From 30a9e395f6ab6a5767151ca9805a33262b3acbe0 Mon Sep 17 00:00:00 2001 From: miod <> Date: Wed, 9 Jul 2014 10:16:24 +0000 Subject: KNF --- src/lib/libcrypto/dsa/dsa_ameth.c | 459 +++++++++++++++--------------- src/lib/libcrypto/dsa/dsa_asn1.c | 86 +++--- src/lib/libcrypto/dsa/dsa_depr.c | 35 +-- src/lib/libcrypto/dsa/dsa_gen.c | 274 +++++++++--------- src/lib/libcrypto/dsa/dsa_key.c | 78 ++--- src/lib/libcrypto/dsa/dsa_lib.c | 251 ++++++++-------- src/lib/libcrypto/dsa/dsa_ossl.c | 392 +++++++++++++------------ src/lib/libcrypto/dsa/dsa_pmeth.c | 162 ++++++----- src/lib/libcrypto/dsa/dsa_prn.c | 63 ++-- src/lib/libcrypto/dsa/dsa_sign.c | 35 +-- src/lib/libcrypto/dsa/dsa_vrf.c | 10 +- src/lib/libssl/src/crypto/dsa/dsa_ameth.c | 459 +++++++++++++++--------------- src/lib/libssl/src/crypto/dsa/dsa_asn1.c | 86 +++--- src/lib/libssl/src/crypto/dsa/dsa_depr.c | 35 +-- src/lib/libssl/src/crypto/dsa/dsa_gen.c | 274 +++++++++--------- src/lib/libssl/src/crypto/dsa/dsa_key.c | 78 ++--- src/lib/libssl/src/crypto/dsa/dsa_lib.c | 251 ++++++++-------- src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 392 +++++++++++++------------ src/lib/libssl/src/crypto/dsa/dsa_pmeth.c | 162 ++++++----- src/lib/libssl/src/crypto/dsa/dsa_prn.c | 63 ++-- src/lib/libssl/src/crypto/dsa/dsa_sign.c | 35 +-- src/lib/libssl/src/crypto/dsa/dsa_vrf.c | 10 +- 22 files changed, 1878 insertions(+), 1812 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index d11565a737..c6707b9427 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.8 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.9 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -67,8 +67,9 @@ #endif #include "asn1_locl.h" -static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) - { +static int +dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +{ const unsigned char *p, *pm; int pklen, pmlen; int ptype; @@ -83,112 +84,99 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) return 0; X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype == V_ASN1_SEQUENCE) - { + if (ptype == V_ASN1_SEQUENCE) { pstr = pval; pm = pstr->data; pmlen = pstr->length; - if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) - { + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); goto err; - } - } - else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) - { - if (!(dsa = DSA_new())) - { + } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { + if (!(dsa = DSA_new())) { DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); goto err; } - } - else - { + } else { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); goto err; - } + } - if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) - { + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); goto err; - } + } - if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) - { + if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); goto err; - } + } ASN1_INTEGER_free(public_key); EVP_PKEY_assign_DSA(pkey, dsa); return 1; - err: +err: if (public_key) ASN1_INTEGER_free(public_key); if (dsa) DSA_free(dsa); return 0; +} - } - -static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) - { +static int +dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) +{ DSA *dsa; void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; - dsa=pkey->pkey.dsa; - if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) - { + dsa = pkey->pkey.dsa; + if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { ASN1_STRING *str; + str = ASN1_STRING_new(); str->length = i2d_DSAparams(dsa, &str->data); - if (str->length <= 0) - { + if (str->length <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } pval = str; ptype = V_ASN1_SEQUENCE; - } - else + } else ptype = V_ASN1_UNDEF; - dsa->write_params=0; + dsa->write_params = 0; penclen = i2d_DSAPublicKey(dsa, &penc); - if (penclen <= 0) - { + if (penclen <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, pval, penc, penclen)) + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval, + penc, penclen)) return 1; - err: +err: free(penc); if (pval) ASN1_STRING_free(pval); return 0; - } +} /* In PKCS#8 DSA: you just get a private key integer and parameters in the * AlgorithmIdentifier the pubkey must be recalculated. */ -static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) - { +static int +dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) +{ const unsigned char *p, *pm; int pklen, pmlen; int ptype; @@ -197,7 +185,6 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) X509_ALGOR *palg; ASN1_INTEGER *privkey = NULL; BN_CTX *ctx = NULL; - STACK_OF(ASN1_TYPE) *ndsa = NULL; DSA *dsa = NULL; @@ -206,26 +193,24 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) X509_ALGOR_get0(NULL, &ptype, &pval, palg); /* Check for broken DSA PKCS#8, UGH! */ - if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) - { + if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { ASN1_TYPE *t1, *t2; - if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) + if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) goto decerr; if (sk_ASN1_TYPE_num(ndsa) != 2) goto decerr; - /* Handle Two broken types: + /* + * Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); - if (t1->type == V_ASN1_SEQUENCE) - { + if (t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; pval = t1->value.ptr; - } - else if (ptype == V_ASN1_SEQUENCE) + } else if (ptype == V_ASN1_SEQUENCE) p8->broken = PKCS8_NS_DB; else goto decerr; @@ -234,22 +219,20 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; privkey = t2->value.integer; - } - else - { + } else { const unsigned char *q = p; + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) goto decerr; - if (privkey->type == V_ASN1_NEG_INTEGER) - { + if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; ASN1_INTEGER_free(privkey); - if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) + if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen))) goto decerr; - } + } if (ptype != V_ASN1_SEQUENCE) goto decerr; - } + } pstr = pval; pm = pstr->data; @@ -257,50 +240,47 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) goto decerr; /* We have parameters now set private key */ - if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) - { + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); goto dsaerr; - } + } /* Calculate public key */ - if (!(dsa->pub_key = BN_new())) - { + if (!(dsa->pub_key = BN_new())) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; - } - if (!(ctx = BN_CTX_new())) - { + } + if (!(ctx = BN_CTX_new())) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; - } + } - if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) - { + if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); goto dsaerr; - } + } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); - if(ndsa) + if (ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else ASN1_INTEGER_free(privkey); return 1; - decerr: +decerr: DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); - dsaerr: +dsaerr: BN_CTX_free (ctx); if (privkey) ASN1_INTEGER_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; - } +} -static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +static int +dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { ASN1_STRING *params = NULL; ASN1_INTEGER *prkey = NULL; @@ -308,36 +288,31 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) int dplen; params = ASN1_STRING_new(); - - if (!params) - { - DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + if (!params) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); - if (params->length <= 0) - { - DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + if (params->length <= 0) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } params->type = V_ASN1_SEQUENCE; /* Get private key into integer */ prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); - - if (!prkey) - { - DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR); + if (!prkey) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR); goto err; - } + } dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_INTEGER_free(prkey); - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, + params, dp, dplen)) goto err; return 1; @@ -351,88 +326,98 @@ err: return 0; } -static int int_dsa_size(const EVP_PKEY *pkey) - { - return(DSA_size(pkey->pkey.dsa)); - } +static int +int_dsa_size(const EVP_PKEY *pkey) +{ + return DSA_size(pkey->pkey.dsa); +} -static int dsa_bits(const EVP_PKEY *pkey) - { +static int +dsa_bits(const EVP_PKEY *pkey) +{ return BN_num_bits(pkey->pkey.dsa->p); - } +} -static int dsa_missing_parameters(const EVP_PKEY *pkey) - { +static int +dsa_missing_parameters(const EVP_PKEY *pkey) +{ DSA *dsa; - dsa=pkey->pkey.dsa; - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - return 1; + + dsa = pkey->pkey.dsa; + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) + return 1; return 0; - } +} -static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) - { +static int +dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) +{ BIGNUM *a; - if ((a=BN_dup(from->pkey.dsa->p)) == NULL) + if ((a = BN_dup(from->pkey.dsa->p)) == NULL) return 0; if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p); - to->pkey.dsa->p=a; + to->pkey.dsa->p = a; - if ((a=BN_dup(from->pkey.dsa->q)) == NULL) + if ((a = BN_dup(from->pkey.dsa->q)) == NULL) return 0; if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q); - to->pkey.dsa->q=a; + to->pkey.dsa->q = a; - if ((a=BN_dup(from->pkey.dsa->g)) == NULL) + if ((a = BN_dup(from->pkey.dsa->g)) == NULL) return 0; if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); - to->pkey.dsa->g=a; + to->pkey.dsa->g = a; return 1; - } +} -static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) - { - if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || - BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || - BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) +static int +dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || + BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || + BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) return 0; else return 1; - } +} -static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) - { - if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) +static int +dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) return 0; else return 1; - } +} -static void int_dsa_free(EVP_PKEY *pkey) - { +static void +int_dsa_free(EVP_PKEY *pkey) +{ DSA_free(pkey->pkey.dsa); - } +} -static void update_buflen(const BIGNUM *b, size_t *pbuflen) - { +static void +update_buflen(const BIGNUM *b, size_t *pbuflen) +{ size_t i; + if (!b) return; if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; - } + *pbuflen = i; +} -static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) - { - unsigned char *m=NULL; - int ret=0; - size_t buf_len=0; +static int +do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) +{ + unsigned char *m = NULL; + int ret = 0; + size_t buf_len = 0; const char *ktype = NULL; - const BIGNUM *priv_key, *pub_key; if (ptype == 2) @@ -458,183 +443,187 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) update_buflen(priv_key, &buf_len); update_buflen(pub_key, &buf_len); - m = malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE); + m = malloc(buf_len + 10); + if (m == NULL) { + DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE); goto err; - } + } - if (priv_key) - { - if(!BIO_indent(bp,off,128)) - goto err; - if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p)) - <= 0) goto err; - } + if (priv_key) { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "%s: (%d bit)\n", ktype, + BN_num_bits(x->p)) <= 0) + goto err; + } - if (!ASN1_bn_print(bp,"priv:",priv_key,m,off)) + if (!ASN1_bn_print(bp, "priv:", priv_key, m, off)) + goto err; + if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off)) + goto err; + if (!ASN1_bn_print(bp, "P: ", x->p, m, off)) goto err; - if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off)) + if (!ASN1_bn_print(bp, "Q: ", x->q, m, off)) goto err; - if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err; - if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err; - if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err; - ret=1; + if (!ASN1_bn_print(bp, "G: ", x->g, m, off)) + goto err; + ret = 1; err: free(m); return(ret); - } +} -static int dsa_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { +static int +dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ DSA *dsa; - if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) - { + + if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) { DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); return 0; - } + } EVP_PKEY_assign_DSA(pkey, dsa); return 1; - } +} -static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) - { +static int +dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ return i2d_DSAparams(pkey->pkey.dsa, pder); - } +} -static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { +static int +dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); - } +} -static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { +static int +dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); - } - +} -static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { +static int +dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); - } +} -static int old_dsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { +static int +old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ DSA *dsa; - if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) - { + + if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) { DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); return 0; - } + } EVP_PKEY_assign_DSA(pkey, dsa); return 1; - } +} -static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) - { +static int +old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); - } +} -static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, - int indent, ASN1_PCTX *pctx) - { +static int +dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx) +{ DSA_SIG *dsa_sig; const unsigned char *p; - if (!sig) - { + + if (!sig) { if (BIO_puts(bp, "\n") <= 0) return 0; else return 1; - } + } p = sig->data; dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); - if (dsa_sig) - { + if (dsa_sig) { int rv = 0; size_t buf_len = 0; - unsigned char *m=NULL; + unsigned char *m = NULL; + update_buflen(dsa_sig->r, &buf_len); update_buflen(dsa_sig->s, &buf_len); - m = malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE); + m = malloc(buf_len + 10); + if (m == NULL) { + DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE); goto err; - } + } if (BIO_write(bp, "\n", 1) != 1) goto err; - if (!ASN1_bn_print(bp,"r: ",dsa_sig->r,m,indent)) + if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent)) goto err; - if (!ASN1_bn_print(bp,"s: ",dsa_sig->s,m,indent)) + if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) goto err; rv = 1; - err: +err: free(m); DSA_SIG_free(dsa_sig); return rv; - } - return X509_signature_dump(bp, sig, indent); } + return X509_signature_dump(bp, sig, indent); +} -static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - { - switch (op) - { - case ASN1_PKEY_CTRL_PKCS7_SIGN: - if (arg1 == 0) - { +static int +dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) { int snid, hnid; X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); if (alg1 == NULL || alg1->algorithm == NULL) return -1; hnid = OBJ_obj2nid(alg1->algorithm); if (hnid == NID_undef) return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + if (!OBJ_find_sigid_by_algs(&snid, hnid, + EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, + 0); + } return 1; #ifndef OPENSSL_NO_CMS - case ASN1_PKEY_CTRL_CMS_SIGN: - if (arg1 == 0) - { + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) { int snid, hnid; X509_ALGOR *alg1, *alg2; + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); if (alg1 == NULL || alg1->algorithm == NULL) return -1; hnid = OBJ_obj2nid(alg1->algorithm); if (hnid == NID_undef) return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + if (!OBJ_find_sigid_by_algs(&snid, hnid, + EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, + 0); + } return 1; #endif - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha1; return 2; - default: + default: return -2; - - } - } +} /* NB these are sorted in pkey_id order, lowest first */ diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c index 25288a0dda..cc03f29823 100644 --- a/src/lib/libcrypto/dsa/dsa_asn1.c +++ b/src/lib/libcrypto/dsa/dsa_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_asn1.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_asn1.c,v 1.11 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -64,17 +64,17 @@ #include /* Override the default new methods */ -static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int +sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { DSA_SIG *sig; + sig = malloc(sizeof(DSA_SIG)); - if (!sig) - { + if (!sig) { DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); return 0; - } + } sig->r = NULL; sig->s = NULL; *pval = (ASN1_VALUE *)sig; @@ -91,14 +91,15 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) /* Override the default free and new methods */ -static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int +dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DSA_new(); - if(*pval) return 2; + if (*pval) + return 2; return 0; - } else if(operation == ASN1_OP_FREE_PRE) { + } else if (operation == ASN1_OP_FREE_PRE) { DSA_free((DSA *)*pval); *pval = NULL; return 2; @@ -125,7 +126,8 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) -/* DSA public key is a bit trickier... its effectively a CHOICE type +/* + * DSA public key is a bit trickier... its effectively a CHOICE type * decided by a field called write_params which can either write out * just the public key as an INTEGER or the parameters and public key * in a SEQUENCE @@ -145,43 +147,49 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) -DSA *DSAparams_dup(DSA *dsa) - { +DSA * +DSAparams_dup(DSA *dsa) +{ return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); - } +} -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) - { +int +DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) +{ DSA_SIG *s; - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) - { - *siglen=0; - return(0); - } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); + + s = DSA_do_sign(dgst, dlen, dsa); + if (s == NULL) { + *siglen = 0; + return 0; } + *siglen = i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return 1; +} -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns +/* + * data has already been hashed (probably with SHA or SHA-1). + * returns * 1: correct signature * 0: incorrect signature * -1: error */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) - { +int +DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) +{ DSA_SIG *s; - int ret=-1; + int ret = -1; s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); + if (s == NULL) + return ret; + if (d2i_DSA_SIG(&s, &sigbuf, siglen) == NULL) + goto err; + ret = DSA_do_verify(dgst, dgst_len, s, dsa); err: DSA_SIG_free(s); - return(ret); - } + return ret; +} diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c index 8e3125b66f..50169ac9b2 100644 --- a/src/lib/libcrypto/dsa/dsa_depr.c +++ b/src/lib/libcrypto/dsa/dsa_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_depr.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_depr.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -56,19 +56,6 @@ /* This file contains deprecated function(s) that are now wrappers to the new * version(s). */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH EVP_sha() -#else -/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in - * FIPS PUB 180-1) */ -#define HASH EVP_sha1() -#endif - #ifndef OPENSSL_NO_SHA #include @@ -81,24 +68,24 @@ #include #ifndef OPENSSL_NO_DEPRECATED -DSA *DSA_generate_parameters(int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) - { +DSA * +DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), + void *cb_arg) +{ BN_GENCB cb; DSA *ret; - if ((ret=DSA_new()) == NULL) return NULL; + if ((ret = DSA_new()) == NULL) + return NULL; BN_GENCB_set_old(&cb, callback, cb_arg); - if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, - counter_ret, h_ret, &cb)) + if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, + counter_ret, h_ret, &cb)) return ret; DSA_free(ret); return NULL; - } +} #endif #endif diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index 22c388b9d1..d97f988688 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_gen.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_gen.c,v 1.13 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,19 +56,6 @@ * [including the GNU Public Licence.] */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH EVP_sha() -#else -/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in - * FIPS PUB 180-1) */ -#define HASH EVP_sha1() -#endif - #include /* To see if OPENSSL_NO_SHA is defined */ #ifndef OPENSSL_NO_SHA @@ -81,51 +68,47 @@ #include #include "dsa_locl.h" -int DSA_generate_parameters_ex(DSA *ret, int bits, - const unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) - { - if(ret->meth->dsa_paramgen) +int +DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, + int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +{ + if (ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb); - else - { + counter_ret, h_ret, cb); + else { const EVP_MD *evpmd; - size_t qbits = bits >= 2048 ? 256 : 160; + size_t qbits; - if (bits >= 2048) - { + if (bits >= 2048) { qbits = 256; evpmd = EVP_sha256(); - } - else - { + } else { qbits = 160; evpmd = EVP_sha1(); - } - - return dsa_builtin_paramgen(ret, bits, qbits, evpmd, - seed_in, seed_len, NULL, counter_ret, h_ret, cb); } - } -int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) - { - int ok=0; + return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, + seed_len, NULL, counter_ret, h_ret, cb); + } +} + +int +dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, + const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +{ + int ok = 0; unsigned char seed[SHA256_DIGEST_LENGTH]; unsigned char md[SHA256_DIGEST_LENGTH]; - unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; - BIGNUM *r0,*W,*X,*c,*test; - BIGNUM *g=NULL,*q=NULL,*p=NULL; - BN_MONT_CTX *mont=NULL; - int i, k, n=0, m=0, qsize = qbits >> 3; - int counter=0; - int r=0; - BN_CTX *ctx=NULL; - unsigned int h=2; + unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH]; + BIGNUM *r0, *W, *X, *c, *test; + BIGNUM *g = NULL, *q = NULL, *p = NULL; + BN_MONT_CTX *mont = NULL; + int i, k, n = 0, m = 0, qsize = qbits >> 3; + int counter = 0; + int r = 0; + BN_CTX *ctx = NULL; + unsigned int h = 2; if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) @@ -139,16 +122,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (bits < 512) bits = 512; - bits = (bits+63)/64*64; + bits = (bits + 63) / 64 * 64; - /* NB: seed_len == 0 is special case: copy generated seed to + /* + * NB: seed_len == 0 is special case: copy generated seed to * seed_in if it is not NULL. */ - if (seed_len && (seed_len < (size_t)qsize)) + if (seed_len && seed_len < (size_t)qsize) seed_in = NULL; /* seed buffer too small -- ignore */ + /* + * App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits + */ if (seed_len > (size_t)qsize) - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, - * but our internal buffers are restricted to 160 bits*/ + seed_len = qsize; if (seed_in != NULL) memcpy(seed, seed_in, seed_len); @@ -168,38 +155,34 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, p = BN_CTX_get(ctx); test = BN_CTX_get(ctx); - if (!BN_lshift(test,BN_value_one(),bits-1)) + if (!BN_lshift(test, BN_value_one(), bits - 1)) goto err; - for (;;) - { - for (;;) /* find q */ - { + for (;;) { + for (;;) { /* find q */ int seed_is_random; /* step 1 */ - if(!BN_GENCB_call(cb, 0, m++)) + if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) - { + if (!seed_len) { RAND_pseudo_bytes(seed, qsize); seed_is_random = 1; - } - else - { + } else { seed_is_random = 0; - seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ - } - memcpy(buf , seed, qsize); + /* use random seed if 'seed_in' turns out + to be bad */ + seed_len = 0; + } + memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); /* precompute "SEED + 1" for step 7: */ - for (i = qsize-1; i >= 0; i--) - { + for (i = qsize - 1; i >= 0; i--) { buf[i]++; if (buf[i] != 0) break; - } + } /* step 2 */ if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) @@ -207,17 +190,17 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) goto err; for (i = 0; i < qsize; i++) - md[i]^=buf2[i]; + md[i] ^= buf2[i]; /* step 3 */ md[0] |= 0x80; - md[qsize-1] |= 0x01; + md[qsize - 1] |= 0x01; if (!BN_bin2bn(md, qsize, q)) goto err; /* step 4 */ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, - seed_is_random, cb); + seed_is_random, cb); if (r > 0) break; if (r != 0) @@ -225,127 +208,144 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* do a callback call */ /* step 5 */ - } + } - if(!BN_GENCB_call(cb, 2, 0)) goto err; - if(!BN_GENCB_call(cb, 3, 0)) goto err; + if (!BN_GENCB_call(cb, 2, 0)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; /* step 6 */ - counter=0; + counter = 0; /* "offset = 2" */ - n=(bits-1)/160; + n = (bits - 1) / 160; - for (;;) - { - if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) + for (;;) { + if (counter != 0 && !BN_GENCB_call(cb, 0, counter)) goto err; /* step 7 */ BN_zero(W); /* now 'buf' contains "SEED + offset - 1" */ - for (k=0; k<=n; k++) - { + for (k = 0; k <= n; k++) { /* obtain "SEED + offset + k" by incrementing: */ - for (i = qsize-1; i >= 0; i--) - { + for (i = qsize - 1; i >= 0; i--) { buf[i]++; if (buf[i] != 0) break; - } + } if (!EVP_Digest(buf, qsize, md ,NULL, evpmd, - NULL)) + NULL)) goto err; /* step 8 */ if (!BN_bin2bn(md, qsize, r0)) goto err; - if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; - if (!BN_add(W,W,r0)) goto err; - } + if (!BN_lshift(r0, r0, (qsize << 3) * k)) + goto err; + if (!BN_add(W, W, r0)) + goto err; + } /* more of step 8 */ - if (!BN_mask_bits(W,bits-1)) goto err; - if (!BN_copy(X,W)) goto err; - if (!BN_add(X,X,test)) goto err; + if (!BN_mask_bits(W, bits - 1)) + goto err; + if (!BN_copy(X, W)) + goto err; + if (!BN_add(X, X, test)) + goto err; /* step 9 */ - if (!BN_lshift1(r0,q)) goto err; - if (!BN_mod(c,X,r0,ctx)) goto err; - if (!BN_sub(r0,c,BN_value_one())) goto err; - if (!BN_sub(p,X,r0)) goto err; + if (!BN_lshift1(r0, q)) + goto err; + if (!BN_mod(c, X, r0, ctx)) + goto err; + if (!BN_sub(r0, c, BN_value_one())) + goto err; + if (!BN_sub(p, X, r0)) + goto err; /* step 10 */ - if (BN_cmp(p,test) >= 0) - { + if (BN_cmp(p, test) >= 0) { /* step 11 */ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, - ctx, 1, cb); + ctx, 1, cb); if (r > 0) - goto end; /* found it */ + goto end; /* found it */ if (r != 0) goto err; - } + } /* step 13 */ counter++; /* "offset = offset + n + 1" */ /* step 14 */ - if (counter >= 4096) break; - } + if (counter >= 4096) + break; } + } end: - if(!BN_GENCB_call(cb, 2, 1)) + if (!BN_GENCB_call(cb, 2, 1)) goto err; /* We now need to generate g */ /* Set r0=(p-1)/q */ - if (!BN_sub(test,p,BN_value_one())) goto err; - if (!BN_div(r0,NULL,test,q,ctx)) goto err; + if (!BN_sub(test, p, BN_value_one())) + goto err; + if (!BN_div(r0, NULL, test, q, ctx)) + goto err; - if (!BN_set_word(test,h)) goto err; - if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; + if (!BN_set_word(test, h)) + goto err; + if (!BN_MONT_CTX_set(mont, p, ctx)) + goto err; - for (;;) - { + for (;;) { /* g=test^r0%p */ - if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; - if (!BN_is_one(g)) break; - if (!BN_add(test,test,BN_value_one())) goto err; + if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) + goto err; + if (!BN_is_one(g)) + break; + if (!BN_add(test, test, BN_value_one())) + goto err; h++; - } + } - if(!BN_GENCB_call(cb, 3, 1)) + if (!BN_GENCB_call(cb, 3, 1)) goto err; - ok=1; + ok = 1; err: - if (ok) - { - if(ret->p) BN_free(ret->p); - if(ret->q) BN_free(ret->q); - if(ret->g) BN_free(ret->g); - ret->p=BN_dup(p); - ret->q=BN_dup(q); - ret->g=BN_dup(g); - if (ret->p == NULL || ret->q == NULL || ret->g == NULL) - { - ok=0; + if (ok) { + if (ret->p) + BN_free(ret->p); + if (ret->q) + BN_free(ret->q); + if (ret->g) + BN_free(ret->g); + ret->p = BN_dup(p); + ret->q = BN_dup(q); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { + ok = 0; goto err; - } - if (counter_ret != NULL) *counter_ret=counter; - if (h_ret != NULL) *h_ret=h; + } + if (counter_ret != NULL) + *counter_ret = counter; + if (h_ret != NULL) + *h_ret = h; if (seed_out) memcpy(seed_out, seed, qsize); - } - if(ctx) - { + } + if (ctx) { BN_CTX_end(ctx); BN_CTX_free(ctx); - } - if (mont != NULL) BN_MONT_CTX_free(mont); - return ok; } + if (mont != NULL) + BN_MONT_CTX_free(mont); + return ok; +} #endif diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index 7747ed1416..2d11f59107 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_key.