;
462 if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
463 goto err;
464 if (!ASN1_bn_print(bp, "P: ", x->p, m, off))
477 goto err; 465 goto err;
478 if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off)) 466 if (!ASN1_bn_print(bp, "Q: ", x->q, m, off))
479 goto err; 467 goto err;
480 if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err; 468 if (!ASN1_bn_print(bp, "G: ", x->g, m, off))
481 if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err; 469 goto err;
482 if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err; 470 ret = 1;
483 ret=1;
484err: 471err:
485 free(m); 472 free(m);
486 return(ret); 473 return(ret);
487 } 474}
488 475
489static int dsa_param_decode(EVP_PKEY *pkey, 476static int
490 const unsigned char **pder, int derlen) 477dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
491 { 478{
492 DSA *dsa; 479 DSA *dsa;
493 if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) 480
494 { 481 if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
495 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); 482 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
496 return 0; 483 return 0;
497 } 484 }
498 EVP_PKEY_assign_DSA(pkey, dsa); 485 EVP_PKEY_assign_DSA(pkey, dsa);
499 return 1; 486 return 1;
500 } 487}
501 488
502static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 489static int
503 { 490dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
491{
504 return i2d_DSAparams(pkey->pkey.dsa, pder); 492 return i2d_DSAparams(pkey->pkey.dsa, pder);
505 } 493}
506 494
507static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, 495static int
508 ASN1_PCTX *ctx) 496dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
509 { 497{
510 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); 498 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
511 } 499}
512 500
513static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, 501static int
514 ASN1_PCTX *ctx) 502dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
515 { 503{
516 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); 504 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
517 } 505}
518
519 506
520static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, 507static int
521 ASN1_PCTX *ctx) 508dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
522 { 509{
523 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); 510 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
524 } 511}
525 512
526static int old_dsa_priv_decode(EVP_PKEY *pkey, 513static int
527 const unsigned char **pder, int derlen) 514old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
528 { 515{
529 DSA *dsa; 516 DSA *dsa;
530 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) 517
531 { 518 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) {
532 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); 519 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
533 return 0; 520 return 0;
534 } 521 }
535 EVP_PKEY_assign_DSA(pkey, dsa); 522 EVP_PKEY_assign_DSA(pkey, dsa);
536 return 1; 523 return 1;
537 } 524}
538 525
539static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) 526static int
540 { 527old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
528{
541 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); 529 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
542 } 530}
543 531
544static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, 532static int
545 const ASN1_STRING *sig, 533dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
546 int indent, ASN1_PCTX *pctx) 534 int indent, ASN1_PCTX *pctx)
547 { 535{
548 DSA_SIG *dsa_sig; 536 DSA_SIG *dsa_sig;
549 const unsigned char *p; 537 const unsigned char *p;
550 if (!sig) 538
551 { 539 if (!sig) {
552 if (BIO_puts(bp, "\n") <= 0) 540 if (BIO_puts(bp, "\n") <= 0)
553 return 0; 541 return 0;
554 else 542 else
555 return 1; 543 return 1;
556 } 544 }
557 p = sig->data; 545 p = sig->data;
558 dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); 546 dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
559 if (dsa_sig) 547 if (dsa_sig) {
560 {
561 int rv = 0; 548 int rv = 0;
562 size_t buf_len = 0; 549 size_t buf_len = 0;
563 unsigned char *m=NULL; 550 unsigned char *m = NULL;
551
564 update_buflen(dsa_sig->r, &buf_len); 552 update_buflen(dsa_sig->r, &buf_len);
565 update_buflen(dsa_sig->s, &buf_len); 553 update_buflen(dsa_sig->s, &buf_len);
566 m = malloc(buf_len+10); 554 m = malloc(buf_len + 10);
567 if (m == NULL) 555 if (m == NULL) {
568 { 556 DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
569 DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
570 goto err; 557 goto err;
571 } 558 }
572 559
573 if (BIO_write(bp, "\n", 1) != 1) 560 if (BIO_write(bp, "\n", 1) != 1)
574 goto err; 561 goto err;
575 562
576 if (!ASN1_bn_print(bp,"r: ",dsa_sig->r,m,indent)) 563 if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent))
577 goto err; 564 goto err;
578 if (!ASN1_bn_print(bp,"s: ",dsa_sig->s,m,indent)) 565 if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent))
579 goto err; 566 goto err;
580 rv = 1; 567 rv = 1;
581 err: 568err:
582 free(m); 569 free(m);
583 DSA_SIG_free(dsa_sig); 570 DSA_SIG_free(dsa_sig);
584 return rv; 571 return rv;
585 }
586 return X509_signature_dump(bp, sig, indent);
587 } 572 }
573 return X509_signature_dump(bp, sig, indent);
574}
588 575
589static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 576static int
590 { 577dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
591 switch (op) 578{
592 { 579 switch (op) {
593 case ASN1_PKEY_CTRL_PKCS7_SIGN: 580 case ASN1_PKEY_CTRL_PKCS7_SIGN:
594 if (arg1 == 0) 581 if (arg1 == 0) {
595 {
596 int snid, hnid; 582 int snid, hnid;
597 X509_ALGOR *alg1, *alg2; 583 X509_ALGOR *alg1, *alg2;
584
598 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); 585 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
599 if (alg1 == NULL || alg1->algorithm == NULL) 586 if (alg1 == NULL || alg1->algorithm == NULL)
600 return -1; 587 return -1;
601 hnid = OBJ_obj2nid(alg1->algorithm); 588 hnid = OBJ_obj2nid(alg1->algorithm);
602 if (hnid == NID_undef) 589 if (hnid == NID_undef)
603 return -1; 590 return -1;
604 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) 591 if (!OBJ_find_sigid_by_algs(&snid, hnid,
592 EVP_PKEY_id(pkey)))
605 return -1; 593 return -1;
606 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); 594 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
607 } 595 0);
596 }
608 return 1; 597 return 1;
609#ifndef OPENSSL_NO_CMS 598#ifndef OPENSSL_NO_CMS
610 case ASN1_PKEY_CTRL_CMS_SIGN: 599 case ASN1_PKEY_CTRL_CMS_SIGN:
611 if (arg1 == 0) 600 if (arg1 == 0) {
612 {
613 int snid, hnid; 601 int snid, hnid;
614 X509_ALGOR *alg1, *alg2; 602 X509_ALGOR *alg1, *alg2;
603
615 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); 604 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
616 if (alg1 == NULL || alg1->algorithm == NULL) 605 if (alg1 == NULL || alg1->algorithm == NULL)
617 return -1; 606 return -1;
618 hnid = OBJ_obj2nid(alg1->algorithm); 607 hnid = OBJ_obj2nid(alg1->algorithm);
619 if (hnid == NID_undef) 608 if (hnid == NID_undef)
620 return -1; 609 return -1;
621 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) 610 if (!OBJ_find_sigid_by_algs(&snid, hnid,
611 EVP_PKEY_id(pkey)))
622 return -1; 612 return -1;
623 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); 613 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
624 } 614 0);
615 }
625 return 1; 616 return 1;
626#endif 617#endif
627 618
628 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 619 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
629 *(int *)arg2 = NID_sha1; 620 *(int *)arg2 = NID_sha1;
630 return 2; 621 return 2;
631 622
632 default: 623 default:
633 return -2; 624 return -2;
634
635 }
636
637 } 625 }
626}
638 627
639/* NB these are sorted in pkey_id order, lowest first */ 628/* NB these are sorted in pkey_id order, lowest first */
640 629
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 25288a0dda..cc03f29823 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_asn1.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_asn1.c,v 1.11 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -64,17 +64,17 @@
64#include <openssl/rand.h> 64#include <openssl/rand.h>
65 65
66/* Override the default new methods */ 66/* Override the default new methods */
67static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 67static int
68 void *exarg) 68sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
69{ 69{
70 if(operation == ASN1_OP_NEW_PRE) { 70 if (operation == ASN1_OP_NEW_PRE) {
71 DSA_SIG *sig; 71 DSA_SIG *sig;
72
72 sig = malloc(sizeof(DSA_SIG)); 73 sig = malloc(sizeof(DSA_SIG));
73 if (!sig) 74 if (!sig) {
74 {
75 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); 75 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
76 return 0; 76 return 0;
77 } 77 }
78 sig->r = NULL; 78 sig->r = NULL;
79 sig->s = NULL; 79 sig->s = NULL;
80 *pval = (ASN1_VALUE *)sig; 80 *pval = (ASN1_VALUE *)sig;
@@ -91,14 +91,15 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) 91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
92 92
93/* Override the default free and new methods */ 93/* Override the default free and new methods */
94static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 94static int
95 void *exarg) 95dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
96{ 96{
97 if(operation == ASN1_OP_NEW_PRE) { 97 if (operation == ASN1_OP_NEW_PRE) {
98 *pval = (ASN1_VALUE *)DSA_new(); 98 *pval = (ASN1_VALUE *)DSA_new();
99 if(*pval) return 2; 99 if (*pval)
100 return 2;
100 return 0; 101 return 0;
101 } else if(operation == ASN1_OP_FREE_PRE) { 102 } else if (operation == ASN1_OP_FREE_PRE) {
102 DSA_free((DSA *)*pval); 103 DSA_free((DSA *)*pval);
103 *pval = NULL; 104 *pval = NULL;
104 return 2; 105 return 2;
@@ -125,7 +126,8 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
125 126
126IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) 127IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
127 128
128/* DSA public key is a bit trickier... its effectively a CHOICE type 129/*
130 * DSA public key is a bit trickier... its effectively a CHOICE type
129 * decided by a field called write_params which can either write out 131 * decided by a field called write_params which can either write out
130 * just the public key as an INTEGER or the parameters and public key 132 * just the public key as an INTEGER or the parameters and public key
131 * in a SEQUENCE 133 * in a SEQUENCE
@@ -145,43 +147,49 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
145 147
146IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) 148IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
147 149
148DSA *DSAparams_dup(DSA *dsa) 150DSA *
149 { 151DSAparams_dup(DSA *dsa)
152{
150 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); 153 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
151 } 154}
152 155
153int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 156int
154 unsigned int *siglen, DSA *dsa) 157DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
155 { 158 unsigned int *siglen, DSA *dsa)
159{
156 DSA_SIG *s; 160 DSA_SIG *s;
157 s=DSA_do_sign(dgst,dlen,dsa); 161
158 if (s == NULL) 162 s = DSA_do_sign(dgst, dlen, dsa);
159 { 163 if (s == NULL) {
160 *siglen=0; 164 *siglen = 0;
161 return(0); 165 return 0;
162 }
163 *siglen=i2d_DSA_SIG(s,&sig);
164 DSA_SIG_free(s);
165 return(1);
166 } 166 }
167 *siglen = i2d_DSA_SIG(s,&sig);
168 DSA_SIG_free(s);
169 return 1;
170}
167 171
168/* data has already been hashed (probably with SHA or SHA-1). */ 172/*
169/* returns 173 * data has already been hashed (probably with SHA or SHA-1).
174 * returns
170 * 1: correct signature 175 * 1: correct signature
171 * 0: incorrect signature 176 * 0: incorrect signature
172 * -1: error 177 * -1: error
173 */ 178 */
174int DSA_verify(int type, const unsigned char *dgst, int dgst_len, 179int
175 const unsigned char *sigbuf, int siglen, DSA *dsa) 180DSA_verify(int type, const unsigned char *dgst, int dgst_len,
176 { 181 const unsigned char *sigbuf, int siglen, DSA *dsa)
182{
177 DSA_SIG *s; 183 DSA_SIG *s;
178 int ret=-1; 184 int ret = -1;
179 185
180 s = DSA_SIG_new(); 186 s = DSA_SIG_new();
181 if (s == NULL) return(ret); 187 if (s == NULL)
182 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; 188 return ret;
183 ret=DSA_do_verify(dgst,dgst_len,s,dsa); 189 if (d2i_DSA_SIG(&s, &sigbuf, siglen) == NULL)
190 goto err;
191 ret = DSA_do_verify(dgst, dgst_len, s, dsa);
184err: 192err:
185 DSA_SIG_free(s); 193 DSA_SIG_free(s);
186 return(ret); 194 return ret;
187 } 195}
diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c
index 8e3125b66f..50169ac9b2 100644
--- a/src/lib/libcrypto/dsa/dsa_depr.c
+++ b/src/lib/libcrypto/dsa/dsa_depr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_depr.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_depr.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -56,19 +56,6 @@
56/* This file contains deprecated function(s) that are now wrappers to the new 56/* This file contains deprecated function(s) that are now wrappers to the new
57 * version(s). */ 57 * version(s). */
58 58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72#ifndef OPENSSL_NO_SHA 59#ifndef OPENSSL_NO_SHA
73 60
74#include <stdio.h> 61#include <stdio.h>
@@ -81,24 +68,24 @@
81#include <openssl/sha.h> 68#include <openssl/sha.h>
82 69
83#ifndef OPENSSL_NO_DEPRECATED 70#ifndef OPENSSL_NO_DEPRECATED
84DSA *DSA_generate_parameters(int bits, 71DSA *
85 unsigned char *seed_in, int seed_len, 72DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
86 int *counter_ret, unsigned long *h_ret, 73 int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *),
87 void (*callback)(int, int, void *), 74 void *cb_arg)
88 void *cb_arg) 75{
89 {
90 BN_GENCB cb; 76 BN_GENCB cb;
91 DSA *ret; 77 DSA *ret;
92 78
93 if ((ret=DSA_new()) == NULL) return NULL; 79 if ((ret = DSA_new()) == NULL)
80 return NULL;
94 81
95 BN_GENCB_set_old(&cb, callback, cb_arg); 82 BN_GENCB_set_old(&cb, callback, cb_arg);
96 83
97 if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, 84 if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
98 counter_ret, h_ret, &cb)) 85 counter_ret, h_ret, &cb))
99 return ret; 86 return ret;
100 DSA_free(ret); 87 DSA_free(ret);
101 return NULL; 88 return NULL;
102 } 89}
103#endif 90#endif
104#endif 91#endif
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 22c388b9d1..d97f988688 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_gen.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_gen.c,v 1.13 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,19 +56,6 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ 59#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
73 60
74#ifndef OPENSSL_NO_SHA 61#ifndef OPENSSL_NO_SHA
@@ -81,51 +68,47 @@
81#include <openssl/sha.h> 68#include <openssl/sha.h>
82#include "dsa_locl.h" 69#include "dsa_locl.h"
83 70
84int DSA_generate_parameters_ex(DSA *ret, int bits, 71int
85 const unsigned char *seed_in, int seed_len, 72DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 73 int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
87 { 74{
88 if(ret->meth->dsa_paramgen) 75 if (ret->meth->dsa_paramgen)
89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 76 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
90 counter_ret, h_ret, cb); 77 counter_ret, h_ret, cb);
91 else 78 else {
92 {
93 const EVP_MD *evpmd; 79 const EVP_MD *evpmd;
94 size_t qbits = bits >= 2048 ? 256 : 160; 80 size_t qbits;
95 81
96 if (bits >= 2048) 82 if (bits >= 2048) {
97 {
98 qbits = 256; 83 qbits = 256;
99 evpmd = EVP_sha256(); 84 evpmd = EVP_sha256();
100 } 85 } else {
101 else
102 {
103 qbits = 160; 86 qbits = 160;
104 evpmd = EVP_sha1(); 87 evpmd = EVP_sha1();
105 }
106
107 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
108 seed_in, seed_len, NULL, counter_ret, h_ret, cb);
109 } 88 }
110 }
111 89
112int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, 90 return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in,
113 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, 91 seed_len, NULL, counter_ret, h_ret, cb);
114 unsigned char *seed_out, 92 }
115 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 93}
116 { 94
117 int ok=0; 95int
96dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
97 const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out,
98 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
99{
100 int ok = 0;
118 unsigned char seed[SHA256_DIGEST_LENGTH]; 101 unsigned char seed[SHA256_DIGEST_LENGTH];
119 unsigned char md[SHA256_DIGEST_LENGTH]; 102 unsigned char md[SHA256_DIGEST_LENGTH];
120 unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; 103 unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
121 BIGNUM *r0,*W,*X,*c,*test; 104 BIGNUM *r0, *W, *X, *c, *test;
122 BIGNUM *g=NULL,*q=NULL,*p=NULL; 105 BIGNUM *g = NULL, *q = NULL, *p = NULL;
123 BN_MONT_CTX *mont=NULL; 106 BN_MONT_CTX *mont = NULL;
124 int i, k, n=0, m=0, qsize = qbits >> 3; 107 int i, k, n = 0, m = 0, qsize = qbits >> 3;
125 int counter=0; 108 int counter = 0;
126 int r=0; 109 int r = 0;
127 BN_CTX *ctx=NULL; 110 BN_CTX *ctx = NULL;
128 unsigned int h=2; 111 unsigned int h = 2;
129 112
130 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && 113 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
131 qsize != SHA256_DIGEST_LENGTH) 114 qsize != SHA256_DIGEST_LENGTH)
@@ -139,16 +122,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
139 if (bits < 512) 122 if (bits < 512)
140 bits = 512; 123 bits = 512;
141 124
142 bits = (bits+63)/64*64; 125 bits = (bits + 63) / 64 * 64;
143 126
144 /* NB: seed_len == 0 is special case: copy generated seed to 127 /*
128 * NB: seed_len == 0 is special case: copy generated seed to
145 * seed_in if it is not NULL. 129 * seed_in if it is not NULL.
