From 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 Mon Sep 17 00:00:00 2001 From: markus <> Date: Thu, 5 Sep 2002 12:51:50 +0000 Subject: import openssl-0.9.7-beta1 --- src/lib/libcrypto/dsa/dsa.h | 180 +++++++++++++++++++++----------- src/lib/libcrypto/dsa/dsa_asn1.c | 200 +++++++++++++++++++++-------------- src/lib/libcrypto/dsa/dsa_err.c | 133 ++++++++++++----------- src/lib/libcrypto/dsa/dsa_gen.c | 220 +++++++++++++++++---------------------- src/lib/libcrypto/dsa/dsa_key.c | 25 ++--- src/lib/libcrypto/dsa/dsa_lib.c | 176 ++++++++++++++++++++++++++++--- src/lib/libcrypto/dsa/dsa_ossl.c | 39 +++++-- src/lib/libcrypto/dsa/dsa_sign.c | 166 ++++------------------------- src/lib/libcrypto/dsa/dsa_vrf.c | 109 +++++-------------- 9 files changed, 656 insertions(+), 592 deletions(-) (limited to 'src/lib/libcrypto/dsa') diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h index 1ca87c1cbe..9b3baadf2c 100644 --- a/src/lib/libcrypto/dsa/dsa.h +++ b/src/lib/libcrypto/dsa/dsa.h @@ -65,18 +65,59 @@ #ifndef HEADER_DSA_H #define HEADER_DSA_H +#ifdef OPENSSL_NO_DSA +#error DSA is disabled. +#endif + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#include +#ifndef OPENSSL_NO_DH +# include +#endif + +#define DSA_FLAG_CACHE_MONT_P 0x01 + #ifdef __cplusplus extern "C" { #endif -#include "bn.h" +typedef struct dsa_st DSA; -typedef struct dsa_st +typedef struct DSA_SIG_st + { + BIGNUM *r; + BIGNUM *s; + } DSA_SIG; + +typedef struct dsa_method { + const char *name; + DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); + int flags; + char *app_data; +} DSA_METHOD; + +struct dsa_st { /* This first variable is used to pick up errors where * a DSA is passed instead of of a EVP_PKEY */ int pad; - int version; + long version; int write_params; BIGNUM *p; BIGNUM *q; /* == 20 */ @@ -88,8 +129,15 @@ typedef struct dsa_st BIGNUM *kinv; /* Signing pre-calc */ BIGNUM *r; /* Signing pre-calc */ + int flags; + /* Normally used to cache montgomery values */ + char *method_mont_p; int references; - } DSA; + CRYPTO_EX_DATA ex_data; + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ (char *(*)())d2i_DSAparams,(char *)(x)) @@ -102,93 +150,101 @@ typedef struct dsa_st #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ (unsigned char *)(x)) -#ifndef NOPROTO + +DSA_SIG * DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); + +DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); +int DSA_do_verify(const unsigned char *dgst,int dgst_len, + DSA_SIG *sig,DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); DSA * DSA_new(void); -int DSA_size(DSA *); +DSA * DSA_new_method(ENGINE *engine); +void DSA_free (DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); /* next 4 return -1 on error */ int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); -int DSA_sign(int type,unsigned char *dgst,int dlen, +int DSA_sign(int type,const unsigned char *dgst,int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); -int DSA_verify(int type,unsigned char *dgst,int dgst_len, - unsigned char *sigbuf, int siglen, DSA *dsa); -void DSA_free (DSA *r); - -void ERR_load_DSA_strings(void ); - -DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); -DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); -DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); -DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, +int DSA_verify(int type,const unsigned char *dgst,int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +DSA * DSA_generate_parameters(int bits, + unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret,void - (*callback)(),char *cb_arg); + (*callback)(int, int, void *),void *cb_arg); int DSA_generate_key(DSA *a); -int i2d_DSAPublicKey(DSA *a, unsigned char **pp); -int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); -int i2d_DSAparams(DSA *a,unsigned char **pp); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a,unsigned char **pp); -#ifdef HEADER_BIO_H -int DSAparams_print(BIO *bp, DSA *x); -int DSA_print(BIO *bp, DSA *x, int off); +#ifndef OPENSSL_NO_BIO +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); #endif -#ifndef NO_FP_API -int DSAparams_print_fp(FILE *fp, DSA *x); -int DSA_print_fp(FILE *bp, DSA *x, int off); +#ifndef OPENSSL_NO_FP_API +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); #endif -int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg); - -#else - -DSA * DSA_new(); -int DSA_size(); -int DSA_sign_setup(); -int DSA_sign(); -int DSA_verify(); -void DSA_free (); - -void ERR_load_DSA_strings(); - -DSA * d2i_DSAPublicKey(); -DSA * d2i_DSAPrivateKey(); -DSA * d2i_DSAparams(); -DSA * DSA_generate_parameters(); -int DSA_generate_key(); -int i2d_DSAPublicKey(); -int i2d_DSAPrivateKey(); -int i2d_DSAparams(); - -int DSA_is_prime(); - -int DSAparams_print(); -int DSA_print(); - -#ifndef NO_FP_API -int DSAparams_print_fp(); -int DSA_print_fp(); -#endif +#define DSS_prime_checks 50 +/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: + * 50 rounds of Rabin-Miller */ +#define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) +#ifndef OPENSSL_NO_DH +/* Convert DSA structure (key or just parameters) into DH structure + * (be careful to avoid small subgroup attacks when using this!) */ +DH *DSA_dup_DH(const DSA *r); #endif /* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DSA_strings(void); + /* Error codes for the DSA functions. */ /* Function codes. */ +#define DSA_F_D2I_DSA_SIG 110 #define DSA_F_DSAPARAMS_PRINT 100 #define DSA_F_DSAPARAMS_PRINT_FP 101 -#define DSA_F_DSA_IS_PRIME 102 -#define DSA_F_DSA_NEW 103 +#define DSA_F_DSA_DO_SIGN 112 +#define DSA_F_DSA_DO_VERIFY 113 +#define DSA_F_DSA_NEW_METHOD 103 #define DSA_F_DSA_PRINT 104 #define DSA_F_DSA_PRINT_FP 105 #define DSA_F_DSA_SIGN 106 #define DSA_F_DSA_SIGN_SETUP 107 +#define DSA_F_DSA_SIG_NEW 109 #define DSA_F_DSA_VERIFY 108 +#define DSA_F_I2D_DSA_SIG 111 +#define DSA_F_SIG_CB 114 /* Reason codes. */ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 - +#define DSA_R_MISSING_PARAMETERS 101 + #ifdef __cplusplus } #endif #endif - diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c index 7523b21654..23fce555aa 100644 --- a/src/lib/libcrypto/dsa/dsa_asn1.c +++ b/src/lib/libcrypto/dsa/dsa_asn1.c @@ -1,96 +1,140 @@ -/* crypto/dsa/dsa_asn1.c */ +/* dsa_asn1.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include "cryptlib.h" #include #include -#include +#include -DSA_SIG *DSA_SIG_new(void) +/* Override the default new methods */ +static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) { - DSA_SIG *ret; - - ret = Malloc(sizeof(DSA_SIG)); - if (ret == NULL) - { - DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->r = NULL; - ret->s = NULL; - return(ret); + if(operation == ASN1_OP_NEW_PRE) { + DSA_SIG *sig; + sig = OPENSSL_malloc(sizeof(DSA_SIG)); + sig->r = NULL; + sig->s = NULL; + *pval = (ASN1_VALUE *)sig; + if(sig) return 2; + DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; } -void DSA_SIG_free(DSA_SIG *r) +ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { + ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), + ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) +} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) + +IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) + +/* Override the default free and new methods */ +static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) { - if (r == NULL) return; - if (r->r) BN_clear_free(r->r); - if (r->s) BN_clear_free(r->s); - Free(r); + if(operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DSA_new(); + if(*pval) return 2; + return 0; + } else if(operation == ASN1_OP_FREE_PRE) { + DSA_free((DSA *)*pval); + *pval = NULL; + return 2; + } + return 1; } -int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp) -{ - int t=0,len; - ASN1_INTEGER rbs,sbs; - unsigned char *p; +ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { + ASN1_SIMPLE(DSA, version, LONG), + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM), + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, priv_key, BIGNUM) +} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) - rbs.data=Malloc(BN_num_bits(v->r)/8+1); - if (rbs.data == NULL) - { - DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); - return(0); - } - rbs.type=V_ASN1_INTEGER; - rbs.length=BN_bn2bin(v->r,rbs.data); - sbs.data=Malloc(BN_num_bits(v->s)/8+1); - if (sbs.data == NULL) - { - Free(rbs.data); - DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); - return(0); - } - sbs.type=V_ASN1_INTEGER; - sbs.length=BN_bn2bin(v->s,sbs.data); +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) - len=i2d_ASN1_INTEGER(&rbs,NULL); - len+=i2d_ASN1_INTEGER(&sbs,NULL); +ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM), +} ASN1_SEQUENCE_END_cb(DSA, DSAparams) - if (pp) - { - p=*pp; - ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_INTEGER(&rbs,&p); - i2d_ASN1_INTEGER(&sbs,&p); - } - t=ASN1_object_size(1,len,V_ASN1_SEQUENCE); - Free(rbs.data); - Free(sbs.data); - return(t); -} +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) -DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length) -{ - int i=ERR_R_NESTED_ASN1_ERROR; - ASN1_INTEGER *bs=NULL; - M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new); +/* DSA public key is a bit trickier... its effectively a CHOICE type + * decided by a field called write_params which can either write out + * just the public key as an INTEGER or the parameters and public key + * in a SEQUENCE + */ - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL) - goto err_bn; - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) - goto err_bn; - ASN1_BIT_STRING_free(bs); - M_ASN1_D2I_Finish_2(a); +ASN1_SEQUENCE(dsa_pub_internal) = { + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM) +} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) -err_bn: - i=ERR_R_BN_LIB; -err: - DSAerr(DSA_F_D2I_DSA_SIG,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); - if (bs != NULL) ASN1_BIT_STRING_free(bs); - return(NULL); -} +ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_EX_COMBINE(0, 0, dsa_pub_internal) +} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c index 318e9f31aa..79aa4ff526 100644 --- a/src/lib/libcrypto/dsa/dsa_err.c +++ b/src/lib/libcrypto/dsa/dsa_err.c @@ -1,96 +1,105 @@ -/* lib/dsa/dsa_err.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* crypto/dsa/dsa_err.c */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + #include -#include "err.h" -#include "dsa.h" +#include +#include /* BEGIN ERROR CODES */ -#ifndef NO_ERR +#ifndef OPENSSL_NO_ERR static ERR_STRING_DATA DSA_str_functs[]= { +{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"}, {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, -{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0), "DSA_is_prime"}, -{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, +{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, +{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, +{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"}, {ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, {ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, {ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, +{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"}, {ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, -{0,NULL}, +{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"}, +{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"}, +{0,NULL} }; static ERR_STRING_DATA DSA_str_reasons[]= { {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{0,NULL}, +{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, +{0,NULL} }; #endif -void ERR_load_DSA_strings() +void ERR_load_DSA_strings(void) { static int init=1; - if (init); - {; + if (init) + { init=0; -#ifndef NO_ERR +#ifndef OPENSSL_NO_ERR ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); #endif diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index d7d30bf90a..dc9c249310 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c @@ -59,28 +59,32 @@ #undef GENUINE_DSA #ifdef GENUINE_DSA -#define HASH SHA +/* Parameter generation follows the original release of FIPS PUB 186, + * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ +#define HASH EVP_sha() #else -#define HASH SHA1 +/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, + * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in + * FIPS PUB 180-1) */ +#define HASH EVP_sha1() #endif +#ifndef OPENSSL_NO_SHA + #include #include #include "cryptlib.h" -#include "sha.h" -#include "bn.h" -#include "dsa.h" -#include "rand.h" - -DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback, - cb_arg) -int bits; -unsigned char *seed_in; -int seed_len; -int *counter_ret; -unsigned long *h_ret; -void (*callback)(); -char *cb_arg; +#include +#include +#include +#include +#include + +DSA *DSA_generate_parameters(int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), + void *cb_arg) { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; @@ -88,49 +92,66 @@ char *cb_arg; unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; + BN_MONT_CTX *mont=NULL; int k,n=0,i,b,m=0; int counter=0; - BN_CTX *ctx=NULL,*ctx2=NULL; + int r=0; + BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; unsigned int h=2; DSA *ret=NULL; if (bits < 512) bits=512; bits=(bits+63)/64*64; + if (seed_len < 20) + seed_in = NULL; /* seed buffer too small -- ignore */ + if (seed_len > 20) + seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits*/ if ((seed_in != NULL) && (seed_len == 20)) memcpy(seed,seed_in,seed_len); - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - ctx2=BN_CTX_new(); - if (ctx2 == NULL) goto err; - ret=DSA_new(); - if (ret == NULL) goto err; - r0=ctx2->bn[0]; - g=ctx2->bn[1]; - W=ctx2->bn[2]; - q=ctx2->bn[3]; - X=ctx2->bn[4]; - c=ctx2->bn[5]; - p=ctx2->bn[6]; - test=ctx2->bn[7]; + if ((ctx=BN_CTX_new()) == NULL) goto err; + if ((ctx2=BN_CTX_new()) == NULL) goto err; + if ((ctx3=BN_CTX_new()) == NULL) goto err; + if ((ret=DSA_new()) == NULL) goto err; + + if ((mont=BN_MONT_CTX_new()) == NULL) goto err; + + BN_CTX_start(ctx2); + r0 = BN_CTX_get(ctx2); + g = BN_CTX_get(ctx2); + W = BN_CTX_get(ctx2); + q = BN_CTX_get(ctx2); + X = BN_CTX_get(ctx2); + c = BN_CTX_get(ctx2); + p = BN_CTX_get(ctx2); + test = BN_CTX_get(ctx2); BN_lshift(test,BN_value_one(),bits-1); for (;;) { - for (;;) + for (;;) /* find q */ { + int seed_is_random; + /* step 1 */ if (callback != NULL) callback(0,m++,cb_arg); if (!seed_len) - RAND_bytes(seed,SHA_DIGEST_LENGTH); + { + RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); + seed_is_random = 1; + } else - seed_len=0; - + { + seed_is_random = 0; + seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ + } memcpy(buf,seed,SHA_DIGEST_LENGTH); memcpy(buf2,seed,SHA_DIGEST_LENGTH); + /* precompute "SEED + 1" for step 7: */ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) { buf[i]++; @@ -138,18 +159,23 @@ char *cb_arg; } /* step 2 */ - HASH(seed,SHA_DIGEST_LENGTH,md); - HASH(buf,SHA_DIGEST_LENGTH,buf2); + EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); + EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); for (i=0; i 0) break; + r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); + if (r > 0) + break; + if (r != 0) + goto err; + /* do a callback call */ /* step 5 */ } @@ -159,26 +185,33 @@ char *cb_arg; /* step 6 */ counter=0; + /* "offset = 2" */ n=(bits-1)/160; b=(bits-1)-n*160; for (;;) { + if (callback != NULL && counter != 0) + callback(0,counter,cb_arg); + /* step 7 */ BN_zero(W); + /* now 'buf' contains "SEED + offset - 1" */ for (k=0; k<=n; k++) { + /* obtain "SEED + offset + k" by incrementing: */ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) { buf[i]++; if (buf[i] != 0) break; } - HASH(buf,SHA_DIGEST_LENGTH,md); + EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); /* step 8 */ - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort(); + if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) + goto err; BN_lshift(r0,r0,160*k); BN_add(W,W,r0); } @@ -198,32 +231,36 @@ char *cb_arg; if (BN_cmp(p,test) >= 0) { /* step 11 */ - if (DSA_is_prime(p,callback,cb_arg) > 0) - goto end; + r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); + if (r > 0) + goto end; /* found it */ + if (r != 0) + goto err; } /* step 13 */ counter++; + /* "offset = offset + n + 1" */ /* step 14 */ if (counter >= 4096) break; - - if (callback != NULL) callback(0,counter,cb_arg); } } end: if (callback != NULL) callback(2,1,cb_arg); - /* We now need to gernerate g */ + /* We now need to generate g */ /* Set r0=(p-1)/q */ - BN_sub(test,p,BN_value_one()); - BN_div(r0,NULL,test,q,ctx); + BN_sub(test,p,BN_value_one()); + BN_div(r0,NULL,test,q,ctx); BN_set_word(test,h); + BN_MONT_CTX_set(mont,p,ctx); + for (;;) { /* g=test^r0%p */ - BN_mod_exp(g,test,r0,p,ctx); + BN_mod_exp_mont(g,test,r0,p,ctx,mont); if (!BN_is_one(g)) break; BN_add(test,test,BN_value_one()); h++; @@ -246,83 +283,14 @@ err: if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; } - BN_CTX_free(ctx); - BN_CTX_free(ctx2); - return(ok?ret:NULL); - } - -int DSA_is_prime(w, callback,cb_arg) -BIGNUM *w; -void (*callback)(); -char *cb_arg; - { - int ok= -1,j,i,n; - BN_CTX *ctx=NULL,*ctx2=NULL; - BIGNUM *w_1,*b,*m,*z; - int a; - - if (!BN_is_bit_set(w,0)) return(0); - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - ctx2=BN_CTX_new(); - if (ctx2 == NULL) goto err; - - m= ctx2->bn[2]; - b= ctx2->bn[3]; - z= ctx2->bn[4]; - w_1=ctx2->bn[5]; - - /* step 1 */ - n=50; - - /* step 2 */ - if (!BN_sub(w_1,w,BN_value_one())) goto err; - for (a=1; !BN_is_bit_set(w_1,a); a++) - ; - if (!BN_rshift(m,w_1,a)) goto err; - - for (i=1; i < n; i++) + if (ctx != NULL) BN_CTX_free(ctx); + if (ctx2 != NULL) { - /* step 3 */ - BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0); - BN_set_word(b,0x10001L); - - /* step 4 */ - j=0; - if (!BN_mod_exp(z,b,m,w,ctx)) goto err; - - /* step 5 */ - for (;;) - { - if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0)) - break; - - /* step 6 */ - if ((j > 0) && BN_is_one(z)) - { - ok=0; - goto err; - } - - j++; - if (j >= a) - { - ok=0; - goto err; - } - - if (!BN_mod_mul(z,z,z,w,ctx)) goto err; - if (callback != NULL) callback(1,j,cb_arg); - } + BN_CTX_end(ctx2); + BN_CTX_free(ctx2); } - - ok=1; -err: - if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB); - BN_CTX_free(ctx); - BN_CTX_free(ctx2); - - return(ok); + if (ctx3 != NULL) BN_CTX_free(ctx3); + if (mont != NULL) BN_MONT_CTX_free(mont); + return(ok?ret:NULL); } - +#endif diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index d51ed9395f..ef87c3e637 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c @@ -56,19 +56,17 @@ * [including the GNU Public Licence.] */ +#ifndef OPENSSL_NO_SHA #include #include #include "cryptlib.h" -#include "sha.h" -#include "bn.h" -#include "dsa.h" -#include "rand.h" +#include +#include +#include -int DSA_generate_key(dsa) -DSA *dsa; +int DSA_generate_key(DSA *dsa) { int ok=0; - unsigned int i; BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -81,14 +79,9 @@ DSA *dsa; else priv_key=dsa->priv_key; - i=BN_num_bits(dsa->q); - for (;;) - { - BN_rand(priv_key,i,1,0); - if (BN_cmp(priv_key,dsa->q) >= 0) - BN_sub(priv_key,priv_key,dsa->q); - if (!BN_is_zero(priv_key)) break; - } + do + if (!BN_rand_range(priv_key,dsa->q)) goto err; + while (BN_is_zero(priv_key)); if (dsa->pub_key == NULL) { @@ -109,4 +102,4 @@ err: if (ctx != NULL) BN_CTX_free(ctx); return(ok); } - +#endif diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c index b647257f9f..da2cdfa3d6 100644 --- a/src/lib/libcrypto/dsa/dsa_lib.c +++ b/src/lib/libcrypto/dsa/dsa_lib.c @@ -56,26 +56,89 @@ * [including the GNU Public Licence.] */ -/* Origional version from Steven Schoch */ +/* Original version from Steven Schoch */ #include #include "cryptlib.h" -#include "bn.h" -#include "dsa.h" -#include "asn1.h" +#include +#include +#include +#include -char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998"; +const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; -DSA *DSA_new() +static const DSA_METHOD *default_DSA_method = NULL; + +void DSA_set_default_method(const DSA_METHOD *meth) + { + default_DSA_method = meth; + } + +const DSA_METHOD *DSA_get_default_method(void) + { + if(!default_DSA_method) + default_DSA_method = DSA_OpenSSL(); + return