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_key.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,63 +66,67 @@ static int dsa_builtin_keygen(DSA *dsa); -int DSA_generate_key(DSA *dsa) - { - if(dsa->meth->dsa_keygen) +int +DSA_generate_key(DSA *dsa) +{ + if (dsa->meth->dsa_keygen) return dsa->meth->dsa_keygen(dsa); return dsa_builtin_keygen(dsa); - } +} -static int dsa_builtin_keygen(DSA *dsa) - { - int ok=0; - BN_CTX *ctx=NULL; - BIGNUM *pub_key=NULL,*priv_key=NULL; +static int +dsa_builtin_keygen(DSA *dsa) +{ + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; - if ((ctx=BN_CTX_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL) + goto err; - if (dsa->priv_key == NULL) - { - if ((priv_key=BN_new()) == NULL) goto err; - } - else + if (dsa->priv_key == NULL) { + if ((priv_key = BN_new()) == NULL) + goto err; + } else priv_key=dsa->priv_key; - do - if (!BN_rand_range(priv_key,dsa->q)) goto err; - while (BN_is_zero(priv_key)); + do { + if (!BN_rand_range(priv_key, dsa->q)) + goto err; + } while (BN_is_zero(priv_key)); - if (dsa->pub_key == NULL) - { - if ((pub_key=BN_new()) == NULL) goto err; - } - else + if (dsa->pub_key == NULL) { + if ((pub_key = BN_new()) == NULL) + goto err; + } else pub_key=dsa->pub_key; { BIGNUM local_prk; BIGNUM *prk; - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) - { + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_init(&local_prk); prk = &local_prk; BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - } - else + } else prk = priv_key; - if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err; + if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) + goto err; } - dsa->priv_key=priv_key; - dsa->pub_key=pub_key; - ok=1; + dsa->priv_key = priv_key; + dsa->pub_key = pub_key; + ok = 1; err: - if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); - if (ctx != NULL) BN_CTX_free(ctx); - return(ok); - } + if (pub_key != NULL && dsa->pub_key == NULL) + BN_free(pub_key); + if (priv_key != NULL && dsa->priv_key == NULL) + BN_free(priv_key); + if (ctx != NULL) + BN_CTX_free(ctx); + return ok; +} #endif diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c index d625f0f282..334d5ba7f2 100644 --- a/src/lib/libcrypto/dsa/dsa_lib.c +++ b/src/lib/libcrypto/dsa/dsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_lib.c,v 1.16 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_lib.c,v 1.17 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,198 +70,212 @@ #include #endif -const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; +const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT; static const DSA_METHOD *default_DSA_method = NULL; -void DSA_set_default_method(const DSA_METHOD *meth) - { +void +DSA_set_default_method(const DSA_METHOD *meth) +{ default_DSA_method = meth; - } +} -const DSA_METHOD *DSA_get_default_method(void) - { - if(!default_DSA_method) - { +const DSA_METHOD * +DSA_get_default_method(void) +{ + if (!default_DSA_method) default_DSA_method = DSA_OpenSSL(); - } return default_DSA_method; - } +} -DSA *DSA_new(void) - { +DSA * +DSA_new(void) +{ return DSA_new_method(NULL); - } - -int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ +} + +int +DSA_set_method(DSA *dsa, const DSA_METHOD *meth) +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ const DSA_METHOD *mtmp; mtmp = dsa->meth; - if (mtmp->finish) mtmp->finish(dsa); + if (mtmp->finish) + mtmp->finish(dsa); #ifndef OPENSSL_NO_ENGINE - if (dsa->engine) - { + if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; - } + } #endif dsa->meth = meth; - if (meth->init) meth->init(dsa); + if (meth->init) + meth->init(dsa); return 1; - } +} -DSA *DSA_new_method(ENGINE *engine) - { +DSA * +DSA_new_method(ENGINE *engine) +{ DSA *ret; ret = malloc(sizeof(DSA)); - if (ret == NULL) - { - DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } + if (ret == NULL) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->meth = DSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE - if (engine) - { - if (!ENGINE_init(engine)) - { + if (engine) { + if (!ENGINE_init(engine)) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); free(ret); return NULL; - } - ret->engine = engine; } - else + ret->engine = engine; + } else ret->engine = ENGINE_get_default_DSA(); - if(ret->engine) - { + if (ret->engine) { ret->meth = ENGINE_get_DSA(ret->engine); - if(!ret->meth) - { - DSAerr(DSA_F_DSA_NEW_METHOD, - ERR_R_ENGINE_LIB); + if (!ret->meth) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); free(ret); return NULL; - } } + } #endif - ret->pad=0; - ret->version=0; - ret->write_params=1; - ret->p=NULL; - ret->q=NULL; - ret->g=NULL; + ret->pad = 0; + ret->version = 0; + ret->write_params = 1; + ret->p = NULL; + ret->q = NULL; + ret->g = NULL; - ret->pub_key=NULL; - ret->priv_key=NULL; + ret->pub_key = NULL; + ret->priv_key = NULL; - ret->kinv=NULL; - ret->r=NULL; - ret->method_mont_p=NULL; + ret->kinv = NULL; + ret->r = NULL; + ret->method_mont_p = NULL; - ret->references=1; - ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; + ret->references = 1; + ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { + if (ret->meth->init != NULL && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); free(ret); - ret=NULL; - } - - return(ret); + ret = NULL; } + + return ret; +} -void DSA_free(DSA *r) - { +void +DSA_free(DSA *r) +{ int i; - if (r == NULL) return; + if (r == NULL) + return; - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); - if (i > 0) return; + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA); + if (i > 0) + return; - if(r->meth->finish) + if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE - if(r->engine) + if (r->engine) ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->g != NULL) BN_clear_free(r->g); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - if (r->kinv != NULL) BN_clear_free(r->kinv); - if (r->r != NULL) BN_clear_free(r->r); + if (r->p != NULL) + BN_clear_free(r->p); + if (r->q != NULL) + BN_clear_free(r->q); + if (r->g != NULL) + BN_clear_free(r->g); + if (r->pub_key != NULL) + BN_clear_free(r->pub_key); + if (r->priv_key != NULL) + BN_clear_free(r->priv_key); + if (r->kinv != NULL) + BN_clear_free(r->kinv); + if (r->r != NULL) + BN_clear_free(r->r); free(r); - } +} -int DSA_up_ref(DSA *r) - { +int +DSA_up_ref(DSA *r) +{ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); - return ((i > 1) ? 1 : 0); - } + return i > 1 ? 1 : 0; +} -int DSA_size(const DSA *r) - { - int ret,i; +int +DSA_size(const DSA *r) +{ + int ret, i; ASN1_INTEGER bs; unsigned char buf[4]; /* 4 bytes looks really small. However, i2d_ASN1_INTEGER() will not look beyond the first byte, as long as the second parameter is NULL. */ - i=BN_num_bits(r->q); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; + i = BN_num_bits(r->q); + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; + buf[0] = 0xff; - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - return(ret); - } + i = i2d_ASN1_INTEGER(&bs, NULL); + i += i; /* r and s */ + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + return ret; +} -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int DSA_set_ex_data(DSA *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } +int +DSA_set_ex_data(DSA *d, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); +} -void *DSA_get_ex_data(DSA *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); - } +void * +DSA_get_ex_data(DSA *d, int idx) +{ + return CRYPTO_get_ex_data(&d->ex_data, idx); +} #ifndef OPENSSL_NO_DH -DH *DSA_dup_DH(const DSA *r) - { - /* DSA has p, q, g, optional pub_key, optional priv_key. +DH * +DSA_dup_DH(const DSA *r) +{ + /* + * DSA has p, q, g, optional pub_key, optional priv_key. * DH has p, optional length, g, optional pub_key, optional priv_key, * optional q. */ - DH *ret = NULL; if (r == NULL) @@ -272,12 +286,11 @@ DH *DSA_dup_DH(const DSA *r) if (r->p != NULL) if ((ret->p = BN_dup(r->p)) == NULL) goto err; - if (r->q != NULL) - { + if (r->q != NULL) { ret->length = BN_num_bits(r->q); if ((ret->q = BN_dup(r->q)) == NULL) goto err; - } + } if (r->g != NULL) if ((ret->g = BN_dup(r->g)) == NULL) goto err; @@ -290,9 +303,9 @@ DH *DSA_dup_DH(const DSA *r) return ret; - err: +err: if (ret != NULL) DH_free(ret); return NULL; - } +} #endif diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 61a20f41a7..17119eb187 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.18 2014/06/27 06:07:35 deraadt Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.19 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,9 +67,10 @@ #include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa); + DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); @@ -82,7 +83,8 @@ static DSA_METHOD openssl_dsa_meth = { .finish = dsa_finish }; -/* These macro wrappers replace attempts to use the dsa_mod_exp() and +/* + * These macro wrappers replace attempts to use the dsa_mod_exp() and * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of * having a the macro work as an expression by bundling an "err_instr". So; * @@ -96,315 +98,333 @@ static DSA_METHOD openssl_dsa_meth = { */ #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ - do { \ - int _tmp_res53; \ - if((dsa)->meth->dsa_mod_exp) \ - _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \ - (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \ - else \ - _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \ - (p1), (a2), (p2), (m), (ctx), (in_mont)); \ - if(!_tmp_res53) \ - err_instr; \ - } while(0) +do { \ + int _tmp_res53; \ + if ((dsa)->meth->dsa_mod_exp) \ + _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \ + (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \ + else \ + _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \ + (p1), (a2), (p2), (m), (ctx), (in_mont)); \ + if (!_tmp_res53) \ + err_instr; \ +} while(0) #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ - do { \ - int _tmp_res53; \ - if((dsa)->meth->bn_mod_exp) \ - _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \ - (a), (p), (m), (ctx), (m_ctx)); \ - else \ - _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \ - (ctx), (m_ctx)); \ - if(!_tmp_res53) \ - err_instr; \ - } while(0) - -const DSA_METHOD *DSA_OpenSSL(void) +do { \ + int _tmp_res53; \ + if ((dsa)->meth->bn_mod_exp) \ + _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \ + (a), (p), (m), (ctx), (m_ctx)); \ + else \ + _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \ + (ctx), (m_ctx)); \ + if (!_tmp_res53) \ + err_instr; \ +} while(0) + +const DSA_METHOD * +DSA_OpenSSL(void) { return &openssl_dsa_meth; } -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - BIGNUM *kinv=NULL,*r=NULL,*s=NULL; +static DSA_SIG * +dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ + BIGNUM *kinv = NULL, *r = NULL, *s = NULL; BIGNUM m; BIGNUM xr; - BN_CTX *ctx=NULL; - int reason=ERR_R_BN_LIB; - DSA_SIG *ret=NULL; + BN_CTX *ctx = NULL; + int reason = ERR_R_BN_LIB; + DSA_SIG *ret = NULL; int noredo = 0; BN_init(&m); BN_init(&xr); - if (!dsa->p || !dsa->q || !dsa->g) - { - reason=DSA_R_MISSING_PARAMETERS; + if (!dsa->p || !dsa->q || !dsa->g) { + reason = DSA_R_MISSING_PARAMETERS; goto err; - } + } - s=BN_new(); - if (s == NULL) goto err; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; + s = BN_new(); + if (s == NULL) + goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; redo: - if ((dsa->kinv == NULL) || (dsa->r == NULL)) - { - if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; - } - else - { - kinv=dsa->kinv; - dsa->kinv=NULL; - r=dsa->r; - dsa->r=NULL; + if (dsa->kinv == NULL || dsa->r == NULL) { + if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) + goto err; + } else { + kinv = dsa->kinv; + dsa->kinv = NULL; + r = dsa->r; + dsa->r = NULL; noredo = 1; - } + } + /* + * If the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 + */ if (dlen > BN_num_bytes(dsa->q)) - /* if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see - * fips 186-3, 4.2 */ dlen = BN_num_bytes(dsa->q); if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ - if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ - if (BN_cmp(s,dsa->q) > 0) - if (!BN_sub(s,s,dsa->q)) goto err; - if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; - - ret=DSA_SIG_new(); - if (ret == NULL) goto err; - /* Redo if r or s is zero as required by FIPS 186-3: this is + if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) /* s = xr */ + goto err; + if (!BN_add(s, &xr, &m)) /* s = m + xr */ + goto err; + if (BN_cmp(s, dsa->q) > 0) + if (!BN_sub(s, s, dsa->q)) + goto err; + if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) + goto err; + + ret = DSA_SIG_new(); + if (ret == NULL) + goto err; + /* + * Redo if r or s is zero as required by FIPS 186-3: this is * very unlikely. */ - if (BN_is_zero(r) || BN_is_zero(s)) - { - if (noredo) - { + if (BN_is_zero(r) || BN_is_zero(s)) { + if (noredo) { reason = DSA_R_NEED_NEW_SETUP_VALUES; goto err; - } - goto redo; } + goto redo; + } ret->r = r; ret->s = s; err: - if (!ret) - { - DSAerr(DSA_F_DSA_DO_SIGN,reason); + if (!ret) { + DSAerr(DSA_F_DSA_DO_SIGN, reason); BN_free(r); BN_free(s); - } - if (ctx != NULL) BN_CTX_free(ctx); + } + if (ctx != NULL) + BN_CTX_free(ctx); BN_clear_free(&m); BN_clear_free(&xr); if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ BN_clear_free(kinv); - return(ret); - } + return ret; +} -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { +static int +dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ BN_CTX *ctx; - BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; - int ret=0; + BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; + int ret = 0; - if (!dsa->p || !dsa->q || !dsa->g) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); return 0; - } + } BN_init(&k); BN_init(&kq); - if (ctx_in == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=ctx_in; + if (ctx_in == NULL) { + if ((ctx = BN_CTX_new()) == NULL) + goto err; + } else + ctx = ctx_in; - if ((r=BN_new()) == NULL) goto err; + if ((r = BN_new()) == NULL) + goto err; /* Get random k */ - do - if (!BN_rand_range(&k, dsa->q)) goto