146 */ 130 */
147 if (seed_len && (seed_len < (size_t)qsize)) 131 if (seed_len && seed_len < (size_t)qsize)
148 seed_in = NULL; /* seed buffer too small -- ignore */ 132 seed_in = NULL; /* seed buffer too small -- ignore */
133 /*
134 * App. 2.2 of FIPS PUB 186 allows larger SEED,
135 * but our internal buffers are restricted to 160 bits
136 */
149 if (seed_len > (size_t)qsize) 137 if (seed_len > (size_t)qsize)
150 seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 138 seed_len = qsize;
151 * but our internal buffers are restricted to 160 bits*/
152 if (seed_in != NULL) 139 if (seed_in != NULL)
153 memcpy(seed, seed_in, seed_len); 140 memcpy(seed, seed_in, seed_len);
154 141
@@ -168,38 +155,34 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
168 p = BN_CTX_get(ctx); 155 p = BN_CTX_get(ctx);
169 test = BN_CTX_get(ctx); 156 test = BN_CTX_get(ctx);
170 157
171 if (!BN_lshift(test,BN_value_one(),bits-1)) 158 if (!BN_lshift(test, BN_value_one(), bits - 1))
172 goto err; 159 goto err;
173 160
174 for (;;) 161 for (;;) {
175 { 162 for (;;) { /* find q */
176 for (;;) /* find q */
177 {
178 int seed_is_random; 163 int seed_is_random;
179 164
180 /* step 1 */ 165 /* step 1 */
181 if(!BN_GENCB_call(cb, 0, m++)) 166 if (!BN_GENCB_call(cb, 0, m++))
182 goto err; 167 goto err;
183 168
184 if (!seed_len) 169 if (!seed_len) {
185 {
186 RAND_pseudo_bytes(seed, qsize); 170 RAND_pseudo_bytes(seed, qsize);
187 seed_is_random = 1; 171 seed_is_random = 1;
188 } 172 } else {
189 else
190 {
191 seed_is_random = 0; 173 seed_is_random = 0;
192 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ 174 /* use random seed if 'seed_in' turns out
193 } 175 to be bad */
194 memcpy(buf , seed, qsize); 176 seed_len = 0;
177 }
178 memcpy(buf, seed, qsize);
195 memcpy(buf2, seed, qsize); 179 memcpy(buf2, seed, qsize);
196 /* precompute "SEED + 1" for step 7: */ 180 /* precompute "SEED + 1" for step 7: */
197 for (i = qsize-1; i >= 0; i--) 181 for (i = qsize - 1; i >= 0; i--) {
198 {
199 buf[i]++; 182 buf[i]++;
200 if (buf[i] != 0) 183 if (buf[i] != 0)
201 break; 184 break;
202 } 185 }
203 186
204 /* step 2 */ 187 /* step 2 */
205 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) 188 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
@@ -207,17 +190,17 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
207 if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) 190 if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
208 goto err; 191 goto err;
209 for (i = 0; i < qsize; i++) 192 for (i = 0; i < qsize; i++)
210 md[i]^=buf2[i]; 193 md[i] ^= buf2[i];
211 194
212 /* step 3 */ 195 /* step 3 */
213 md[0] |= 0x80; 196 md[0] |= 0x80;
214 md[qsize-1] |= 0x01; 197 md[qsize - 1] |= 0x01;
215 if (!BN_bin2bn(md, qsize, q)) 198 if (!BN_bin2bn(md, qsize, q))
216 goto err; 199 goto err;
217 200
218 /* step 4 */ 201 /* step 4 */
219 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, 202 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
220 seed_is_random, cb); 203 seed_is_random, cb);
221 if (r > 0) 204 if (r > 0)
222 break; 205 break;
223 if (r != 0) 206 if (r != 0)
@@ -225,127 +208,144 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
225 208
226 /* do a callback call */ 209 /* do a callback call */
227 /* step 5 */ 210 /* step 5 */
228 } 211 }
229 212
230 if(!BN_GENCB_call(cb, 2, 0)) goto err; 213 if (!BN_GENCB_call(cb, 2, 0))
231 if(!BN_GENCB_call(cb, 3, 0)) goto err; 214 goto err;
215 if (!BN_GENCB_call(cb, 3, 0))
216 goto err;
232 217
233 /* step 6 */ 218 /* step 6 */
234 counter=0; 219 counter = 0;
235 /* "offset = 2" */ 220 /* "offset = 2" */
236 221
237 n=(bits-1)/160; 222 n = (bits - 1) / 160;
238 223
239 for (;;) 224 for (;;) {
240 { 225 if (counter != 0 && !BN_GENCB_call(cb, 0, counter))
241 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
242 goto err; 226 goto err;
243 227
244 /* step 7 */ 228 /* step 7 */
245 BN_zero(W); 229 BN_zero(W);
246 /* now 'buf' contains "SEED + offset - 1" */ 230 /* now 'buf' contains "SEED + offset - 1" */
247 for (k=0; k<=n; k++) 231 for (k = 0; k <= n; k++) {
248 {
249 /* obtain "SEED + offset + k" by incrementing: */ 232 /* obtain "SEED + offset + k" by incrementing: */
250 for (i = qsize-1; i >= 0; i--) 233 for (i = qsize - 1; i >= 0; i--) {
251 {
252 buf[i]++; 234 buf[i]++;
253 if (buf[i] != 0) 235 if (buf[i] != 0)
254 break; 236 break;
255 } 237 }
256 238
257 if (!EVP_Digest(buf, qsize, md ,NULL, evpmd, 239 if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
258 NULL)) 240 NULL))
259 goto err; 241 goto err;
260 242
261 /* step 8 */ 243 /* step 8 */
262 if (!BN_bin2bn(md, qsize, r0)) 244 if (!BN_bin2bn(md, qsize, r0))
263 goto err; 245 goto err;
264 if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; 246 if (!BN_lshift(r0, r0, (qsize << 3) * k))
265 if (!BN_add(W,W,r0)) goto err; 247 goto err;
266 } 248 if (!BN_add(W, W, r0))
249 goto err;
250 }
267 251
268 /* more of step 8 */ 252 /* more of step 8 */
269 if (!BN_mask_bits(W,bits-1)) goto err; 253 if (!BN_mask_bits(W, bits - 1))
270 if (!BN_copy(X,W)) goto err; 254 goto err;
271 if (!BN_add(X,X,test)) goto err; 255 if (!BN_copy(X, W))
256 goto err;
257 if (!BN_add(X, X, test))
258 goto err;
272 259
273 /* step 9 */ 260 /* step 9 */
274 if (!BN_lshift1(r0,q)) goto err; 261 if (!BN_lshift1(r0, q))
275 if (!BN_mod(c,X,r0,ctx)) goto err; 262 goto err;
276 if (!BN_sub(r0,c,BN_value_one())) goto err; 263 if (!BN_mod(c, X, r0, ctx))
277 if (!BN_sub(p,X,r0)) goto err; 264 goto err;
265 if (!BN_sub(r0, c, BN_value_one()))
266 goto err;
267 if (!BN_sub(p, X, r0))
268 goto err;
278 269
279 /* step 10 */ 270 /* step 10 */
280 if (BN_cmp(p,test) >= 0) 271 if (BN_cmp(p, test) >= 0) {
281 {
282 /* step 11 */ 272 /* step 11 */
283 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, 273 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
284 ctx, 1, cb); 274 ctx, 1, cb);
285 if (r > 0) 275 if (r > 0)
286 goto end; /* found it */ 276 goto end; /* found it */
287 if (r != 0) 277 if (r != 0)
288 goto err; 278 goto err;
289 } 279 }
290 280
291 /* step 13 */ 281 /* step 13 */
292 counter++; 282 counter++;
293 /* "offset = offset + n + 1" */ 283 /* "offset = offset + n + 1" */
294 284
295 /* step 14 */ 285 /* step 14 */
296 if (counter >= 4096) break; 286 if (counter >= 4096)
297 } 287 break;
298 } 288 }
289 }
299end: 290end:
300 if(!BN_GENCB_call(cb, 2, 1)) 291 if (!BN_GENCB_call(cb, 2, 1))
301 goto err; 292 goto err;
302 293
303 /* We now need to generate g */ 294 /* We now need to generate g */
304 /* Set r0=(p-1)/q */ 295 /* Set r0=(p-1)/q */
305 if (!BN_sub(test,p,BN_value_one())) goto err; 296 if (!BN_sub(test, p, BN_value_one()))
306 if (!BN_div(r0,NULL,test,q,ctx)) goto err; 297 goto err;
298 if (!BN_div(r0, NULL, test, q, ctx))
299 goto err;
307 300
308 if (!BN_set_word(test,h)) goto err; 301 if (!BN_set_word(test, h))
309 if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; 302 goto err;
303 if (!BN_MONT_CTX_set(mont, p, ctx))
304 goto err;
310 305
311 for (;;) 306 for (;;) {
312 {
313 /* g=test^r0%p */ 307 /* g=test^r0%p */
314 if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; 308 if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
315 if (!BN_is_one(g)) break; 309 goto err;
316 if (!BN_add(test,test,BN_value_one())) goto err; 310 if (!BN_is_one(g))
311 break;
312 if (!BN_add(test, test, BN_value_one()))
313 goto err;
317 h++; 314 h++;
318 } 315 }
319 316
320 if(!BN_GENCB_call(cb, 3, 1)) 317 if (!BN_GENCB_call(cb, 3, 1))
321 goto err; 318 goto err;
322 319
323 ok=1; 320 ok = 1;
324err: 321err:
325 if (ok) 322 if (ok) {
326 { 323 if (ret->p)
327 if(ret->p) BN_free(ret->p); 324 BN_free(ret->p);
328 if(ret->q) BN_free(ret->q); 325 if (ret->q)
329 if(ret->g) BN_free(ret->g); 326 BN_free(ret->q);
330 ret->p=BN_dup(p); 327 if (ret->g)
331 ret->q=BN_dup(q); 328 BN_free(ret->g);
332 ret->g=BN_dup(g); 329 ret->p = BN_dup(p);
333 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) 330 ret->q = BN_dup(q);
334 { 331 ret->g = BN_dup(g);
335 ok=0; 332 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
333 ok = 0;
336 goto err; 334 goto err;
337 } 335 }
338 if (counter_ret != NULL) *counter_ret=counter; 336 if (counter_ret != NULL)
339 if (h_ret != NULL) *h_ret=h; 337 *counter_ret = counter;
338 if (h_ret != NULL)
339 *h_ret = h;
340 if (seed_out) 340 if (seed_out)
341 memcpy(seed_out, seed, qsize); 341 memcpy(seed_out, seed, qsize);
342 } 342 }
343 if(ctx) 343 if (ctx) {
344 {
345 BN_CTX_end(ctx); 344 BN_CTX_end(ctx);
346 BN_CTX_free(ctx); 345 BN_CTX_free(ctx);
347 }
348 if (mont != NULL) BN_MONT_CTX_free(mont);
349 return ok;
350 } 346 }
347 if (mont != NULL)
348 BN_MONT_CTX_free(mont);
349 return ok;
350}
351#endif 351#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 7747ed1416..2d11f59107 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_key.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_key.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,63 +66,67 @@
66 66
67static int dsa_builtin_keygen(DSA *dsa); 67static int dsa_builtin_keygen(DSA *dsa);
68 68
69int DSA_generate_key(DSA *dsa) 69int
70 { 70DSA_generate_key(DSA *dsa)
71 if(dsa->meth->dsa_keygen) 71{
72 if (dsa->meth->dsa_keygen)
72 return dsa->meth->dsa_keygen(dsa); 73 return dsa->meth->dsa_keygen(dsa);
73 return dsa_builtin_keygen(dsa); 74 return dsa_builtin_keygen(dsa);
74 } 75}
75 76
76static int dsa_builtin_keygen(DSA *dsa) 77static int
77 { 78dsa_builtin_keygen(DSA *dsa)
78 int ok=0; 79{
79 BN_CTX *ctx=NULL; 80 int ok = 0;
80 BIGNUM *pub_key=NULL,*priv_key=NULL; 81 BN_CTX *ctx = NULL;
82 BIGNUM *pub_key = NULL, *priv_key = NULL;
81 83
82 if ((ctx=BN_CTX_new()) == NULL) goto err; 84 if ((ctx = BN_CTX_new()) == NULL)
85 goto err;
83 86
84 if (dsa->priv_key == NULL) 87 if (dsa->priv_key == NULL) {
85 { 88 if ((priv_key = BN_new()) == NULL)
86 if ((priv_key=BN_new()) == NULL) goto err; 89 goto err;
87 } 90 } else
88 else
89 priv_key=dsa->priv_key; 91 priv_key=dsa->priv_key;
90 92
91 do 93 do {
92 if (!BN_rand_range(priv_key,dsa->q)) goto err; 94 if (!BN_rand_range(priv_key, dsa->q))
93 while (BN_is_zero(priv_key)); 95 goto err;
96 } while (BN_is_zero(priv_key));
94 97
95 if (dsa->pub_key == NULL) 98 if (dsa->pub_key == NULL) {
96 { 99 if ((pub_key = BN_new()) == NULL)
97 if ((pub_key=BN_new()) == NULL) goto err; 100 goto err;
98 } 101 } else
99 else
100 pub_key=dsa->pub_key; 102 pub_key=dsa->pub_key;
101 103
102 { 104 {
103 BIGNUM local_prk; 105 BIGNUM local_prk;
104 BIGNUM *prk; 106 BIGNUM *prk;
105 107
106 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 108 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
107 {
108 BN_init(&local_prk); 109 BN_init(&local_prk);
109 prk = &local_prk; 110 prk = &local_prk;
110 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); 111 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
111 } 112 } else
112 else
113 prk = priv_key; 113 prk = priv_key;
114 114
115 if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err; 115 if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
116 goto err;
116 } 117 }
117 118
118 dsa->priv_key=priv_key; 119 dsa->priv_key = priv_key;
119 dsa->pub_key=pub_key; 120 dsa->pub_key = pub_key;
120 ok=1; 121 ok = 1;
121 122
122err: 123err:
123 if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); 124 if (pub_key != NULL && dsa->pub_key == NULL)
124 if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); 125 BN_free(pub_key);
125 if (ctx != NULL) BN_CTX_free(ctx); 126 if (priv_key != NULL && dsa->priv_key == NULL)
126 return(ok); 127 BN_free(priv_key);
127 } 128 if (ctx != NULL)
129 BN_CTX_free(ctx);
130 return ok;
131}
128#endif 132#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index d625f0f282..334d5ba7f2 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_lib.c,v 1.16 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_lib.c,v 1.17 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -70,198 +70,212 @@
70#include <openssl/dh.h> 70#include <openssl/dh.h>
71#endif 71#endif
72 72
73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; 73const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT;
74 74
75static const DSA_METHOD *default_DSA_method = NULL; 75static const DSA_METHOD *default_DSA_method = NULL;
76 76
77void DSA_set_default_method(const DSA_METHOD *meth) 77void
78 { 78DSA_set_default_method(const DSA_METHOD *meth)
79{
79 default_DSA_method = meth; 80 default_DSA_method = meth;
80 } 81}
81 82
82const DSA_METHOD *DSA_get_default_method(void) 83const DSA_METHOD *
83 { 84DSA_get_default_method(void)
84 if(!default_DSA_method) 85{
85 { 86 if (!default_DSA_method)
86 default_DSA_method = DSA_OpenSSL(); 87 default_DSA_method = DSA_OpenSSL();
87 }
88 return default_DSA_method; 88 return default_DSA_method;
89 } 89}
90 90
91DSA *DSA_new(void) 91DSA *
92 { 92DSA_new(void)
93{
93 return DSA_new_method(NULL); 94 return DSA_new_method(NULL);
94 } 95}
95 96
96int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) 97int
97 { 98DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
98 /* NB: The caller is specifically setting a method, so it's not up to us 99{
99 * to deal with which ENGINE it comes from. */ 100 /*
101 * NB: The caller is specifically setting a method, so it's not up to us
102 * to deal with which ENGINE it comes from.
103 */
100 const DSA_METHOD *mtmp; 104 const DSA_METHOD *mtmp;
101 mtmp = dsa->meth; 105 mtmp = dsa->meth;
102 if (mtmp->finish) mtmp->finish(dsa); 106 if (mtmp->finish)
107 mtmp->finish(dsa);
103#ifndef OPENSSL_NO_ENGINE 108#ifndef OPENSSL_NO_ENGINE
104 if (dsa->engine) 109 if (dsa->engine) {
105 {
106 ENGINE_finish(dsa->engine); 110 ENGINE_finish(dsa->engine);
107 dsa->engine = NULL; 111 dsa->engine = NULL;
108 } 112 }
109#endif 113#endif
110 dsa->meth = meth; 114 dsa->meth = meth;
111 if (meth->init) meth->init(dsa); 115 if (meth->init)
116 meth->init(dsa);
112 return 1; 117 return 1;
113 } 118}
114 119
115DSA *DSA_new_method(ENGINE *engine) 120DSA *
116 { 121DSA_new_method(ENGINE *engine)
122{
117 DSA *ret; 123 DSA *ret;
118 124
119 ret = malloc(sizeof(DSA)); 125 ret = malloc(sizeof(DSA));
120 if (ret == NULL) 126 if (ret == NULL) {
121 { 127 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
122 DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); 128 return NULL;
123 return(NULL); 129 }
124 }
125 ret->meth = DSA_get_default_method(); 130 ret->meth = DSA_get_default_method();
126#ifndef OPENSSL_NO_ENGINE 131#ifndef OPENSSL_NO_ENGINE
127 if (engine) 132 if (engine) {
128 { 133 if (!ENGINE_init(engine)) {
129 if (!ENGINE_init(engine))
130 {
131 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); 134 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
132 free(ret); 135 free(ret);
133 return NULL; 136 return NULL;
134 }
135 ret->engine = engine;
136 } 137 }
137 else 138 ret->engine = engine;
139 } else
138 ret->engine = ENGINE_get_default_DSA(); 140 ret->engine = ENGINE_get_default_DSA();
139 if(ret->engine) 141 if (ret->engine) {
140 {
141 ret->meth = ENGINE_get_DSA(ret->engine); 142 ret->meth = ENGINE_get_DSA(ret->engine);
142 if(!ret->meth) 143 if (!ret->meth) {
143 { 144 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
144 DSAerr(DSA_F_DSA_NEW_METHOD,
145 ERR_R_ENGINE_LIB);
146 ENGINE_finish(ret->engine); 145 ENGINE_finish(ret->engine);
147 free(ret); 146 free(ret);
148 return NULL; 147 return NULL;
149 }
150 } 148 }
149 }
151#endif 150#endif
152 151
153 ret->pad=0; 152 ret->pad = 0;
154 ret->version=0; 153 ret->version = 0;
155 ret->write_params=1; 154 ret->write_params = 1;
156 ret->p=NULL; 155 ret->p = NULL;
157 ret->q=NULL; 156 ret->q = NULL;
158 ret->g=NULL; 157 ret->g = NULL;
159 158
160 ret->pub_key=NULL; 159 ret->pub_key = NULL;
161 ret->priv_key=NULL; 160 ret->priv_key = NULL;
162 161
163 ret->kinv=NULL; 162 ret->kinv = NULL;
164 ret->r=NULL; 163 ret->r = NULL;
165 ret->method_mont_p=NULL; 164 ret->method_mont_p = NULL;
166 165
167 ret->references=1; 166 ret->references = 1;
168 ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; 167 ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
169 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); 168 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
170 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 169 if (ret->meth->init != NULL && !ret->meth->init(ret)) {
171 {
172#ifndef OPENSSL_NO_ENGINE 170#ifndef OPENSSL_NO_ENGINE
173 if (ret->engine) 171 if (ret->engine)
174 ENGINE_finish(ret->engine); 172 ENGINE_finish(ret->engine);
175#endif 173#endif
176 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); 174 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
177 free(ret); 175 free(ret);
178 ret=NULL; 176 ret = NULL;
179 }
180
181 return(ret);
182 } 177 }
178
179 return ret;
180}
183 181
184void DSA_free(DSA *r) 182void
185 { 183DSA_free(DSA *r)
184{
186 int i; 185 int i;
187 186
188 if (r == NULL) return; 187 if (r == NULL)
188 return;
189 189
190 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); 190 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA);
191 if (i > 0) return; 191 if (i > 0)
192 return;
192 193
193 if(r->meth->finish) 194 if (r->meth->finish)
194 r->meth->finish(r); 195 r->meth->finish(r);
195#ifndef OPENSSL_NO_ENGINE 196#ifndef OPENSSL_NO_ENGINE
196 if(r->engine) 197 if (r->engine)
197 ENGINE_finish(r->engine); 198 ENGINE_finish(r->engine);
198#endif 199#endif
199 200
200 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); 201 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
201 202
202 if (r->p != NULL) BN_clear_free(r->p); 203 if (r->p != NULL)
203 if (r->q != NULL) BN_clear_free(r->q); 204 BN_clear_free(r->p);
204 if (r->g != NULL) BN_clear_free(r->g); 205 if (r->q != NULL)
205 if (r->pub_key != NULL) BN_clear_free(r->pub_key); 206 BN_clear_free(r->q);
206 if (r->priv_key != NULL) BN_clear_free(r->priv_key); 207 if (r->g != NULL)
207 if (r->kinv != NULL) BN_clear_free(r->kinv); 208 BN_clear_free(r->g);
208 if (r->r != NULL) BN_clear_free(r->r); 209 if (r->pub_key != NULL)
210 BN_clear_free(r->pub_key);
211 if (r->priv_key != NULL)
212 BN_clear_free(r->priv_key);
213 if (r->kinv != NULL)
214 BN_clear_free(r->kinv);
215 if (r->r != NULL)
216 BN_clear_free(r->r);
209 free(r); 217 free(r);
210 } 218}
211 219
212int DSA_up_ref(DSA *r) 220int
213 { 221DSA_up_ref(DSA *r)
222{
214 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); 223 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
215 return ((i > 1) ? 1 : 0); 224 return i > 1 ? 1 : 0;
216 } 225}
217 226
218int DSA_size(const DSA *r) 227int
219 { 228DSA_size(const DSA *r)
220 int ret,i; 229{
230 int ret, i;
221 ASN1_INTEGER bs; 231 ASN1_INTEGER bs;
222 unsigned char buf[4]; /* 4 bytes looks really small. 232 unsigned char buf[4]; /* 4 bytes looks really small.
223 However, i2d_ASN1_INTEGER() will not look 233 However, i2d_ASN1_INTEGER() will not look
224 beyond the first byte, as long as the second 234 beyond the first byte, as long as the second
225 parameter is NULL. */ 235 parameter is NULL. */
226 236
227 i=BN_num_bits(r->q); 237 i = BN_num_bits(r->q);
228 bs.length=(i+7)/8; 238 bs.length = (i + 7) / 8;
229 bs.data=buf; 239 bs.data = buf;
230 bs.type=V_ASN1_INTEGER; 240 bs.type = V_ASN1_INTEGER;
231 /* If the top bit is set the asn1 encoding is 1 larger. */ 241 /* If the top bit is set the asn1 encoding is 1 larger. */
232 buf[0]=0xff; 242 buf[0] = 0xff;
233 243
234 i=i2d_ASN1_INTEGER(&bs,NULL); 244 i = i2d_ASN1_INTEGER(&bs, NULL);
235 i+=i; /* r and s */ 245 i += i; /* r and s */
236 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 246 ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
237 return(ret); 247 return ret;
238 } 248}
239 249
240int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 250int
241 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 251DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
242 { 252 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
253{
243 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, 254 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
244 new_func, dup_func, free_func); 255 new_func, dup_func, free_func);
245 } 256}
246 257
247int DSA_set_ex_data(DSA *d, int idx, void *arg) 258int
248 { 259DSA_set_ex_data(DSA *d, int idx, void *arg)
249 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); 260{
250 } 261 return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
262}
251 263
252void *DSA_get_ex_data(DSA *d, int idx) 264void *
253 { 265DSA_get_ex_data(DSA *d, int idx)
254 return(CRYPTO_get_ex_data(&d->ex_data,idx)); 266{
255 } 267 return CRYPTO_get_ex_data(&d->ex_data, idx);
268}
256 269
257#ifndef OPENSSL_NO_DH 270#ifndef OPENSSL_NO_DH
258DH *DSA_dup_DH(const DSA *r) 271DH *
259 { 272DSA_dup_DH(const DSA *r)
260 /* DSA has p, q, g, optional pub_key, optional priv_key. 273{
274 /*
275 * DSA has p, q, g, optional pub_key, optional priv_key.
261 * DH has p, optional length, g, optional pub_key, optional priv_key, 276 * DH has p, optional length, g, optional pub_key, optional priv_key,
262 * optional q. 277 * optional q.