default_DSA_method; + } + +DSA *DSA_new(void) + { + return DSA_new_method(NULL); + } + +int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) + { + /* NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. */ + const DSA_METHOD *mtmp; + mtmp = dsa->meth; + if (mtmp->finish) mtmp->finish(dsa); + if (dsa->engine) + { + ENGINE_finish(dsa->engine); + dsa->engine = NULL; + } + dsa->meth = meth; + if (meth->init) meth->init(dsa); + return 1; + } + +DSA *DSA_new_method(ENGINE *engine) { DSA *ret; - ret=(DSA *)Malloc(sizeof(DSA)); + ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); if (ret == NULL) { - DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); + DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); return(NULL); } + ret->meth = DSA_get_default_method(); + if (engine) + { + if (!ENGINE_init(engine)) + { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } + else + ret->engine = ENGINE_get_default_DSA(); + if(ret->engine) + { + ret->meth = ENGINE_get_DSA(ret->engine); + if(!ret->meth) + { + DSAerr(DSA_F_DSA_NEW_METHOD, + ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } + ret->pad=0; ret->version=0; ret->write_params=1; @@ -88,13 +151,24 @@ DSA *DSA_new() ret->kinv=NULL; ret->r=NULL; + ret->method_mont_p=NULL; ret->references=1; + ret->flags=ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + if (ret->engine) + ENGINE_finish(ret->engine); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } + return(ret); } -void DSA_free(r) -DSA *r; +void DSA_free(DSA *r) { int i; @@ -113,6 +187,13 @@ DSA *r; } #endif + if(r->meth->finish) + r->meth->finish(r); + if(r->engine) + ENGINE_finish(r->engine); + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); + if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->g != NULL) BN_clear_free(r->g); @@ -120,11 +201,26 @@ DSA *r; if (r->priv_key != NULL) BN_clear_free(r->priv_key); if (r->kinv != NULL) BN_clear_free(r->kinv); if (r->r != NULL) BN_clear_free(r->r); - Free(r); + OPENSSL_free(r); + } + +int DSA_up_ref(DSA *r) + { + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); +#ifdef REF_PRINT + REF_PRINT("DSA",r); +#endif +#ifdef REF_CHECK + if (i < 2) + { + fprintf(stderr, "DSA_up_ref, bad reference count\n"); + abort(); + } +#endif + return ((i > 1) ? 1 : 0); } -int DSA_size(r) -DSA *r; +int DSA_size(const DSA *r) { int ret,i; ASN1_INTEGER bs; @@ -143,3 +239,57 @@ DSA *r; return(ret); } +int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, + new_func, dup_func, free_func); + } + +int DSA_set_ex_data(DSA *d, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); + } + +void *DSA_get_ex_data(DSA *d, int idx) + { + return(CRYPTO_get_ex_data(&d->ex_data,idx)); + } + +#ifndef OPENSSL_NO_DH +DH *DSA_dup_DH(const DSA *r) + { + /* DSA has p, q, g, optional pub_key, optional priv_key. + * DH has p, optional length, g, optional pub_key, optional priv_key. + */ + + DH *ret = NULL; + + if (r == NULL) + goto err; + ret = DH_new(); + if (ret == NULL) + goto err; + if (r->p != NULL) + if ((ret->p = BN_dup(r->p)) == NULL) + goto err; + if (r->q != NULL) + ret->length = BN_num_bits(r->q); + if (r->g != NULL) + if ((ret->g = BN_dup(r->g)) == NULL) + goto err; + if (r->pub_key != NULL) + if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) + goto err; + if (r->priv_key != NULL) + if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) + goto err; + + return ret; + + err: + if (ret != NULL) + DH_free(ret); + return NULL; + } +#endif diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index b51cf6ad8d..37dd5fc994 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -64,6 +64,7 @@ #include #include #include +#include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); @@ -91,7 +92,7 @@ dsa_finish, NULL }; -DSA_METHOD *DSA_OpenSSL(void) +const DSA_METHOD *DSA_OpenSSL(void) { return &openssl_dsa_meth; } @@ -105,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + if (!dsa->p || !dsa->q || !dsa->g) + { + reason=DSA_R_MISSING_PARAMETERS; + goto err; + } BN_init(&m); BN_init(&xr); s=BN_new(); @@ -167,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) BIGNUM k,*kinv=NULL,*r=NULL; int ret=0; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + return 0; + } if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -179,13 +190,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) kinv=NULL; /* Get random k */ - for (;;) - { - if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; - if (BN_cmp(&k,dsa->q) >= 0) - BN_sub(&k,&k,dsa->q); - if (!BN_is_zero(&k)) break; - } + do + if (!BN_rand_range(&k, dsa->q)) goto err; + while (BN_is_zero(&k)); if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) { @@ -228,12 +235,28 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BIGNUM u1,u2,t1; BN_MONT_CTX *mont=NULL; int ret = -1; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); + return -1; + } if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&u1); BN_init(&u2); BN_init(&t1); + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + /* Calculate W = inv(S) mod Q * save W in u2 */ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c index 6ca1c318f2..e9469ca62f 100644 --- a/src/lib/libcrypto/dsa/dsa_sign.c +++ b/src/lib/libcrypto/dsa/dsa_sign.c @@ -56,160 +56,38 @@ * [including the GNU Public Licence.] */ -/* Origional version from Steven Schoch */ +/* Original version from Steven Schoch */ #include #include "cryptlib.h" -#include "bn.h" -#include "dsa.h" -#include "rand.h" -#include "asn1.h" +#include +#include +#include +#include +#include -/* data has already been hashed (probably with SHA or SHA-1). */ -/* DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */ - -int DSA_sign(type,dgst,dlen,sig,siglen,dsa) -int type; -unsigned char *dgst; -int dlen; -unsigned char *sig; /* out */ -unsigned int *siglen; /* out */ -DSA *dsa; +DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { - BIGNUM *kinv=NULL,*r=NULL; - BIGNUM *m=NULL; - BIGNUM *xr=NULL,*s=NULL; - BN_CTX *ctx=NULL; - unsigned char *p; - int i,len=0,ret=0,reason=ERR_R_BN_LIB; - ASN1_INTEGER rbs,sbs; - MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */ - MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */ - - i=BN_num_bytes(dsa->q); /* should be 20 */ - if ((dlen > i) || (dlen > 50)) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - - if ((dsa->kinv == NULL) || (dsa->r == NULL)) - { - if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; - } - else - { - kinv=dsa->kinv; - dsa->kinv=NULL; - r=dsa->r; - dsa->r=NULL; - } - - m=BN_new(); - xr=BN_new(); - s=BN_new(); - if (m == NULL || xr == NULL || s == NULL) goto err; - - if (BN_bin2bn(dgst,dlen,m) == NULL) goto err; - - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mul(xr, dsa->priv_key, r)) goto err; /* s = xr */ - if (!BN_add(s, xr, m)) goto err; /* s = m + xr */ - if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; - - /* - * Now create a ASN.1 sequence of the integers R and S. - */ - rbs.data=rbuf; - sbs.data=sbuf; - rbs.type = V_ASN1_INTEGER; - sbs.type = V_ASN1_INTEGER; - rbs.length=BN_bn2bin(r,rbs.data); - sbs.length=BN_bn2bin(s,sbs.data); - - len =i2d_ASN1_INTEGER(&rbs,NULL); - len+=i2d_ASN1_INTEGER(&sbs,NULL); - - p=sig; - ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_INTEGER(&rbs,&p); - i2d_ASN1_INTEGER(&sbs,&p); - *siglen=(p-sig); - ret=1; -err: - if (!ret) DSAerr(DSA_F_DSA_SIGN,reason); - -#if 1 /* do the right thing :-) */ - if (kinv != NULL) BN_clear_free(kinv); - if (r != NULL) BN_clear_free(r); -#endif - if (ctx != NULL) BN_CTX_free(ctx); - if (m != NULL) BN_clear_free(m); - if (xr != NULL) BN_clear_free(xr); - if (s != NULL) BN_clear_free(s); - return(ret); + return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -int DSA_sign_setup(dsa,ctx_in,kinvp,rp) -DSA *dsa; -BN_CTX *ctx_in; -BIGNUM **kinvp; -BIGNUM **rp; +int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) { - BN_CTX *ctx; - BIGNUM *k=NULL,*kinv=NULL,*r=NULL; - int ret=0; - - if (ctx_in == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=ctx_in; - - r=BN_new(); - k=BN_new(); - if ((r == NULL) || (k == NULL)) - goto err; - kinv=NULL; - - if (r == NULL) goto