summaryrefslogtreecommitdiff
path: root/drivers/builtin_openssl2/crypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/builtin_openssl2/crypto/dsa')
-rw-r--r--drivers/builtin_openssl2/crypto/dsa/dsa_ameth.c8
-rw-r--r--drivers/builtin_openssl2/crypto/dsa/dsa_err.c5
-rw-r--r--drivers/builtin_openssl2/crypto/dsa/dsa_gen.c369
-rw-r--r--drivers/builtin_openssl2/crypto/dsa/dsa_locl.h8
-rw-r--r--drivers/builtin_openssl2/crypto/dsa/dsa_ossl.c6
-rw-r--r--drivers/builtin_openssl2/crypto/dsa/dsa_pmeth.c4
-rw-r--r--drivers/builtin_openssl2/crypto/dsa/dsatest.c268
7 files changed, 392 insertions, 276 deletions
diff --git a/drivers/builtin_openssl2/crypto/dsa/dsa_ameth.c b/drivers/builtin_openssl2/crypto/dsa/dsa_ameth.c
index f5443e304b..cc83d6e6ad 100644
--- a/drivers/builtin_openssl2/crypto/dsa/dsa_ameth.c
+++ b/drivers/builtin_openssl2/crypto/dsa/dsa_ameth.c
@@ -269,7 +269,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
goto done;
decerr:
- DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
dsaerr:
DSA_free(dsa);
done:
@@ -602,10 +602,14 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
}
return 1;
+
+ case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+ *(int *)arg2 = CMS_RECIPINFO_NONE;
+ return 1;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_sha1;
+ *(int *)arg2 = NID_sha256;
return 2;
default:
diff --git a/drivers/builtin_openssl2/crypto/dsa/dsa_err.c b/drivers/builtin_openssl2/crypto/dsa/dsa_err.c
index 746f5dfe6d..f5ddc66b8a 100644
--- a/drivers/builtin_openssl2/crypto/dsa/dsa_err.c
+++ b/drivers/builtin_openssl2/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
/* crypto/dsa/dsa_err.c */
/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -74,6 +74,7 @@ static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"},
{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
{ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"},
@@ -107,12 +108,14 @@ static ERR_STRING_DATA DSA_str_reasons[] = {
"data too large for key size"},
{ERR_REASON(DSA_R_DECODE_ERROR), "decode error"},
{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+ {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"},
{ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
{ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD), "non fips dsa method"},
{ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
+ {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
{0, NULL}
};
diff --git a/drivers/builtin_openssl2/crypto/dsa/dsa_gen.c b/drivers/builtin_openssl2/crypto/dsa/dsa_gen.c
index 34c6113c45..15f3bb4f3f 100644
--- a/drivers/builtin_openssl2/crypto/dsa/dsa_gen.c
+++ b/drivers/builtin_openssl2/crypto/dsa/dsa_gen.c
@@ -86,6 +86,8 @@
# include "dsa_locl.h"
# ifdef OPENSSL_FIPS
+/* Workaround bug in prototype */
+# define fips_dsa_builtin_paramgen2 fips_dsa_paramgen_bad
# include <openssl/fips.h>
# endif
@@ -376,4 +378,371 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
BN_MONT_CTX_free(mont);
return ok;
}
+
+# ifdef OPENSSL_FIPS
+# undef fips_dsa_builtin_paramgen2
+extern int fips_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+ const EVP_MD *evpmd,
+ const unsigned char *seed_in,
+ size_t seed_len, int idx,
+ unsigned char *seed_out,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+# endif
+
+/*
+ * This is a parameter generation algorithm for the DSA2 algorithm as
+ * described in FIPS 186-3.