263 */ 278 */
264
265 DH *ret = NULL; 279 DH *ret = NULL;
266 280
267 if (r == NULL) 281 if (r == NULL)
@@ -272,12 +286,11 @@ DH *DSA_dup_DH(const DSA *r)
272 if (r->p != NULL) 286 if (r->p != NULL)
273 if ((ret->p = BN_dup(r->p)) == NULL) 287 if ((ret->p = BN_dup(r->p)) == NULL)
274 goto err; 288 goto err;
275 if (r->q != NULL) 289 if (r->q != NULL) {
276 {
277 ret->length = BN_num_bits(r->q); 290 ret->length = BN_num_bits(r->q);
278 if ((ret->q = BN_dup(r->q)) == NULL) 291 if ((ret->q = BN_dup(r->q)) == NULL)
279 goto err; 292 goto err;
280 } 293 }
281 if (r->g != NULL) 294 if (r->g != NULL)
282 if ((ret->g = BN_dup(r->g)) == NULL) 295 if ((ret->g = BN_dup(r->g)) == NULL)
283 goto err; 296 goto err;
@@ -290,9 +303,9 @@ DH *DSA_dup_DH(const DSA *r)
290 303
291 return ret; 304 return ret;
292 305
293 err: 306err:
294 if (ret != NULL) 307 if (ret != NULL)
295 DH_free(ret); 308 DH_free(ret);
296 return NULL; 309 return NULL;
297 } 310}
298#endif 311#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 61a20f41a7..17119eb187 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ossl.c,v 1.18 2014/06/27 06:07:35 deraadt Exp $ */ 1/* $OpenBSD: dsa_ossl.c,v 1.19 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -67,9 +67,10 @@
67#include <openssl/asn1.h> 67#include <openssl/asn1.h>
68 68
69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
71 BIGNUM **rp);
71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 72static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
72 DSA *dsa); 73 DSA *dsa);
73static int dsa_init(DSA *dsa); 74static int dsa_init(DSA *dsa);
74static int dsa_finish(DSA *dsa); 75static int dsa_finish(DSA *dsa);
75 76
@@ -82,7 +83,8 @@ static DSA_METHOD openssl_dsa_meth = {
82 .finish = dsa_finish 83 .finish = dsa_finish
83}; 84};
84 85
85/* These macro wrappers replace attempts to use the dsa_mod_exp() and 86/*
87 * These macro wrappers replace attempts to use the dsa_mod_exp() and
86 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of 88 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
87 * having a the macro work as an expression by bundling an "err_instr". So; 89 * having a the macro work as an expression by bundling an "err_instr". So;
88 * 90 *
@@ -96,315 +98,333 @@ static DSA_METHOD openssl_dsa_meth = {
96 */ 98 */
97 99
98#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ 100#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
99 do { \ 101do { \
100 int _tmp_res53; \ 102 int _tmp_res53; \
101 if((dsa)->meth->dsa_mod_exp) \ 103 if ((dsa)->meth->dsa_mod_exp) \
102 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \ 104 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \
103 (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \ 105 (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \
104 else \ 106 else \
105 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \ 107 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \
106 (p1), (a2), (p2), (m), (ctx), (in_mont)); \ 108 (p1), (a2), (p2), (m), (ctx), (in_mont)); \
107 if(!_tmp_res53) \ 109 if (!_tmp_res53) \
108 err_instr; \ 110 err_instr; \
109 } while(0) 111} while(0)
110 112
111#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ 113#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
112 do { \ 114do { \
113 int _tmp_res53; \ 115 int _tmp_res53; \
114 if((dsa)->meth->bn_mod_exp) \ 116 if ((dsa)->meth->bn_mod_exp) \
115 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \ 117 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \
116 (a), (p), (m), (ctx), (m_ctx)); \ 118 (a), (p), (m), (ctx), (m_ctx)); \
117 else \ 119 else \
118 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \ 120 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \
119 (ctx), (m_ctx)); \ 121 (ctx), (m_ctx)); \
120 if(!_tmp_res53) \ 122 if (!_tmp_res53) \
121 err_instr; \ 123 err_instr; \
122 } while(0) 124} while(0)
123 125
124const DSA_METHOD *DSA_OpenSSL(void) 126const DSA_METHOD *
127DSA_OpenSSL(void)
125{ 128{
126 return &openssl_dsa_meth; 129 return &openssl_dsa_meth;
127} 130}
128 131
129static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 132static DSA_SIG *
130 { 133dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
131 BIGNUM *kinv=NULL,*r=NULL,*s=NULL; 134{
135 BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
132 BIGNUM m; 136 BIGNUM m;
133 BIGNUM xr; 137 BIGNUM xr;
134 BN_CTX *ctx=NULL; 138 BN_CTX *ctx = NULL;
135 int reason=ERR_R_BN_LIB; 139 int reason = ERR_R_BN_LIB;
136 DSA_SIG *ret=NULL; 140 DSA_SIG *ret = NULL;
137 int noredo = 0; 141 int noredo = 0;
138 142
139 BN_init(&m); 143 BN_init(&m);
140 BN_init(&xr); 144 BN_init(&xr);
141 145
142 if (!dsa->p || !dsa->q || !dsa->g) 146 if (!dsa->p || !dsa->q || !dsa->g) {
143 { 147 reason = DSA_R_MISSING_PARAMETERS;
144 reason=DSA_R_MISSING_PARAMETERS;
145 goto err; 148 goto err;
146 } 149 }
147 150
148 s=BN_new(); 151 s = BN_new();
149 if (s == NULL) goto err; 152 if (s == NULL)
150 ctx=BN_CTX_new(); 153 goto err;
151 if (ctx == NULL) goto err; 154 ctx = BN_CTX_new();
155 if (ctx == NULL)
156 goto err;
152redo: 157redo:
153 if ((dsa->kinv == NULL) || (dsa->r == NULL)) 158 if (dsa->kinv == NULL || dsa->r == NULL) {
154 { 159 if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
155 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; 160 goto err;
156 } 161 } else {
157 else 162 kinv = dsa->kinv;
158 { 163 dsa->kinv = NULL;
159 kinv=dsa->kinv; 164 r = dsa->r;
160 dsa->kinv=NULL; 165 dsa->r = NULL;
161 r=dsa->r;
162 dsa->r=NULL;
163 noredo = 1; 166 noredo = 1;
164 } 167 }
165 168
166 169
170 /*
171 * If the digest length is greater than the size of q use the
172 * BN_num_bits(dsa->q) leftmost bits of the digest, see
173 * fips 186-3, 4.2
174 */
167 if (dlen > BN_num_bytes(dsa->q)) 175 if (dlen > BN_num_bytes(dsa->q))
168 /* if the digest length is greater than the size of q use the
169 * BN_num_bits(dsa->q) leftmost bits of the digest, see
170 * fips 186-3, 4.2 */
171 dlen = BN_num_bytes(dsa->q); 176 dlen = BN_num_bytes(dsa->q);
172 if (BN_bin2bn(dgst,dlen,&m) == NULL) 177 if (BN_bin2bn(dgst,dlen,&m) == NULL)
173 goto err; 178 goto err;
174 179
175 /* Compute s = inv(k) (m + xr) mod q */ 180 /* Compute s = inv(k) (m + xr) mod q */
176 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ 181 if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) /* s = xr */
177 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ 182 goto err;
178 if (BN_cmp(s,dsa->q) > 0) 183 if (!BN_add(s, &xr, &m)) /* s = m + xr */
179 if (!BN_sub(s,s,dsa->q)) goto err; 184 goto err;
180 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; 185 if (BN_cmp(s, dsa->q) > 0)
181 186 if (!BN_sub(s, s, dsa->q))
182 ret=DSA_SIG_new(); 187 goto err;
183 if (ret == NULL) goto err; 188 if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
184 /* Redo if r or s is zero as required by FIPS 186-3: this is 189 goto err;
190
191 ret = DSA_SIG_new();
192 if (ret == NULL)
193 goto err;
194 /*
195 * Redo if r or s is zero as required by FIPS 186-3: this is
185 * very unlikely. 196 * very unlikely.
186 */ 197 */
187 if (BN_is_zero(r) || BN_is_zero(s)) 198 if (BN_is_zero(r) || BN_is_zero(s)) {
188 { 199 if (noredo) {
189 if (noredo)
190 {
191 reason = DSA_R_NEED_NEW_SETUP_VALUES; 200 reason = DSA_R_NEED_NEW_SETUP_VALUES;
192 goto err; 201 goto err;
193 }
194 goto redo;
195 } 202 }
203 goto redo;
204 }
196 ret->r = r; 205 ret->r = r;
197 ret->s = s; 206 ret->s = s;
198 207
199err: 208err:
200 if (!ret) 209 if (!ret) {
201 { 210 DSAerr(DSA_F_DSA_DO_SIGN, reason);
202 DSAerr(DSA_F_DSA_DO_SIGN,reason);
203 BN_free(r); 211 BN_free(r);
204 BN_free(s); 212 BN_free(s);
205 } 213 }
206 if (ctx != NULL) BN_CTX_free(ctx); 214 if (ctx != NULL)
215 BN_CTX_free(ctx);
207 BN_clear_free(&m); 216 BN_clear_free(&m);
208 BN_clear_free(&xr); 217 BN_clear_free(&xr);
209 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ 218 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
210 BN_clear_free(kinv); 219 BN_clear_free(kinv);
211 return(ret); 220 return ret;
212 } 221}
213 222
214static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 223static int
215 { 224dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
225{
216 BN_CTX *ctx; 226 BN_CTX *ctx;
217 BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; 227 BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
218 int ret=0; 228 int ret = 0;
219 229
220 if (!dsa->p || !dsa->q || !dsa->g) 230 if (!dsa->p || !dsa->q || !dsa->g) {
221 { 231 DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
222 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
223 return 0; 232 return 0;
224 } 233 }
225 234
226 BN_init(&k); 235 BN_init(&k);
227 BN_init(&kq); 236 BN_init(&kq);
228 237
229 if (ctx_in == NULL) 238 if (ctx_in == NULL) {
230 { 239 if ((ctx = BN_CTX_new()) == NULL)
231 if ((ctx=BN_CTX_new()) == NULL) goto err; 240 goto err;
232 } 241 } else
233 else 242 ctx = ctx_in;
234 ctx=ctx_in;
235 243
236 if ((r=BN_new()) == NULL) goto err; 244 if ((r = BN_new()) == NULL)
245 goto err;
237 246
238 /* Get random k */ 247 /* Get random k */
239 do 248 do {
240 if (!BN_rand_range(&k, dsa->q)) goto err; 249 if (!BN_rand_range(&k, dsa->q))
241 while (BN_is_zero(&k)); 250 goto err;
242 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 251 } while (BN_is_zero(&k));
243 { 252 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
244 BN_set_flags(&k, BN_FLG_CONSTTIME); 253 BN_set_flags(&k, BN_FLG_CONSTTIME);
245 } 254 }
246 255
247 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 256 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
248 {
249 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, 257 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
250 CRYPTO_LOCK_DSA, 258 CRYPTO_LOCK_DSA, dsa->p, ctx))
251 dsa->p, ctx))
252 goto err; 259 goto err;
253 } 260 }
254 261
255 /* Compute r = (g^k mod p) mod q */ 262 /* Compute r = (g^k mod p) mod q */
256 263
257 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 264 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
258 { 265 if (!BN_copy(&kq, &k))
259 if (!BN_copy(&kq, &k)) goto err; 266 goto err;
260 267
261 /* We do not want timing information to leak the length of k, 268 /*
262 * so we compute g^k using an equivalent exponent of fixed length. 269 * We do not want timing information to leak the length of k,
270 * so we compute g^k using an equivalent exponent of fixed
271 * length.
263 * 272 *
264 * (This is a kludge that we need because the BN_mod_exp_mont() 273 * (This is a kludge that we need because the BN_mod_exp_mont()
265 * does not let us specify the desired timing behaviour.) */ 274 * does not let us specify the desired timing behaviour.)
275 */
266 276
267 if (!BN_add(&kq, &kq, dsa->q)) goto err; 277 if (!BN_add(&kq, &kq, dsa->q))
268 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) 278 goto err;
269 { 279 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
270 if (!BN_add(&kq, &kq, dsa->q)) goto err; 280 if (!BN_add(&kq, &kq, dsa->q))
271 } 281 goto err;
282 }
272 283
273 K = &kq; 284 K = &kq;
274 } 285 } else {
275 else
276 {
277 K = &k; 286 K = &k;
278 } 287 }
279 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, 288 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
280 dsa->method_mont_p); 289 dsa->method_mont_p);
281 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 290 if (!BN_mod(r,r,dsa->q,ctx))
291 goto err;
282 292
283 /* Compute part of 's = inv(k) (m + xr) mod q' */ 293 /* Compute part of 's = inv(k) (m + xr) mod q' */
284 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; 294 if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
285 295 goto err;
286 if (*kinvp != NULL) BN_clear_free(*kinvp); 296
287 *kinvp=kinv; 297 if (*kinvp != NULL)
288 kinv=NULL; 298 BN_clear_free(*kinvp);
289 if (*rp != NULL) BN_clear_free(*rp); 299 *kinvp = kinv;
290 *rp=r; 300 kinv = NULL;
291 ret=1; 301 if (*rp != NULL)
302 BN_clear_free(*rp);
303 *rp = r;
304 ret = 1;
292err: 305err:
293 if (!ret) 306 if (!ret) {
294 { 307 DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
295 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
296 if (r != NULL) 308 if (r != NULL)
297 BN_clear_free(r); 309 BN_clear_free(r);
298 } 310 }
299 if (ctx_in == NULL) BN_CTX_free(ctx); 311 if (ctx_in == NULL)
312 BN_CTX_free(ctx);
300 BN_clear_free(&k); 313 BN_clear_free(&k);
301 BN_clear_free(&kq); 314 BN_clear_free(&kq);
302 return(ret); 315 return ret;
303 } 316}
304 317
305static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 318static int
306 DSA *dsa) 319dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
307 { 320{
308 BN_CTX *ctx; 321 BN_CTX *ctx;
309 BIGNUM u1,u2,t1; 322 BIGNUM u1, u2, t1;
310 BN_MONT_CTX *mont=NULL; 323 BN_MONT_CTX *mont = NULL;
311 int ret = -1, i; 324 int ret = -1, i;
312 if (!dsa->p || !dsa->q || !dsa->g) 325
313 { 326 if (!dsa->p || !dsa->q || !dsa->g) {
314 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); 327 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
315 return -1; 328 return -1;
316 } 329 }
317 330
318 i = BN_num_bits(dsa->q); 331 i = BN_num_bits(dsa->q);
319 /* fips 186-3 allows only different sizes for q */ 332 /* fips 186-3 allows only different sizes for q */
320 if (i != 160 && i != 224 && i != 256) 333 if (i != 160 && i != 224 && i != 256) {
321 { 334 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
322 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
323 return -1; 335 return -1;
324 } 336 }
325 337
326 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) 338 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
327 { 339 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
328 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
329 return -1; 340 return -1;
330 } 341 }
331 BN_init(&u1); 342 BN_init(&u1);
332 BN_init(&u2); 343 BN_init(&u2);
333 BN_init(&t1); 344 BN_init(&t1);
334 345
335 if ((ctx=BN_CTX_new()) == NULL) goto err; 346 if ((ctx = BN_CTX_new()) == NULL)
347 goto err;
336 348
337 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || 349 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
338 BN_ucmp(sig->r, dsa->q) >= 0) 350 BN_ucmp(sig->r, dsa->q) >= 0) {
339 {
340 ret = 0; 351 ret = 0;
341 goto err; 352 goto err;
342 } 353 }
343 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || 354 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
344 BN_ucmp(sig->s, dsa->q) >= 0) 355 BN_ucmp(sig->s, dsa->q) >= 0) {
345 {
346 ret = 0; 356 ret = 0;
347 goto err; 357 goto err;
348 } 358 }
349 359
350 /* Calculate W = inv(S) mod Q 360 /* Calculate W = inv(S) mod Q
351 * save W in u2 */ 361 * save W in u2 */
352 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 362 if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
363 goto err;
353 364
354 /* save M in u1 */ 365 /* save M in u1 */
366 /*
367 * If the digest length is greater than the size of q use the
368 * BN_num_bits(dsa->q) leftmost bits of the digest, see
369 * fips 186-3, 4.2
370 */
355 if (dgst_len > (i >> 3)) 371 if (dgst_len > (i >> 3))
356 /* if the digest length is greater than the size of q use the
357 * BN_num_bits(dsa->q) leftmost bits of the digest, see
358 * fips 186-3, 4.2 */
359 dgst_len = (i >> 3); 372 dgst_len = (i >> 3);
360 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; 373 if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
374 goto err;
361 375
362 /* u1 = M * w mod q */ 376 /* u1 = M * w mod q */
363 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; 377 if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
378 goto err;
364 379
365 /* u2 = r * w mod q */ 380 /* u2 = r * w mod q */
366 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; 381 if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
382 goto err;
367 383
368 384
369 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 385 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
370 {
371 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, 386 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
372 CRYPTO_LOCK_DSA, dsa->p, ctx); 387 CRYPTO_LOCK_DSA, dsa->p, ctx);
373 if (!mont) 388 if (!mont)
374 goto err; 389 goto err;
375 } 390 }
376
377 391
378 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); 392 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
393 ctx, mont);
379 /* BN_copy(&u1,&t1); */ 394 /* BN_copy(&u1,&t1); */
380 /* let u1 = u1 mod q */ 395 /* let u1 = u1 mod q */
381 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; 396 if (!BN_mod(&u1, &t1, dsa->q, ctx))
397 goto err;
382 398
383 /* V is now in u1. If the signature is correct, it will be 399 /* V is now in u1. If the signature is correct, it will be
384 * equal to R. */ 400 * equal to R. */
385 ret=(BN_ucmp(&u1, sig->r) == 0); 401 ret = BN_ucmp(&u1, sig->r) == 0;
386 402
387 err: 403err:
388 /* XXX: surely this is wrong - if ret is 0, it just didn't verify; 404 /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
389 there is no error in BN. Test should be ret == -1 (Ben) */ 405 there is no error in BN. Test should be ret == -1 (Ben) */
390 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); 406 if (ret != 1)
391 if (ctx != NULL) BN_CTX_free(ctx); 407 DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
408 if (ctx != NULL)
409 BN_CTX_free(ctx);
392 BN_free(&u1); 410 BN_free(&u1);
393 BN_free(&u2); 411 BN_free(&u2);
394 BN_free(&t1); 412 BN_free(&t1);
395 return(ret); 413 return ret;
396 } 414}
397 415
398static int dsa_init(DSA *dsa) 416static int
417dsa_init(DSA *dsa)
399{ 418{
400 dsa->flags|=DSA_FLAG_CACHE_MONT_P; 419 dsa->flags |= DSA_FLAG_CACHE_MONT_P;
401 return(1); 420 return 1;
402} 421}
403 422
404static int dsa_finish(DSA *dsa) 423static int
424dsa_finish(DSA *dsa)
405{ 425{
406 if(dsa->method_mont_p) 426 if (dsa->method_mont_p)
407 BN_MONT_CTX_free(dsa->method_mont_p); 427 BN_MONT_CTX_free(dsa->method_mont_p);
408 return(1); 428 return 1;
409} 429}
410 430
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
index e75f0153de..f013a3f6e7 100644
--- a/src/lib/libcrypto/dsa/dsa_pmeth.c
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ 1/* $OpenBSD: dsa_pmeth.c,v 1.7 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -68,8 +68,7 @@
68 68
69/* DSA pkey context structure */ 69/* DSA pkey context structure */
70 70
71typedef struct 71typedef struct {
72 {
73 /* Parameter gen parameters */ 72 /* Parameter gen parameters */
74 int nbits; /* size of p in bits (default: 1024) */ 73 int nbits; /* size of p in bits (default: 1024) */
75 int qbits; /* size of q in bits (default: 160) */ 74 int qbits; /* size of q in bits (default: 160) */
@@ -78,11 +77,13 @@ typedef struct
78 int gentmp[2]; 77 int gentmp[2];
79 /* message digest */ 78 /* message digest */
80 const EVP_MD *md; /* MD for the signature */ 79 const EVP_MD *md; /* MD for the signature */
81 } DSA_PKEY_CTX; 80} DSA_PKEY_CTX;
82 81
83static int pkey_dsa_init(EVP_PKEY_CTX *ctx) 82static int
84 { 83pkey_dsa_init(EVP_PKEY_CTX *ctx)
84{
85 DSA_PKEY_CTX *dctx; 85 DSA_PKEY_CTX *dctx;
86
86 dctx = malloc(sizeof(DSA_PKEY_CTX)); 87 dctx = malloc(sizeof(DSA_PKEY_CTX));
87 if (!dctx) 88 if (!dctx)
88 return 0; 89 return 0;
@@ -96,11 +97,13 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
96 ctx->keygen_info_count = 2; 97 ctx->keygen_info_count = 2;
97 98
98 return 1; 99 return 1;
99 } 100}
100 101
101static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 102static int
102 { 103pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
104{
103 DSA_PKEY_CTX *dctx, *sctx; 105 DSA_PKEY_CTX *dctx, *sctx;
106
104 if (!pkey_dsa_init(dst)) 107 if (!pkey_dsa_init(dst))
105 return 0; 108 return 0;