err; - - /* Get random k */ - for (;;) + DSA_SIG *s; + s=DSA_do_sign(dgst,dlen,dsa); + if (s == NULL) { - if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err; - if (BN_cmp(k,dsa->q) >= 0) - BN_sub(k,k,dsa->q); - if (!BN_is_zero(k)) break; + *siglen=0; + return(0); } + *siglen=i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return(1); + } - /* Compute r = (g^k mod p) mod q */ - if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err; - if (!BN_mod(r,r,dsa->q,ctx)) goto err; - - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err; - - if (*kinvp != NULL) BN_clear_free(*kinvp); - *kinvp=kinv; - kinv=NULL; - if (*rp != NULL) BN_clear_free(*rp); - *rp=r; - ret=1; -err: - if (!ret) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); - if (kinv != NULL) BN_clear_free(kinv); - if (r != NULL) BN_clear_free(r); - } - if (ctx_in == NULL) BN_CTX_free(ctx); - if (k != NULL) BN_clear_free(k); - if (kinv != NULL) BN_clear_free(kinv); - return(ret); +int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) + { + return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c index 0f860984ed..066c6b5b28 100644 --- a/src/lib/libcrypto/dsa/dsa_vrf.c +++ b/src/lib/libcrypto/dsa/dsa_vrf.c @@ -56,97 +56,40 @@ * [including the GNU Public Licence.] */ -/* Origional version from Steven Schoch */ +/* Original version from Steven Schoch */ #include #include "cryptlib.h" -#include "bn.h" -#include "dsa.h" -#include "rand.h" -#include "asn1.h" -#include "asn1_mac.h" +#include +#include +#include +#include +#include +#include + +int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa) + { + return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); + } /* data has already been hashed (probably with SHA or SHA-1). */ /* returns - * 1: correct signature - * 0: incorrect signature - * -1: error + * 1: correct signature + * 0: incorrect signature + * -1: error */ -int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa) -int type; -unsigned char *dgst; -int dgst_len; -unsigned char *sigbuf; -int siglen; -DSA *dsa; +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) { - /* The next 3 are used by the M_ASN1 macros */ - long length=siglen; - ASN1_CTX c; - unsigned char **pp= &sigbuf; - BN_CTX *ctx; - BIGNUM *r=NULL; - BIGNUM *t1=NULL,*t2=NULL; - BIGNUM *u1=NULL,*u2=NULL; - ASN1_INTEGER *bs=NULL; - int ret = -1; - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - - t1=BN_new(); - t2=BN_new(); - if (t1 == NULL || t2 == NULL) goto err; - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn; - M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); - if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn; - if (!asn1_Finish(&c)) goto err; - - /* Calculate W = inv(S) mod Q - * save W in u2 */ - if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn; - - /* save M in u1 */ - if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn; - - /* u1 = M * w mod q */ - if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn; - - /* u2 = r * w mod q */ - if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn; + DSA_SIG *s; + int ret=-1; - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn; - /* let t2 = y ^ u2 mod p */ - if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn; - /* let u1 = u1 mod q */ - if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn; - /* V is now in u1. If the signature is correct, it will be - * equal to R. */ - ret=(BN_ucmp(u1, r) == 0); - if (0) - { -err: /* ASN1 error */ - DSAerr(DSA_F_DSA_VERIFY,c.error); - } - if (0) - { -err_bn: /* BN error */ - DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB); - } - if (ctx != NULL) BN_CTX_free(ctx); - if (r != NULL) BN_free(r); - if (t1 != NULL) BN_free(t1); - if (t2 != NULL) BN_free(t2); - if (u1 != NULL) BN_free(u1); - if (u2 != NULL) BN_free(u2); - if (bs != NULL) ASN1_BIT_STRING_free(bs); + s = DSA_SIG_new(); + if (s == NULL) return(ret); + if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + ret=DSA_do_verify(dgst,dgst_len,s,dsa); +err: + DSA_SIG_free(s); return(ret); } -- cgit v1.2.3-55-g6feb