+ */
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+ const EVP_MD *evpmd, const unsigned char *seed_in,
+ size_t seed_len, int idx, unsigned char *seed_out,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb)
+{
+ int ok = -1;
+ unsigned char *seed = NULL, *seed_tmp = NULL;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ int mdsize;
+ BIGNUM *r0, *W, *X, *c, *test;
+ BIGNUM *g = NULL, *q = NULL, *p = NULL;
+ BN_MONT_CTX *mont = NULL;
+ int i, k, n = 0, m = 0, qsize = N >> 3;
+ int counter = 0;
+ int r = 0;
+ BN_CTX *ctx = NULL;
+ EVP_MD_CTX mctx;
+ unsigned int h = 2;
+
+# ifdef OPENSSL_FIPS
+
+ if (FIPS_mode())
+ return fips_dsa_builtin_paramgen2(ret, L, N, evpmd,
+ seed_in, seed_len, idx,
+ seed_out, counter_ret, h_ret, cb);
+# endif
+
+ EVP_MD_CTX_init(&mctx);
+
+ if (evpmd == NULL) {
+ if (N == 160)
+ evpmd = EVP_sha1();
+ else if (N == 224)
+ evpmd = EVP_sha224();
+ else
+ evpmd = EVP_sha256();
+ }
+
+ mdsize = EVP_MD_size(evpmd);
+ /* If unverificable g generation only don't need seed */
+ if (!ret->p || !ret->q || idx >= 0) {
+ if (seed_len == 0)
+ seed_len = mdsize;
+
+ seed = OPENSSL_malloc(seed_len);
+
+ if (seed_out)
+ seed_tmp = seed_out;
+ else
+ seed_tmp = OPENSSL_malloc(seed_len);
+
+ if (!seed || !seed_tmp)
+ goto err;
+
+ if (seed_in)
+ memcpy(seed, seed_in, seed_len);
+
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ g = BN_CTX_get(ctx);
+ W = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ c = BN_CTX_get(ctx);
+ test = BN_CTX_get(ctx);
+
+ /* if p, q already supplied generate g only */
+ if (ret->p && ret->q) {
+ p = ret->p;
+ q = ret->q;
+ if (idx >= 0)
+ memcpy(seed_tmp, seed, seed_len);
+ goto g_only;
+ } else {
+ p = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ }
+
+ if (!BN_lshift(test, BN_value_one(), L - 1))
+ goto err;
+ for (;;) {
+ for (;;) { /* find q */
+ unsigned char *pmd;
+ /* step 1 */
+ if (!BN_GENCB_call(cb, 0, m++))
+ goto err;
+
+ if (!seed_in) {
+ if (RAND_pseudo_bytes(seed, seed_len) < 0)
+ goto err;
+ }
+ /* step 2 */
+ if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+ goto err;
+ /* Take least significant bits of md */
+ if (mdsize > qsize)
+ pmd = md + mdsize - qsize;
+ else
+ pmd = md;
+
+ if (mdsize < qsize)
+ memset(md + mdsize, 0, qsize - mdsize);
+
+ /* step 3 */
+ pmd[0] |= 0x80;
+ pmd[qsize - 1] |= 0x01;
+ if (!BN_bin2bn(pmd, qsize, q))
+ goto err;
+
+ /* step 4 */
+ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+ seed_in ? 1 : 0, cb);
+ if (r > 0)
+ break;
+ if (r != 0)
+ goto err;
+ /* Provided seed didn't produce a prime: error */
+ if (seed_in) {
+ ok = 0;
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);
+ goto err;
+ }
+
+ /* do a callback call */
+ /* step 5 */
+ }
+ /* Copy seed to seed_out before we mess with it */
+ if (seed_out)
+ memcpy(seed_out, seed, seed_len);
+
+ if (!BN_GENCB_call(cb, 2, 0))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+
+ /* step 6 */
+ counter = 0;
+ /* "offset = 1" */
+
+ n = (L - 1) / (mdsize << 3);
+
+ for (;;) {
+ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+ goto err;
+
+ /* step 7 */
+ BN_zero(W);
+ /* now 'buf' contains "SEED + offset - 1" */
+ for (k = 0; k <= n; k++) {
+ /*
+ * obtain "SEED + offset + k" by incrementing:
+ */
+ for (i = seed_len - 1; i >= 0; i--) {
+ seed[i]++;
+ if (seed[i] != 0)
+ break;
+ }
+
+ if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+ goto err;