err; - while (BN_is_zero(&k)); - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) - { + do { + if (!BN_rand_range(&k, dsa->q)) + goto err; + } while (BN_is_zero(&k)); + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_set_flags(&k, BN_FLG_CONSTTIME); - } + } - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) - { + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, - CRYPTO_LOCK_DSA, - dsa->p, ctx)) + CRYPTO_LOCK_DSA, dsa->p, ctx)) goto err; - } + } /* Compute r = (g^k mod p) mod q */ - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) - { - if (!BN_copy(&kq, &k)) goto err; + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { + if (!BN_copy(&kq, &k)) + goto err; - /* We do not want timing information to leak the length of k, - * so we compute g^k using an equivalent exponent of fixed length. + /* + * We do not want timing information to leak the length of k, + * so we compute g^k using an equivalent exponent of fixed + * length. * * (This is a kludge that we need because the BN_mod_exp_mont() - * does not let us specify the desired timing behaviour.) */ + * does not let us specify the desired timing behaviour.) + */ - if (!BN_add(&kq, &kq, dsa->q)) goto err; - if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) - { - if (!BN_add(&kq, &kq, dsa->q)) goto err; - } + if (!BN_add(&kq, &kq, dsa->q)) + goto err; + if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { + if (!BN_add(&kq, &kq, dsa->q)) + goto err; + } K = &kq; - } - else - { + } else { K = &k; - } + } DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, - dsa->method_mont_p); - if (!BN_mod(r,r,dsa->q,ctx)) goto err; + dsa->method_mont_p); + if (!BN_mod(r,r,dsa->q,ctx)) + goto err; /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; - - if (*kinvp != NULL) BN_clear_free(*kinvp); - *kinvp=kinv; - kinv=NULL; - if (*rp != NULL) BN_clear_free(*rp); - *rp=r; - ret=1; + if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) + goto err; + + if (*kinvp != NULL) + BN_clear_free(*kinvp); + *kinvp = kinv; + kinv = NULL; + if (*rp != NULL) + BN_clear_free(*rp); + *rp = r; + ret = 1; err: - if (!ret) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); + if (!ret) { + DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); if (r != NULL) BN_clear_free(r); - } - if (ctx_in == NULL) BN_CTX_free(ctx); + } + if (ctx_in == NULL) + BN_CTX_free(ctx); BN_clear_free(&k); BN_clear_free(&kq); - return(ret); - } + return ret; +} -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { +static int +dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) +{ BN_CTX *ctx; - BIGNUM u1,u2,t1; - BN_MONT_CTX *mont=NULL; + BIGNUM u1, u2, t1; + BN_MONT_CTX *mont = NULL; int ret = -1, i; - if (!dsa->p || !dsa->q || !dsa->g) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); + + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS); return -1; - } + } i = BN_num_bits(dsa->q); /* fips 186-3 allows only different sizes for q */ - if (i != 160 && i != 224 && i != 256) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); + if (i != 160 && i != 224 && i != 256) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; - } + } - if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); return -1; - } + } BN_init(&u1); BN_init(&u2); BN_init(&t1); - if ((ctx=BN_CTX_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL) + goto err; if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, dsa->q) >= 0) - { + BN_ucmp(sig->r, dsa->q) >= 0) { ret = 0; goto err; - } + } if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || - BN_ucmp(sig->s, dsa->q) >= 0) - { + BN_ucmp(sig->s, dsa->q) >= 0) { ret = 0; goto err; - } + } /* Calculate W = inv(S) mod Q * save W in u2 */ - if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; + if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL) + goto err; /* save M in u1 */ + /* + * If the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 + */ if (dgst_len > (i >> 3)) - /* if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see - * fips 186-3, 4.2 */ dgst_len = (i >> 3); - if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; + if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) + goto err; /* u1 = M * w mod q */ - if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; + if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) + goto err; /* u2 = r * w mod q */ - if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; + if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) + goto err; - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) - { + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, - CRYPTO_LOCK_DSA, dsa->p, ctx); + CRYPTO_LOCK_DSA, dsa->p, ctx); if (!mont) goto err; - } - + } - DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); + DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, + ctx, mont); /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; + if (!BN_mod(&u1, &t1, dsa->q, ctx)) + goto err; /* V is now in u1. If the signature is correct, it will be * equal to R. */ - ret=(BN_ucmp(&u1, sig->r) == 0); + ret = BN_ucmp(&u1, sig->r) == 0; - err: +err: /* XXX: surely this is wrong - if ret is 0, it just didn't verify; there is no error in BN. Test should be ret == -1 (Ben) */ - if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); - if (ctx != NULL) BN_CTX_free(ctx); + if (ret != 1) + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); + if (ctx != NULL) + BN_CTX_free(ctx); BN_free(&u1); BN_free(&u2); BN_free(&t1); - return(ret); - } + return ret; +} -static int dsa_init(DSA *dsa) +static int +dsa_init(DSA *dsa) { - dsa->flags|=DSA_FLAG_CACHE_MONT_P; - return(1); + dsa->flags |= DSA_FLAG_CACHE_MONT_P; + return 1; } -static int dsa_finish(DSA *dsa) +static int +dsa_finish(DSA *dsa) { - if(dsa->method_mont_p) + if (dsa->method_mont_p) BN_MONT_CTX_free(dsa->method_mont_p); - return(1); + return 1; } diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c index e75f0153de..f013a3f6e7 100644 --- a/src/lib/libcrypto/dsa/dsa_pmeth.c +++ b/src/lib/libcrypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ +/* $OpenBSD: dsa_pmeth.c,v 1.7 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -68,8 +68,7 @@ /* DSA pkey context structure */ -typedef struct - { +typedef struct { /* Parameter gen parameters */ int nbits; /* size of p in bits (default: 1024) */ int qbits; /* size of q in bits (default: 160) */ @@ -78,11 +77,13 @@ typedef struct int gentmp[2]; /* message digest */ const EVP_MD *md; /* MD for the signature */ - } DSA_PKEY_CTX; +} DSA_PKEY_CTX; -static int pkey_dsa_init(EVP_PKEY_CTX *ctx) - { +static int +pkey_dsa_init(EVP_PKEY_CTX *ctx) +{ DSA_PKEY_CTX *dctx; + dctx = malloc(sizeof(DSA_PKEY_CTX)); if (!dctx) return 0; @@ -96,11 +97,13 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) ctx->keygen_info_count = 2; return 1; - } +} -static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - { +static int +pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ DSA_PKEY_CTX *dctx, *sctx; + if (!pkey_dsa_init(dst)) return 0; sctx = src->data; @@ -110,17 +113,20 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->pmd = sctx->pmd; dctx->md = sctx->md; return 1; - } +} -static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) - { +static void +pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) +{ DSA_PKEY_CTX *dctx = ctx->data; + free(dctx); - } +} -static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen) - { +static int +pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ int ret, type; unsigned int sltmp; DSA_PKEY_CTX *dctx = ctx->data; @@ -137,12 +143,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, return ret; *siglen = sltmp; return 1; - } +} -static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) - { +static int +pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ int ret, type; DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; @@ -155,69 +161,67 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); return ret; - } +} -static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - { +static int +pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ DSA_PKEY_CTX *dctx = ctx->data; - switch (type) - { - case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: + + switch (type) { + case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: if (p1 < 256) return -2; dctx->nbits = p1; return 1; - case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: if (p1 != 160 && p1 != 224 && p1 && p1 != 256) return -2; dctx->qbits = p1; return 1; - case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256) - { + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; - } + } dctx->md = p2; return 1; - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *)p2) != NID_dsa && - EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512) - { + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; - } + } dctx->md = p2; return 1; - case EVP_PKEY_CTRL_DIGESTINIT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - case EVP_PKEY_CTRL_CMS_SIGN: + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: return 1; - case EVP_PKEY_CTRL_PEER_KEY: - DSAerr(DSA_F_PKEY_DSA_CTRL, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - default: + case EVP_PKEY_CTRL_PEER_KEY: + DSAerr(DSA_F_PKEY_DSA_CTRL, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + default: return -2; - - } } +} -static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) - { +static int +pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ long lval; char *ep; @@ -228,69 +232,71 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, lval = strtol(value, &ep, 10); if (value[0] == '\0' || *ep != '\0') goto not_a_number; - if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || (lval > INT_MAX || lval < INT_MIN)) goto out_of_range; nbits = lval; return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); - } - if (!strcmp(type, "dsa_paramgen_q_bits")) { + } else if (!strcmp(type, "dsa_paramgen_q_bits")) { int qbits; errno = 0; lval = strtol(value, &ep, 10); if (value[0] == '\0' || *ep != '\0') goto not_a_number; - if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || (lval > INT_MAX || lval < INT_MIN)) goto out_of_range; qbits = lval; - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); - } - if (!strcmp(type, "dsa_paramgen_md")){ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, + EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, + qbits, NULL); + } else if (!strcmp(type, "dsa_paramgen_md")) { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, + EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)EVP_get_digestbyname(value)); } not_a_number: out_of_range: return -2; - } +} -static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { +static int +pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ DSA *dsa = NULL; DSA_PKEY_CTX *dctx = ctx->data; BN_GENCB *pcb, cb; int ret; - if (ctx->pkey_gencb) - { + + if (ctx->pkey_gencb) { pcb = &cb; evp_pkey_set_cb_translate(pcb, ctx); - } - else + } else pcb = NULL; dsa = DSA_new(); if (!dsa) return 0; ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, - NULL, 0, NULL, NULL, NULL, pcb); + NULL, 0, NULL, NULL, NULL, pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else DSA_free(dsa); return ret; - } +} -static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { +static int +pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ DSA *dsa = NULL; - if (ctx->pkey == NULL) - { + + if (ctx->pkey == NULL) { DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); return 0; - } + } dsa = DSA_new(); if (!dsa) return 0; @@ -299,7 +305,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) return 0; return DSA_generate_key(pkey->pkey.dsa); - } +} const EVP_PKEY_METHOD dsa_pkey_meth = { .pkey_id = EVP_PKEY_DSA, diff --git a/src/lib/libcrypto/dsa/dsa_prn.c b/src/lib/libcrypto/dsa/dsa_prn.c index e730c1a092..5a7423c831 100644 --- a/src/lib/libcrypto/dsa/dsa_prn.c +++ b/src/lib/libcrypto/dsa/dsa_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_prn.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_prn.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -61,59 +61,62 @@ #include #include -int DSA_print_fp(FILE *fp, const DSA *x, int off) - { +int +DSA_print_fp(FILE *fp, const DSA *x, int off) +{ BIO *b; int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSA_print(b,x,off); - BIO_free(b); - return(ret); + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); + return 0; } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSA_print(b, x, off); + BIO_free(b); + return ret; +} -int DSAparams_print_fp(FILE *fp, const DSA *x) - { +int +DSAparams_print_fp(FILE *fp, const DSA *x) +{ BIO *b; int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSAparams_print(b, x); - BIO_free(b); - return(ret); + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); + return 0; } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSAparams_print(b, x); + BIO_free(b); + return ret; +} -int DSA_print(BIO *bp, const DSA *x, int off) - { +int +DSA_print(BIO *bp, const DSA *x, int off) +{ EVP_PKEY *pk; int ret; + pk = EVP_PKEY_new(); if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) return 0; ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); return ret; - } +} -int DSAparams_print(BIO *bp, const DSA *x) - { +int +DSAparams_print(BIO *bp, const DSA *x) +{ EVP_PKEY *pk; int ret; + pk = EVP_PKEY_new(); if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) return 0; ret = EVP_PKEY_print_params(bp, pk, 4, NULL); EVP_PKEY_free(pk); return ret; - } - +} diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c index 484e5f4357..40223a1d59 100644 --- a/src/lib/libcrypto/dsa/dsa_sign.c +++ b/src/lib/libcrypto/dsa/dsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_sign.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_sign.