106 sctx = src->data; 109 sctx = src->data;
@@ -110,17 +113,20 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
110 dctx->pmd = sctx->pmd; 113 dctx->pmd = sctx->pmd;
111 dctx->md = sctx->md; 114 dctx->md = sctx->md;
112 return 1; 115 return 1;
113 } 116}
114 117
115static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) 118static void
116 { 119pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
120{
117 DSA_PKEY_CTX *dctx = ctx->data; 121 DSA_PKEY_CTX *dctx = ctx->data;
122
118 free(dctx); 123 free(dctx);
119 } 124}
120 125
121static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 126static int
122 const unsigned char *tbs, size_t tbslen) 127pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
123 { 128 const unsigned char *tbs, size_t tbslen)
129{
124 int ret, type; 130 int ret, type;
125 unsigned int sltmp; 131 unsigned int sltmp;
126 DSA_PKEY_CTX *dctx = ctx->data; 132 DSA_PKEY_CTX *dctx = ctx->data;
@@ -137,12 +143,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
137 return ret; 143 return ret;
138 *siglen = sltmp; 144 *siglen = sltmp;
139 return 1; 145 return 1;
140 } 146}
141 147
142static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, 148static int
143 const unsigned char *sig, size_t siglen, 149pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
144 const unsigned char *tbs, size_t tbslen) 150 const unsigned char *tbs, size_t tbslen)
145 { 151{
146 int ret, type; 152 int ret, type;
147 DSA_PKEY_CTX *dctx = ctx->data; 153 DSA_PKEY_CTX *dctx = ctx->data;
148 DSA *dsa = ctx->pkey->pkey.dsa; 154 DSA *dsa = ctx->pkey->pkey.dsa;
@@ -155,69 +161,67 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
155 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); 161 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
156 162
157 return ret; 163 return ret;
158 } 164}
159 165
160static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 166static int
161 { 167pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
168{
162 DSA_PKEY_CTX *dctx = ctx->data; 169 DSA_PKEY_CTX *dctx = ctx->data;
163 switch (type) 170
164 { 171 switch (type) {
165 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: 172 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
166 if (p1 < 256) 173 if (p1 < 256)
167 return -2; 174 return -2;
168 dctx->nbits = p1; 175 dctx->nbits = p1;
169 return 1; 176 return 1;
170 177
171 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: 178 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
172 if (p1 != 160 && p1 != 224 && p1 && p1 != 256) 179 if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
173 return -2; 180 return -2;
174 dctx->qbits = p1; 181 dctx->qbits = p1;
175 return 1; 182 return 1;
176 183
177 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: 184 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
178 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 185 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
179 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 186 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
180 EVP_MD_type((const EVP_MD *)p2) != NID_sha256) 187 EVP_MD_type((const EVP_MD *)p2) != NID_sha256) {
181 {
182 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); 188 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
183 return 0; 189 return 0;
184 } 190 }
185 dctx->md = p2; 191 dctx->md = p2;
186 return 1; 192 return 1;
187 193
188 case EVP_PKEY_CTRL_MD: 194 case EVP_PKEY_CTRL_MD:
189 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 195 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
190 EVP_MD_type((const EVP_MD *)p2) != NID_dsa && 196 EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
191 EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && 197 EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
192 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 198 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
193 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && 199 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
194 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && 200 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
195 EVP_MD_type((const EVP_MD *)p2) != NID_sha512) 201 EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
196 {
197 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); 202 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
198 return 0; 203 return 0;
199 } 204 }
200 dctx->md = p2; 205 dctx->md = p2;
201 return 1; 206 return 1;
202 207
203 case EVP_PKEY_CTRL_DIGESTINIT: 208 case EVP_PKEY_CTRL_DIGESTINIT:
204 case EVP_PKEY_CTRL_PKCS7_SIGN: 209 case EVP_PKEY_CTRL_PKCS7_SIGN:
205 case EVP_PKEY_CTRL_CMS_SIGN: 210 case EVP_PKEY_CTRL_CMS_SIGN:
206 return 1; 211 return 1;
207 212
208 case EVP_PKEY_CTRL_PEER_KEY: 213 case EVP_PKEY_CTRL_PEER_KEY:
209 DSAerr(DSA_F_PKEY_DSA_CTRL, 214 DSAerr(DSA_F_PKEY_DSA_CTRL,
210 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 215 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
211 return -2; 216 return -2;
212 default: 217 default:
213 return -2; 218 return -2;
214
215 }
216 } 219 }
220}
217 221
218static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, 222static int
219 const char *type, const char *value) 223pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
220 { 224{
221 long lval; 225 long lval;
222 char *ep; 226 char *ep;
223 227
@@ -228,69 +232,71 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
228 lval = strtol(value, &ep, 10); 232 lval = strtol(value, &ep, 10);
229 if (value[0] == '\0' || *ep != '\0') 233 if (value[0] == '\0' || *ep != '\0')
230 goto not_a_number; 234 goto not_a_number;
231 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 235 if ((errno == ERANGE &&
236 (lval == LONG_MAX || lval == LONG_MIN)) ||
232 (lval > INT_MAX || lval < INT_MIN)) 237 (lval > INT_MAX || lval < INT_MIN))
233 goto out_of_range; 238 goto out_of_range;
234 nbits = lval; 239 nbits = lval;
235 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); 240 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
236 } 241 } else if (!strcmp(type, "dsa_paramgen_q_bits")) {
237 if (!strcmp(type, "dsa_paramgen_q_bits")) {
238 int qbits; 242 int qbits;
239 243
240 errno = 0; 244 errno = 0;
241 lval = strtol(value, &ep, 10); 245 lval = strtol(value, &ep, 10);
242 if (value[0] == '\0' || *ep != '\0') 246 if (value[0] == '\0' || *ep != '\0')
243 goto not_a_number; 247 goto not_a_number;
244 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 248 if ((errno == ERANGE &&
249 (lval == LONG_MAX || lval == LONG_MIN)) ||
245 (lval > INT_MAX || lval < INT_MIN)) 250 (lval > INT_MAX || lval < INT_MIN))
246 goto out_of_range; 251 goto out_of_range;
247 qbits = lval; 252 qbits = lval;
248 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, 253 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,
249 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); 254 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS,
250 } 255 qbits, NULL);
251 if (!strcmp(type, "dsa_paramgen_md")){ 256 } else if (!strcmp(type, "dsa_paramgen_md")) {
252 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, 257 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,
253 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 258 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
254 (void *)EVP_get_digestbyname(value)); 259 (void *)EVP_get_digestbyname(value));
255 } 260 }
256not_a_number: 261not_a_number:
257out_of_range: 262out_of_range:
258 return -2; 263 return -2;
259 } 264}
260 265
261static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 266static int
262 { 267pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
268{
263 DSA *dsa = NULL; 269 DSA *dsa = NULL;
264 DSA_PKEY_CTX *dctx = ctx->data; 270 DSA_PKEY_CTX *dctx = ctx->data;
265 BN_GENCB *pcb, cb; 271 BN_GENCB *pcb, cb;
266 int ret; 272 int ret;
267 if (ctx->pkey_gencb) 273
268 { 274 if (ctx->pkey_gencb) {
269 pcb = &cb; 275 pcb = &cb;
270 evp_pkey_set_cb_translate(pcb, ctx); 276 evp_pkey_set_cb_translate(pcb, ctx);
271 } 277 } else
272 else
273 pcb = NULL; 278 pcb = NULL;
274 dsa = DSA_new(); 279 dsa = DSA_new();
275 if (!dsa) 280 if (!dsa)
276 return 0; 281 return 0;
277 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, 282 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
278 NULL, 0, NULL, NULL, NULL, pcb); 283 NULL, 0, NULL, NULL, NULL, pcb);
279 if (ret) 284 if (ret)
280 EVP_PKEY_assign_DSA(pkey, dsa); 285 EVP_PKEY_assign_DSA(pkey, dsa);
281 else 286 else
282 DSA_free(dsa); 287 DSA_free(dsa);
283 return ret; 288 return ret;
284 } 289}
285 290
286static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 291static int
287 { 292pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
293{
288 DSA *dsa = NULL; 294 DSA *dsa = NULL;
289 if (ctx->pkey == NULL) 295
290 { 296 if (ctx->pkey == NULL) {
291 DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); 297 DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
292 return 0; 298 return 0;
293 } 299 }
294 dsa = DSA_new(); 300 dsa = DSA_new();
295 if (!dsa) 301 if (!dsa)
296 return 0; 302 return 0;
@@ -299,7 +305,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
299 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 305 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
300 return 0; 306 return 0;
301 return DSA_generate_key(pkey->pkey.dsa); 307 return DSA_generate_key(pkey->pkey.dsa);
302 } 308}
303 309
304const EVP_PKEY_METHOD dsa_pkey_meth = { 310const EVP_PKEY_METHOD dsa_pkey_meth = {
305 .pkey_id = EVP_PKEY_DSA, 311 .pkey_id = EVP_PKEY_DSA,
diff --git a/src/lib/libcrypto/dsa/dsa_prn.c b/src/lib/libcrypto/dsa/dsa_prn.c
index e730c1a092..5a7423c831 100644
--- a/src/lib/libcrypto/dsa/dsa_prn.c
+++ b/src/lib/libcrypto/dsa/dsa_prn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_prn.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_prn.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -61,59 +61,62 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/dsa.h> 62#include <openssl/dsa.h>
63 63
64int DSA_print_fp(FILE *fp, const DSA *x, int off) 64int
65 { 65DSA_print_fp(FILE *fp, const DSA *x, int off)
66{
66 BIO *b; 67 BIO *b;
67 int ret; 68 int ret;
68 69
69 if ((b=BIO_new(BIO_s_file())) == NULL) 70 if ((b = BIO_new(BIO_s_file())) == NULL) {
70 { 71 DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
71 DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); 72 return 0;
72 return(0);
73 }
74 BIO_set_fp(b,fp,BIO_NOCLOSE);
75 ret=DSA_print(b,x,off);
76 BIO_free(b);
77 return(ret);
78 } 73 }
74 BIO_set_fp(b, fp, BIO_NOCLOSE);
75 ret = DSA_print(b, x, off);
76 BIO_free(b);
77 return ret;
78}
79 79
80int DSAparams_print_fp(FILE *fp, const DSA *x) 80int
81 { 81DSAparams_print_fp(FILE *fp, const DSA *x)
82{
82 BIO *b; 83 BIO *b;
83 int ret; 84 int ret;
84 85
85 if ((b=BIO_new(BIO_s_file())) == NULL) 86 if ((b = BIO_new(BIO_s_file())) == NULL) {
86 { 87 DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
87 DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); 88 return 0;
88 return(0);
89 }
90 BIO_set_fp(b,fp,BIO_NOCLOSE);
91 ret=DSAparams_print(b, x);
92 BIO_free(b);
93 return(ret);
94 } 89 }
90 BIO_set_fp(b, fp, BIO_NOCLOSE);
91 ret = DSAparams_print(b, x);
92 BIO_free(b);
93 return ret;
94}
95 95
96int DSA_print(BIO *bp, const DSA *x, int off) 96int
97 { 97DSA_print(BIO *bp, const DSA *x, int off)
98{
98 EVP_PKEY *pk; 99 EVP_PKEY *pk;
99 int ret; 100 int ret;
101
100 pk = EVP_PKEY_new(); 102 pk = EVP_PKEY_new();
101 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) 103 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
102 return 0; 104 return 0;
103 ret = EVP_PKEY_print_private(bp, pk, off, NULL); 105 ret = EVP_PKEY_print_private(bp, pk, off, NULL);
104 EVP_PKEY_free(pk); 106 EVP_PKEY_free(pk);
105 return ret; 107 return ret;
106 } 108}
107 109
108int DSAparams_print(BIO *bp, const DSA *x) 110int
109 { 111DSAparams_print(BIO *bp, const DSA *x)
112{
110 EVP_PKEY *pk; 113 EVP_PKEY *pk;
111 int ret; 114 int ret;
115
112 pk = EVP_PKEY_new(); 116 pk = EVP_PKEY_new();
113 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) 117 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
114 return 0; 118 return 0;
115 ret = EVP_PKEY_print_params(bp, pk, 4, NULL); 119 ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
116 EVP_PKEY_free(pk); 120 EVP_PKEY_free(pk);
117 return ret; 121 return ret;
118 } 122}
119
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 484e5f4357..40223a1d59 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_sign.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_sign.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -63,36 +63,39 @@
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#include <openssl/bn.h> 64#include <openssl/bn.h>
65 65
66DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 66DSA_SIG *
67 { 67DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
68{
68 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 69 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
69 } 70}
70 71
71int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 72int
72 { 73DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
74{
73 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 75 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
74 } 76}
75 77
76DSA_SIG *DSA_SIG_new(void) 78DSA_SIG *
77 { 79DSA_SIG_new(void)
80{
78 DSA_SIG *sig; 81 DSA_SIG *sig;
82
79 sig = malloc(sizeof(DSA_SIG)); 83 sig = malloc(sizeof(DSA_SIG));
80 if (!sig) 84 if (!sig)
81 return NULL; 85 return NULL;
82 sig->r = NULL; 86 sig->r = NULL;
83 sig->s = NULL; 87 sig->s = NULL;
84 return sig; 88 return sig;
85 } 89}
86 90
87void DSA_SIG_free(DSA_SIG *sig) 91void
88 { 92DSA_SIG_free(DSA_SIG *sig)
89 if (sig) 93{
90 { 94 if (sig) {
91 if (sig->r) 95 if (sig->r)
92 BN_free(sig->r); 96 BN_free(sig->r);
93 if (sig->s) 97 if (sig->s)
94 BN_free(sig->s); 98 BN_free(sig->s);
95 free(sig); 99 free(sig);
96 }
97 } 100 }
98 101}
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index f4484abd55..b82fa41259 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_vrf.c,v 1.14 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_vrf.c,v 1.15 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,8 +61,8 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/dsa.h> 62#include <openssl/dsa.h>
63 63
64int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 64int
65 DSA *dsa) 65DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
66 { 66{
67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
68 } 68}
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
index d11565a737..c6707b9427 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ameth.c,v 1.8 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_ameth.c,v 1.9 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -67,8 +67,9 @@
67#endif 67#endif
68#include "asn1_locl.h" 68#include "asn1_locl.h"
69 69
70static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 70static int
71 { 71dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
72{
72 const unsigned char *p, *pm; 73 const unsigned char *p, *pm;
73 int pklen, pmlen; 74 int pklen, pmlen;
74 int ptype; 75 int ptype;
@@ -83,112 +84,99 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
83 return 0; 84 return 0;
84 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 85 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
85 86
86 87 if (ptype == V_ASN1_SEQUENCE) {
87 if (ptype == V_ASN1_SEQUENCE)
88 {
89 pstr = pval; 88 pstr = pval;
90 pm = pstr->data; 89 pm = pstr->data;
91 pmlen = pstr->length; 90 pmlen = pstr->length;
92 91
93 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) 92 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
94 {
95 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); 93 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
96 goto err; 94 goto err;
97 }
98
99 } 95 }
100 else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) 96 } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
101 { 97 if (!(dsa = DSA_new())) {
102 if (!(dsa = DSA_new()))
103 {
104 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); 98 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
105 goto err; 99 goto err;
106 } 100 }
107 } 101 } else {
108 else
109 {
110 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); 102 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
111 goto err; 103 goto err;
112 } 104 }
113 105
114 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) 106 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
115 {
116 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); 107 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
117 goto err; 108 goto err;
118 } 109 }
119 110
120 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) 111 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
121 {
122 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); 112 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
123 goto err; 113 goto err;
124 } 114 }
125 115
126 ASN1_INTEGER_free(public_key); 116 ASN1_INTEGER_free(public_key);
127 EVP_PKEY_assign_DSA(pkey, dsa); 117 EVP_PKEY_assign_DSA(pkey, dsa);
128 return 1; 118 return 1;
129 119
130 err: 120err:
131 if (public_key) 121 if (public_key)
132 ASN1_INTEGER_free(public_key); 122 ASN1_INTEGER_free(public_key);
133 if (dsa) 123 if (dsa)
134 DSA_free(dsa); 124 DSA_free(dsa);
135 return 0; 125 return 0;
126}
136 127
137 } 128static int
138 129dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
139static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 130{
140 {
141 DSA *dsa; 131 DSA *dsa;
142 void *pval = NULL; 132 void *pval = NULL;
143 int ptype; 133 int ptype;
144 unsigned char *penc = NULL; 134 unsigned char *penc = NULL;
145 int penclen; 135 int penclen;
146 136
147 dsa=pkey->pkey.dsa; 137 dsa = pkey->pkey.dsa;
148 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) 138 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
149 {
150 ASN1_STRING *str; 139 ASN1_STRING *str;
140
151 str = ASN1_STRING_new(); 141 str = ASN1_STRING_new();
152 str->length = i2d_DSAparams(dsa, &str->data); 142 str->length = i2d_DSAparams(dsa, &str->data);
153 if (str->length <= 0) 143 if (str->length <= 0) {
154 {
155 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 144 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
156 goto err; 145 goto err;
157 } 146 }
158 pval = str; 147 pval = str;
159 ptype = V_ASN1_SEQUENCE; 148 ptype = V_ASN1_SEQUENCE;
160 } 149 } else
161 else
162 ptype = V_ASN1_UNDEF; 150 ptype = V_ASN1_UNDEF;
163 151
164 dsa->write_params=0; 152 dsa->write_params = 0;
165 153
166 penclen = i2d_DSAPublicKey(dsa, &penc); 154 penclen = i2d_DSAPublicKey(dsa, &penc);
167 155
168 if (penclen <= 0) 156 if (penclen <= 0) {
169 {
170 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 157 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
171 goto err; 158 goto err;
172 } 159 }
173 160
174 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), 161 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,
175 ptype, pval, penc, penclen)) 162 penc, penclen))
176 return 1; 163 return 1;
177 164
178 err: 165err:
179 free(penc); 166 free(penc);
180 if (pval) 167 if (pval)
181 ASN1_STRING_free(pval); 168 ASN1_STRING_free(pval);
182 169
183 return 0; 170 return 0;
184 } 171}
185 172
186/* In PKCS#8 DSA: you just get a private key integer and parameters in the 173/* In PKCS#8 DSA: you just get a private key integer and parameters in the
187 * AlgorithmIdentifier the pubkey must be recalculated. 174 * AlgorithmIdentifier the pubkey must be recalculated.
