diff options
author | kris <kris@FreeBSD.org> | 2000-04-13 06:33:22 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-04-13 06:33:22 +0000 |
commit | 54c77f990d8a5f46f1d18b67cddb279f49176146 (patch) | |
tree | 85b9c007d5ac1d91a3895eef3fd18d6114b62cc4 /crypto/openssl/crypto/dsa | |
parent | 7e4e44947b1aa16034c99654c268dc92300be719 (diff) | |
download | FreeBSD-src-54c77f990d8a5f46f1d18b67cddb279f49176146.zip FreeBSD-src-54c77f990d8a5f46f1d18b67cddb279f49176146.tar.gz |
Initial import of OpenSSL 0.9.5a
Diffstat (limited to 'crypto/openssl/crypto/dsa')
-rw-r--r-- | crypto/openssl/crypto/dsa/Makefile.save | 146 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/Makefile.ssl | 31 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa.h | 61 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_asn1.c | 4 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_err.c | 4 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_gen.c | 171 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_key.c | 3 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_lib.c | 68 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_ossl.c | 321 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_sign.c | 123 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsa_vrf.c | 68 | ||||
-rw-r--r-- | crypto/openssl/crypto/dsa/dsatest.c | 28 |
12 files changed, 698 insertions, 330 deletions
diff --git a/crypto/openssl/crypto/dsa/Makefile.save b/crypto/openssl/crypto/dsa/Makefile.save new file mode 100644 index 0000000..1890d14 --- /dev/null +++ b/crypto/openssl/crypto/dsa/Makefile.save @@ -0,0 +1,146 @@ +# +# SSLeay/crypto/dsa/Makefile +# + +DIR= dsa +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPEND= $(TOP)/util/domd $(TOP) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=dsatest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ + dsa_err.c dsa_ossl.c +LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ + dsa_err.o dsa_ossl.o + +SRC= $(LIBSRC) + +EXHEADER= dsa.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h +dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +dsa_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +dsa_err.o: ../../include/openssl/stack.h +dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h +dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_key.o: ../../include/openssl/stack.h ../cryptlib.h +dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_lib.o: ../cryptlib.h +dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_ossl.o: ../../include/openssl/opensslconf.h +dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_ossl.o: ../cryptlib.h +dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_sign.o: ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_sign.o: ../cryptlib.h +dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_vrf.o: ../cryptlib.h diff --git a/crypto/openssl/crypto/dsa/Makefile.ssl b/crypto/openssl/crypto/dsa/Makefile.ssl index 6d80ce7..1890d14 100644 --- a/crypto/openssl/crypto/dsa/Makefile.ssl +++ b/crypto/openssl/crypto/dsa/Makefile.ssl @@ -22,8 +22,10 @@ TEST=dsatest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c dsa_err.c -LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o dsa_err.o +LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ + dsa_err.c dsa_ossl.c +LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ + dsa_err.o dsa_ossl.o SRC= $(LIBSRC) @@ -86,25 +88,27 @@ dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h -dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h -dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h -dsa_err.o: ../../include/openssl/opensslconf.h +dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +dsa_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +dsa_err.o: ../../include/openssl/stack.h dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_gen.o: ../cryptlib.h +dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_key.o: ../cryptlib.h +dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_key.o: ../../include/openssl/stack.h ../cryptlib.h dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -113,6 +117,15 @@ dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h dsa_lib.o: ../cryptlib.h +dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_ossl.o: ../../include/openssl/opensslconf.h +dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_ossl.o: ../cryptlib.h dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/crypto/openssl/crypto/dsa/dsa.h b/crypto/openssl/crypto/dsa/dsa.h index 20b3f8d..68d9912 100644 --- a/crypto/openssl/crypto/dsa/dsa.h +++ b/crypto/openssl/crypto/dsa/dsa.h @@ -74,13 +74,41 @@ extern "C" { #endif #include <openssl/bn.h> +#include <openssl/crypto.h> #ifndef NO_DH # include <openssl/dh.h> #endif #define DSA_FLAG_CACHE_MONT_P 0x01 -typedef struct dsa_st +typedef struct dsa_st DSA; + +typedef struct DSA_SIG_st + { + BIGNUM *r; + BIGNUM *s; + } DSA_SIG; + +typedef struct dsa_method { + const char *name; + DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); + int flags; + char *app_data; +} DSA_METHOD; + +struct dsa_st { /* This first variable is used to pick up errors where * a DSA is passed instead of of a EVP_PKEY */ @@ -100,15 +128,10 @@ typedef struct dsa_st int flags; /* Normally used to cache montgomery values */ char *method_mont_p; - int references; - } DSA; - -typedef struct DSA_SIG_st - { - BIGNUM *r; - BIGNUM *s; - } DSA_SIG; + CRYPTO_EX_DATA ex_data; + DSA_METHOD *meth; + }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ (char *(*)())d2i_DSAparams,(char *)(x)) @@ -131,7 +154,14 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); int DSA_do_verify(const unsigned char *dgst,int dgst_len, DSA_SIG *sig,DSA *dsa); +DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(DSA_METHOD *); +DSA_METHOD *DSA_get_default_method(void); +DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *); + DSA * DSA_new(void); +DSA * DSA_new_method(DSA_METHOD *meth); int DSA_size(DSA *); /* next 4 return -1 on error */ int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); @@ -140,6 +170,10 @@ int DSA_sign(int type,const unsigned char *dgst,int dlen, int DSA_verify(int type,const unsigned char *dgst,int dgst_len, unsigned char *sigbuf, int siglen, DSA *dsa); void DSA_free (DSA *r); +int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); void ERR_load_DSA_strings(void ); @@ -148,7 +182,7 @@ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret,void - (*callback)(),char *cb_arg); + (*callback)(int, int, void *),void *cb_arg); int DSA_generate_key(DSA *a); int i2d_DSAPublicKey(DSA *a, unsigned char **pp); int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); @@ -163,7 +197,11 @@ int DSAparams_print_fp(FILE *fp, DSA *x); int DSA_print_fp(FILE *bp, DSA *x, int off); #endif -int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg); +#define DSS_prime_checks 50 +/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: + * 50 rounds of Rabin-Miller */ +#define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) #ifndef NO_DH /* Convert DSA structure (key or just parameters) into DH structure @@ -184,7 +222,6 @@ DH *DSA_dup_DH(DSA *r); #define DSA_F_DSAPARAMS_PRINT_FP 101 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 -#define DSA_F_DSA_IS_PRIME 102 #define DSA_F_DSA_NEW 103 #define DSA_F_DSA_PRINT 104 #define DSA_F_DSA_PRINT_FP 105 diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/openssl/crypto/dsa/dsa_asn1.c index 7523b21..c9b32b4 100644 --- a/crypto/openssl/crypto/dsa/dsa_asn1.c +++ b/crypto/openssl/crypto/dsa/dsa_asn1.c @@ -83,7 +83,7 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length) M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) goto err_bn; - ASN1_BIT_STRING_free(bs); + M_ASN1_BIT_STRING_free(bs); M_ASN1_D2I_Finish_2(a); err_bn: @@ -91,6 +91,6 @@ err_bn: err: DSAerr(DSA_F_D2I_DSA_SIG,i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); - if (bs != NULL) ASN1_BIT_STRING_free(bs); + if (bs != NULL) M_ASN1_BIT_STRING_free(bs); return(NULL); } diff --git a/crypto/openssl/crypto/dsa/dsa_err.c b/crypto/openssl/crypto/dsa/dsa_err.c index 33a8270..2b3ab3a 100644 --- a/crypto/openssl/crypto/dsa/dsa_err.c +++ b/crypto/openssl/crypto/dsa/dsa_err.c @@ -54,7 +54,8 @@ */ /* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file. + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include <stdio.h> @@ -70,7 +71,6 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, {ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, {ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, -{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0), "DSA_is_prime"}, {ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, {ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c