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,36 +63,39 @@ #include #include -DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { +DSA_SIG * +DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ return dsa->meth->dsa_do_sign(dgst, dlen, dsa); - } +} -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { +int +DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); - } +} -DSA_SIG *DSA_SIG_new(void) - { +DSA_SIG * +DSA_SIG_new(void) +{ DSA_SIG *sig; + sig = malloc(sizeof(DSA_SIG)); if (!sig) return NULL; sig->r = NULL; sig->s = NULL; return sig; - } +} -void DSA_SIG_free(DSA_SIG *sig) - { - if (sig) - { +void +DSA_SIG_free(DSA_SIG *sig) +{ + if (sig) { if (sig->r) BN_free(sig->r); if (sig->s) BN_free(sig->s); free(sig); - } } - +} diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c index f4484abd55..b82fa41259 100644 --- a/src/lib/libcrypto/dsa/dsa_vrf.c +++ b/src/lib/libcrypto/dsa/dsa_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_vrf.c,v 1.14 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_vrf.c,v 1.15 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,8 +61,8 @@ #include "cryptlib.h" #include -int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { +int +DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) +{ return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); - } +} diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c index d11565a737..c6707b9427 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.8 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.9 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -67,8 +67,9 @@ #endif #include "asn1_locl.h" -static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) - { +static int +dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +{ const unsigned char *p, *pm; int pklen, pmlen; int ptype; @@ -83,112 +84,99 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) return 0; X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype == V_ASN1_SEQUENCE) - { + if (ptype == V_ASN1_SEQUENCE) { pstr = pval; pm = pstr->data; pmlen = pstr->length; - if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) - { + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); goto err; - } - } - else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) - { - if (!(dsa = DSA_new())) - { + } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { + if (!(dsa = DSA_new())) { DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); goto err; } - } - else - { + } else { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); goto err; - } + } - if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) - { + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); goto err; - } + } - if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) - { + if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); goto err; - } + } ASN1_INTEGER_free(public_key); EVP_PKEY_assign_DSA(pkey, dsa); return 1; - err: +err: if (public_key) ASN1_INTEGER_free(public_key); if (dsa) DSA_free(dsa); return 0; +} - } - -static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) - { +static int +dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) +{ DSA *dsa; void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; - dsa=pkey->pkey.dsa; - if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) - { + dsa = pkey->pkey.dsa; + if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { ASN1_STRING *str; + str = ASN1_STRING_new(); str->length = i2d_DSAparams(dsa, &str->data); - if (str->length <= 0) - { + if (str->length <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } pval = str; ptype = V_ASN1_SEQUENCE; - } - else + } else ptype = V_ASN1_UNDEF; - dsa->write_params=0; + dsa->write_params = 0; penclen = i2d_DSAPublicKey(dsa, &penc); - if (penclen <= 0) - { + if (penclen <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, pval, penc, penclen)) + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval, + penc, penclen)) return 1; - err: +err: free(penc); if (pval) ASN1_STRING_free(pval); return 0; - } +} /* In PKCS#8 DSA: you just get a private key integer and parameters in the * AlgorithmIdentifier the pubkey must be recalculated. */ -static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) - { +static int +dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) +{ const unsigned char *p, *pm; int pklen, pmlen; int ptype; @@ -197,7 +185,6 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) X509_ALGOR *palg; ASN1_INTEGER *privkey = NULL; BN_CTX *ctx = NULL; - STACK_OF(ASN1_TYPE) *ndsa = NULL; DSA *dsa = NULL; @@ -206,26 +193,24 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) X509_ALGOR_get0(NULL, &ptype, &pval, palg); /* Check for broken DSA PKCS#8, UGH! */ - if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) - { + if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { ASN1_TYPE *t1, *t2; - if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) + if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) goto decerr; if (sk_ASN1_TYPE_num(ndsa) != 2) goto decerr; - /* Handle Two broken types: + /* + * Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); - if (t1->type == V_ASN1_SEQUENCE) - { + if (t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; pval = t1->value.ptr; - } - else if (ptype == V_ASN1_SEQUENCE) + } else if (ptype == V_ASN1_SEQUENCE) p8->broken = PKCS8_NS_DB; else goto decerr; @@ -234,22 +219,20 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; privkey = t2->value.integer; - } - else - { + } else { const unsigned char *q = p; + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) goto decerr; - if (privkey->type == V_ASN1_NEG_INTEGER) - { + if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; ASN1_INTEGER_free(privkey); - if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) + if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen))) goto decerr; - } + } if (ptype != V_ASN1_SEQUENCE) goto decerr; - } + } pstr = pval; pm = pstr->data; @@ -257,50 +240,47 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) goto decerr; /* We have parameters now set private key */ - if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) - { + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); goto dsaerr; - } + } /* Calculate public key */ - if (!(dsa->pub_key = BN_new())) - { + if (!(dsa->pub_key = BN_new())) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; - } - if (!(ctx = BN_CTX_new())) - { + } + if (!(ctx = BN_CTX_new())) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; - } + } - if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) - { + if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); goto dsaerr; - } + } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); - if(ndsa) + if (ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else ASN1_INTEGER_free(privkey); return 1; - decerr: +decerr: DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); - dsaerr: +dsaerr: BN_CTX_free (ctx); if (privkey) ASN1_INTEGER_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; - } +} -static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +static int +dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { ASN1_STRING *params = NULL; ASN1_INTEGER *prkey = NULL; @@ -308,36 +288,31 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) int dplen; params = ASN1_STRING_new(); - - if (!params) - { - DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + if (!params) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); - if (params->length <= 0) - { - DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + if (params->length <= 0) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; - } + } params->type = V_ASN1_SEQUENCE; /* Get private key into integer */ prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); - - if (!prkey) - { - DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR); + if (!prkey) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR); goto err; - } + } dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_INTEGER_free(prkey); - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, + params, dp, dplen)) goto err; return 1; @@ -351,88 +326,98 @@ err: return 0; } -static int int_dsa_size(const EVP_PKEY *pkey) - { - return(DSA_size(pkey->pkey.dsa)); - } +static int +int_dsa_size(const EVP_PKEY *pkey) +{ + return DSA_size(pkey->pkey.dsa); +} -static int dsa_bits(const EVP_PKEY *pkey) - { +static int +dsa_bits(const EVP_PKEY *pkey) +{ return BN_num_bits(pkey->pkey.dsa->p); - } +} -static int dsa_missing_parameters(const EVP_PKEY *pkey) - { +static int +dsa_missing_parameters(const EVP_PKEY *pkey) +{ DSA *dsa; - dsa=pkey->pkey.dsa; - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - return 1; + + dsa = pkey->pkey.dsa; + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) + return 1; return 0; - } +} -static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) - { +static int +dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) +{ BIGNUM *a; - if ((a=BN_dup(from->pkey.dsa->p)) == NULL) + if ((a = BN_dup(from->pkey.dsa->p)) == NULL) return 0; if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p); - to->pkey.dsa->p=a; + to->pkey.dsa->p = a; - if ((a=BN_dup(from->pkey.dsa->q)) == NULL) + if ((a = BN_dup(from->pkey.dsa->q)) == NULL) return 0; if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q); - to->pkey.dsa->q=a; + to->pkey.dsa->q = a; - if ((a=BN_dup(from->pkey.dsa->g)) == NULL) + if ((a = BN_dup(from->pkey.dsa->g)) == NULL) return 0; if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); - to->pkey.dsa->g=a; + to->pkey.dsa->g = a; return 1; - } +} -static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) - { - if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || - BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || - BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) +static int +dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || + BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || + BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) return 0; else return 1; - } +} -static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) - { - if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) +static int +dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) return 0; else return 1; - } +} -static void int_dsa_free(EVP_PKEY *pkey) - { +static void +int_dsa_free(EVP_PKEY *pkey) +{ DSA_free(pkey->pkey.dsa); - } +} -static void update_buflen(const BIGNUM *b, size_t *pbuflen) - { +static void +update_buflen(const BIGNUM *b, size_t *pbuflen) +{ size_t i; + if (!b) return; if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; - } + *pbuflen = i; +} -static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) - { - unsigned char *m=NULL; - int ret=0; - size_t buf_len=0; +static int +do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) +{ + unsigned char *m = NULL; + int ret = 0; + size_t buf_len = 0; const char *ktype = NULL; - const BIGNUM *priv_key, *pub_key; if (ptype == 2) @@ -458,183 +443,187 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) update_buflen(priv_key, &buf_len); update_buflen(pub_key, &buf_len); - m = malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE); + m = malloc(buf_len + 10); + if (m == NULL) { + DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE); goto err; - } + } - if (priv_key) - { - if(!BIO_indent(bp,off,128)) - goto err; - if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p)) - <= 0) goto err; - } + if (priv_key) { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "%s: (%d bit)\n", ktype, + BN_num_bits(x->p)) <= 0) + goto err; + } - if (!ASN1_bn_print(bp,"priv:",priv_key,m,off)) + if (!ASN1_bn_print(bp, "priv:", priv_key, m, off)) + goto err; + if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off)) + goto err; + if (!ASN1_bn_print(bp, "P: ", x->p, m, off)) goto err; - if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off)) + if (!ASN1_bn_print(bp, "Q: ", x->q, m, off)) goto err; - if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err; - if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err; - if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err; - ret=1; + if (!ASN1_bn_print(bp, "G: ", x->g, m, off)) + goto err; + ret = 1; err: free(m); return(ret); - } +} -static int dsa_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { +static int +dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ DSA *dsa; - if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) - { + + if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) { DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); return 0; - } + } EVP_PKEY_assign_DSA(pkey, dsa); return 1; - } +} -static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) - { +static int +dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ return i2d_DSAparams(pkey->pkey.dsa, pder); - } +} -static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { +static int +dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); - } +} -static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { +static int +dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); - } - +} -static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { +static int +dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); - } +} -static int old_dsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { +static int +old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ DSA *dsa; - if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) - { + + if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) { DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); return 0; - } + } EVP_PKEY_assign_DSA(pkey, dsa); return 1; - } +} -static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) - { +static int +old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); - } +} -static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, - int indent, ASN1_PCTX *pctx) - { +static int +dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx) +{ DSA_SIG *dsa_sig; const unsigned char *p; - if (!sig) - { + + if (!sig) { if (BIO_puts(bp, "\n") <= 0) return 0; else return 1; - } + } p = sig->data; dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); - if (dsa_sig) - { + if (dsa_sig) { int rv = 0; size_t buf_len = 0; - unsigned char *m=NULL; + unsigned char *m = NULL; + update_buflen(dsa_sig->r, &buf_len); update_buflen(dsa_sig->s, &buf_len); - m = malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE); + m = malloc(buf_len + 10); + if (m == NULL) { + DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE); goto err; - } + } if (BIO_write(bp, "\n", 1) != 1) goto err; - if (!ASN1_bn_print(bp,"r: ",dsa_sig->r,m,indent)) + if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent)) goto err; - if (!ASN1_bn_print(bp,"s: ",dsa_sig->s,m,indent)) + if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) goto err; rv = 1; - err: +err: free(m); DSA_SIG_free(dsa_sig); return rv; - } - return X509_signature_dump(bp, sig, indent); } + return X509_signature_dump(bp, sig, indent); +} -static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - { - switch (op) - { - case ASN1_PKEY_CTRL_PKCS7_SIGN: - if (arg1 == 0) - { +static int +dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) { int snid, hnid; X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); if (alg1 == NULL || alg1->algorithm == NULL) return -1; hnid = OBJ_obj2nid(alg1->algorithm); if (hnid == NID_undef) return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + if (!OBJ_find_sigid_by_algs(&snid, hnid, + EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, + 0); + } return 1; #ifndef OPENSSL_NO_CMS - case ASN1_PKEY_CTRL_CMS_SIGN: - if (arg1 == 0) - { + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) { int snid, hnid; X509_ALGOR *alg1, *alg2; + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); if (alg1 == NULL || alg1->algorithm == NULL) return -1; hnid = OBJ_obj2nid(alg1->algorithm); if (hnid == NID_undef) return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + if (!OBJ_find_sigid_by_algs(&snid, hnid, + EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, + 0); + } return 1; #endif - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha1; return 2; - default: + default: return -2; - - } - } +} /* NB these are sorted in pkey_id order, lowest first */ diff --git a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c index 25288a0dda..cc03f29823 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_asn1.