188 */ 175 */
189 176
190static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 177static int
191 { 178dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
179{
192 const unsigned char *p, *pm; 180 const unsigned char *p, *pm;
193 int pklen, pmlen; 181 int pklen, pmlen;
194 int ptype; 182 int ptype;
@@ -197,7 +185,6 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
197 X509_ALGOR *palg; 185 X509_ALGOR *palg;
198 ASN1_INTEGER *privkey = NULL; 186 ASN1_INTEGER *privkey = NULL;
199 BN_CTX *ctx = NULL; 187 BN_CTX *ctx = NULL;
200
201 STACK_OF(ASN1_TYPE) *ndsa = NULL; 188 STACK_OF(ASN1_TYPE) *ndsa = NULL;
202 DSA *dsa = NULL; 189 DSA *dsa = NULL;
203 190
@@ -206,26 +193,24 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
206 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 193 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
207 194
208 /* Check for broken DSA PKCS#8, UGH! */ 195 /* Check for broken DSA PKCS#8, UGH! */
209 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) 196 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
210 {
211 ASN1_TYPE *t1, *t2; 197 ASN1_TYPE *t1, *t2;
212 if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) 198 if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
213 goto decerr; 199 goto decerr;
214 if (sk_ASN1_TYPE_num(ndsa) != 2) 200 if (sk_ASN1_TYPE_num(ndsa) != 2)
215 goto decerr; 201 goto decerr;
216 /* Handle Two broken types: 202 /*
203 * Handle Two broken types:
217 * SEQUENCE {parameters, priv_key} 204 * SEQUENCE {parameters, priv_key}
218 * SEQUENCE {pub_key, priv_key} 205 * SEQUENCE {pub_key, priv_key}
219 */ 206 */
220 207
221 t1 = sk_ASN1_TYPE_value(ndsa, 0); 208 t1 = sk_ASN1_TYPE_value(ndsa, 0);
222 t2 = sk_ASN1_TYPE_value(ndsa, 1); 209 t2 = sk_ASN1_TYPE_value(ndsa, 1);
223 if (t1->type == V_ASN1_SEQUENCE) 210 if (t1->type == V_ASN1_SEQUENCE) {
224 {
225 p8->broken = PKCS8_EMBEDDED_PARAM; 211 p8->broken = PKCS8_EMBEDDED_PARAM;
226 pval = t1->value.ptr; 212 pval = t1->value.ptr;
227 } 213 } else if (ptype == V_ASN1_SEQUENCE)
228 else if (ptype == V_ASN1_SEQUENCE)
229 p8->broken = PKCS8_NS_DB; 214 p8->broken = PKCS8_NS_DB;
230 else 215 else
231 goto decerr; 216 goto decerr;
@@ -234,22 +219,20 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
234 goto decerr; 219 goto decerr;
235 220
236 privkey = t2->value.integer; 221 privkey = t2->value.integer;
237 } 222 } else {
238 else
239 {
240 const unsigned char *q = p; 223 const unsigned char *q = p;
224
241 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) 225 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
242 goto decerr; 226 goto decerr;
243 if (privkey->type == V_ASN1_NEG_INTEGER) 227 if (privkey->type == V_ASN1_NEG_INTEGER) {
244 {
245 p8->broken = PKCS8_NEG_PRIVKEY; 228 p8->broken = PKCS8_NEG_PRIVKEY;
246 ASN1_INTEGER_free(privkey); 229 ASN1_INTEGER_free(privkey);
247 if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) 230 if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))
248 goto decerr; 231 goto decerr;
249 } 232 }
250 if (ptype != V_ASN1_SEQUENCE) 233 if (ptype != V_ASN1_SEQUENCE)
251 goto decerr; 234 goto decerr;
252 } 235 }
253 236
254 pstr = pval; 237 pstr = pval;
255 pm = pstr->data; 238 pm = pstr->data;
@@ -257,50 +240,47 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
257 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) 240 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
258 goto decerr; 241 goto decerr;
259 /* We have parameters now set private key */ 242 /* We have parameters now set private key */
260 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) 243 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
261 {
262 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); 244 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
263 goto dsaerr; 245 goto dsaerr;
264 } 246 }
265 /* Calculate public key */ 247 /* Calculate public key */
266 if (!(dsa->pub_key = BN_new())) 248 if (!(dsa->pub_key = BN_new())) {
267 {
268 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); 249 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
269 goto dsaerr; 250 goto dsaerr;
270 } 251 }
271 if (!(ctx = BN_CTX_new())) 252 if (!(ctx = BN_CTX_new())) {
272 {
273 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); 253 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
274 goto dsaerr; 254 goto dsaerr;
275 } 255 }
276 256
277 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) 257 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
278 {
279 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); 258 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
280 goto dsaerr; 259 goto dsaerr;
281 } 260 }
282 261
283 EVP_PKEY_assign_DSA(pkey, dsa); 262 EVP_PKEY_assign_DSA(pkey, dsa);
284 BN_CTX_free (ctx); 263 BN_CTX_free (ctx);
285 if(ndsa) 264 if (ndsa)
286 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 265 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
287 else 266 else
288 ASN1_INTEGER_free(privkey); 267 ASN1_INTEGER_free(privkey);
289 268
290 return 1; 269 return 1;
291 270
292 decerr: 271decerr:
293 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); 272 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
294 dsaerr: 273dsaerr:
295 BN_CTX_free (ctx); 274 BN_CTX_free (ctx);
296 if (privkey) 275 if (privkey)
297 ASN1_INTEGER_free(privkey); 276 ASN1_INTEGER_free(privkey);
298 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 277 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
299 DSA_free(dsa); 278 DSA_free(dsa);
300 return 0; 279 return 0;
301 } 280}
302 281
303static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 282static int
283dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
304{ 284{
305 ASN1_STRING *params = NULL; 285 ASN1_STRING *params = NULL;
306 ASN1_INTEGER *prkey = NULL; 286 ASN1_INTEGER *prkey = NULL;
@@ -308,36 +288,31 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
308 int dplen; 288 int dplen;
309 289
310 params = ASN1_STRING_new(); 290 params = ASN1_STRING_new();
311 291 if (!params) {
312 if (!params) 292 DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
313 {
314 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
315 goto err; 293 goto err;
316 } 294 }
317 295
318 params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data); 296 params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
319 if (params->length <= 0) 297 if (params->length <= 0) {
320 { 298 DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
321 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
322 goto err; 299 goto err;
323 } 300 }
324 params->type = V_ASN1_SEQUENCE; 301 params->type = V_ASN1_SEQUENCE;
325 302
326 /* Get private key into integer */ 303 /* Get private key into integer */
327 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); 304 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
328 305 if (!prkey) {
329 if (!prkey) 306 DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
330 {
331 DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
332 goto err; 307 goto err;
333 } 308 }
334 309
335 dplen = i2d_ASN1_INTEGER(prkey, &dp); 310 dplen = i2d_ASN1_INTEGER(prkey, &dp);
336 311
337 ASN1_INTEGER_free(prkey); 312 ASN1_INTEGER_free(prkey);
338 313
339 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, 314 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE,
340 V_ASN1_SEQUENCE, params, dp, dplen)) 315 params, dp, dplen))
341 goto err; 316 goto err;
342 317
343 return 1; 318 return 1;
@@ -351,88 +326,98 @@ err:
351 return 0; 326 return 0;
352} 327}
353 328
354static int int_dsa_size(const EVP_PKEY *pkey) 329static int
355 { 330int_dsa_size(const EVP_PKEY *pkey)
356 return(DSA_size(pkey->pkey.dsa)); 331{
357 } 332 return DSA_size(pkey->pkey.dsa);
333}
358 334
359static int dsa_bits(const EVP_PKEY *pkey) 335static int
360 { 336dsa_bits(const EVP_PKEY *pkey)
337{
361 return BN_num_bits(pkey->pkey.dsa->p); 338 return BN_num_bits(pkey->pkey.dsa->p);
362 } 339}
363 340
364static int dsa_missing_parameters(const EVP_PKEY *pkey) 341static int
365 { 342dsa_missing_parameters(const EVP_PKEY *pkey)
343{
366 DSA *dsa; 344 DSA *dsa;
367 dsa=pkey->pkey.dsa; 345
368 if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) 346 dsa = pkey->pkey.dsa;
369 return 1; 347 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
348 return 1;
370 return 0; 349 return 0;
371 } 350}
372 351
373static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) 352static int
374 { 353dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
354{
375 BIGNUM *a; 355 BIGNUM *a;
376 356
377 if ((a=BN_dup(from->pkey.dsa->p)) == NULL) 357 if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
378 return 0; 358 return 0;
379 if (to->pkey.dsa->p != NULL) 359 if (to->pkey.dsa->p != NULL)
380 BN_free(to->pkey.dsa->p); 360 BN_free(to->pkey.dsa->p);
381 to->pkey.dsa->p=a; 361 to->pkey.dsa->p = a;
382 362
383 if ((a=BN_dup(from->pkey.dsa->q)) == NULL) 363 if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
384 return 0; 364 return 0;
385 if (to->pkey.dsa->q != NULL) 365 if (to->pkey.dsa->q != NULL)
386 BN_free(to->pkey.dsa->q); 366 BN_free(to->pkey.dsa->q);
387 to->pkey.dsa->q=a; 367 to->pkey.dsa->q = a;
388 368
389 if ((a=BN_dup(from->pkey.dsa->g)) == NULL) 369 if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
390 return 0; 370 return 0;
391 if (to->pkey.dsa->g != NULL) 371 if (to->pkey.dsa->g != NULL)
392 BN_free(to->pkey.dsa->g); 372 BN_free(to->pkey.dsa->g);
393 to->pkey.dsa->g=a; 373 to->pkey.dsa->g = a;
394 return 1; 374 return 1;
395 } 375}
396 376
397static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) 377static int
398 { 378dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
399 if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || 379{
400 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || 380 if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
401 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) 381 BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
382 BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
402 return 0; 383 return 0;
403 else 384 else
404 return 1; 385 return 1;
405 } 386}
406 387
407static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 388static int
408 { 389dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
409 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) 390{
391 if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
410 return 0; 392 return 0;
411 else 393 else
412 return 1; 394 return 1;
413 } 395}
414 396
415static void int_dsa_free(EVP_PKEY *pkey) 397static void
416 { 398int_dsa_free(EVP_PKEY *pkey)
399{
417 DSA_free(pkey->pkey.dsa); 400 DSA_free(pkey->pkey.dsa);
418 } 401}
419 402
420static void update_buflen(const BIGNUM *b, size_t *pbuflen) 403static void
421 { 404update_buflen(const BIGNUM *b, size_t *pbuflen)
405{
422 size_t i; 406 size_t i;
407
423 if (!b) 408 if (!b)
424 return; 409 return;
425 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 410 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
426 *pbuflen = i; 411 *pbuflen = i;
427 } 412}
428 413
429static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) 414static int
430 { 415do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
431 unsigned char *m=NULL; 416{
432 int ret=0; 417 unsigned char *m = NULL;
433 size_t buf_len=0; 418 int ret = 0;
419 size_t buf_len = 0;
434 const char *ktype = NULL; 420 const char *ktype = NULL;
435
436 const BIGNUM *priv_key, *pub_key; 421 const BIGNUM *priv_key, *pub_key;
437 422
438 if (ptype == 2) 423 if (ptype == 2)
@@ -458,183 +443,187 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
458 update_buflen(priv_key, &buf_len); 443 update_buflen(priv_key, &buf_len);
459 update_buflen(pub_key, &buf_len); 444 update_buflen(pub_key, &buf_len);
460 445
461 m = malloc(buf_len+10); 446 m = malloc(buf_len + 10);
462 if (m == NULL) 447 if (m == NULL) {
463 { 448 DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
464 DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
465 goto err; 449 goto err;
466 } 450 }
467 451
468 if (priv_key) 452 if (priv_key) {
469 { 453 if (!BIO_indent(bp, off, 128))
470 if(!BIO_indent(bp,off,128)) 454 goto err;
471 goto err; 455 if (BIO_printf(bp, "%s: (%d bit)\n", ktype,
472 if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p)) 456 BN_num_bits(x->p)) <= 0)
473 <= 0) goto err; 457 goto err;
474 } 458 }
475 459
476 if (!ASN1_bn_print(bp,"priv:",priv_key,m,off)) 460 if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
461 goto err;
462 if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
463 goto err;
464 if (!ASN1_bn_print(bp, "P: ", x->p, m, off))
477 goto err; 465 goto err;
478 if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off)) 466 if (!ASN1_bn_print(bp, "Q: ", x->q, m, off))
479 goto err; 467 goto err;
480 if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err; 468 if (!ASN1_bn_print(bp, "G: ", x->g, m, off))
481 if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err; 469 goto err;
482 if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err; 470 ret = 1;
483 ret=1;
484err: 471err:
485 free(m); 472 free(m);
486 return(ret); 473 return(ret);
487 } 474}
488 475
489static int dsa_param_decode(EVP_PKEY *pkey, 476static int
490 const unsigned char **pder, int derlen) 477dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
491 { 478{
492 DSA *dsa; 479 DSA *dsa;
493 if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) 480
494 { 481 if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
495 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); 482 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
496 return 0; 483 return 0;
497 } 484 }
498 EVP_PKEY_assign_DSA(pkey, dsa); 485 EVP_PKEY_assign_DSA(pkey, dsa);
499 return 1; 486 return 1;
500 } 487}
501 488
502static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 489static int
503 { 490dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
491{
504 return i2d_DSAparams(pkey->pkey.dsa, pder); 492 return i2d_DSAparams(pkey->pkey.dsa, pder);
505 } 493}
506 494
507static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, 495static int
508 ASN1_PCTX *ctx) 496dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
509 { 497{
510 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); 498 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
511 } 499}
512 500
513static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, 501static int
514 ASN1_PCTX *ctx) 502dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
515 { 503{
516 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); 504 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
517 } 505}
518
519 506
520static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, 507static int
521 ASN1_PCTX *ctx) 508dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
522 { 509{
523 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); 510 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
524 } 511}
525 512
526static int old_dsa_priv_decode(EVP_PKEY *pkey, 513static int
527 const unsigned char **pder, int derlen) 514old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
528 { 515{
529 DSA *dsa; 516 DSA *dsa;
530 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) 517
531 { 518 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) {
532 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); 519 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
533 return 0; 520 return 0;
534 } 521 }
535 EVP_PKEY_assign_DSA(pkey, dsa); 522 EVP_PKEY_assign_DSA(pkey, dsa);
536 return 1; 523 return 1;
537 } 524}
538 525
539static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) 526static int
540 { 527old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
528{
541 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); 529 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
542 } 530}
543 531
544static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, 532static int
545 const ASN1_STRING *sig, 533dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
546 int indent, ASN1_PCTX *pctx) 534 int indent, ASN1_PCTX *pctx)
547 { 535{
548 DSA_SIG *dsa_sig; 536 DSA_SIG *dsa_sig;
549 const unsigned char *p; 537 const unsigned char *p;
550 if (!sig) 538
551 { 539 if (!sig) {
552 if (BIO_puts(bp, "\n") <= 0) 540 if (BIO_puts(bp, "\n") <= 0)
553 return 0; 541 return 0;
554 else 542 else
555 return 1; 543 return 1;
556 } 544 }
557 p = sig->data; 545 p = sig->data;
558 dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); 546 dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
559 if (dsa_sig) 547 if (dsa_sig) {
560 {
561 int rv = 0; 548 int rv = 0;
562 size_t buf_len = 0; 549 size_t buf_len = 0;
563 unsigned char *m=NULL; 550 unsigned char *m = NULL;
551
564 update_buflen(dsa_sig->r, &buf_len); 552 update_buflen(dsa_sig->r, &buf_len);
565 update_buflen(dsa_sig->s, &buf_len); 553 update_buflen(dsa_sig->s, &buf_len);
566 m = malloc(buf_len+10); 554 m = malloc(buf_len + 10);
567 if (m == NULL) 555 if (m == NULL) {
568 { 556 DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
569 DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
570 goto err; 557 goto err;
571 } 558 }
572 559
573 if (BIO_write(bp, "\n", 1) != 1) 560 if (BIO_write(bp, "\n", 1) != 1)
574 goto err; 561 goto err;
575 562
576 if (!ASN1_bn_print(bp,"r: ",dsa_sig->r,m,indent)) 563 if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent))
577 goto err; 564 goto err;
578 if (!ASN1_bn_print(bp,"s: ",dsa_sig->s,m,indent)) 565 if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent))
579 goto err; 566 goto err;
580 rv = 1; 567 rv = 1;
581 err: 568err:
582 free(m); 569 free(m);
583 DSA_SIG_free(dsa_sig); 570 DSA_SIG_free(dsa_sig);
584 return rv; 571 return rv;
585 }
586 return X509_signature_dump(bp, sig, indent);
587 } 572 }
573 return X509_signature_dump(bp, sig, indent);
574}
588 575
589static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 576static int
590 { 577dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
591 switch (op) 578{
592 { 579 switch (op) {
593 case ASN1_PKEY_CTRL_PKCS7_SIGN: 580 case ASN1_PKEY_CTRL_PKCS7_SIGN:
594 if (arg1 == 0) 581 if (arg1 == 0) {
595 {
596 int snid, hnid; 582 int snid, hnid;
597 X509_ALGOR *alg1, *alg2; 583 X509_ALGOR *alg1, *alg2;
584
598 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); 585 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
599 if (alg1 == NULL || alg1->algorithm == NULL) 586 if (alg1 == NULL || alg1->algorithm == NULL)
600 return -1; 587 return -1;
601 hnid = OBJ_obj2nid(alg1->algorithm); 588 hnid = OBJ_obj2nid(alg1->algorithm);
602 if (hnid == NID_undef) 589 if (hnid == NID_undef)
603 return -1; 590 return -1;
604 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) 591 if (!OBJ_find_sigid_by_algs(&snid, hnid,
592 EVP_PKEY_id(pkey)))
605 return -1; 593 return -1;
606 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); 594 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
607 } 595 0);
596 }
608 return 1; 597 return 1;
609#ifndef OPENSSL_NO_CMS 598#ifndef OPENSSL_NO_CMS
610 case ASN1_PKEY_CTRL_CMS_SIGN: 599 case ASN1_PKEY_CTRL_CMS_SIGN:
611 if (arg1 == 0) 600 if (arg1 == 0) {
612 {
613 int snid, hnid; 601 int snid, hnid;
614 X509_ALGOR *alg1, *alg2; 602 X509_ALGOR *alg1, *alg2;
603
615 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); 604 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
616 if (alg1 == NULL || alg1->algorithm == NULL) 605 if (alg1 == NULL || alg1->algorithm == NULL)
617 return -1; 606 return -1;
618 hnid = OBJ_obj2nid(alg1->algorithm); 607 hnid = OBJ_obj2nid(alg1->algorithm);
619 if (hnid == NID_undef) 608 if (hnid == NID_undef)
620 return -1; 609 return -1;
621 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) 610 if (!OBJ_find_sigid_by_algs(&snid, hnid,
611 EVP_PKEY_id(pkey)))
622 return -1; 612 return -1;
623 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); 613 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
624 } 614 0);
615 }
625 return 1; 616 return 1;
626#endif 617#endif
627 618
628 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 619 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
629 *(int *)arg2 = NID_sha1; 620 *(int *)arg2 = NID_sha1;
630 return 2; 621 return 2;
631 622
632 default: 623 default:
633 return -2; 624 return -2;
634
635 }
636
637 } 625 }
626}
638 627
639/* NB these are sorted in pkey_id order, lowest first */ 628/* NB these are sorted in pkey_id order, lowest first */
640 629
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
index 25288a0dda..cc03f29823 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_asn1.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_asn1.c,v 1.11 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -64,17 +64,17 @@
64#include <openssl/rand.h> 64#include <openssl/rand.h>
65 65
66/* Override the default new methods */ 66/* Override the default new methods */
67static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 67static int
68 void *exarg) 68sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
69{ 69{
70 if(operation == ASN1_OP_NEW_PRE) { 70 if (operation == ASN1_OP_NEW_PRE) {
71 DSA_SIG *sig; 71 DSA_SIG *sig;
72
72 sig = malloc(sizeof(DSA_SIG)); 73 sig = malloc(sizeof(DSA_SIG));
73 if (!sig) 74 if (!sig) {
74 {
75 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); 75 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
76 return 0; 76 return 0;
77 } 77 }
78 sig->r = NULL; 78 sig->r = NULL;
79 sig->s = NULL; 79 sig->s = NULL;
80 *pval = (ASN1_VALUE *)sig; 80 *pval = (ASN1_VALUE *)sig;
@@ -91,14 +91,15 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) 91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
92 92
93/* Override the default free and new methods */ 93/* Override the default free and new methods */
94static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 94static int
95 void *exarg) 95dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
96{ 96{
97 if(operation == ASN1_OP_NEW_PRE) { 97 if (operation == ASN1_OP_NEW_PRE) {
98 *pval = (ASN1_VALUE *)DSA_new(); 98 *pval = (ASN1_VALUE *)DSA_new();
99 if(*pval) return 2; 99 if (*pval)
100 return 2;
100 return 0; 101 return 0;
101 } else if(operation == ASN1_OP_FREE_PRE) { 102 } else if (operation == ASN1_OP_FREE_PRE) {
102 DSA_free((DSA *)*pval); 103 DSA_free((DSA *)*pval);
103 *pval = NULL; 104 *pval = NULL;
104 return 2; 105 return 2;
@@ -125,7 +126,8 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
125 126
126IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) 127IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
127 128
128/* DSA public key is a bit trickier... its effectively a CHOICE type 129/*
130 * DSA public key is a bit trickier... its effectively a CHOICE type
129 * decided by a field called write_params which can either write out 131 * decided by a field called write_params which can either write out
130 * just the public key as an INTEGER or the parameters and public key 132 * just the public key as an INTEGER or the parameters and public key
131 * in a SEQUENCE 133 * in a SEQUENCE
@@ -145,43 +147,49 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
145 147
146IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) 148IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
147 149
148DSA *DSAparams_dup(DSA *dsa) 150DSA *
149 { 151DSAparams_dup(DSA *dsa)
152{
150 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); 153 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
151 } 154}
152 155
153int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 156int
154 unsigned int *siglen, DSA *dsa) 157DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
155 { 158 unsigned int *siglen, DSA *dsa)
159{
156 DSA_SIG *s; 160 DSA_SIG *s;
157 s=DSA_do_sign(dgst,dlen,dsa); 161
158 if (s == NULL) 162 s = DSA_do_sign(dgst, dlen, dsa);
159 { 163 if (s == NULL) {
160 *siglen=0; 164 *siglen = 0;
161 return(0); 165 return 0;
162 }
163 *siglen=i2d_DSA_SIG(s,&sig);
164 DSA_SIG_free(s);
165 return(1);
166 } 166 }
167 *siglen = i2d_DSA_SIG(s,&sig);
168 DSA_SIG_free(s);
169 return 1;
170}
167 171
168/* data has already been hashed (probably with SHA or SHA-1). */ 172/*
169/* returns 173 * data has already been hashed (probably with SHA or SHA-1).