index b5e5ec0..2294a36 100644 --- a/crypto/openssl/crypto/dsa/dsa_gen.c +++ b/crypto/openssl/crypto/dsa/dsa_gen.c @@ -59,12 +59,18 @@ #undef GENUINE_DSA #ifdef GENUINE_DSA +/* Parameter generation follows the original release of FIPS PUB 186, + * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ #define HASH SHA #else +/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, + * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in + * FIPS PUB 180-1) */ #define HASH SHA1 #endif #ifndef NO_SHA + #include <stdio.h> #include <time.h> #include "cryptlib.h" @@ -74,8 +80,9 @@ #include <openssl/rand.h> DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, void (*callback)(), - char *cb_arg) + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), + void *cb_arg) { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; @@ -86,47 +93,63 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, BN_MONT_CTX *mont=NULL; int k,n=0,i,b,m=0; int counter=0; - BN_CTX *ctx=NULL,*ctx2=NULL; + int r=0; + BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; unsigned int h=2; DSA *ret=NULL; if (bits < 512) bits=512; bits=(bits+63)/64*64; + if (seed_len < 20) + seed_in = NULL; /* seed buffer too small -- ignore */ + if (seed_len > 20) + seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits*/ if ((seed_in != NULL) && (seed_len == 20)) memcpy(seed,seed_in,seed_len); if ((ctx=BN_CTX_new()) == NULL) goto err; if ((ctx2=BN_CTX_new()) == NULL) goto err; + if ((ctx3=BN_CTX_new()) == NULL) goto err; if ((ret=DSA_new()) == NULL) goto err; if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - r0= &(ctx2->bn[0]); - g= &(ctx2->bn[1]); - W= &(ctx2->bn[2]); - q= &(ctx2->bn[3]); - X= &(ctx2->bn[4]); - c= &(ctx2->bn[5]); - p= &(ctx2->bn[6]); - test= &(ctx2->bn[7]); + BN_CTX_start(ctx2); + r0 = BN_CTX_get(ctx2); + g = BN_CTX_get(ctx2); + W = BN_CTX_get(ctx2); + q = BN_CTX_get(ctx2); + X = BN_CTX_get(ctx2); + c = BN_CTX_get(ctx2); + p = BN_CTX_get(ctx2); + test = BN_CTX_get(ctx2); BN_lshift(test,BN_value_one(),bits-1); for (;;) { - for (;;) + for (;;) /* find q */ { + int seed_is_random; + /* step 1 */ if (callback != NULL) callback(0,m++,cb_arg); if (!seed_len) - RAND_bytes(seed,SHA_DIGEST_LENGTH); + { + RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); + seed_is_random = 1; + } else - seed_len=0; - + { + seed_is_random = 0; + seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ + } memcpy(buf,seed,SHA_DIGEST_LENGTH); memcpy(buf2,seed,SHA_DIGEST_LENGTH); + /* precompute "SEED + 1" for step 7: */ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) { buf[i]++; @@ -142,10 +165,15 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, /* step 3 */ md[0]|=0x80; md[SHA_DIGEST_LENGTH-1]|=0x01; - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort(); + if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; /* step 4 */ - if (DSA_is_prime(q,callback,cb_arg) > 0) break; + r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); + if (r > 0) + break; + if (r != 0) + goto err; + /* do a callback call */ /* step 5 */ } @@ -155,16 +183,22 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, /* step 6 */ counter=0; + /* "offset = 2" */ n=(bits-1)/160; b=(bits-1)-n*160; for (;;) { + if (callback != NULL && counter != 0) + callback(0,counter,cb_arg); + /* step 7 */ BN_zero(W); + /* now 'buf' contains "SEED + offset - 1" */ for (k=0; k<=n; k++) { + /* obtain "SEED + offset + k" by incrementing: */ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) { buf[i]++; @@ -174,7 +208,8 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, HASH(buf,SHA_DIGEST_LENGTH,md); /* step 8 */ - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort(); + if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) + goto err; BN_lshift(r0,r0,160*k); BN_add(W,W,r0); } @@ -194,23 +229,25 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, if (BN_cmp(p,test) >= 0) { /* step 11 */ - if (DSA_is_prime(p,callback,cb_arg) > 0) - goto end; + r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); + if (r > 0) + goto end; /* found it */ + if (r != 0) + goto err; } /* step 13 */ counter++; + /* "offset = offset + n + 1" */ /* step 14 */ if (counter >= 4096) break; - - if (callback != NULL) callback(0,counter,cb_arg); } } end: if (callback != NULL) callback(2,1,cb_arg); - /* We