+
+ /* step 8 */
+ if (!BN_bin2bn(md, mdsize, r0))
+ goto err;
+ if (!BN_lshift(r0, r0, (mdsize << 3) * k))
+ goto err;
+ if (!BN_add(W, W, r0))
+ goto err;
+ }
+
+ /* more of step 8 */
+ if (!BN_mask_bits(W, L - 1))
+ goto err;
+ if (!BN_copy(X, W))
+ goto err;
+ if (!BN_add(X, X, test))
+ goto err;
+
+ /* step 9 */
+ if (!BN_lshift1(r0, q))
+ goto err;
+ if (!BN_mod(c, X, r0, ctx))
+ goto err;
+ if (!BN_sub(r0, c, BN_value_one()))
+ goto err;
+ if (!BN_sub(p, X, r0))
+ goto err;
+
+ /* step 10 */
+ if (BN_cmp(p, test) >= 0) {
+ /* step 11 */
+ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+ if (r > 0)
+ goto end; /* found it */
+ if (r != 0)
+ goto err;
+ }
+
+ /* step 13 */
+ counter++;
+ /* "offset = offset + n + 1" */
+
+ /* step 14 */
+ if (counter >= (int)(4 * L))
+ break;
+ }
+ if (seed_in) {
+ ok = 0;
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+ goto err;
+ }
+ }
+ end:
+ if (!BN_GENCB_call(cb, 2, 1))
+ goto err;
+
+ g_only:
+
+ /* We now need to generate g */
+ /* Set r0=(p-1)/q */
+ if (!BN_sub(test, p, BN_value_one()))
+ goto err;
+ if (!BN_div(r0, NULL, test, q, ctx))
+ goto err;
+
+ if (idx < 0) {
+ if (!BN_set_word(test, h))
+ goto err;
+ } else
+ h = 1;
+ if (!BN_MONT_CTX_set(mont, p, ctx))
+ goto err;
+
+ for (;;) {
+ static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e };
+ if (idx >= 0) {
+ md[0] = idx & 0xff;
+ md[1] = (h >> 8) & 0xff;
+ md[2] = h & 0xff;
+ if (!EVP_DigestInit_ex(&mctx, evpmd, NULL))
+ goto err;
+ if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len))
+ goto err;
+ if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen)))
+ goto err;
+ if (!EVP_DigestUpdate(&mctx, md, 3))
+ goto err;
+ if (!EVP_DigestFinal_ex(&mctx, md, NULL))
+ goto err;
+ if (!BN_bin2bn(md, mdsize, test))
+ goto err;
+ }
+ /* g=test^r0%p */
+ if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+ goto err;
+ if (!BN_is_one(g))
+ break;
+ if (idx < 0 && !BN_add(test, test, BN_value_one()))
+ goto err;
+ h++;
+ if (idx >= 0 && h > 0xffff)
+ goto err;
+ }
+
+ if (!BN_GENCB_call(cb, 3, 1))
+ goto err;
+
+ ok = 1;
+ err:
+ if (ok == 1) {
+ if (p != ret->p) {
+ if (ret->p)
+ BN_free(ret->p);
+ ret->p = BN_dup(p);
+ }
+ if (q != ret->q) {
+ if (ret->q)
+ BN_free(ret->q);
+ ret->q = BN_dup(q);
+ }
+ if (ret->g)
+ BN_free(ret->g);
+ ret->g = BN_dup(g);
+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+ ok = -1;
+ goto err;
+ }
+ if (counter_ret != NULL)
+ *counter_ret = counter;
+ if (h_ret != NULL)
+ *h_ret = h;
+ }
+ if (seed)
+ OPENSSL_free(seed);
+ if (seed_out != seed_tmp)
+ OPENSSL_free(seed_tmp);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (mont != NULL)
+ BN_MONT_CTX_free(mont);
+ EVP_MD_CTX_cleanup(&mctx);
+ return ok;
+}
+
+int dsa_paramgen_check_g(DSA *dsa)
+{
+ BN_CTX *ctx;
+ BIGNUM *tmp;
+ BN_MONT_CTX *mont = NULL;
+ int rv = -1;
+ ctx = BN_CTX_new();
+ if (!ctx)
+ return -1;
+ BN_CTX_start(ctx);
+ if (BN_cmp(dsa->g, BN_value_one()) <= 0)
+ return 0;
+ if (BN_cmp(dsa->g, dsa->p) >= 0)
+ return 0;
+ tmp = BN_CTX_get(ctx);
+ if (!tmp)
+ goto err;
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, dsa->p, ctx))
+ goto err;
+ /* Work out g^q mod p */
+ if (!BN_mod_exp_mont(tmp, dsa->g, dsa->q, dsa->p, ctx, mont))
+ goto err;
+ if (!BN_cmp(tmp, BN_value_one()))
+ rv = 1;
+ else
+ rv = 0;
+ err:
+ BN_CTX_end(ctx);
+ if (mont)
+ BN_MONT_CTX_free(mont);
+ BN_CTX_free(ctx);