174 * returns
170 * 1: correct signature 175 * 1: correct signature
171 * 0: incorrect signature 176 * 0: incorrect signature
172 * -1: error 177 * -1: error
173 */ 178 */
174int DSA_verify(int type, const unsigned char *dgst, int dgst_len, 179int
175 const unsigned char *sigbuf, int siglen, DSA *dsa) 180DSA_verify(int type, const unsigned char *dgst, int dgst_len,
176 { 181 const unsigned char *sigbuf, int siglen, DSA *dsa)
182{
177 DSA_SIG *s; 183 DSA_SIG *s;
178 int ret=-1; 184 int ret = -1;
179 185
180 s = DSA_SIG_new(); 186 s = DSA_SIG_new();
181 if (s == NULL) return(ret); 187 if (s == NULL)
182 if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; 188 return ret;
183 ret=DSA_do_verify(dgst,dgst_len,s,dsa); 189 if (d2i_DSA_SIG(&s, &sigbuf, siglen) == NULL)
190 goto err;
191 ret = DSA_do_verify(dgst, dgst_len, s, dsa);
184err: 192err:
185 DSA_SIG_free(s); 193 DSA_SIG_free(s);
186 return(ret); 194 return ret;
187 } 195}
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_depr.c b/src/lib/libssl/src/crypto/dsa/dsa_depr.c
index 8e3125b66f..50169ac9b2 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_depr.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_depr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_depr.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_depr.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -56,19 +56,6 @@
56/* This file contains deprecated function(s) that are now wrappers to the new 56/* This file contains deprecated function(s) that are now wrappers to the new
57 * version(s). */ 57 * version(s). */
58 58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72#ifndef OPENSSL_NO_SHA 59#ifndef OPENSSL_NO_SHA
73 60
74#include <stdio.h> 61#include <stdio.h>
@@ -81,24 +68,24 @@
81#include <openssl/sha.h> 68#include <openssl/sha.h>
82 69
83#ifndef OPENSSL_NO_DEPRECATED 70#ifndef OPENSSL_NO_DEPRECATED
84DSA *DSA_generate_parameters(int bits, 71DSA *
85 unsigned char *seed_in, int seed_len, 72DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
86 int *counter_ret, unsigned long *h_ret, 73 int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *),
87 void (*callback)(int, int, void *), 74 void *cb_arg)
88 void *cb_arg) 75{
89 {
90 BN_GENCB cb; 76 BN_GENCB cb;
91 DSA *ret; 77 DSA *ret;
92 78
93 if ((ret=DSA_new()) == NULL) return NULL; 79 if ((ret = DSA_new()) == NULL)
80 return NULL;
94 81
95 BN_GENCB_set_old(&cb, callback, cb_arg); 82 BN_GENCB_set_old(&cb, callback, cb_arg);
96 83
97 if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, 84 if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
98 counter_ret, h_ret, &cb)) 85 counter_ret, h_ret, &cb))
99 return ret; 86 return ret;
100 DSA_free(ret); 87 DSA_free(ret);
101 return NULL; 88 return NULL;
102 } 89}
103#endif 90#endif
104#endif 91#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
index 22c388b9d1..d97f988688 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_gen.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_gen.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_gen.c,v 1.13 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,19 +56,6 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ 59#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
73 60
74#ifndef OPENSSL_NO_SHA 61#ifndef OPENSSL_NO_SHA
@@ -81,51 +68,47 @@
81#include <openssl/sha.h> 68#include <openssl/sha.h>
82#include "dsa_locl.h" 69#include "dsa_locl.h"
83 70
84int DSA_generate_parameters_ex(DSA *ret, int bits, 71int
85 const unsigned char *seed_in, int seed_len, 72DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 73 int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
87 { 74{
88 if(ret->meth->dsa_paramgen) 75 if (ret->meth->dsa_paramgen)
89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 76 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
90 counter_ret, h_ret, cb); 77 counter_ret, h_ret, cb);
91 else 78 else {
92 {
93 const EVP_MD *evpmd; 79 const EVP_MD *evpmd;
94 size_t qbits = bits >= 2048 ? 256 : 160; 80 size_t qbits;
95 81
96 if (bits >= 2048) 82 if (bits >= 2048) {
97 {
98 qbits = 256; 83 qbits = 256;
99 evpmd = EVP_sha256(); 84 evpmd = EVP_sha256();
100 } 85 } else {
101 else
102 {
103 qbits = 160; 86 qbits = 160;
104 evpmd = EVP_sha1(); 87 evpmd = EVP_sha1();
105 }
106
107 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
108 seed_in, seed_len, NULL, counter_ret, h_ret, cb);
109 } 88 }
110 }
111 89
112int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, 90 return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in,
113 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, 91 seed_len, NULL, counter_ret, h_ret, cb);
114 unsigned char *seed_out, 92 }
115 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 93}
116 { 94
117 int ok=0; 95int
96dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
97 const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out,
98 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
99{
100 int ok = 0;
118 unsigned char seed[SHA256_DIGEST_LENGTH]; 101 unsigned char seed[SHA256_DIGEST_LENGTH];
119 unsigned char md[SHA256_DIGEST_LENGTH]; 102 unsigned char md[SHA256_DIGEST_LENGTH];
120 unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; 103 unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
121 BIGNUM *r0,*W,*X,*c,*test; 104 BIGNUM *r0, *W, *X, *c, *test;
122 BIGNUM *g=NULL,*q=NULL,*p=NULL; 105 BIGNUM *g = NULL, *q = NULL, *p = NULL;
123 BN_MONT_CTX *mont=NULL; 106 BN_MONT_CTX *mont = NULL;
124 int i, k, n=0, m=0, qsize = qbits >> 3; 107 int i, k, n = 0, m = 0, qsize = qbits >> 3;
125 int counter=0; 108 int counter = 0;
126 int r=0; 109 int r = 0;
127 BN_CTX *ctx=NULL; 110 BN_CTX *ctx = NULL;
128 unsigned int h=2; 111 unsigned int h = 2;
129 112
130 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && 113 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
131 qsize != SHA256_DIGEST_LENGTH) 114 qsize != SHA256_DIGEST_LENGTH)
@@ -139,16 +122,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
139 if (bits < 512) 122 if (bits < 512)
140 bits = 512; 123 bits = 512;
141 124
142 bits = (bits+63)/64*64; 125 bits = (bits + 63) / 64 * 64;
143 126
144 /* NB: seed_len == 0 is special case: copy generated seed to 127 /*
128 * NB: seed_len == 0 is special case: copy generated seed to
145 * seed_in if it is not NULL. 129 * seed_in if it is not NULL.
146 */ 130 */
147 if (seed_len && (seed_len < (size_t)qsize)) 131 if (seed_len && seed_len < (size_t)qsize)
148 seed_in = NULL; /* seed buffer too small -- ignore */ 132 seed_in = NULL; /* seed buffer too small -- ignore */
133 /*
134 * App. 2.2 of FIPS PUB 186 allows larger SEED,
135 * but our internal buffers are restricted to 160 bits
136 */
149 if (seed_len > (size_t)qsize) 137 if (seed_len > (size_t)qsize)
150 seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 138 seed_len = qsize;
151 * but our internal buffers are restricted to 160 bits*/
152 if (seed_in != NULL) 139 if (seed_in != NULL)
153 memcpy(seed, seed_in, seed_len); 140 memcpy(seed, seed_in, seed_len);
154 141
@@ -168,38 +155,34 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
168 p = BN_CTX_get(ctx); 155 p = BN_CTX_get(ctx);
169 test = BN_CTX_get(ctx); 156 test = BN_CTX_get(ctx);
170 157
171 if (!BN_lshift(test,BN_value_one(),bits-1)) 158 if (!BN_lshift(test, BN_value_one(), bits - 1))
172 goto err; 159 goto err;
173 160
174 for (;;) 161 for (;;) {
175 { 162 for (;;) { /* find q */
176 for (;;) /* find q */
177 {
178 int seed_is_random; 163 int seed_is_random;
179 164
180 /* step 1 */ 165 /* step 1 */
181 if(!BN_GENCB_call(cb, 0, m++)) 166 if (!BN_GENCB_call(cb, 0, m++))
182 goto err; 167 goto err;
183 168
184 if (!seed_len) 169 if (!seed_len) {
185 {
186 RAND_pseudo_bytes(seed, qsize); 170 RAND_pseudo_bytes(seed, qsize);
187 seed_is_random = 1; 171 seed_is_random = 1;
188 } 172 } else {
189 else
190 {
191 seed_is_random = 0; 173 seed_is_random = 0;
192 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ 174 /* use random seed if 'seed_in' turns out
193 } 175 to be bad */
194 memcpy(buf , seed, qsize); 176 seed_len = 0;
177 }
178 memcpy(buf, seed, qsize);
195 memcpy(buf2, seed, qsize); 179 memcpy(buf2, seed, qsize);
196 /* precompute "SEED + 1" for step 7: */ 180 /* precompute "SEED + 1" for step 7: */
197 for (i = qsize-1; i >= 0; i--) 181 for (i = qsize - 1; i >= 0; i--) {
198 {
199 buf[i]++; 182 buf[i]++;
200 if (buf[i] != 0) 183 if (buf[i] != 0)
201 break; 184 break;
202 } 185 }
203 186
204 /* step 2 */ 187 /* step 2 */
205 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) 188 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
@@ -207,17 +190,17 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
207 if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) 190 if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
208 goto err; 191 goto err;
209 for (i = 0; i < qsize; i++) 192 for (i = 0; i < qsize; i++)
210 md[i]^=buf2[i]; 193 md[i] ^= buf2[i];
211 194
212 /* step 3 */ 195 /* step 3 */
213 md[0] |= 0x80; 196 md[0] |= 0x80;
214 md[qsize-1] |= 0x01; 197 md[qsize - 1] |= 0x01;
215 if (!BN_bin2bn(md, qsize, q)) 198 if (!BN_bin2bn(md, qsize, q))
216 goto err; 199 goto err;
217 200
218 /* step 4 */ 201 /* step 4 */
219 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, 202 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
220 seed_is_random, cb); 203 seed_is_random, cb);
221 if (r > 0) 204 if (r > 0)
222 break; 205 break;
223 if (r != 0) 206 if (r != 0)
@@ -225,127 +208,144 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
225 208
226 /* do a callback call */ 209 /* do a callback call */
227 /* step 5 */ 210 /* step 5 */
228 } 211 }
229 212
230 if(!BN_GENCB_call(cb, 2, 0)) goto err; 213 if (!BN_GENCB_call(cb, 2, 0))
231 if(!BN_GENCB_call(cb, 3, 0)) goto err; 214 goto err;
215 if (!BN_GENCB_call(cb, 3, 0))
216 goto err;
232 217
233 /* step 6 */ 218 /* step 6 */
234 counter=0; 219 counter = 0;
235 /* "offset = 2" */ 220 /* "offset = 2" */
236 221
237 n=(bits-1)/160; 222 n = (bits - 1) / 160;
238 223
239 for (;;) 224 for (;;) {
240 { 225 if (counter != 0 && !BN_GENCB_call(cb, 0, counter))
241 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
242 goto err; 226 goto err;
243 227
244 /* step 7 */ 228 /* step 7 */
245 BN_zero(W); 229 BN_zero(W);
246 /* now 'buf' contains "SEED + offset - 1" */ 230 /* now 'buf' contains "SEED + offset - 1" */
247 for (k=0; k<=n; k++) 231 for (k = 0; k <= n; k++) {
248 {
249 /* obtain "SEED + offset + k" by incrementing: */ 232 /* obtain "SEED + offset + k" by incrementing: */
250 for (i = qsize-1; i >= 0; i--) 233 for (i = qsize - 1; i >= 0; i--) {
251 {
252 buf[i]++; 234 buf[i]++;
253 if (buf[i] != 0) 235 if (buf[i] != 0)
254 break; 236 break;
255 } 237 }
256 238
257 if (!EVP_Digest(buf, qsize, md ,NULL, evpmd, 239 if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
258 NULL)) 240 NULL))
259 goto err; 241 goto err;
260 242
261 /* step 8 */ 243 /* step 8 */
262 if (!BN_bin2bn(md, qsize, r0)) 244 if (!BN_bin2bn(md, qsize, r0))
263 goto err; 245 goto err;
264 if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; 246 if (!BN_lshift(r0, r0, (qsize << 3) * k))
265 if (!BN_add(W,W,r0)) goto err; 247 goto err;
266 } 248 if (!BN_add(W, W, r0))
249 goto err;
250 }
267 251
268 /* more of step 8 */ 252 /* more of step 8 */
269 if (!BN_mask_bits(W,bits-1)) goto err; 253 if (!BN_mask_bits(W, bits - 1))
270 if (!BN_copy(X,W)) goto err; 254 goto err;
271 if (!BN_add(X,X,test)) goto err; 255 if (!BN_copy(X, W))
256 goto err;
257 if (!BN_add(X, X, test))
258 goto err;
272 259
273 /* step 9 */ 260 /* step 9 */
274 if (!BN_lshift1(r0,q)) goto err; 261 if (!BN_lshift1(r0, q))
275 if (!BN_mod(c,X,r0,ctx)) goto err; 262 goto err;
276 if (!BN_sub(r0,c,BN_value_one())) goto err; 263 if (!BN_mod(c, X, r0, ctx))
277 if (!BN_sub(p,X,r0)) goto err; 264 goto err;
265 if (!BN_sub(r0, c, BN_value_one()))
266 goto err;
267 if (!BN_sub(p, X, r0))
268 goto err;
278 269
279 /* step 10 */ 270 /* step 10 */
280 if (BN_cmp(p,test) >= 0) 271 if (BN_cmp(p, test) >= 0) {
281 {
282 /* step 11 */ 272 /* step 11 */
283 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, 273 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
284 ctx, 1, cb); 274 ctx, 1, cb);
285 if (r > 0) 275 if (r > 0)
286 goto end; /* found it */ 276 goto end; /* found it */
287 if (r != 0) 277 if (r != 0)
288 goto err; 278 goto err;
289 } 279 }
290 280
291 /* step 13 */ 281 /* step 13 */
292 counter++; 282 counter++;
293 /* "offset = offset + n + 1" */ 283 /* "offset = offset + n + 1" */
294 284
295 /* step 14 */ 285 /* step 14 */
296 if (counter >= 4096) break; 286 if (counter >= 4096)
297 } 287 break;
298 } 288 }
289 }
299end: 290end:
300 if(!BN_GENCB_call(cb, 2, 1)) 291 if (!BN_GENCB_call(cb, 2, 1))
301 goto err; 292 goto err;
302 293
303 /* We now need to generate g */ 294 /* We now need to generate g */
304 /* Set r0=(p-1)/q */ 295 /* Set r0=(p-1)/q */
305 if (!BN_sub(test,p,BN_value_one())) goto err; 296 if (!BN_sub(test, p, BN_value_one()))
306 if (!BN_div(r0,NULL,test,q,ctx)) goto err; 297 goto err;
298 if (!BN_div(r0, NULL, test, q, ctx))
299 goto err;
307 300
308 if (!BN_set_word(test,h)) goto err; 301 if (!BN_set_word(test, h))
309 if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; 302 goto err;
303 if (!BN_MONT_CTX_set(mont, p, ctx))
304 goto err;
310 305
311 for (;;) 306 for (;;) {
312 {
313 /* g=test^r0%p */ 307 /* g=test^r0%p */
314 if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; 308 if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
315 if (!BN_is_one(g)) break; 309 goto err;
316 if (!BN_add(test,test,BN_value_one())) goto err; 310 if (!BN_is_one(g))
311 break;
312 if (!BN_add(test, test, BN_value_one()))
313 goto err;
317 h++; 314 h++;
318 } 315 }
319 316
320 if(!BN_GENCB_call(cb, 3, 1)) 317 if (!BN_GENCB_call(cb, 3, 1))
321 goto err; 318 goto err;
322 319
323 ok=1; 320 ok = 1;
324err: 321err:
325 if (ok) 322 if (ok) {
326 { 323 if (ret->p)
327 if(ret->p) BN_free(ret->p); 324 BN_free(ret->p);
328 if(ret->q) BN_free(ret->q); 325 if (ret->q)
329 if(ret->g) BN_free(ret->g); 326 BN_free(ret->q);
330 ret->p=BN_dup(p); 327 if (ret->g)
331 ret->q=BN_dup(q); 328 BN_free(ret->g);
332 ret->g=BN_dup(g); 329 ret->p = BN_dup(p);
333 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) 330 ret->q = BN_dup(q);
334 { 331 ret->g = BN_dup(g);
335 ok=0; 332 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
333 ok = 0;
336 goto err; 334 goto err;
337 } 335 }
338 if (counter_ret != NULL) *counter_ret=counter; 336 if (counter_ret != NULL)
339 if (h_ret != NULL) *h_ret=h; 337 *counter_ret = counter;
338 if (h_ret != NULL)
339 *h_ret = h;
340 if (seed_out) 340 if (seed_out)
341 memcpy(seed_out, seed, qsize); 341 memcpy(seed_out, seed, qsize);
342 } 342 }
343 if(ctx) 343 if (ctx) {
344 {
345 BN_CTX_end(ctx); 344 BN_CTX_end(ctx);
346 BN_CTX_free(ctx); 345 BN_CTX_free(ctx);
347 }
348 if (mont != NULL) BN_MONT_CTX_free(mont);
349 return ok;
350 } 346 }
347 if (mont != NULL)
348 BN_MONT_CTX_free(mont);
349 return ok;
350}
351#endif 351#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c
index 7747ed1416..2d11f59107 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_key.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_key.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,63 +66,67 @@
66 66
67static int dsa_builtin_keygen(DSA *dsa); 67static int dsa_builtin_keygen(DSA *dsa);
68 68
69int DSA_generate_key(DSA *dsa) 69int
70 { 70DSA_generate_key(DSA *dsa)
71 if(dsa->meth->dsa_keygen) 71{
72 if (dsa->meth->dsa_keygen)
72 return dsa->meth->dsa_keygen(dsa); 73 return dsa->meth->dsa_keygen(dsa);
73 return dsa_builtin_keygen(dsa); 74 return dsa_builtin_keygen(dsa);
74 } 75}
75 76
76static int dsa_builtin_keygen(DSA *dsa) 77static int
77 { 78dsa_builtin_keygen(DSA *dsa)
78 int ok=0; 79{
79 BN_CTX *ctx=NULL; 80 int ok = 0;
80 BIGNUM *pub_key=NULL,*priv_key=NULL; 81 BN_CTX *ctx = NULL;
82 BIGNUM *pub_key = NULL, *priv_key = NULL;
81 83
82 if ((ctx=BN_CTX_new()) == NULL) goto err; 84 if ((ctx = BN_CTX_new()) == NULL)
85 goto err;
83 86
84 if (dsa->priv_key == NULL) 87 if (dsa->priv_key == NULL) {
85 { 88 if ((priv_key = BN_new()) == NULL)
86 if ((priv_key=BN_new()) == NULL) goto err; 89 goto err;
87 } 90 } else
88 else
89 priv_key=dsa->priv_key; 91 priv_key=dsa->priv_key;
90 92
91 do 93 do {
92 if (!BN_rand_range(priv_key,dsa->q)) goto err; 94 if (!BN_rand_range(priv_key, dsa->q))
93 while (BN_is_zero(priv_key)); 95 goto err;
96 } while (BN_is_zero(priv_key));
94 97
95 if (dsa->pub_key == NULL) 98 if (dsa->pub_key == NULL) {
96 { 99 if ((pub_key = BN_new()) == NULL)
97 if ((pub_key=BN_new()) == NULL) goto err; 100 goto err;
98 } 101 } else
99 else
100 pub_key=dsa->pub_key; 102 pub_key=dsa->pub_key;
101 103
102 { 104 {
103 BIGNUM local_prk; 105 BIGNUM local_prk;
104 BIGNUM *prk; 106 BIGNUM *prk;
105 107
106 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 108 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
107 {
108 BN_init(&local_prk); 109 BN_init(&local_prk);
109 prk = &local_prk; 110 prk = &local_prk;
110 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); 111 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
111 } 112 } else
112 else
113 prk = priv_key; 113 prk = priv_key;
114 114
115 if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err; 115 if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
116 goto err;
116 } 117 }
117 118
118 dsa->priv_key=priv_key; 119 dsa->priv_key = priv_key;
119 dsa->pub_key=pub_key; 120 dsa->pub_key = pub_key;
120 ok=1; 121 ok = 1;
121 122
122err: 123err:
123 if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); 124 if (pub_key != NULL && dsa->pub_key == NULL)
124 if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); 125 BN_free(pub_key);
125 if (ctx != NULL) BN_CTX_free(ctx); 126 if (priv_key != NULL && dsa->priv_key == NULL)
126 return(ok); 127 BN_free(priv_key);
127 } 128 if (ctx != NULL)
129 BN_CTX_free(ctx);
130 return ok;
131}
128#endif 132#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
index d625f0f282..334d5ba7f2 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_lib.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_lib.c,v 1.16 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_lib.c,v 1.17 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -70,198 +70,212 @@
70#include <openssl/dh.h> 70#include <openssl/dh.h>
71#endif 71#endif
72 72
73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; 73const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT;
74 74
75static const DSA_METHOD *default_DSA_method = NULL; 75static const DSA_METHOD *default_DSA_method = NULL;
76 76
77void DSA_set_default_method(const DSA_METHOD *meth) 77void
78 { 78DSA_set_default_method(const DSA_METHOD *meth)
79{
79 default_DSA_method = meth; 80 default_DSA_method = meth;
80 } 81}
81 82
82const DSA_METHOD *DSA_get_default_method(void) 83const DSA_METHOD *
83 { 84DSA_get_default_method(void)
84 if(!default_DSA_method) 85{
85 { 86 if (!default_DSA_method)
86 default_DSA_method = DSA_OpenSSL(); 87 default_DSA_method = DSA_OpenSSL();
87 }
88 return default_DSA_method; 88 return default_DSA_method;
89 } 89}
90 90
91DSA *DSA_new(void) 91DSA *
92 { 92DSA_new(void)
93{
93 return DSA_new_method(NULL); 94 return DSA_new_method(NULL);
94 } 95}
95 96
96int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) 97int
97 { 98DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
98 /* NB: The caller is specifically setting a method, so it's not up to us 99{
99 * to deal with which ENGINE it comes from. */ 100 /*
101 * NB: The caller is specifically setting a method, so it's not up to us
102 * to deal with which ENGINE it comes from.