now need to gernerate g */ + /* We now need to generate g */ /* Set r0=(p-1)/q */ BN_sub(test,p,BN_value_one()); BN_div(r0,NULL,test,q,ctx); @@ -245,89 +282,13 @@ err: if (h_ret != NULL) *h_ret=h; } if (ctx != NULL) BN_CTX_free(ctx); - if (ctx != NULL) BN_CTX_free(ctx2); - if (mont != NULL) BN_MONT_CTX_free(mont); - return(ok?ret:NULL); - } - -int DSA_is_prime(BIGNUM *w, void (*callback)(), char *cb_arg) - { - int ok= -1,j,i,n; - BN_CTX *ctx=NULL,*ctx2=NULL; - BIGNUM *w_1,*b,*m,*z,*tmp,*mont_1; - int a; - BN_MONT_CTX *mont=NULL; - - if (!BN_is_bit_set(w,0)) return(0); - - if ((ctx=BN_CTX_new()) == NULL) goto err; - if ((ctx2=BN_CTX_new()) == NULL) goto err; - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - - m= &(ctx2->bn[2]); - b= &(ctx2->bn[3]); - z= &(ctx2->bn[4]); - w_1= &(ctx2->bn[5]); - tmp= &(ctx2->bn[6]); - mont_1= &(ctx2->bn[7]); - - /* step 1 */ - n=50; - - /* step 2 */ - if (!BN_sub(w_1,w,BN_value_one())) goto err; - for (a=1; !BN_is_bit_set(w_1,a); a++) - ; - if (!BN_rshift(m,w_1,a)) goto err; - - BN_MONT_CTX_set(mont,w,ctx); - BN_to_montgomery(mont_1,BN_value_one(),mont,ctx); - BN_to_montgomery(w_1,w_1,mont,ctx); - for (i=1; i < n; i++) + if (ctx2 != NULL) { - /* step 3 */ - BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0); - /* BN_set_word(b,0x10001L); */ - - /* step 4 */ - j=0; - if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err; - - if (!BN_to_montgomery(z,z,mont,ctx)) goto err; - - /* step 5 */ - for (;;) - { - if (((j == 0) && (BN_cmp(z,mont_1) == 0)) || - (BN_cmp(z,w_1) == 0)) - break; - - /* step 6 */ - if ((j > 0) && (BN_cmp(z,mont_1) == 0)) - { - ok=0; - goto err; - } - - j++; - if (j >= a) - { - ok=0; - goto err; - } - - if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err; - if (callback != NULL) callback(1,j,cb_arg); - } + BN_CTX_end(ctx2); + BN_CTX_free(ctx2); } - - ok=1; -err: - if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB); - BN_CTX_free(ctx); - BN_CTX_free(ctx2); - BN_MONT_CTX_free(mont); - - return(ok); + if (ctx3 != NULL) BN_CTX_free(ctx3); + if (mont != NULL) BN_MONT_CTX_free(mont); + return(ok?ret:NULL); } #endif diff --git a/crypto/openssl/crypto/dsa/dsa_key.c b/crypto/openssl/crypto/dsa/dsa_key.c index ab7f38f..5aef2d5 100644 --- a/crypto/openssl/crypto/dsa/dsa_key.c +++ b/crypto/openssl/crypto/dsa/dsa_key.c @@ -84,7 +84,8 @@ int DSA_generate_key(DSA *dsa) i=BN_num_bits(dsa->q); for (;;) { - BN_rand(priv_key,i,1,0); + if (!BN_rand(priv_key,i,1,0)) + goto err; if (BN_cmp(priv_key,dsa->q) >= 0) BN_sub(priv_key,priv_key,dsa->q); if (!BN_is_zero(priv_key)) break; diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c index ce8e204..224e412 100644 --- a/crypto/openssl/crypto/dsa/dsa_lib.c +++ b/crypto/openssl/crypto/dsa/dsa_lib.c @@ -66,7 +66,38 @@ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; +static DSA_METHOD *default_DSA_method; +static int dsa_meth_num = 0; +static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL; + +void DSA_set_default_method(DSA_METHOD *meth) +{ + default_DSA_method = meth; +} + +DSA_METHOD *DSA_get_default_method(void) +{ + if(!default_DSA_method) default_DSA_method = DSA_OpenSSL(); + return default_DSA_method; +} + DSA *DSA_new(void) +{ + return DSA_new_method(NULL); +} + +DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth) +{ + DSA_METHOD *mtmp; + mtmp = dsa->meth; + if (mtmp->finish) mtmp->finish(dsa); + dsa->meth = meth; + if (meth->init) meth->init(dsa); + return mtmp; +} + + +DSA *DSA_new_method(DSA_METHOD *meth) { DSA *ret; @@ -76,13 +107,15 @@ DSA *DSA_new(void) DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } + if(!default_DSA_method) default_DSA_method = DSA_OpenSSL(); + if(meth) ret->meth = meth; + else ret->meth = default_DSA_method; ret->pad=0; ret->version=0; ret->write_params=1; ret->p=NULL; ret->q=NULL; ret->g=NULL; - ret->flags=DSA_FLAG_CACHE_MONT_P; ret->pub_key=NULL; ret->priv_key=NULL; @@ -92,6 +125,15 @@ DSA *DSA_new(void) ret->method_mont_p=NULL; ret->references=1; + ret->flags=ret->meth->flags; + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + Free(ret); + ret=NULL; + } + else + CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data); + return(ret); } @@ -114,6 +156,10 @@ void DSA_free(DSA *r) } #endif + CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); + + if(r->meth->finish) r->meth->finish(r); + if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->g != NULL) BN_clear_free(r->g); @@ -121,8 +167,6 @@ void DSA_free(DSA *r) if (r->priv_key != NULL) BN_clear_free(r->priv_key); if (r->kinv != NULL) BN_clear_free(r->kinv); if (r->r != NULL) BN_clear_free(r->r); - if (r->method_mont_p != NULL) - BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p); Free(r); } @@ -145,6 +189,24 @@ int DSA_size(DSA *r) return(ret); } +int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + dsa_meth_num++; + return(CRYPTO_get_ex_new_index(dsa_meth_num-1, + &dsa_meth,argl,argp,new_func,dup_func,free_func)); + } + +int DSA_set_ex_data(DSA *d, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); + } + +void *DSA_get_ex_data(DSA *d, int idx) + { + return(CRYPTO_get_ex_data(&d->ex_data,idx)); + } + #ifndef NO_DH DH *DSA_dup_DH(DSA *r) { diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c new file mode 100644 index 0000000..b51cf6a --- /dev/null +++ b/crypto/openssl/crypto/dsa/dsa_ossl.c @@ -0,0 +1,321 @@ +/* crypto/dsa/dsa_ossl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rand.h> +#include <openssl/asn1.h> + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa); +static int dsa_init(DSA *dsa); +static int dsa_finish(DSA *dsa); +static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + +static DSA_METHOD openssl_dsa_meth = { +"OpenSSL DSA method", +dsa_do_sign, +dsa_sign_setup, +dsa_do_verify, +dsa_mod_exp, +dsa_bn_mod_exp, +dsa_init, +dsa_finish, +0, +NULL +}; + +DSA_METHOD *DSA_OpenSSL(void) +{ + return &openssl_dsa_meth; +} + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + { + BIGNUM *kinv=NULL,*r=NULL,*s=NULL; + BIGNUM m; + BIGNUM xr; + BN_CTX *ctx=NULL; + int i,reason=ERR_R_BN_LIB; + DSA_SIG *ret=NULL; + + BN_init(&m); + BN_init(&xr); + s=BN_new(); + if (s == NULL) goto err; + + i=BN_num_bytes(dsa->q); /* should be 20 */ + if ((dlen > i) || (dlen > 50)) + { + reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + if ((dsa->kinv == NULL) || (dsa->r == NULL)) + { + if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; + } + else + { + kinv=dsa->kinv; + dsa->kinv=NULL; + r=dsa->r; + dsa->r=NULL; + } + + if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; + + /* Compute s = inv(k) (m + xr) mod q */ + if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ + if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ + if (BN_cmp(s,dsa->q) > 0) + BN_sub(s,s,dsa->q); + if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; + + ret=DSA_SIG_new(); + if (ret == NULL) goto err; + ret->r = r; + ret->s = s; + +err: + if (!ret) + { + DSAerr(DSA_F_DSA_DO_SIGN,reason); + BN_free(r); + BN_free(s); + } + if (ctx != NULL) BN_CTX_free(ctx); + BN_clear_free(&m); + BN_clear_free(&xr); + if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ + BN_clear_free(kinv); + return(ret); + } + +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) + { + BN_CTX *ctx; + BIGNUM k,*kinv=NULL,*r=NULL; + int ret=0; + + if (ctx_in == NULL) + { + if ((ctx=BN_CTX_new()) == NULL) goto err; + } + else + ctx=ctx_in; + + BN_init(&k); + if ((r=BN_new()) == NULL) goto err; + kinv=NULL; + + /* Get random k */ + for (;;) + { + if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; + if (BN_cmp(&k,dsa->q) >= 0) + BN_sub(&k,&k,dsa->q); + if (!BN_is_zero(&k)) break; + } + + if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + { + if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, + dsa->p,ctx)) goto err; + } + + /* Compute r = (g^k mod p) mod q */ + if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + (BN_MONT_CTX *)dsa->method_mont_p)) goto err; + if (!BN_mod(r,r,dsa->q,ctx)) goto err; + + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; + + if (*kinvp != NULL) BN_clear_free(*kinvp); + *kinvp=kinv; + kinv=NULL; + if (*rp != NULL) BN_clear_free(*rp); + *rp=r; + ret=1; +err: + if (!ret) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); + if (kinv != NULL) BN_clear_free(kinv); + if (r != NULL) BN_clear_free(r); + } + if (ctx_in == NULL) BN_CTX_free(ctx); + if (kinv != NULL) BN_clear_free(kinv); + BN_clear_free(&k); + return(ret); + } + +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa) + { + BN_CTX *ctx; + BIGNUM u1,u2,t1; + BN_MONT_CTX *mont=NULL; + int ret = -1; + + if ((ctx=BN_CTX_new()) == NULL) goto err; + BN_init(&u1); + BN_init(&u2); + BN_init(&t1); + + /* Calculate