+ return rv;
+
+}
#endif
diff --git a/drivers/builtin_openssl2/crypto/dsa/dsa_locl.h b/drivers/builtin_openssl2/crypto/dsa/dsa_locl.h
index f32ee964d0..9c23c3ef90 100644
--- a/drivers/builtin_openssl2/crypto/dsa/dsa_locl.h
+++ b/drivers/builtin_openssl2/crypto/dsa/dsa_locl.h
@@ -59,3 +59,11 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
size_t seed_len, unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+ const EVP_MD *evpmd, const unsigned char *seed_in,
+ size_t seed_len, int idx, unsigned char *seed_out,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+
+int dsa_paramgen_check_g(DSA *dsa);
diff --git a/drivers/builtin_openssl2/crypto/dsa/dsa_ossl.c b/drivers/builtin_openssl2/crypto/dsa/dsa_ossl.c
index 9a3772e00d..efc4f1b6ae 100644
--- a/drivers/builtin_openssl2/crypto/dsa/dsa_ossl.c
+++ b/drivers/builtin_openssl2/crypto/dsa/dsa_ossl.c
@@ -398,11 +398,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
ret = (BN_ucmp(&u1, sig->r) == 0);
err:
- /*
- * XXX: surely this is wrong - if ret is 0, it just didn't verify; there
- * is no error in BN. Test should be ret == -1 (Ben)
- */
- if (ret != 1)
+ if (ret < 0)
DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
if (ctx != NULL)
BN_CTX_free(ctx);
diff --git a/drivers/builtin_openssl2/crypto/dsa/dsa_pmeth.c b/drivers/builtin_openssl2/crypto/dsa/dsa_pmeth.c
index 0d480f6a70..42b8bb0862 100644
--- a/drivers/builtin_openssl2/crypto/dsa/dsa_pmeth.c
+++ b/drivers/builtin_openssl2/crypto/dsa/dsa_pmeth.c
@@ -197,6 +197,10 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
dctx->md = p2;
return 1;
+ case EVP_PKEY_CTRL_GET_MD:
+ *(const EVP_MD **)p2 = dctx->md;
+ return 1;
+
case EVP_PKEY_CTRL_DIGESTINIT:
case EVP_PKEY_CTRL_PKCS7_SIGN:
case EVP_PKEY_CTRL_CMS_SIGN:
diff --git a/drivers/builtin_openssl2/crypto/dsa/dsatest.c b/drivers/builtin_openssl2/crypto/dsa/dsatest.c
deleted file mode 100644
index 8a224a8876..0000000000
--- a/drivers/builtin_openssl2/crypto/dsa/dsatest.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
-#ifdef OPENSSL_NO_DEPRECATED
-# undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "../e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_NO_DSA
-int main(int argc, char *argv[])
-{
- printf("No DSA support\n");
- return (0);
-}
-#else
-# include <openssl/dsa.h>
-
-# ifdef OPENSSL_SYS_WIN16
-# define MS_CALLBACK _far _loadds
-# else
-# define MS_CALLBACK
-# endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
-
-/*
- * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
- */
-static unsigned char seed[20] = {
- 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40,
- 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3,
-};
-
-static unsigned char out_p[] = {
- 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
- 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
- 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
- 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
- 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
- 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
- 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
- 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
-};
-
-static unsigned char out_q[] = {
- 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
- 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
- 0xda, 0xce, 0x91, 0x5f,
-};
-
-static unsigned char out_g[] = {