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_asn1.c,v 1.11 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -64,17 +64,17 @@ #include /* Override the default new methods */ -static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int +sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { DSA_SIG *sig; + sig = malloc(sizeof(DSA_SIG)); - if (!sig) - { + if (!sig) { DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); return 0; - } + } sig->r = NULL; sig->s = NULL; *pval = (ASN1_VALUE *)sig; @@ -91,14 +91,15 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) /* Override the default free and new methods */ -static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int +dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DSA_new(); - if(*pval) return 2; + if (*pval) + return 2; return 0; - } else if(operation == ASN1_OP_FREE_PRE) { + } else if (operation == ASN1_OP_FREE_PRE) { DSA_free((DSA *)*pval); *pval = NULL; return 2; @@ -125,7 +126,8 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) -/* DSA public key is a bit trickier... its effectively a CHOICE type +/* + * DSA public key is a bit trickier... its effectively a CHOICE type * decided by a field called write_params which can either write out * just the public key as an INTEGER or the parameters and public key * in a SEQUENCE @@ -145,43 +147,49 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) -DSA *DSAparams_dup(DSA *dsa) - { +DSA * +DSAparams_dup(DSA *dsa) +{ return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); - } +} -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) - { +int +DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) +{ DSA_SIG *s; - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) - { - *siglen=0; - return(0); - } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); + + s = DSA_do_sign(dgst, dlen, dsa); + if (s == NULL) { + *siglen = 0; + return 0; } + *siglen = i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return 1; +} -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns +/* + * data has already been hashed (probably with SHA or SHA-1). + * returns * 1: correct signature * 0: incorrect signature * -1: error */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) - { +int +DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) +{ DSA_SIG *s; - int ret=-1; + int ret = -1; s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); + if (s == NULL) + return ret; + if (d2i_DSA_SIG(&s, &sigbuf, siglen) == NULL) + goto err; + ret = DSA_do_verify(dgst, dgst_len, s, dsa); err: DSA_SIG_free(s); - return(ret); - } + return ret; +} diff --git a/src/lib/libssl/src/crypto/dsa/dsa_depr.c b/src/lib/libssl/src/crypto/dsa/dsa_depr.c index 8e3125b66f..50169ac9b2 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_depr.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_depr.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_depr.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -56,19 +56,6 @@ /* This file contains deprecated function(s) that are now wrappers to the new * version(s). */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH EVP_sha() -#else -/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in - * FIPS PUB 180-1) */ -#define HASH EVP_sha1() -#endif - #ifndef OPENSSL_NO_SHA #include @@ -81,24 +68,24 @@ #include #ifndef OPENSSL_NO_DEPRECATED -DSA *DSA_generate_parameters(int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) - { +DSA * +DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), + void *cb_arg) +{ BN_GENCB cb; DSA *ret; - if ((ret=DSA_new()) == NULL) return NULL; + if ((ret = DSA_new()) == NULL) + return NULL; BN_GENCB_set_old(&cb, callback, cb_arg); - if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, - counter_ret, h_ret, &cb)) + if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, + counter_ret, h_ret, &cb)) return ret; DSA_free(ret); return NULL; - } +} #endif #endif diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c index 22c388b9d1..d97f988688 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_gen.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_gen.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_gen.c,v 1.13 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,19 +56,6 @@ * [including the GNU Public Licence.] */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH EVP_sha() -#else -/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in - * FIPS PUB 180-1) */ -#define HASH EVP_sha1() -#endif - #include /* To see if OPENSSL_NO_SHA is defined */ #ifndef OPENSSL_NO_SHA @@ -81,51 +68,47 @@ #include #include "dsa_locl.h" -int DSA_generate_parameters_ex(DSA *ret, int bits, - const unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) - { - if(ret->meth->dsa_paramgen) +int +DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, + int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +{ + if (ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb); - else - { + counter_ret, h_ret, cb); + else { const EVP_MD *evpmd; - size_t qbits = bits >= 2048 ? 256 : 160; + size_t qbits; - if (bits >= 2048) - { + if (bits >= 2048) { qbits = 256; evpmd = EVP_sha256(); - } - else - { + } else { qbits = 160; evpmd = EVP_sha1(); - } - - return dsa_builtin_paramgen(ret, bits, qbits, evpmd, - seed_in, seed_len, NULL, counter_ret, h_ret, cb); } - } -int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) - { - int ok=0; + return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, + seed_len, NULL, counter_ret, h_ret, cb); + } +} + +int +dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, + const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +{ + int ok = 0; unsigned char seed[SHA256_DIGEST_LENGTH]; unsigned char md[SHA256_DIGEST_LENGTH]; - unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; - BIGNUM *r0,*W,*X,*c,*test; - BIGNUM *g=NULL,*q=NULL,*p=NULL; - BN_MONT_CTX *mont=NULL; - int i, k, n=0, m=0, qsize = qbits >> 3; - int counter=0; - int r=0; - BN_CTX *ctx=NULL; - unsigned int h=2; + unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH]; + BIGNUM *r0, *W, *X, *c, *test; + BIGNUM *g = NULL, *q = NULL, *p = NULL; + BN_MONT_CTX *mont = NULL; + int i, k, n = 0, m = 0, qsize = qbits >> 3; + int counter = 0; + int r = 0; + BN_CTX *ctx = NULL; + unsigned int h = 2; if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) @@ -139,16 +122,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (bits < 512) bits = 512; - bits = (bits+63)/64*64; + bits = (bits + 63) / 64 * 64; - /* NB: seed_len == 0 is special case: copy generated seed to + /* + * NB: seed_len == 0 is special case: copy generated seed to * seed_in if it is not NULL. */ - if (seed_len && (seed_len < (size_t)qsize)) + if (seed_len && seed_len < (size_t)qsize) seed_in = NULL; /* seed buffer too small -- ignore */ + /* + * App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits + */ if (seed_len > (size_t)qsize) - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, - * but our internal buffers are restricted to 160 bits*/ + seed_len = qsize; if (seed_in != NULL) memcpy(seed, seed_in, seed_len); @@ -168,38 +155,34 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, p = BN_CTX_get(ctx); test = BN_CTX_get(ctx); - if (!BN_lshift(test,BN_value_one(),bits-1)) + if (!BN_lshift(test, BN_value_one(), bits - 1)) goto err; - for (;;) - { - for (;;) /* find q */ - { + for (;;) { + for (;;) { /* find q */ int seed_is_random; /* step 1 */ - if(!BN_GENCB_call(cb, 0, m++)) + if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (!seed_len) - { + if (!seed_len) { RAND_pseudo_bytes(seed, qsize); seed_is_random = 1; - } - else - { + } else { seed_is_random = 0; - seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ - } - memcpy(buf , seed, qsize); + /* use random seed if 'seed_in' turns out + to be bad */ + seed_len = 0; + } + memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); /* precompute "SEED + 1" for step 7: */ - for (i = qsize-1; i >= 0; i--) - { + for (i = qsize - 1; i >= 0; i--) { buf[i]++; if (buf[i] != 0) break; - } + } /* step 2 */ if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) @@ -207,17 +190,17 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) goto err; for (i = 0; i < qsize; i++) - md[i]^=buf2[i]; + md[i] ^= buf2[i]; /* step 3 */ md[0] |= 0x80; - md[qsize-1] |= 0x01; + md[qsize - 1] |= 0x01; if (!BN_bin2bn(md, qsize, q)) goto err; /* step 4 */ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, - seed_is_random, cb); + seed_is_random, cb); if (r > 0) break; if (r != 0) @@ -225,127 +208,144 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* do a callback call */ /* step 5 */ - } + } - if(!BN_GENCB_call(cb, 2, 0)) goto err; - if(!BN_GENCB_call(cb, 3, 0)) goto err; + if (!BN_GENCB_call(cb, 2, 0)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; /* step 6 */ - counter=0; + counter = 0; /* "offset = 2" */ - n=(bits-1)/160; + n = (bits - 1) / 160; - for (;;) - { - if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) + for (;;) { + if (counter != 0 && !BN_GENCB_call(cb, 0, counter)) goto err; /* step 7 */ BN_zero(W); /* now 'buf' contains "SEED + offset - 1" */ - for (k=0; k<=n; k++) - { + for (k = 0; k <= n; k++) { /* obtain "SEED + offset + k" by incrementing: */ - for (i = qsize-1; i >= 0; i--) - { + for (i = qsize - 1; i >= 0; i--) { buf[i]++; if (buf[i] != 0) break; - } + } if (!EVP_Digest(buf, qsize, md ,NULL, evpmd, - NULL)) + NULL)) goto err; /* step 8 */ if (!BN_bin2bn(md, qsize, r0)) goto err; - if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; - if (!BN_add(W,W,r0)) goto err; - } + if (!BN_lshift(r0, r0, (qsize << 3) * k)) + goto err; + if (!BN_add(W, W, r0)) + goto err; + } /* more of step 8 */ - if (!BN_mask_bits(W,bits-1)) goto err; - if (!BN_copy(X,W)) goto err; - if (!BN_add(X,X,test)) goto err; + if (!BN_mask_bits(W, bits - 1)) + goto err; + if (!BN_copy(X, W)) + goto err; + if (!BN_add(X, X, test)) + goto err; /* step 9 */ - if (!BN_lshift1(r0,q)) goto err; - if (!BN_mod(c,X,r0,ctx)) goto err; - if (!BN_sub(r0,c,BN_value_one())) goto err; - if (!BN_sub(p,X,r0)) goto err; + if (!BN_lshift1(r0, q)) + goto err; + if (!BN_mod(c, X, r0, ctx)) + goto err; + if (!BN_sub(r0, c, BN_value_one())) + goto err; + if (!BN_sub(p, X, r0)) + goto err; /* step 10 */ - if (BN_cmp(p,test) >= 0) - { + if (BN_cmp(p, test) >= 0) { /* step 11 */ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, - ctx, 1, cb); + ctx, 1, cb); if (r > 0) - goto end; /* found it */ + goto end; /* found it */ if (r != 0) goto err; - } + } /* step 13 */ counter++; /* "offset = offset + n + 1" */ /* step 14 */ - if (counter >= 4096) break; - } + if (counter >= 4096) + break; } + } end: - if(!BN_GENCB_call(cb, 2, 1)) + if (!BN_GENCB_call(cb, 2, 1)) goto err; /* We now need to generate g */ /* Set r0=(p-1)/q */ - if (!BN_sub(test,p,BN_value_one())) goto err; - if (!BN_div(r0,NULL,test,q,ctx)) goto err; + if (!BN_sub(test, p, BN_value_one())) + goto err; + if (!BN_div(r0, NULL, test, q, ctx)) + goto err; - if (!BN_set_word(test,h)) goto err; - if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; + if (!BN_set_word(test, h)) + goto err; + if (!BN_MONT_CTX_set(mont, p, ctx)) + goto err; - for (;;) - { + for (;;) { /* g=test^r0%p */ - if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; - if (!BN_is_one(g)) break; - if (!BN_add(test,test,BN_value_one())) goto err; + if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) + goto err; + if (!BN_is_one(g)) + break; + if (!BN_add(test, test, BN_value_one())) + goto err; h++; - } + } - if(!BN_GENCB_call(cb, 3, 1)) + if (!BN_GENCB_call(cb, 3, 1)) goto err; - ok=1; + ok = 1; err: - if (ok) - { - if(ret->p) BN_free(ret->p); - if(ret->q) BN_free(ret->q); - if(ret->g) BN_free(ret->g); - ret->p=BN_dup(p); - ret->q=BN_dup(q); - ret->g=BN_dup(g); - if (ret->p == NULL || ret->q == NULL || ret->g == NULL) - { - ok=0; + if (ok) { + if (ret->p) + BN_free(ret->p); + if (ret->q) + BN_free(ret->q); + if (ret->g) + BN_free(ret->g); + ret->p = BN_dup(p); + ret->q = BN_dup(q); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { + ok = 0; goto err; - } - if (counter_ret != NULL) *counter_ret=counter; - if (h_ret != NULL) *h_ret=h; + } + if (counter_ret != NULL) + *counter_ret = counter; + if (h_ret != NULL) + *h_ret = h; if (seed_out) memcpy(seed_out, seed, qsize); - } - if(ctx) - { + } + if (ctx) { BN_CTX_end(ctx); BN_CTX_free(ctx); - } - if (mont != NULL) BN_MONT_CTX_free(mont); - return ok; } + if (mont != NULL) + BN_MONT_CTX_free(mont); + return ok; +} #endif diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c index 7747ed1416..2d11f59107 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_key.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_key.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_key.