W = inv(S) mod Q + * save W in u2 */ + if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; + + /* save M in u1 */ + if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; + + /* u1 = M * w mod q */ + if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; + + /* u2 = r * w mod q */ + if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; + + if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + { + if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, + dsa->p,ctx)) goto err; + } + mont=(BN_MONT_CTX *)dsa->method_mont_p; + +#if 0 + { + BIGNUM t2; + + BN_init(&t2); + /* v = ( g^u1 * y^u2 mod p ) mod q */ + /* let t1 = g ^ u1 mod p */ + if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; + /* let t2 = y ^ u2 mod p */ + if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; + /* let u1 = t1 * t2 mod p */ + if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; + BN_free(&t2); + } + /* let u1 = u1 mod q */ + if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; +#else + { + if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, + dsa->p,ctx,mont)) goto err; + /* BN_copy(&u1,&t1); */ + /* let u1 = u1 mod q */ + if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; + } +#endif + /* V is now in u1. If the signature is correct, it will be + * equal to R. */ + ret=(BN_ucmp(&u1, sig->r) == 0); + + err: + if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); + if (ctx != NULL) BN_CTX_free(ctx); + BN_free(&u1); + BN_free(&u2); + BN_free(&t1); + return(ret); + } + +static int dsa_init(DSA *dsa) +{ + dsa->flags|=DSA_FLAG_CACHE_MONT_P; + return(1); +} + +static int dsa_finish(DSA *dsa) +{ + if(dsa->method_mont_p) + BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); + return(1); +} + +static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) +{ + return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); +} + +static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx) +{ + return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); +} diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c index 774c161..8920502 100644 --- a/crypto/openssl/crypto/dsa/dsa_sign.c +++ b/crypto/openssl/crypto/dsa/dsa_sign.c @@ -67,73 +67,9 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { - BIGNUM *kinv=NULL,*r=NULL,*s=NULL; - BIGNUM m; - BIGNUM xr; - BN_CTX *ctx=NULL; - int i,reason=ERR_R_BN_LIB; - DSA_SIG *ret=NULL; - - BN_init(&m); - BN_init(&xr); - s=BN_new(); - if (s == NULL) goto err; - - i=BN_num_bytes(dsa->q); /* should be 20 */ - if ((dlen > i) || (dlen > 50)) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - - if ((dsa->kinv == NULL) || (dsa->r == NULL)) - { - if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; - } - else - { - kinv=dsa->kinv; - dsa->kinv=NULL; - r=dsa->r; - dsa->r=NULL; - } - - if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; - - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ - if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ - if (BN_cmp(s,dsa->q) > 0) - BN_sub(s,s,dsa->q); - if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; - - ret=DSA_SIG_new(); - if (ret == NULL) goto err; - ret->r = r; - ret->s = s; - -err: - if (!ret) - { - DSAerr(DSA_F_DSA_DO_SIGN,reason); - BN_free(r); - BN_free(s); - } - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&m); - BN_clear_free(&xr); - if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ - BN_clear_free(kinv); - return(ret); + return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -/* data has already been hashed (probably with SHA or SHA-1). */ - -/* unsigned char *sig: out */ -/* unsigned int *siglen: out */ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa) { @@ -151,61 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { - BN_CTX *ctx; - BIGNUM k,*kinv=NULL,*r=NULL; - int ret=0; - - if (ctx_in == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=ctx_in; - - BN_init(&k); - if ((r=BN_new()) == NULL) goto err; - kinv=NULL; - - /* Get random k */ - for (;;) - { - if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; - if (BN_cmp(&k,dsa->q) >= 0) - BN_sub(&k,&k,dsa->q); - if (!BN_is_zero(&k)) break; - } - - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) - { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; - } - - /* Compute r = (g^k mod p) mod q */ - if (!BN_mod_exp_mont(r,dsa->g,&k,dsa->p,ctx, - (BN_MONT_CTX *)dsa->method_mont_p)) goto err; - if (!BN_mod(r,r,dsa->q,ctx)) goto err; - - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; - - if (*kinvp != NULL) BN_clear_free(*kinvp); - *kinvp=kinv; - kinv=NULL; - if (*rp != NULL) BN_clear_free(*rp); - *rp=r; - ret=1; -err: - if (!ret) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); - if (kinv != NULL) BN_clear_free(kinv); - if (r != NULL) BN_clear_free(r); - } - if (ctx_in == NULL) BN_CTX_free(ctx); - if (kinv != NULL) BN_clear_free(kinv); - BN_clear_free(&k); - return(ret); + return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c index ff55220..03277f8 100644 --- a/crypto/openssl/crypto/dsa/dsa_vrf.c +++ b/crypto/openssl/crypto/dsa/dsa_vrf.c @@ -69,73 +69,7 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { - BN_CTX *ctx; - BIGNUM u1,u2,t1; - BN_MONT_CTX *mont=NULL; - int ret = -1; - - if ((ctx=BN_CTX_new()) == NULL) goto err; - BN_init(&u1); - BN_init(&u2); - BN_init(&t1); - - /* Calculate W = inv(S) mod Q - * save W in u2 */ - if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; - - /* save M in u1 */ - if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; - - /* u1 = M * w mod q */ - if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; - - /* u2 = r * w mod q */ - if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; - - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) - { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; - } - mont=(BN_MONT_CTX *)dsa->method_mont_p; - -#if 0 - { - BIGNUM t2; - - BN_init(&t2); - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; - /* let t2 = y ^ u2 mod p */ - if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; - BN_free(&t2); - } - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; -#else - { - if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont)) - goto err; - /* BN_copy(&u1,&t1); */ - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; - } -#endif - /* V is now in u1. If the signature is correct, it will be - * equal to R. */ - ret=(BN_ucmp(&u1, sig->r) == 0); - - err: - if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); - if (ctx != NULL) BN_CTX_free(ctx); - BN_free(&u1); - BN_free(&u2); - BN_free(&t1); - return(ret); + return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } /* data has already been hashed (probably with SHA or SHA-1). */ diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c index fc25c9a..309a7cd 100644 --- a/crypto/openssl/crypto/dsa/dsatest.c +++ b/crypto/openssl/crypto/dsa/dsatest.c @@ -84,7 +84,10 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK dsa_cb(int p, int n, char *arg); +static void MS_CALLBACK dsa_cb(int p, int n, void *arg); + +/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to + * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ static unsigned char seed[20]={ 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, @@ -120,6 +123,8 @@ static unsigned char out_g[]={ static const unsigned char str1[]="12345678901234567890"; +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + static BIO *bio_err=NULL; int main(int argc, char **argv) @@ -131,15 +136,17 @@ int main(int argc, char **argv) unsigned char sig[256]; unsigned int siglen; + ERR_load_crypto_strings(); + RAND_seed(rnd_seed, sizeof rnd_seed); + if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); BIO_printf(bio_err,"test generation of DSA parameters\n"); - BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n"); - dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb, - (char *)bio_err); + + dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); BIO_printf(bio_err,"seed\n"); for (i=0; i<20; i+=4) @@ -193,13 +200,18 @@ end: if (!ret) ERR_print_errors(bio_err); if (dsa != NULL) DSA_free(dsa); + ERR_remove_state(0); CRYPTO_mem_leaks(bio_err); - if (bio_err != NULL) BIO_free(bio_err); + if (bio_err != NULL) + { + BIO_free(bio_err); + bio_err = NULL; + } exit(!ret); return(0); } -static void MS_CALLBACK dsa_cb(int p, int n, char *arg) +static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; static int ok=0,num=0; @@ -208,8 +220,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg) if (p == 1) c='+'; if (p == 2) { c='*'; ok++; } if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg,&c,1); + (void)BIO_flush(arg); if (!ok && (p == 0) && (num > 1)) { |