- 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
- 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
- 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
- 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
- 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
- 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
- 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
- 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
-};
-
-static const unsigned char str1[] = "12345678901234567890";
-
-static const char rnd_seed[] =
- "string to make the random number generator think it has entropy";
-
-static BIO *bio_err = NULL;
-
-int main(int argc, char **argv)
-{
- BN_GENCB cb;
- DSA *dsa = NULL;
- int counter, ret = 0, i, j;
- unsigned char buf[256];
- unsigned long h;
- unsigned char sig[256];
- unsigned int siglen;
-
- if (bio_err == NULL)
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- ERR_load_crypto_strings();
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- BIO_printf(bio_err, "test generation of DSA parameters\n");
-
- BN_GENCB_set(&cb, dsa_cb, bio_err);
- if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
- seed, 20,
- &counter,
- &h, &cb))
- goto end;
-
- BIO_printf(bio_err, "seed\n");
- for (i = 0; i < 20; i += 4) {
- BIO_printf(bio_err, "%02X%02X%02X%02X ",
- seed[i], seed[i + 1], seed[i + 2], seed[i + 3]);
- }
- BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
-
- DSA_print(bio_err, dsa, 0);
- if (counter != 105) {
- BIO_printf(bio_err, "counter should be 105\n");
- goto end;
- }
- if (h != 2) {
- BIO_printf(bio_err, "h should be 2\n");
- goto end;
- }
-
- i = BN_bn2bin(dsa->q, buf);
- j = sizeof(out_q);
- if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
- BIO_printf(bio_err, "q value is wrong\n");
- goto end;
- }
-
- i = BN_bn2bin(dsa->p, buf);
- j = sizeof(out_p);
- if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
- BIO_printf(bio_err, "p value is wrong\n");
- goto end;
- }
-
- i = BN_bn2bin(dsa->g, buf);
- j = sizeof(out_g);
- if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
- BIO_printf(bio_err, "g value is wrong\n");
- goto end;
- }
-
- dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
- DSA_generate_key(dsa);
- DSA_sign(0, str1, 20, sig, &siglen, dsa);
- if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
- ret = 1;
-
- dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
- DSA_generate_key(dsa);
- DSA_sign(0, str1, 20, sig, &siglen, dsa);
- if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
- ret = 1;
-
- end:
- if (!ret)
- ERR_print_errors(bio_err);
- if (dsa != NULL)
- DSA_free(dsa);
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_thread_state(NULL);
- ERR_free_strings();
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL) {
- BIO_free(bio_err);
- bio_err = NULL;
- }
-# ifdef OPENSSL_SYS_NETWARE
- if (!ret)
- printf("ERROR\n");
-# endif
- EXIT(!ret);
- return (0);
-}
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
-{
- char c = '*';
- static int ok = 0, num = 0;
-
- if (p == 0) {
- c = '.';
- num++;
- };
- if (p == 1)
- c = '+';
- if (p == 2) {
- c = '*';
- ok++;
- }
- if (p == 3)
- c = '\n';
- BIO_write(arg->arg, &c, 1);
- (void)BIO_flush(arg->arg);
-
- if (!ok && (p == 0) && (num > 1)) {
- BIO_printf((BIO *)arg, "error in dsatest\n");
- return 0;
- }
- return 1;
-}
-#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-25 05:03:14 +0000