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,63 +66,67 @@ static int dsa_builtin_keygen(DSA *dsa); -int DSA_generate_key(DSA *dsa) - { - if(dsa->meth->dsa_keygen) +int +DSA_generate_key(DSA *dsa) +{ + if (dsa->meth->dsa_keygen) return dsa->meth->dsa_keygen(dsa); return dsa_builtin_keygen(dsa); - } +} -static int dsa_builtin_keygen(DSA *dsa) - { - int ok=0; - BN_CTX *ctx=NULL; - BIGNUM *pub_key=NULL,*priv_key=NULL; +static int +dsa_builtin_keygen(DSA *dsa) +{ + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; - if ((ctx=BN_CTX_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL) + goto err; - if (dsa->priv_key == NULL) - { - if ((priv_key=BN_new()) == NULL) goto err; - } - else + if (dsa->priv_key == NULL) { + if ((priv_key = BN_new()) == NULL) + goto err; + } else priv_key=dsa->priv_key; - do - if (!BN_rand_range(priv_key,dsa->q)) goto err; - while (BN_is_zero(priv_key)); + do { + if (!BN_rand_range(priv_key, dsa->q)) + goto err; + } while (BN_is_zero(priv_key)); - if (dsa->pub_key == NULL) - { - if ((pub_key=BN_new()) == NULL) goto err; - } - else + if (dsa->pub_key == NULL) { + if ((pub_key = BN_new()) == NULL) + goto err; + } else pub_key=dsa->pub_key; { BIGNUM local_prk; BIGNUM *prk; - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) - { + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_init(&local_prk); prk = &local_prk; BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - } - else + } else prk = priv_key; - if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err; + if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) + goto err; } - dsa->priv_key=priv_key; - dsa->pub_key=pub_key; - ok=1; + dsa->priv_key = priv_key; + dsa->pub_key = pub_key; + ok = 1; err: - if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); - if (ctx != NULL) BN_CTX_free(ctx); - return(ok); - } + if (pub_key != NULL && dsa->pub_key == NULL) + BN_free(pub_key); + if (priv_key != NULL && dsa->priv_key == NULL) + BN_free(priv_key); + if (ctx != NULL) + BN_CTX_free(ctx); + return ok; +} #endif diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c index d625f0f282..334d5ba7f2 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_lib.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_lib.c,v 1.16 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_lib.c,v 1.17 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,198 +70,212 @@ #include #endif -const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; +const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT; static const DSA_METHOD *default_DSA_method = NULL; -void DSA_set_default_method(const DSA_METHOD *meth) - { +void +DSA_set_default_method(const DSA_METHOD *meth) +{ default_DSA_method = meth; - } +} -const DSA_METHOD *DSA_get_default_method(void) - { - if(!default_DSA_method) - { +const DSA_METHOD * +DSA_get_default_method(void) +{ + if (!default_DSA_method) default_DSA_method = DSA_OpenSSL(); - } return default_DSA_method; - } +} -DSA *DSA_new(void) - { +DSA * +DSA_new(void) +{ return DSA_new_method(NULL); - } - -int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ +} + +int +DSA_set_method(DSA *dsa, const DSA_METHOD *meth) +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ const DSA_METHOD *mtmp; mtmp = dsa->meth; - if (mtmp->finish) mtmp->finish(dsa); + if (mtmp->finish) + mtmp->finish(dsa); #ifndef OPENSSL_NO_ENGINE - if (dsa->engine) - { + if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; - } + } #endif dsa->meth = meth; - if (meth->init) meth->init(dsa); + if (meth->init) + meth->init(dsa); return 1; - } +} -DSA *DSA_new_method(ENGINE *engine) - { +DSA * +DSA_new_method(ENGINE *engine) +{ DSA *ret; ret = malloc(sizeof(DSA)); - if (ret == NULL) - { - DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } + if (ret == NULL) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->meth = DSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE - if (engine) - { - if (!ENGINE_init(engine)) - { + if (engine) { + if (!ENGINE_init(engine)) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); free(ret); return NULL; - } - ret->engine = engine; } - else + ret->engine = engine; + } else ret->engine = ENGINE_get_default_DSA(); - if(ret->engine) - { + if (ret->engine) { ret->meth = ENGINE_get_DSA(ret->engine); - if(!ret->meth) - { - DSAerr(DSA_F_DSA_NEW_METHOD, - ERR_R_ENGINE_LIB); + if (!ret->meth) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); free(ret); return NULL; - } } + } #endif - ret->pad=0; - ret->version=0; - ret->write_params=1; - ret->p=NULL; - ret->q=NULL; - ret->g=NULL; + ret->pad = 0; + ret->version = 0; + ret->write_params = 1; + ret->p = NULL; + ret->q = NULL; + ret->g = NULL; - ret->pub_key=NULL; - ret->priv_key=NULL; + ret->pub_key = NULL; + ret->priv_key = NULL; - ret->kinv=NULL; - ret->r=NULL; - ret->method_mont_p=NULL; + ret->kinv = NULL; + ret->r = NULL; + ret->method_mont_p = NULL; - ret->references=1; - ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; + ret->references = 1; + ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { + if (ret->meth->init != NULL && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); free(ret); - ret=NULL; - } - - return(ret); + ret = NULL; } + + return ret; +} -void DSA_free(DSA *r) - { +void +DSA_free(DSA *r) +{ int i; - if (r == NULL) return; + if (r == NULL) + return; - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); - if (i > 0) return; + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA); + if (i > 0) + return; - if(r->meth->finish) + if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE - if(r->engine) + if (r->engine) ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->g != NULL) BN_clear_free(r->g); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - if (r->kinv != NULL) BN_clear_free(r->kinv); - if (r->r != NULL) BN_clear_free(r->r); + if (r->p != NULL) + BN_clear_free(r->p); + if (r->q != NULL) + BN_clear_free(r->q); + if (r->g != NULL) + BN_clear_free(r->g); + if (r->pub_key != NULL) + BN_clear_free(r->pub_key); + if (r->priv_key != NULL) + BN_clear_free(r->priv_key); + if (r->kinv != NULL) + BN_clear_free(r->kinv); + if (r->r != NULL) + BN_clear_free(r->r); free(r); - } +} -int DSA_up_ref(DSA *r) - { +int +DSA_up_ref(DSA *r) +{ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); - return ((i > 1) ? 1 : 0); - } + return i > 1 ? 1 : 0; +} -int DSA_size(const DSA *r) - { - int ret,i; +int +DSA_size(const DSA *r) +{ + int ret, i; ASN1_INTEGER bs; unsigned char buf[4]; /* 4 bytes looks really small. However, i2d_ASN1_INTEGER() will not look beyond the first byte, as long as the second parameter is NULL. */ - i=BN_num_bits(r->q); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; + i = BN_num_bits(r->q); + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; + buf[0] = 0xff; - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - return(ret); - } + i = i2d_ASN1_INTEGER(&bs, NULL); + i += i; /* r and s */ + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + return ret; +} -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int DSA_set_ex_data(DSA *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } +int +DSA_set_ex_data(DSA *d, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); +} -void *DSA_get_ex_data(DSA *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); - } +void * +DSA_get_ex_data(DSA *d, int idx) +{ + return CRYPTO_get_ex_data(&d->ex_data, idx); +} #ifndef OPENSSL_NO_DH -DH *DSA_dup_DH(const DSA *r) - { - /* DSA has p, q, g, optional pub_key, optional priv_key. +DH * +DSA_dup_DH(const DSA *r) +{ + /* + * DSA has p, q, g, optional pub_key, optional priv_key. * DH has p, optional length, g, optional pub_key, optional priv_key, * optional q. */ - DH *ret = NULL; if (r == NULL) @@ -272,12 +286,11 @@ DH *DSA_dup_DH(const DSA *r) if (r->p != NULL) if ((ret->p = BN_dup(r->p)) == NULL) goto err; - if (r->q != NULL) - { + if (r->q != NULL) { ret->length = BN_num_bits(r->q); if ((ret->q = BN_dup(r->q)) == NULL) goto err; - } + } if (r->g != NULL) if ((ret->g = BN_dup(r->g)) == NULL) goto err; @@ -290,9 +303,9 @@ DH *DSA_dup_DH(const DSA *r) return ret; - err: +err: if (ret != NULL) DH_free(ret); return NULL; - } +} #endif diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c index 61a20f41a7..17119eb187 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.18 2014/06/27 06:07:35 deraadt Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.19 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,9 +67,10 @@ #include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa); + DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); @@ -82,7 +83,8 @@ static DSA_METHOD openssl_dsa_meth = { .finish = dsa_finish }; -/* These macro wrappers replace attempts to use the dsa_mod_exp() and +/* + * These macro wrappers replace attempts to use the dsa_mod_exp() and * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of * having a the macro work as an expression by bundling an "err_instr". So; * @@ -96,315 +98,333 @@ static DSA_METHOD openssl_dsa_meth = { */ #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ - do { \ - int _tmp_res53; \ - if((dsa)->meth->dsa_mod_exp) \ - _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \ - (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \ - else \ - _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \ - (p1), (a2), (p2), (m), (ctx), (in_mont)); \ - if(!_tmp_res53) \ - err_instr; \ - } while(0) +do { \ + int _tmp_res53; \ + if ((dsa)->meth->dsa_mod_exp) \ + _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), \ + (a1), (p1), (a2), (p2), (m), (ctx), (in_mont)); \ + else \ + _tmp_res53 = BN_mod_exp2_mont((rr), (a1), \ + (p1), (a2), (p2), (m), (ctx), (in_mont)); \ + if (!_tmp_res53) \ + err_instr; \ +} while(0) #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ - do { \ - int _tmp_res53; \ - if((dsa)->meth->bn_mod_exp) \ - _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \ - (a), (p), (m), (ctx), (m_ctx)); \ - else \ - _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \ - (ctx), (m_ctx)); \ - if(!_tmp_res53) \ - err_instr; \ - } while(0) - -const DSA_METHOD *DSA_OpenSSL(void) +do { \ + int _tmp_res53; \ + if ((dsa)->meth->bn_mod_exp) \ + _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), \ + (a), (p), (m), (ctx), (m_ctx)); \ + else \ + _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), \ + (ctx), (m_ctx)); \ + if (!_tmp_res53) \ + err_instr; \ +} while(0) + +const DSA_METHOD * +DSA_OpenSSL(void) { return &openssl_dsa_meth; } -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - BIGNUM *kinv=NULL,*r=NULL,*s=NULL; +static DSA_SIG * +dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ + BIGNUM *kinv = NULL, *r = NULL, *s = NULL; BIGNUM m; BIGNUM xr; - BN_CTX *ctx=NULL; - int reason=ERR_R_BN_LIB; - DSA_SIG *ret=NULL; + BN_CTX *ctx = NULL; + int reason = ERR_R_BN_LIB; + DSA_SIG *ret = NULL; int noredo = 0; BN_init(&m); BN_init(&xr); - if (!dsa->p || !dsa->q || !dsa->g) - { - reason=DSA_R_MISSING_PARAMETERS; + if (!dsa->p || !dsa->q || !dsa->g) { + reason = DSA_R_MISSING_PARAMETERS; goto err; - } + } - s=BN_new(); - if (s == NULL) goto err; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; + s = BN_new(); + if (s == NULL) + goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; redo: - if ((dsa->kinv == NULL) || (dsa->r == NULL)) - { - if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; - } - else - { - kinv=dsa->kinv; - dsa->kinv=NULL; - r=dsa->r; - dsa->r=NULL; + if (dsa->kinv == NULL || dsa->r == NULL) { + if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) + goto err; + } else { + kinv = dsa->kinv; + dsa->kinv = NULL; + r = dsa->r; + dsa->r = NULL; noredo = 1; - } + } + /* + * If the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 + */ if (dlen > BN_num_bytes(dsa->q)) - /* if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see - * fips 186-3, 4.2 */ dlen = BN_num_bytes(dsa->q); if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ - if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ - if (BN_cmp(s,dsa->q) > 0) - if (!BN_sub(s,s,dsa->q)) goto err; - if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; - - ret=DSA_SIG_new(); - if (ret == NULL) goto err; - /* Redo if r or s is zero as required by FIPS 186-3: this is + if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) /* s = xr */ + goto err; + if (!BN_add(s, &xr, &m)) /* s = m + xr */ + goto err; + if (BN_cmp(s, dsa->q) > 0) + if (!BN_sub(s, s, dsa->q)) + goto err; + if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) + goto err; + + ret = DSA_SIG_new(); + if (ret == NULL) + goto err; + /* + * Redo if r or s is zero as required by FIPS 186-3: this is * very unlikely. */ - if (BN_is_zero(r) || BN_is_zero(s)) - { - if (noredo) - { + if (BN_is_zero(r) || BN_is_zero(s)) { + if (noredo) { reason = DSA_R_NEED_NEW_SETUP_VALUES; goto err; - } - goto redo; } + goto redo; + } ret->r = r; ret->s = s; err: - if (!ret) - { - DSAerr(DSA_F_DSA_DO_SIGN,reason); + if (!ret) { + DSAerr(DSA_F_DSA_DO_SIGN, reason); BN_free(r); BN_free(s); - } - if (ctx != NULL) BN_CTX_free(ctx); + } + if (ctx != NULL) + BN_CTX_free(ctx); BN_clear_free(&m); BN_clear_free(&xr); if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ BN_clear_free(kinv); - return(ret); - } + return ret; +} -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { +static int +dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ BN_CTX *ctx; - BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; - int ret=0; + BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; + int ret = 0; - if (!dsa->p || !dsa->q || !dsa->g) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); return 0; - } + } BN_init(&k); BN_init(&kq); - if (ctx_in == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=ctx_in; + if (ctx_in == NULL) { + if ((ctx = BN_CTX_new()) == NULL) + goto err; + } else + ctx = ctx_in; - if ((r=BN_new()) == NULL) goto err; + if ((r = BN_new()) == NULL) + goto err; /* Get random k */ - do - if (!BN_rand_range(&k, dsa->q)) goto err; - while (BN_is_zero(&k)); - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) - { + do { + if (!BN_rand_range(&k, dsa->q)) + goto err; + } while (BN_is_zero(&k)); + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_set_flags(&k, BN_FLG_CONSTTIME); - } + } - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) - { + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, - CRYPTO_LOCK_DSA, - dsa->p, ctx)) + CRYPTO_LOCK_DSA, dsa->p, ctx)) goto err; - } + } /* Compute r = (g^k mod p) mod q */ - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) - { - if (!BN_copy(&kq, &k)) goto err; + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { + if (!BN_copy(&kq, &k)) + goto err; - /* We do not want timing information to leak the length of k, - * so we compute g^k using an equivalent exponent of fixed length. + /* + * We do not want timing information to leak the length of k, + * so we compute g^k using an equivalent exponent of fixed + * length. * * (This is a kludge that we need because the BN_mod_exp_mont() - * does not let us specify the desired timing behaviour.) */ + * does not let us specify the desired timing behaviour.) + */ - if (!BN_add(&kq, &kq, dsa->q)) goto err; - if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) - { - if (!BN_add(&kq, &kq, dsa->q)) goto err; - } + if (!BN_add(&kq, &kq, dsa->q)) + goto err; + if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { + if (!BN_add(&kq, &kq, dsa->q)) + goto err; + } K = &kq; - } - else - { + } else { K = &k; - } + } DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, - dsa->method_mont_p); - if (!BN_mod(r,r,dsa->q,ctx)) goto err; + dsa->method_mont_p); + if (!BN_mod(r,r,dsa->q,ctx)) + goto err; /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; - - if (*kinvp != NULL) BN_clear_free(*kinvp); - *kinvp=kinv; - kinv=NULL; - if (*rp != NULL) BN_clear_free(*rp); - *rp=r; - ret=1; + if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) + goto err; + + if (*kinvp != NULL) + BN_clear_free(*kinvp); + *kinvp = kinv; + kinv = NULL; + if (*rp != NULL) + BN_clear_free(*rp); + *rp = r; + ret = 1; err: - if (!ret) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); + if (!ret) { + DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); if (r != NULL) BN_clear_free(r); - } - if (ctx_in == NULL) BN_CTX_free(ctx); + } + if (ctx_in == NULL) + BN_CTX_free(ctx); BN_clear_free(&k); BN_clear_free(&kq); - return(ret); - } + return ret; +} -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { +static int +dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) +{ BN_CTX *ctx; - BIGNUM u1,u2,t1; - BN_MONT_CTX *mont=NULL; + BIGNUM u1, u2, t1; + BN_MONT_CTX *mont = NULL; int ret = -1, i; - if (!dsa->p || !dsa->q || !dsa->g) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); + + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS); return -1; - } + } i = BN_num_bits(dsa->q); /* fips 186-3 allows only different sizes for q */ - if (i != 160 && i != 224 && i != 256) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); + if (i != 160 && i != 224 && i != 256) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; - } + } - if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); return -1; - } + } BN_init(&u1); BN_init(&u2); BN_init(&t1); - if ((ctx=BN_CTX_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL) + goto err; if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, dsa->q) >= 0) - { + BN_ucmp(sig->r, dsa->q) >= 0) { ret = 0; goto err; - } + } if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || - BN_ucmp(sig->s, dsa->q) >= 0) - { + BN_ucmp(sig->s, dsa->q) >= 0) { ret = 0; goto err; - } + } /* Calculate W = inv(S) mod Q * save W in u2 */ - if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; + if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL) + goto err; /* save M in u1 */ + /* + * If the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 + */ if (dgst_len > (i >> 3)) - /* if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see - * fips 186-3, 4.2 */ dgst_len = (i >> 3); - if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; + if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) + goto err; /* u1 = M * w mod q */ - if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; + if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) + goto err; /* u2 = r * w mod q */ - if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; + if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) + goto err; - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) - { + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, - CRYPTO_LOCK_DSA, dsa->p, ctx); + CRYPTO_LOCK_DSA, dsa->p, ctx); if (!mont) goto err; - } - + } - DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); + DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, + ctx, mont); /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; + if (!BN_mod(&u1, &t1, dsa->q, ctx)) + goto err; /* V is now in u1. If the signature is correct, it will be * equal to R. */ - ret=(BN_ucmp(&u1, sig->r) == 0); + ret = BN_ucmp(&u1, sig->r) == 0; - err: +err: /* XXX: surely this is wrong - if ret is 0, it just didn't verify; there is no error in BN. Test should be ret == -1 (Ben) */ - if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); - if (ctx != NULL) BN_CTX_free(ctx); + if (ret != 1) + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); + if (ctx != NULL) + BN_CTX_free(ctx); BN_free(&u1); BN_free(&u2); BN_free(&t1); - return(ret); - } + return ret; +} -static int dsa_init(DSA *dsa) +static int +dsa_init(DSA *dsa) { - dsa->flags|=DSA_FLAG_CACHE_MONT_P; - return(1); + dsa->flags |= DSA_FLAG_CACHE_MONT_P; + return 1; } -static int dsa_finish(DSA *dsa) +static int +dsa_finish(DSA *dsa) { - if(dsa->method_mont_p) + if (dsa->method_mont_p) BN_MONT_CTX_free(dsa->method_mont_p); - return(1); + return 1; } diff --git a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c index e75f0153de..f013a3f6e7 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ +/* $OpenBSD: dsa_pmeth.c,v 1.7 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -68,8 +68,7 @@ /* DSA pkey context structure */ -typedef struct - { +typedef struct { /* Parameter gen parameters */ int nbits; /* size of p in bits (default: 1024) */ int qbits; /* size of q in bits (default: 160) */ @@ -78,11 +77,13 @@ typedef struct int gentmp[2]; /* message digest */ const EVP_MD *md; /* MD for the signature */ - } DSA_PKEY_CTX; +} DSA_PKEY_CTX; -static int pkey_dsa_init(EVP_PKEY_CTX *ctx) - { +static int +pkey_dsa_init(EVP_PKEY_CTX *ctx) +{ DSA_PKEY_CTX *dctx; + dctx = malloc(sizeof(DSA_PKEY_CTX)); if (!dctx) return 0; @@ -96,11 +97,13 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) ctx->keygen_info_count = 2; return 1; - } +} -static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - { +static int +pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ DSA_PKEY_CTX *dctx, *sctx; + if (!pkey_dsa_init(dst)) return 0; sctx = src->data; @@ -110,17 +113,20 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->pmd = sctx->pmd; dctx->md = sctx->md; return 1; - } +} -static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) - { +static void +pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) +{ DSA_PKEY_CTX *dctx = ctx->data; + free(dctx); - } +} -static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen) - { +static int +pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ int ret, type; unsigned int sltmp; DSA_PKEY_CTX *dctx = ctx->data; @@ -137,12 +143,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, return ret; *siglen = sltmp; return 1; - } +} -static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) - { +static int +pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ int ret, type; DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; @@ -155,69 +161,67 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); return ret; - } +} -static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - { +static int +pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ DSA_PKEY_CTX *dctx = ctx->data; - switch (type) - { - case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: + + switch (type) { + case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: if (p1 < 256) return -2; dctx->nbits = p1; return 1; - case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: if (p1 != 160 && p1 != 224 && p1 && p1 != 256) return -2; dctx->qbits = p1; return 1; - case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256) - { + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; - } + } dctx->md = p2; return 1; - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *)p2) != NID_dsa && - EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512) - { + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; - } + } dctx->md = p2; return 1; - case EVP_PKEY_CTRL_DIGESTINIT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - case EVP_PKEY_CTRL_CMS_SIGN: + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: return 1; - case EVP_PKEY_CTRL_PEER_KEY: - DSAerr(DSA_F_PKEY_DSA_CTRL, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - default: + case EVP_PKEY_CTRL_PEER_KEY: + DSAerr(DSA_F_PKEY_DSA_CTRL, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + default: return -2; - - } } +} -static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) - { +static int +pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ long lval; char *ep; @@ -228,69 +232,71 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, lval = strtol(value, &ep, 10); if (value[0] == '\0' || *ep != '\0') goto not_a_number; - if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || (lval > INT_MAX || lval < INT_MIN)) goto out_of_range; nbits = lval; return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); - } - if (!strcmp(type, "dsa_paramgen_q_bits")) { + } else if (!strcmp(type, "dsa_paramgen_q_bits")) { int qbits; errno = 0; lval = strtol(value, &ep, 10); if (value[0] == '\0' || *ep != '\0') goto not_a_number; - if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || (lval > INT_MAX || lval < INT_MIN)) goto out_of_range; qbits = lval; - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); - } - if (!strcmp(type, "dsa_paramgen_md")){ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, + EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, + qbits, NULL); + } else if (!strcmp(type, "dsa_paramgen_md")) { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, + EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)EVP_get_digestbyname(value)); } not_a_number: out_of_range: return -2; - } +} -static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { +static int +pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ DSA *dsa = NULL; DSA_PKEY_CTX *dctx = ctx->data; BN_GENCB *pcb, cb; int ret; - if (ctx->pkey_gencb) - { + + if (ctx->pkey_gencb) { pcb = &cb; evp_pkey_set_cb_translate(pcb, ctx); - } - else + } else pcb = NULL; dsa = DSA_new(); if (!dsa) return 0; ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, - NULL, 0, NULL, NULL, NULL, pcb); + NULL, 0, NULL, NULL, NULL, pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else DSA_free(dsa); return ret; - } +} -static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { +static int +pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ DSA *dsa = NULL; - if (ctx->pkey == NULL) - { + + if (ctx->pkey == NULL) { DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); return 0; - } + } dsa = DSA_new(); if (!dsa) return 0; @@ -299,7 +305,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) return 0; return DSA_generate_key(pkey->pkey.dsa); - } +} const EVP_PKEY_METHOD dsa_pkey_meth = { .pkey_id = EVP_PKEY_DSA, diff --git a/src/lib/libssl/src/crypto/dsa/dsa_prn.c b/src/lib/libssl/src/crypto/dsa/dsa_prn.c index e730c1a092..5a7423c831 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_prn.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_prn.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_prn.c,v 1.4 2014/07/09 10:16:24 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -61,59 +61,62 @@ #include #include -int DSA_print_fp(FILE *fp, const DSA *x, int off) - { +int +DSA_print_fp(FILE *fp, const DSA *x, int off) +{ BIO *b; int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSA_print(b,x,off); - BIO_free(b); - return(ret); + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); + return 0; } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSA_print(b, x, off); + BIO_free(b); + return ret; +} -int DSAparams_print_fp(FILE *fp, const DSA *x) - { +int +DSAparams_print_fp(FILE *fp, const DSA *x) +{ BIO *b; int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSAparams_print(b, x); - BIO_free(b); - return(ret); + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); + return 0; } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSAparams_print(b, x); + BIO_free(b); + return ret; +} -int DSA_print(BIO *bp, const DSA *x, int off) - { +int +DSA_print(BIO *bp, const DSA *x, int off) +{ EVP_PKEY *pk; int ret; + pk = EVP_PKEY_new(); if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) return 0; ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); return ret; - } +} -int DSAparams_print(BIO *bp, const DSA *x) - { +int +DSAparams_print(BIO *bp, const DSA *x) +{ EVP_PKEY *pk; int ret; + pk = EVP_PKEY_new(); if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) return 0; ret = EVP_PKEY_print_params(bp, pk, 4, NULL); EVP_PKEY_free(pk); return ret; - } - +} diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c index 484e5f4357..40223a1d59 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_sign.c,v 1.15 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_sign.c,v 1.16 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,36 +63,39 @@ #include #include -DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { +DSA_SIG * +DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ return dsa->meth->dsa_do_sign(dgst, dlen, dsa); - } +} -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { +int +DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); - } +} -DSA_SIG *DSA_SIG_new(void) - { +DSA_SIG * +DSA_SIG_new(void) +{ DSA_SIG *sig; + sig = malloc(sizeof(DSA_SIG)); if (!sig) return NULL; sig->r = NULL; sig->s = NULL; return sig; - } +} -void DSA_SIG_free(DSA_SIG *sig) - { - if (sig) - { +void +DSA_SIG_free(DSA_SIG *sig) +{ + if (sig) { if (sig->r) BN_free(sig->r); if (sig->s) BN_free(sig->s); free(sig); - } } - +} diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c index f4484abd55..b82fa41259 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_vrf.c,v 1.14 2014/06/12 15:49:28 deraadt Exp $ */ +/* $OpenBSD: dsa_vrf.c,v 1.15 2014/07/09 10:16:24 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,8 +61,8 @@ #include "cryptlib.h" #include -int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { +int +DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) +{ return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); - } +} -- cgit v1.2.3-55-g6feb