From 68edd00d9258df93b1366c71ac124e0cadf7bc08 Mon Sep 17 00:00:00 2001 From: djm <> Date: Fri, 29 Apr 2005 05:39:33 +0000 Subject: resolve conflicts --- src/lib/libcrypto/dsa/dsa.h | 4 ++++ src/lib/libcrypto/dsa/dsa_gen.c | 45 ++++++++++++++++++++++++---------------- src/lib/libcrypto/dsa/dsa_key.c | 2 ++ src/lib/libcrypto/dsa/dsa_ossl.c | 2 ++ src/lib/libcrypto/dsa/dsa_sign.c | 12 +++++++++++ src/lib/libcrypto/dsa/dsa_vrf.c | 8 +++++++ 6 files changed, 55 insertions(+), 18 deletions(-) (limited to 'src/lib/libcrypto/dsa') diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h index 9b3baadf2c..225ff391f9 100644 --- a/src/lib/libcrypto/dsa/dsa.h +++ b/src/lib/libcrypto/dsa/dsa.h @@ -81,6 +81,10 @@ #define DSA_FLAG_CACHE_MONT_P 0x01 +#if defined(OPENSSL_FIPS) +#define FIPS_DSA_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index dc9c249310..e40afeea51 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c @@ -80,6 +80,7 @@ #include #include +#ifndef OPENSSL_FIPS DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -127,8 +128,9 @@ DSA *DSA_generate_parameters(int bits, c = BN_CTX_get(ctx2); p = BN_CTX_get(ctx2); test = BN_CTX_get(ctx2); + if (test == NULL) goto err; - BN_lshift(test,BN_value_one(),bits-1); + if (!BN_lshift(test,BN_value_one(),bits-1)) goto err; for (;;) { @@ -196,7 +198,7 @@ DSA *DSA_generate_parameters(int bits, callback(0,counter,cb_arg); /* step 7 */ - BN_zero(W); + if (!BN_zero(W)) goto err; /* now 'buf' contains "SEED + offset - 1" */ for (k=0; k<=n; k++) { @@ -212,20 +214,20 @@ DSA *DSA_generate_parameters(int bits, /* step 8 */ if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) goto err; - BN_lshift(r0,r0,160*k); - BN_add(W,W,r0); + if (!BN_lshift(r0,r0,160*k)) goto err; + if (!BN_add(W,W,r0)) goto err; } /* more of step 8 */ - BN_mask_bits(W,bits-1); - BN_copy(X,W); /* this should be ok */ - BN_add(X,X,test); /* this should be ok */ + if (!BN_mask_bits(W,bits-1)) goto err; + if (!BN_copy(X,W)) goto err; + if (!BN_add(X,X,test)) goto err; /* step 9 */ - BN_lshift1(r0,q); - BN_mod(c,X,r0,ctx); - BN_sub(r0,c,BN_value_one()); - BN_sub(p,X,r0); + if (!BN_lshift1(r0,q)) goto err; + if (!BN_mod(c,X,r0,ctx)) goto err; + if (!BN_sub(r0,c,BN_value_one())) goto err; + if (!BN_sub(p,X,r0)) goto err; /* step 10 */ if (BN_cmp(p,test) >= 0) @@ -251,18 +253,18 @@ end: /* We now need to generate g */ /* Set r0=(p-1)/q */ - BN_sub(test,p,BN_value_one()); - BN_div(r0,NULL,test,q,ctx); + if (!BN_sub(test,p,BN_value_one())) goto err; + if (!BN_div(r0,NULL,test,q,ctx)) goto err; - BN_set_word(test,h); - BN_MONT_CTX_set(mont,p,ctx); + if (!BN_set_word(test,h)) goto err; + if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; for (;;) { /* g=test^r0%p */ - BN_mod_exp_mont(g,test,r0,p,ctx,mont); + if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; if (!BN_is_one(g)) break; - BN_add(test,test,BN_value_one()); + if (!BN_add(test,test,BN_value_one())) goto err; h++; } @@ -279,6 +281,11 @@ err: ret->p=BN_dup(p); ret->q=BN_dup(q); ret->g=BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) + { + ok=0; + goto err; + } if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; @@ -293,4 +300,6 @@ err: if (mont != NULL) BN_MONT_CTX_free(mont); return(ok?ret:NULL); } -#endif +#endif /* ndef OPENSSL_FIPS */ +#endif /* ndef OPENSSL_NO_SHA */ + diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index ef87c3e637..30607ca579 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c @@ -64,6 +64,7 @@ #include #include +#ifndef OPENSSL_FIPS int DSA_generate_key(DSA *dsa) { int ok=0; @@ -103,3 +104,4 @@ err: return(ok); } #endif +#endif diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index b9e7f3ea5c..f1a85afcde 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -65,6 +65,7 @@ #include #include +#ifndef OPENSSL_FIPS static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, @@ -346,3 +347,4 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, { return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); } +#endif diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c index 89205026f0..3c9753bac3 100644 --- a/src/lib/libcrypto/dsa/dsa_sign.c +++ b/src/lib/libcrypto/dsa/dsa_sign.c @@ -64,9 +64,17 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !FIPS_dsa_check(dsa)) + return NULL; +#endif return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } @@ -87,6 +95,10 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !FIPS_dsa_check(dsa)) + return 0; +#endif return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c index c4aeddd056..8ef0c45025 100644 --- a/src/lib/libcrypto/dsa/dsa_vrf.c +++ b/src/lib/libcrypto/dsa/dsa_vrf.c @@ -65,10 +65,18 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !FIPS_dsa_check(dsa)) + return -1; +#endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } -- cgit v1.2.3-55-g6feb