103 */
100 const DSA_METHOD *mtmp; 104 const DSA_METHOD *mtmp;
101 mtmp = dsa->meth; 105 mtmp = dsa->meth;
102 if (mtmp->finish) mtmp->finish(dsa); 106 if (mtmp->finish)
107 mtmp->finish(dsa);
103#ifndef OPENSSL_NO_ENGINE 108#ifndef OPENSSL_NO_ENGINE
104 if (dsa->engine) 109 if (dsa->engine) {
105 {
106 ENGINE_finish(dsa->engine); 110 ENGINE_finish(dsa->engine);
107 dsa->engine = NULL; 111 dsa->engine = NULL;
108 } 112 }
109#endif 113#endif
110 dsa->meth = meth; 114 dsa->meth = meth;
111 if (meth->init) meth->init(dsa); 115 if (meth->init)
116 meth->init(dsa);
112 return 1; 117 return 1;
113 } 118}
114 119
115DSA *DSA_new_method(ENGINE *engine) 120DSA *
116 { 121DSA_new_method(ENGINE *engine)
122{
117 DSA *ret; 123 DSA *ret;
118 124
119 ret = malloc(sizeof(DSA)); 125 ret = malloc(sizeof(DSA));
120 if (ret == NULL) 126 if (ret == NULL) {
121 { 127 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
122 DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); 128 return NULL;
123 return(NULL); 129 }
124 }
125 ret->meth = DSA_get_default_method(); 130 ret->meth = DSA_get_default_method();
126#ifndef OPENSSL_NO_ENGINE 131#ifndef OPENSSL_NO_ENGINE
127 if (engine) 132 if (engine) {
128 { 133 if (!ENGINE_init(engine)) {
129 if (!ENGINE_init(engine))
130 {
131 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); 134 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
132 free(ret); 135 free(ret);
133 return NULL; 136 return NULL;
134 }
135 ret->engine = engine;
136 } 137 }
137 else 138 ret->engine = engine;
139 } else
138 ret->engine = ENGINE_get_default_DSA(); 140 ret->engine = ENGINE_get_default_DSA();
139 if(ret->engine) 141 if (ret->engine) {
140 {
141 ret->meth = ENGINE_get_DSA(ret->engine); 142 ret->meth = ENGINE_get_DSA(ret->engine);
142 if(!ret->meth) 143 if (!ret->meth) {
143 { 144 DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
144 DSAerr(DSA_F_DSA_NEW_METHOD,
145 ERR_R_ENGINE_LIB);
146 ENGINE_finish(ret->engine); 145 ENGINE_finish(ret->engine);
147 free(ret); 146 free(ret);
148 return NULL; 147 return NULL;
149 }
150 } 148 }
149 }
151#endif 150#endif
152 151
153 ret->pad=0; 152 ret->pad = 0;
154 ret->version=0; 153 ret->version = 0;
155 ret->write_params=1; 154 ret->write_params = 1;
156 ret->p=NULL; 155 ret->p = NULL;
157 ret->q=NULL; 156 ret->q = NULL;
158 ret->g=NULL; 157 ret->g = NULL;
159 158
160 ret->pub_key=NULL; 159 ret->pub_key = NULL;
161 ret->priv_key=NULL; 160 ret->priv_key = NULL;
162 161
163 ret->kinv=NULL; 162 ret->kinv = NULL;
164 ret->r=NULL; 163 ret->r = NULL;
165 ret->method_mont_p=NULL; 164 ret->method_mont_p = NULL;
166 165
167 ret->references=1; 166 ret->references = 1;
168 ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; 167 ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
169 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); 168 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
170 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 169 if (ret->meth->init != NULL && !ret->meth->init(ret)) {
171 {
172#ifndef OPENSSL_NO_ENGINE 170#ifndef OPENSSL_NO_ENGINE
173 if (ret->engine) 171 if (ret->engine)
174 ENGINE_finish(ret->engine); 172 ENGINE_finish(ret->engine);
175#endif 173#endif
176 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); 174 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
177 free(ret); 175 free(ret);
178 ret=NULL; 176 ret = NULL;
179 }
180
181 return(ret);
182 } 177 }
178
179 return ret;
180}
183 181
184void DSA_free(DSA *r) 182void
185 { 183DSA_free(DSA *r)
184{
186 int i; 185 int i;
187 186
188 if (r == NULL) return; 187 if (r == NULL)
188 return;
189 189
190 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); 190 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA);
191 if (i > 0) return; 191 if (i > 0)
192 return;
192 193
193 if(r->meth->finish) 194 if (r->meth->finish)
194 r->meth->finish(r); 195 r->meth->finish(r);
195#ifndef OPENSSL_NO_ENGINE 196#ifndef OPENSSL_NO_ENGINE
196 if(r->engine) 197 if (r->engine)
197 ENGINE_finish(r->engine); 198 ENGINE_finish(r->engine);
198#endif 199#endif
199 200
200 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); 201 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
201 202
202 if (r->p != NULL) BN_clear_free(r->p); 203 if (r->p != NULL)
203 if (r->q != NULL) BN_clear_free(r->q); 204 BN_clear_free(r->p);
204 if (r->g != NULL) BN_clear_free(r->g); 205 if (r->q != NULL)
205 if (r->pub_key != NULL) BN_clear_free(r->pub_key); 206 BN_clear_free(r->q);
206 if (r->priv_key != NULL) BN_clear_free(r->priv_key); 207 if (r->g != NULL)
207 if (r->kinv != NULL) BN_clear_free(r->kinv); 208 BN_clear_free(r->g);
208 if (r->r != NULL) BN_clear_free(r->r); 209 if (r->pub_key != NULL)
210 BN_clear_free(r->pub_key);
211 if (r->priv_key != NULL)
212 BN_clear_free(r->priv_key);
213 if (r->kinv != NULL)
214 BN_clear_free(r->kinv);
215 if (r->r != NULL)
216 BN_clear_free(r->r);
209 free(r); 217 free(r);
210 } 218}
211 219
212int DSA_up_ref(DSA *r) 220int
213 { 221DSA_up_ref(DSA *r)
222{
214 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); 223 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
215 return ((i > 1) ? 1 : 0); 224 return i > 1 ? 1 : 0;
216 } 225}
217 226
218int DSA_size(const DSA *r) 227int
219 { 228DSA_size(const DSA *r)
220 int ret,i; 229{
230 int ret, i;
221 ASN1_INTEGER bs; 231 ASN1_INTEGER bs;
222 unsigned char buf[4]; /* 4 bytes looks really small. 232 unsigned char buf[4]; /* 4 bytes looks really small.
223 However, i2d_ASN1_INTEGER() will not look 233 However, i2d_ASN1_INTEGER() will not look
224 beyond the first byte, as long as the second 234 beyond the first byte, as long as the second
225 parameter is NULL. */ 235 parameter is NULL. */
226 236
227 i=BN_num_bits(r->q); 237 i = BN_num_bits(r->q);
228 bs.length=(i+7)/8; 238 bs.length = (i + 7) / 8;
229 bs.data=buf; 239 bs.data = buf;
230 bs.type=V_ASN1_INTEGER; 240 bs.type = V_ASN1_INTEGER;
231 /* If the top bit is set the asn1 encoding is 1 larger. */ 241 /* If the top bit is set the asn1 encoding is 1 larger. */
232 buf[0]=0xff; 242 buf[0] = 0xff;
233 243
234 i=i2d_ASN1_INTEGER(&bs,NULL); 244 i = i2d_ASN1_INTEGER(&bs, NULL);
235 i+=i; /* r and s */ 245 i += i; /* r and s */
236 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 246 ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
237 return(ret); 247 return ret;
238 } 248}
239 249
240int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 250int
241 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 251DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
242 { 252 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
253{
243 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, 254 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
244 new_func, dup_func, free_func); 255 new_func, dup_func, free_func);
245 } 256}
246 257
247int DSA_set_ex_data(DSA *d, int idx, void *arg) 258int
248 { 259DSA_set_ex_data(DSA *d, int idx, void *arg)
249 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); 260{
250 } 261 return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
262}
251 263
252void *DSA_get_ex_data(DSA *d, int idx) 264void *
253 { 265DSA_get_ex_data(DSA *d, int idx)
254 return(CRYPTO_get_ex_data(&d->ex_data,idx)); 266{
255 } 267 return CRYPTO_get_ex_data(&d->ex_data, idx);
268}
256 269
257#ifndef OPENSSL_NO_DH 270#ifndef OPENSSL_NO_DH
258DH *DSA_dup_DH(const DSA *r) 271DH *
259 { 272DSA_dup_DH(const DSA *r)
260 /* DSA has p, q, g, optional pub_key, optional priv_key. 273{
274 /*
275 * DSA has p, q, g, optional pub_key, optional priv_key.
261 * DH has p, optional length, g, optional pub_key, optional priv_key, 276 * DH has p, optional length, g, optional pub_key, optional priv_key,
262 * optional q. 277 * optional q.
263 */ 278 */
264
265 DH *ret = NULL; 279 DH *ret = NULL;
266 280
267 if (r == NULL) 281 if (r == NULL)
@@ -272,12 +286,11 @@ DH *DSA_dup_DH(const DSA *r)
272 if (r->p != NULL) 286 if (r->p != NULL)
273 if ((ret->p = BN_dup(r->p)) == NULL) 287 if ((ret->p = BN_dup(r->p)) == NULL)
274 goto err; 288 goto err;
275 if (r->q != NULL) 289 if (r->q != NULL) {
276 {
277 ret->length = BN_num_bits(r->q); 290 ret->length = BN_num_bits(r->q);
278 if ((ret->q = BN_dup(r->q)) == NULL) 291 if ((ret->q = BN_dup(r->q)) == NULL)
279 goto err; 292 goto err;
280 } 293 }
281 if (r->g != NULL) 294 if (r->g != NULL)
282 if ((ret->g = BN_dup(r->g)) == NULL) 295 if ((ret->g = BN_dup(r->g)) == NULL)
283 goto err; 296 goto err;
@@ -290,9 +303,9 @@ DH *DSA_dup_DH(const DSA *r)
290 303
291 return ret; 304 return ret;
292 305
293 err: 306err:
294 if (ret != NULL) 307 if (ret != NULL)
295 DH_free(ret); 308 DH_free(ret);
296 return NULL; 309 return NULL;
297 } 310}
298#endif 311#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
index 61a20f41a7..17119eb187 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ossl.c,v 1.18 2014/06/27 06:07:35 deraadt Exp $ */ 1/* $OpenBSD: dsa_ossl.c,v 1.19 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -67,9 +67,10 @@
67#include <openssl/asn1.h> 67#include <openssl/asn1.h>
68 68
69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
71 BIGNUM **rp);
71static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 72static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
72 DSA *dsa); 73 DSA *dsa);
73static int dsa_init(DSA *dsa); 74static int dsa_init(DSA *dsa);
74static int dsa_finish(DSA *dsa); 75static int dsa_finish(DSA *dsa);
75 76
@@ -82,7 +83,8 @@ static DSA_METHOD openssl_dsa_meth = {
82 .finish = dsa_finish 83 .finish = dsa_finish
83}; 84};
84 85
85/* These macro wrappers replace attempts to use the dsa_mod_exp() and 86/*
87 * These macro wrappers replace attempts to use the dsa_mod_exp() and
86 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of 88 * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
87 * having a the macro work as an expression by bundling an "err_instr". So; 89 * having a the macro work as an expression by bundling an "err_instr". So;
88 * 90 *
@@ -96,315 +98,333 @@ static DSA_METHOD openssl_dsa_meth = {
96 */ 98 */
97 99
98#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ 100#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
99 do { \ 101do { \
100 int _tmp_res53; \ 102 int _tmp_res53; \
101 if((dsa)->meth->dsa_mod_exp) \ 103 if ((dsa)->meth->dsa_mod_exp) \
102 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \ 104 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \
103 (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \ 105 (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \
104 else \ 106 else \
105 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \ 107 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \
106 (p1), (a2), (p2), (m), (ctx), (in_mont)); \ 108 (p1), (a2), (p2), (m), (ctx), (in_mont)); \
107 if(!_tmp_res53) \ 109 if (!_tmp_res53) \
108 err_instr; \ 110 err_instr; \
109 } while(0) 111} while(0)
110 112
111#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ 113#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
112 do { \ 114do { \
113 int _tmp_res53; \ 115 int _tmp_res53; \
114 if((dsa)->meth->bn_mod_exp) \ 116 if ((dsa)->meth->bn_mod_exp) \
115 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \ 117 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \
116 (a), (p), (m), (ctx), (m_ctx)); \ 118 (a), (p), (m), (ctx), (m_ctx)); \
117 else \ 119 else \
118 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \ 120 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \
119 (ctx), (m_ctx)); \ 121 (ctx), (m_ctx)); \
120 if(!_tmp_res53) \ 122 if (!_tmp_res53) \
121 err_instr; \ 123 err_instr; \
122 } while(0) 124} while(0)
123 125
124const DSA_METHOD *DSA_OpenSSL(void) 126const DSA_METHOD *
127DSA_OpenSSL(void)
125{ 128{
126 return &openssl_dsa_meth; 129 return &openssl_dsa_meth;
127} 130}
128 131
129static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 132static DSA_SIG *
130 { 133dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
131 BIGNUM *kinv=NULL,*r=NULL,*s=NULL; 134{
135 BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
132 BIGNUM m; 136 BIGNUM m;
133 BIGNUM xr; 137 BIGNUM xr;
134 BN_CTX *ctx=NULL; 138 BN_CTX *ctx = NULL;
135 int reason=ERR_R_BN_LIB; 139 int reason = ERR_R_BN_LIB;
136 DSA_SIG *ret=NULL; 140 DSA_SIG *ret = NULL;
137 int noredo = 0; 141 int noredo = 0;
138 142
139 BN_init(&m); 143 BN_init(&m);
140 BN_init(&xr); 144 BN_init(&xr);
141 145
142 if (!dsa->p || !dsa->q || !dsa->g) 146 if (!dsa->p || !dsa->q || !dsa->g) {
143 { 147 reason = DSA_R_MISSING_PARAMETERS;
144 reason=DSA_R_MISSING_PARAMETERS;
145 goto err; 148 goto err;
146 } 149 }
147 150
148 s=BN_new(); 151 s = BN_new();
149 if (s == NULL) goto err; 152 if (s == NULL)
150 ctx=BN_CTX_new(); 153 goto err;
151 if (ctx == NULL) goto err; 154 ctx = BN_CTX_new();
155 if (ctx == NULL)
156 goto err;
152redo: 157redo:
153 if ((dsa->kinv == NULL) || (dsa->r == NULL)) 158 if (dsa->kinv == NULL || dsa->r == NULL) {
154 { 159 if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
155 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; 160 goto err;
156 } 161 } else {
157 else 162 kinv = dsa->kinv;
158 { 163 dsa->kinv = NULL;
159 kinv=dsa->kinv; 164 r = dsa->r;
160 dsa->kinv=NULL; 165 dsa->r = NULL;
161 r=dsa->r;
162 dsa->r=NULL;
163 noredo = 1; 166 noredo = 1;
164 } 167 }
165 168
166 169
170 /*
171 * If the digest length is greater than the size of q use the
172 * BN_num_bits(dsa->q) leftmost bits of the digest, see
173 * fips 186-3, 4.2
174 */
167 if (dlen > BN_num_bytes(dsa->q)) 175 if (dlen > BN_num_bytes(dsa->q))
168 /* if the digest length is greater than the size of q use the
169 * BN_num_bits(dsa->q) leftmost bits of the digest, see
170 * fips 186-3, 4.2 */
171 dlen = BN_num_bytes(dsa->q); 176 dlen = BN_num_bytes(dsa->q);
172 if (BN_bin2bn(dgst,dlen,&m) == NULL) 177 if (BN_bin2bn(dgst,dlen,&m) == NULL)
173 goto err; 178 goto err;
174 179
175 /* Compute s = inv(k) (m + xr) mod q */ 180 /* Compute s = inv(k) (m + xr) mod q */
176 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ 181 if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) /* s = xr */
177 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ 182 goto err;
178 if (BN_cmp(s,dsa->q) > 0) 183 if (!BN_add(s, &xr, &m)) /* s = m + xr */
179 if (!BN_sub(s,s,dsa->q)) goto err; 184 goto err;
180 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; 185 if (BN_cmp(s, dsa->q) > 0)
181 186 if (!BN_sub(s, s, dsa->q))
182 ret=DSA_SIG_new(); 187 goto err;
183 if (ret == NULL) goto err; 188 if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
184 /* Redo if r or s is zero as required by FIPS 186-3: this is 189 goto err;
190
191 ret = DSA_SIG_new();
192 if (ret == NULL)
193 goto err;
194 /*
195 * Redo if r or s is zero as required by FIPS 186-3: this is
185 * very unlikely. 196 * very unlikely.
186 */ 197 */
187 if (BN_is_zero(r) || BN_is_zero(s)) 198 if (BN_is_zero(r) || BN_is_zero(s)) {
188 { 199 if (noredo) {
189 if (noredo)
190 {
191 reason = DSA_R_NEED_NEW_SETUP_VALUES; 200 reason = DSA_R_NEED_NEW_SETUP_VALUES;
192 goto err; 201 goto err;
193 }
194 goto redo;
195 } 202 }
203 goto redo;
204 }
196 ret->r = r; 205 ret->r = r;
197 ret->s = s; 206 ret->s = s;
198 207
199err: 208err:
200 if (!ret) 209 if (!ret) {
201 { 210 DSAerr(DSA_F_DSA_DO_SIGN, reason);
202 DSAerr(DSA_F_DSA_DO_SIGN,reason);
203 BN_free(r); 211 BN_free(r);
204 BN_free(s); 212 BN_free(s);
205 } 213 }
206 if (ctx != NULL) BN_CTX_free(ctx); 214 if (ctx != NULL)
215 BN_CTX_free(ctx);
207 BN_clear_free(&m); 216 BN_clear_free(&m);
208 BN_clear_free(&xr); 217 BN_clear_free(&xr);
209 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ 218 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
210 BN_clear_free(kinv); 219 BN_clear_free(kinv);
211 return(ret); 220 return ret;
212 } 221}
213 222
214static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 223static int
215 { 224dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
225{
216 BN_CTX *ctx; 226 BN_CTX *ctx;
217 BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; 227 BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
218 int ret=0; 228 int ret = 0;
219 229
220 if (!dsa->p || !dsa->q || !dsa->g) 230 if (!dsa->p || !dsa->q || !dsa->g) {
221 { 231 DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
222 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
223 return 0; 232 return 0;
224 } 233 }
225 234
226 BN_init(&k); 235 BN_init(&k);
227 BN_init(&kq); 236 BN_init(&kq);
228 237
229 if (ctx_in == NULL) 238 if (ctx_in == NULL) {
230 { 239 if ((ctx = BN_CTX_new()) == NULL)
231 if ((ctx=BN_CTX_new()) == NULL) goto err; 240 goto err;
232 } 241 } else
233 else 242 ctx = ctx_in;
234 ctx=ctx_in;
235 243
236 if ((r=BN_new()) == NULL) goto err; 244 if ((r = BN_new()) == NULL)
245 goto err;
237 246
238 /* Get random k */ 247 /* Get random k */
239 do 248 do {
240 if (!BN_rand_range(&k, dsa->q)) goto err; 249 if (!BN_rand_range(&k, dsa->q))
241 while (BN_is_zero(&k)); 250 goto err;
242 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 251 } while (BN_is_zero(&k));
243 { 252 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
244 BN_set_flags(&k, BN_FLG_CONSTTIME); 253 BN_set_flags(&k, BN_FLG_CONSTTIME);
245 } 254 }
246 255
247 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 256 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
248 {
249 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, 257 if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
250 CRYPTO_LOCK_DSA, 258 CRYPTO_LOCK_DSA, dsa->p, ctx))
251 dsa->p, ctx))
252 goto err; 259 goto err;
253 } 260 }
254 261
255 /* Compute r = (g^k mod p) mod q */ 262 /* Compute r = (g^k mod p) mod q */
256 263
257 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 264 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
258 { 265 if (!BN_copy(&kq, &k))
259 if (!BN_copy(&kq, &k)) goto err; 266 goto err;
260 267
261 /* We do not want timing information to leak the length of k, 268 /*
262 * so we compute g^k using an equivalent exponent of fixed length. 269 * We do not want timing information to leak the length of k,
270 * so we compute g^k using an equivalent exponent of fixed
271 * length.
263 * 272 *
264 * (This is a kludge that we need because the BN_mod_exp_mont() 273 * (This is a kludge that we need because the BN_mod_exp_mont()
265 * does not let us specify the desired timing behaviour.) */ 274 * does not let us specify the desired timing behaviour.)
275 */
266 276
267 if (!BN_add(&kq, &kq, dsa->q)) goto err; 277 if (!BN_add(&kq, &kq, dsa->q))
268 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) 278 goto err;
269 { 279 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
270 if (!BN_add(&kq, &kq, dsa->q)) goto err; 280 if (!BN_add(&kq, &kq, dsa->q))
271 } 281 goto err;
282 }
272 283
273 K = &kq; 284 K = &kq;
274 } 285 } else {
275 else
276 {
277 K = &k; 286 K = &k;
278 } 287 }
279 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, 288 DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
280 dsa->method_mont_p); 289 dsa->method_mont_p);
281 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 290 if (!BN_mod(r,r,dsa->q,ctx))
291 goto err;
282 292
283 /* Compute part of 's = inv(k) (m + xr) mod q' */ 293 /* Compute part of 's = inv(k) (m + xr) mod q' */
284 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; 294 if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
285 295 goto err;
286 if (*kinvp != NULL) BN_clear_free(*kinvp); 296
287 *kinvp=kinv; 297 if (*kinvp != NULL)
288 kinv=NULL; 298 BN_clear_free(*kinvp);
289 if (*rp != NULL) BN_clear_free(*rp); 299 *kinvp = kinv;
290 *rp=r; 300 kinv = NULL;
291 ret=1; 301 if (*rp != NULL)
302 BN_clear_free(*rp);
303 *rp = r;
304 ret = 1;
292err: 305err:
293 if (!ret) 306 if (!ret) {
294 { 307 DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
295 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
296 if (r != NULL) 308 if (r != NULL)
297 BN_clear_free(r); 309 BN_clear_free(r);
298 } 310 }
299 if (ctx_in == NULL) BN_CTX_free(ctx); 311 if (ctx_in == NULL)
312 BN_CTX_free(ctx);
300 BN_clear_free(&k); 313 BN_clear_free(&k);
301 BN_clear_free(&kq); 314 BN_clear_free(&kq);
302 return(ret); 315 return ret;
303 } 316}
304 317
305static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 318static int
306 DSA *dsa) 319dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
307 { 320{
308 BN_CTX *ctx; 321 BN_CTX *ctx;
309 BIGNUM u1,u2,t1; 322 BIGNUM u1, u2, t1;
310 BN_MONT_CTX *mont=NULL; 323 BN_MONT_CTX *mont = NULL;
311 int ret = -1, i; 324 int ret = -1, i;
312 if (!dsa->p || !dsa->q || !dsa->g) 325
313 { 326 if (!dsa->p || !dsa->q || !dsa->g) {
314 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); 327 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
315 return -1; 328 return -1;
316 } 329 }
317 330
318 i = BN_num_bits(dsa->q); 331 i = BN_num_bits(dsa->q);
319 /* fips 186-3 allows only different sizes for q */ 332 /* fips 186-3 allows only different sizes for q */
320 if (i != 160 && i != 224 && i != 256) 333 if (i != 160 && i != 224 && i != 256) {
321 { 334 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
322 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
323 return -1; 335 return -1;
324 } 336 }
325 337
326 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) 338 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
327 { 339 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
328 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
329 return -1; 340 return -1;
330 } 341 }
331 BN_init(&u1); 342 BN_init(&u1);
332 BN_init(&u2); 343 BN_init(&u2);
333 BN_init(&t1); 344 BN_init(&t1);
334 345
335 if ((ctx=BN_CTX_new()) == NULL) goto err; 346 if ((ctx = BN_CTX_new()) == NULL)
347 goto err;
336 348
337 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || 349 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
338 BN_ucmp(sig->r, dsa->q) >= 0) 350 BN_ucmp(sig->r, dsa->q) >= 0) {
339 {
340 ret = 0; 351 ret = 0;
341 goto err; 352 goto err;
342 } 353 }
343 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || 354 if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
344 BN_ucmp(sig->s, dsa->q) >= 0) 355 BN_ucmp(sig->s, dsa->q) >= 0) {
345 {
346 ret = 0; 356 ret = 0;
347 goto err; 357 goto err;
348 } 358 }
349 359
350 /* Calculate W = inv(S) mod Q 360 /* Calculate W = inv(S) mod Q
351 * save W in u2 */ 361 * save W in u2 */
352 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 362 if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
363 goto err;
353 364
354 /* save M in u1 */ 365 /* save M in u1 */
366 /*
367 * If the digest length is greater than the size of q use the
368 * BN_num_bits(dsa->q) leftmost bits of the digest, see
369 * fips 186-3, 4.2
370 */
355 if (dgst_len > (i >> 3)) 371 if (dgst_len > (i >> 3))
356 /* if the digest length is greater than the size of q use the
357 * BN_num_bits(dsa->q) leftmost bits of the digest, see
358 * fips 186-3, 4.2 */
359 dgst_len = (i >> 3); 372 dgst_len = (i >> 3);
360 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; 373 if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
374 goto err;
361 375
362 /* u1 = M * w mod q */ 376 /* u1 = M * w mod q */
363 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; 377 if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
378 goto err;
364 379
365 /* u2 = r * w mod q */ 380 /* u2 = r * w mod q */
366 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; 381 if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
382 goto err;
367 383
368 384
369 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 385 if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
370 {
371 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, 386 mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
372 CRYPTO_LOCK_DSA, dsa->p, ctx); 387 CRYPTO_LOCK_DSA, dsa->p, ctx);
373 if (!mont) 388 if (!mont)
374 goto err; 389 goto err;
375 } 390 }
376
377 391
378 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); 392 DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
393 ctx, mont);
379 /* BN_copy(&u1,&t1); */ 394 /* BN_copy(&u1,&t1); */
380 /* let u1 = u1 mod q */ 395 /* let u1 = u1 mod q */
381 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; 396 if (!BN_mod(&u1, &t1, dsa->q, ctx))
397 goto err;
382 398
383 /* V is now in u1. If the signature is correct, it will be 399 /* V is now in u1. If the signature is correct, it will be
384 * equal to R. */ 400 * equal to R. */
385 ret=(BN_ucmp(&u1, sig->r) == 0); 401 ret = BN_ucmp(&u1, sig->r) == 0;
386 402
387 err: 403err:
388 /* XXX: surely this is wrong - if ret is 0, it just didn't verify; 404 /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
389 there is no error in BN. Test should be ret == -1 (Ben) */ 405 there is no error in BN. Test should be ret == -1 (Ben) */
390 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); 406 if (ret != 1)
391 if (ctx != NULL) BN_CTX_free(ctx); 407 DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
408 if (ctx != NULL)
409 BN_CTX_free(ctx);
392 BN_free(&u1); 410 BN_free(&u1);
393 BN_free(&u2); 411 BN_free(&u2);
394 BN_free(&t1); 412 BN_free(&t1);
395 return(ret); 413 return ret;
396 } 414}
397 415
398static int dsa_init(DSA *dsa) 416static int
417dsa_init(DSA *dsa)
399{ 418{
400 dsa->flags|=DSA_FLAG_CACHE_MONT_P; 419 dsa->flags |= DSA_FLAG_CACHE_MONT_P;
401 return(1); 420 return 1;
402} 421}
403 422
404static int dsa_finish(DSA *dsa) 423static int
424dsa_finish(DSA *dsa)
405{ 425{
406 if(dsa->method_mont_p) 426 if (dsa->method_mont_p)
407 BN_MONT_CTX_free(dsa->method_mont_p); 427 BN_MONT_CTX_free(dsa->method_mont_p);
408 return(1); 428 return 1;
409} 429}
410 430
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c
index e75f0153de..f013a3f6e7 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ 1/* $OpenBSD: dsa_pmeth.c,v 1.7 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -68,8 +68,7 @@
68 68
69/* DSA pkey context structure */ 69/* DSA pkey context structure */
70 70
71typedef struct 71typedef struct {
72 {
73 /* Parameter gen parameters */ 72 /* Parameter gen parameters */
74 int nbits; /* size of p in bits (default: 1024) */ 73 int nbits; /* size of p in bits (default: 1024) */
75 int qbits; /* size of q in bits (default: 160) */ 74 int qbits; /* size of q in bits (default: 160) */
@@ -78,11 +77,13 @@ typedef struct
78 int gentmp[2]; 77 int gentmp[2];
79 /* message digest */ 78 /* message digest */
80 const EVP_MD *md; /* MD for the signature */ 79 const EVP_MD *md; /* MD for the signature */
81 } DSA_PKEY_CTX; 80} DSA_PKEY_CTX;
82 81
83static int pkey_dsa_init(EVP_PKEY_CTX *ctx) 82static int
84 { 83pkey_dsa_init(EVP_PKEY_CTX *ctx)
84{
85 DSA_PKEY_CTX *dctx; 85 DSA_PKEY_CTX *dctx;
86
86 dctx = malloc(sizeof(DSA_PKEY_CTX)); 87 dctx = malloc(sizeof(DSA_PKEY_CTX));
87 if (!dctx) 88 if (!dctx)
88 return 0; 89 return 0;
@@ -96,11 +97,13 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
96 ctx->keygen_info_count = 2; 97 ctx->keygen_info_count = 2;
97 98
98 return 1; 99 return 1;
99 } 100}
100 101
101static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 102static int
102 { 103pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
104{
103 DSA_PKEY_CTX *dctx, *sctx; 105 DSA_PKEY_CTX *dctx, *sctx;
106
104 if (!pkey_dsa_init(dst)) 107 if (!pkey_dsa_init(dst))
105 return 0; 108 return 0;
106 sctx = src->data; 109 sctx = src->data;
@@ -110,17 +113,20 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
110 dctx->pmd = sctx->pmd; 113 dctx->pmd = sctx->pmd;
111 dctx->md = sctx->md; 114 dctx->md = sctx->md;
112 return 1; 115 return 1;
113 } 116}
114 117
115static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) 118static void
116 { 119pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
120{
117 DSA_PKEY_CTX *dctx = ctx->data; 121 DSA_PKEY_CTX *dctx = ctx->data;
122
118 free(dctx); 123 free(dctx);
119 } 124}
120 125
121static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 126static int
122 const unsigned char *tbs, size_t tbslen) 127pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
123 { 128 const unsigned char *tbs, size_t tbslen)
129{
124 int ret, type; 130 int ret, type;
125 unsigned int sltmp; 131 unsigned int sltmp;
126 DSA_PKEY_CTX *dctx = ctx->data; 132 DSA_PKEY_CTX *dctx = ctx->data;
@@ -137,12 +143,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
137 return ret; 143 return ret;
138 *siglen = sltmp; 144 *siglen = sltmp;
139 return 1; 145 return 1;
140 } 146}
141 147
142static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, 148static int
143 const unsigned char *sig, size_t siglen, 149pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
144 const unsigned char *tbs, size_t tbslen) 150 const unsigned char *tbs, size_t tbslen)
145 { 151{
146 int ret, type; 152 int ret, type;
147 DSA_PKEY_CTX *dctx = ctx->data; 153 DSA_PKEY_CTX *dctx = ctx->data;
148 DSA *dsa = ctx->pkey->pkey.dsa; 154 DSA *dsa = ctx->pkey->pkey.dsa;
@@ -155,69 +161,67 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
155 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); 161 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
156 162
157 return ret; 163 return ret;
158 } 164}
159 165
160static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 166static int
161 { 167pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
168{
162 DSA_PKEY_CTX *dctx = ctx->data; 169 DSA_PKEY_CTX *dctx = ctx->data;
163 switch (type) 170
164 { 171 switch (type) {
165 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: 172 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
166 if (p1 < 256) 173 if (p1 < 256)
167 return -2; 174 return -2;
168 dctx->nbits = p1; 175 dctx->nbits = p1;
169 return 1; 176 return 1;
170 177
171 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: 178 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
172 if (p1 != 160 && p1 != 224 && p1 && p1 != 256) 179 if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
173 return -2; 180 return -2;
174 dctx->qbits = p1; 181 dctx->qbits = p1;
175 return 1; 182 return 1;
176 183
177 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: 184 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
178 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 185 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
179 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 186 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
180 EVP_MD_type((const EVP_MD *)p2) != NID_sha256) 187 EVP_MD_type((const EVP_MD *)p2) != NID_sha256) {
181 {
182 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); 188 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
183 return 0; 189 return 0;
184 } 190 }
185 dctx->md = p2; 191 dctx->md = p2;
186 return 1; 192 return 1;
187 193
188 case EVP_PKEY_CTRL_MD: 194 case EVP_PKEY_CTRL_MD:
189 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 195 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
190 EVP_MD_type((const EVP_MD *)p2) != NID_dsa && 196 EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
191 EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && 197 EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
192 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 198 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
193 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && 199 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
194 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && 200 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
195 EVP_MD_type((const EVP_MD *)p2) != NID_sha512) 201 EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
196 {
197 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); 202 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
198 return 0; 203 return 0;
199 } 204 }
200 dctx->md = p2; 205 dctx->md = p2;
201 return 1; 206 return 1;
202 207
203 case EVP_PKEY_CTRL_DIGESTINIT: 208 case EVP_PKEY_CTRL_DIGESTINIT:
204 case EVP_PKEY_CTRL_PKCS7_SIGN: 209 case EVP_PKEY_CTRL_PKCS7_SIGN:
205 case EVP_PKEY_CTRL_CMS_SIGN: 210 case EVP_PKEY_CTRL_CMS_SIGN:
206 return 1; 211 return 1;
207 212
208 case EVP_PKEY_CTRL_PEER_KEY: 213 case EVP_PKEY_CTRL_PEER_KEY:
209 DSAerr(DSA_F_PKEY_DSA_CTRL, 214 DSAerr(DSA_F_PKEY_DSA_CTRL,
210 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 215 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
211 return -2; 216 return -2;
212 default: 217 default:
213 return -2; 218 return -2;
214
215 }
216 } 219 }
220}
217 221
218static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, 222static int
219 const char *type, const char *value) 223pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
220 { 224{
221 long lval; 225 long lval;
222 char *ep; 226 char *ep;
223 227
@@ -228,69 +232,71 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
228 lval = strtol(value, &ep, 10); 232 lval = strtol(value, &ep, 10);
229 if (value[0] == '\0' || *ep != '\0') 233 if (value[0] == '\0' || *ep != '\0')
230 goto not_a_number; 234 goto not_a_number;
231 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 235 if ((errno == ERANGE &&
236 (lval == LONG_MAX || lval == LONG_MIN)) ||
232 (lval > INT_MAX || lval < INT_MIN)) 237 (lval > INT_MAX || lval < INT_MIN))
233 goto out_of_range; 238 goto out_of_range;
234 nbits = lval; 239 nbits = lval;
235 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); 240 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
236 } 241 } else if (!strcmp(type, "dsa_paramgen_q_bits")) {
237 if (!strcmp(type, "dsa_paramgen_q_bits")) {
238 int qbits; 242 int qbits;
239 243
240 errno = 0; 244 errno = 0;
241 lval = strtol(value, &ep, 10); 245 lval = strtol(value, &ep, 10);
242 if (value[0] == '\0' || *ep != '\0') 246 if (value[0] == '\0' || *ep != '\0')
243 goto not_a_number; 247 goto not_a_number;
244 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 248 if ((errno == ERANGE &&
249 (lval == LONG_MAX || lval == LONG_MIN)) ||
245 (lval > INT_MAX || lval < INT_MIN)) 250 (lval > INT_MAX || lval < INT_MIN))
246 goto out_of_range; 251 goto out_of_range;
247 qbits = lval; 252 qbits = lval;
248 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, 253 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,
249 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); 254 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS,
250 } 255 qbits, NULL);
251 if (!strcmp(type, "dsa_paramgen_md")){ 256 } else if (!strcmp(type, "dsa_paramgen_md")) {
252 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, 257 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,
253 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 258 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
254 (void *)EVP_get_digestbyname(value)); 259 (void *)EVP_get_digestbyname(value));
255 } 260 }
256not_a_number: 261not_a_number:
257out_of_range: 262out_of_range:
258 return -2; 263 return -2;
259 } 264}
260 265
261static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 266static int
262 { 267pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
268{
263 DSA *dsa = NULL; 269 DSA *dsa = NULL;
264 DSA_PKEY_CTX *dctx = ctx->data; 270 DSA_PKEY_CTX *dctx = ctx->data;
265 BN_GENCB *pcb, cb; 271 BN_GENCB *pcb, cb;
266 int ret; 272 int ret;
267 if (ctx->pkey_gencb) 273
268 { 274 if (ctx->pkey_gencb) {
269 pcb = &cb; 275 pcb = &cb;
270 evp_pkey_set_cb_translate(pcb, ctx); 276 evp_pkey_set_cb_translate(pcb, ctx);
271 } 277 } else
272 else
273 pcb = NULL; 278 pcb = NULL;
274 dsa = DSA_new(); 279 dsa = DSA_new();
275 if (!dsa) 280 if (!dsa)
276 return 0; 281 return 0;
277 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, 282 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
278 NULL, 0, NULL, NULL, NULL, pcb); 283 NULL, 0, NULL, NULL, NULL, pcb);
279 if (ret) 284 if (ret)
280 EVP_PKEY_assign_DSA(pkey, dsa); 285 EVP_PKEY_assign_DSA(pkey, dsa);
281 else 286 else
282 DSA_free(dsa); 287 DSA_free(dsa);
283 return ret; 288 return ret;
284 } 289}
285 290
286static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 291static int
287 { 292pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
293{
288 DSA *dsa = NULL; 294 DSA *dsa = NULL;
289 if (ctx->pkey == NULL) 295
290 { 296 if (ctx->pkey == NULL) {
291 DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); 297 DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
292 return 0; 298 return 0;
293 } 299 }
294 dsa = DSA_new(); 300 dsa = DSA_new();
295 if (!dsa) 301 if (!dsa)
296 return 0; 302 return 0;
@@ -299,7 +305,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
299 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 305 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
300 return 0; 306 return 0;
301 return DSA_generate_key(pkey->pkey.dsa); 307 return DSA_generate_key(pkey->pkey.dsa);
302 } 308}
303 309
304const EVP_PKEY_METHOD dsa_pkey_meth = { 310const EVP_PKEY_METHOD dsa_pkey_meth = {
305 .pkey_id = EVP_PKEY_DSA, 311 .pkey_id = EVP_PKEY_DSA,
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_prn.c b/src/lib/libssl/src/crypto/dsa/dsa_prn.c
index e730c1a092..5a7423c831 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_prn.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_prn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_prn.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_prn.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -61,59 +61,62 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/dsa.h> 62#include <openssl/dsa.h>
63 63
64int DSA_print_fp(FILE *fp, const DSA *x, int off) 64int
65 { 65DSA_print_fp(FILE *fp, const DSA *x, int off)
66{
66 BIO *b; 67 BIO *b;
67 int ret; 68 int ret;
68 69
69 if ((b=BIO_new(BIO_s_file())) == NULL) 70 if ((b = BIO_new(BIO_s_file())) == NULL) {
70 { 71 DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
71 DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); 72 return 0;
72 return(0);
73 }
74 BIO_set_fp(b,fp,BIO_NOCLOSE);
75 ret=DSA_print(b,x,off);
76 BIO_free(b);
77 return(ret);
78 } 73 }
74 BIO_set_fp(b, fp, BIO_NOCLOSE);
75 ret = DSA_print(b, x, off);
76 BIO_free(b);
77 return ret;
78}
79 79
80int DSAparams_print_fp(FILE *fp, const DSA *x) 80int
81 { 81DSAparams_print_fp(FILE *fp, const DSA *x)
82{
82 BIO *b; 83 BIO *b;
83 int ret; 84 int ret;
84 85
85 if ((b=BIO_new(BIO_s_file())) == NULL) 86 if ((b = BIO_new(BIO_s_file())) == NULL) {
86 { 87 DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
87 DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); 88 return 0;
88 return(0);
89 }
90 BIO_set_fp(b,fp,BIO_NOCLOSE);
91 ret=DSAparams_print(b, x);
92 BIO_free(b);
93 return(ret);
94 } 89 }
90 BIO_set_fp(b, fp, BIO_NOCLOSE);
91 ret = DSAparams_print(b, x);
92 BIO_free(b);
93 return ret;
94}
95 95
96int DSA_print(BIO *bp, const DSA *x, int off) 96int
97 { 97DSA_print(BIO *bp, const DSA *x, int off)
98{
98 EVP_PKEY *pk; 99 EVP_PKEY *pk;
99 int ret; 100 int ret;
101
100 pk = EVP_PKEY_new(); 102 pk = EVP_PKEY_new();
101 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) 103 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
102 return 0; 104 return 0;
103 ret = EVP_PKEY_print_private(bp, pk, off, NULL); 105 ret = EVP_PKEY_print_private(bp, pk, off, NULL);
104 EVP_PKEY_free(pk); 106 EVP_PKEY_free(pk);
105 return ret; 107 return ret;
106 } 108}
107 109
108int DSAparams_print(BIO *bp, const DSA *x) 110int
109 { 111DSAparams_print(BIO *bp, const DSA *x)
112{
110 EVP_PKEY *pk; 113 EVP_PKEY *pk;
111 int ret; 114 int ret;
115
112 pk = EVP_PKEY_new(); 116 pk = EVP_PKEY_new();
113 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) 117 if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
114 return 0; 118 return 0;
115 ret = EVP_PKEY_print_params(bp, pk, 4, NULL); 119 ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
116 EVP_PKEY_free(pk); 120 EVP_PKEY_free(pk);
117 return ret; 121 return ret;
118 } 122}
119
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
index 484e5f4357..40223a1d59 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_sign.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_sign.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -63,36 +63,39 @@
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#include <openssl/bn.h> 64#include <openssl/bn.h>
65 65
66DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 66DSA_SIG *
67 { 67DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
68{
68 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 69 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
69 } 70}
70 71
71int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 72int
72 { 73DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
74{
73 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 75 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
74 } 76}
75 77
76DSA_SIG *DSA_SIG_new(void) 78DSA_SIG *
77 { 79DSA_SIG_new(void)
80{
78 DSA_SIG *sig; 81 DSA_SIG *sig;
82
79 sig = malloc(sizeof(DSA_SIG)); 83 sig = malloc(sizeof(DSA_SIG));
80 if (!sig) 84 if (!sig)
81 return NULL; 85 return NULL;
82 sig->r = NULL; 86 sig->r = NULL;
83 sig->s = NULL; 87 sig->s = NULL;
84 return sig; 88 return sig;
85 } 89}
86 90
87void DSA_SIG_free(DSA_SIG *sig) 91void
88 { 92DSA_SIG_free(DSA_SIG *sig)
89 if (sig) 93{
90 { 94 if (sig) {
91 if (sig->r) 95 if (sig->r)
92 BN_free(sig->r); 96 BN_free(sig->r);
93 if (sig->s) 97 if (sig->s)
94 BN_free(sig->s); 98 BN_free(sig->s);
95 free(sig); 99 free(sig);
96 }
97 } 100 }
98 101}
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
index f4484abd55..b82fa41259 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_vrf.c,v 1.14 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dsa_vrf.c,v 1.15 2014/07/09 10:16:24 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,8 +61,8 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/dsa.h> 62#include <openssl/dsa.h>
63 63
64int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 64int
65 DSA *dsa) 65DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
66 { 66{
67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
68 } 68}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-21 11:55:58 +0000