diff options
| author | deshevoy <deshevoy@yandex-team.ru> | 2022-02-10 16:46:56 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:46:56 +0300 |
| commit | e988f30484abe5fdeedcc7a5d3c226c01a21800c (patch) | |
| tree | 0a217b173aabb57b7e51f8a169989b1a3e0309fe /contrib/libs/openssl/crypto/dsa | |
| parent | 33ee501c05d3f24036ae89766a858930ae66c548 (diff) | |
| download | ydb-e988f30484abe5fdeedcc7a5d3c226c01a21800c.tar.gz | |
Restoring authorship annotation for <deshevoy@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/openssl/crypto/dsa')
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_ameth.c | 1134 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_asn1.c | 308 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_depr.c | 124 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_err.c | 150 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_gen.c | 1220 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_key.c | 152 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_lib.c | 714 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_meth.c | 446 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_ossl.c | 848 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_pmeth.c | 518 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_prn.c | 128 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_sign.c | 46 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/dsa/dsa_vrf.c | 32 |
13 files changed, 2910 insertions, 2910 deletions
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_ameth.c b/contrib/libs/openssl/crypto/dsa/dsa_ameth.c index 2dcaa0815f..40c88da8b5 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_ameth.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_ameth.c @@ -1,572 +1,572 @@ -/* +/* * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/x509.h> -#include <openssl/asn1.h> + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/x509.h> +#include <openssl/asn1.h> #include "dsa_local.h" -#include <openssl/bn.h> -#include <openssl/cms.h> +#include <openssl/bn.h> +#include <openssl/cms.h> #include "crypto/asn1.h" #include "crypto/evp.h" - -static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - const void *pval; - const ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *public_key = NULL; - - DSA *dsa = NULL; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype == V_ASN1_SEQUENCE) { - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - - if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) { - DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); - goto err; - } - - } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) { - if ((dsa = DSA_new()) == NULL) { - DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); - goto err; - } - } else { - DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); - goto err; - } - - if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { - DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); - goto err; - } - - if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { - DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); - goto err; - } - - ASN1_INTEGER_free(public_key); - EVP_PKEY_assign_DSA(pkey, dsa); - return 1; - - err: - ASN1_INTEGER_free(public_key); - DSA_free(dsa); - return 0; - -} - -static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - DSA *dsa; - int ptype; - unsigned char *penc = NULL; - int penclen; - ASN1_STRING *str = NULL; - ASN1_INTEGER *pubint = NULL; - ASN1_OBJECT *aobj; - - dsa = pkey->pkey.dsa; - if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - str = ASN1_STRING_new(); - if (str == NULL) { - DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - str->length = i2d_DSAparams(dsa, &str->data); - if (str->length <= 0) { - DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - ptype = V_ASN1_SEQUENCE; - } else - ptype = V_ASN1_UNDEF; - - pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL); - - if (pubint == NULL) { - DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - - penclen = i2d_ASN1_INTEGER(pubint, &penc); - ASN1_INTEGER_free(pubint); - - if (penclen <= 0) { - DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - - aobj = OBJ_nid2obj(EVP_PKEY_DSA); - if (aobj == NULL) - goto err; - - if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) + +static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + const void *pval; + const ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DSA *dsa = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype == V_ASN1_SEQUENCE) { + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); + goto err; + } + + } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) { + if ((dsa = DSA_new()) == NULL) { + DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); + goto err; + } + } else { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); + goto err; + } + + if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + + err: + ASN1_INTEGER_free(public_key); + DSA_free(dsa); + return 0; + +} + +static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) +{ + DSA *dsa; + int ptype; + unsigned char *penc = NULL; + int penclen; + ASN1_STRING *str = NULL; + ASN1_INTEGER *pubint = NULL; + ASN1_OBJECT *aobj; + + dsa = pkey->pkey.dsa; + if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { + str = ASN1_STRING_new(); + if (str == NULL) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + str->length = i2d_DSAparams(dsa, &str->data); + if (str->length <= 0) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + ptype = V_ASN1_SEQUENCE; + } else + ptype = V_ASN1_UNDEF; + + pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL); + + if (pubint == NULL) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + penclen = i2d_ASN1_INTEGER(pubint, &penc); + ASN1_INTEGER_free(pubint); + + if (penclen <= 0) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + aobj = OBJ_nid2obj(EVP_PKEY_DSA); + if (aobj == NULL) + goto err; + + if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) + return 1; + + err: + OPENSSL_free(penc); + ASN1_STRING_free(str); + + return 0; +} + +/* + * In PKCS#8 DSA: you just get a private key integer and parameters in the + * AlgorithmIdentifier the pubkey must be recalculated. + */ + +static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + const void *pval; + const ASN1_STRING *pstr; + const X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + BN_CTX *ctx = NULL; + + DSA *dsa = NULL; + + int ret = 0; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) + goto decerr; + if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE) + goto decerr; + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) + goto decerr; + /* We have parameters now set private key */ + if ((dsa->priv_key = BN_secure_new()) == NULL + || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) { + DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); + goto dsaerr; + } + /* Calculate public key */ + if ((dsa->pub_key = BN_new()) == NULL) { + DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + if ((ctx = BN_CTX_new()) == NULL) { + DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); + if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { + DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); + goto dsaerr; + } + + EVP_PKEY_assign_DSA(pkey, dsa); + + ret = 1; + goto done; + + decerr: + DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR); + dsaerr: + DSA_free(dsa); + done: + BN_CTX_free(ctx); + ASN1_STRING_clear_free(privkey); + return ret; +} + +static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS); + goto err; + } + + params = ASN1_STRING_new(); + + if (params == NULL) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); + if (params->length <= 0) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); + + if (!prkey) { + DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_STRING_clear_free(prkey); + prkey = NULL; + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + + err: + OPENSSL_free(dp); + ASN1_STRING_free(params); + ASN1_STRING_clear_free(prkey); + return 0; +} + +static int int_dsa_size(const EVP_PKEY *pkey) +{ + return DSA_size(pkey->pkey.dsa); +} + +static int dsa_bits(const EVP_PKEY *pkey) +{ + return DSA_bits(pkey->pkey.dsa); +} + +static int dsa_security_bits(const EVP_PKEY *pkey) +{ + return DSA_security_bits(pkey->pkey.dsa); +} + +static int dsa_missing_parameters(const EVP_PKEY *pkey) +{ + DSA *dsa; + dsa = pkey->pkey.dsa; + if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) + return 1; + return 0; +} + +static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) +{ + BIGNUM *a; + + if (to->pkey.dsa == NULL) { + to->pkey.dsa = DSA_new(); + if (to->pkey.dsa == NULL) + return 0; + } + + if ((a = BN_dup(from->pkey.dsa->p)) == NULL) + return 0; + BN_free(to->pkey.dsa->p); + to->pkey.dsa->p = a; + + if ((a = BN_dup(from->pkey.dsa->q)) == NULL) + return 0; + BN_free(to->pkey.dsa->q); + to->pkey.dsa->q = a; + + if ((a = BN_dup(from->pkey.dsa->g)) == NULL) + return 0; + BN_free(to->pkey.dsa->g); + to->pkey.dsa->g = a; + return 1; +} + +static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || + BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || + BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) + return 0; + else + return 1; +} + +static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) + return 0; + else + return 1; +} + +static void int_dsa_free(EVP_PKEY *pkey) +{ + DSA_free(pkey->pkey.dsa); +} + +static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) +{ + int ret = 0; + const char *ktype = NULL; + const BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + if (ptype == 2) + ktype = "Private-Key"; + else if (ptype == 1) + ktype = "Public-Key"; + else + ktype = "DSA-Parameters"; + + if (priv_key) { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) + <= 0) + goto err; + } + + if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off)) + goto err; + ret = 1; + err: + return ret; +} + +static int dsa_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) +{ + DSA *dsa; + + if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) { + DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; +} + +static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + return i2d_DSAparams(pkey->pkey.dsa, pder); +} + +static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) +{ + return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); +} + +static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) +{ + return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); +} + +static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) +{ + return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); +} + +static int old_dsa_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) +{ + DSA *dsa; + + if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) { + DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; +} + +static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); +} + +static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, + const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) +{ + DSA_SIG *dsa_sig; + const unsigned char *p; + + if (!sig) { + if (BIO_puts(bp, "\n") <= 0) + return 0; + else + return 1; + } + p = sig->data; + dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); + if (dsa_sig) { + int rv = 0; + const BIGNUM *r, *s; + + DSA_SIG_get0(dsa_sig, &r, &s); + + if (BIO_write(bp, "\n", 1) != 1) + goto err; + + if (!ASN1_bn_print(bp, "r: ", r, NULL, indent)) + goto err; + if (!ASN1_bn_print(bp, "s: ", s, NULL, indent)) + goto err; + rv = 1; + err: + DSA_SIG_free(dsa_sig); + return rv; + } + return X509_signature_dump(bp, sig, indent); +} + +static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; + + case ASN1_PKEY_CTRL_CMS_RI_TYPE: + *(int *)arg2 = CMS_RECIPINFO_NONE; + return 1; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha256; return 1; - - err: - OPENSSL_free(penc); - ASN1_STRING_free(str); - - return 0; -} - -/* - * In PKCS#8 DSA: you just get a private key integer and parameters in the - * AlgorithmIdentifier the pubkey must be recalculated. - */ - -static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - const void *pval; - const ASN1_STRING *pstr; - const X509_ALGOR *palg; - ASN1_INTEGER *privkey = NULL; - BN_CTX *ctx = NULL; - - DSA *dsa = NULL; - - int ret = 0; - - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) - goto decerr; - if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE) - goto decerr; - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) - goto decerr; - /* We have parameters now set private key */ - if ((dsa->priv_key = BN_secure_new()) == NULL - || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) { - DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); - goto dsaerr; - } - /* Calculate public key */ - if ((dsa->pub_key = BN_new()) == NULL) { - DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - if ((ctx = BN_CTX_new()) == NULL) { - DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - - BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); - if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { - DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); - goto dsaerr; - } - - EVP_PKEY_assign_DSA(pkey, dsa); - - ret = 1; - goto done; - - decerr: - DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR); - dsaerr: - DSA_free(dsa); - done: - BN_CTX_free(ctx); - ASN1_STRING_clear_free(privkey); - return ret; -} - -static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - ASN1_STRING *params = NULL; - ASN1_INTEGER *prkey = NULL; - unsigned char *dp = NULL; - int dplen; - - if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) { - DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS); - goto err; - } - - params = ASN1_STRING_new(); - - if (params == NULL) { - DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - - params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); - if (params->length <= 0) { - DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - params->type = V_ASN1_SEQUENCE; - - /* Get private key into integer */ - prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); - - if (!prkey) { - DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR); - goto err; - } - - dplen = i2d_ASN1_INTEGER(prkey, &dp); - - ASN1_STRING_clear_free(prkey); - prkey = NULL; - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) - goto err; - - return 1; - - err: - OPENSSL_free(dp); - ASN1_STRING_free(params); - ASN1_STRING_clear_free(prkey); - return 0; -} - -static int int_dsa_size(const EVP_PKEY *pkey) -{ - return DSA_size(pkey->pkey.dsa); -} - -static int dsa_bits(const EVP_PKEY *pkey) -{ - return DSA_bits(pkey->pkey.dsa); -} - -static int dsa_security_bits(const EVP_PKEY *pkey) -{ - return DSA_security_bits(pkey->pkey.dsa); -} - -static int dsa_missing_parameters(const EVP_PKEY *pkey) -{ - DSA *dsa; - dsa = pkey->pkey.dsa; - if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) - return 1; - return 0; -} - -static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -{ - BIGNUM *a; - - if (to->pkey.dsa == NULL) { - to->pkey.dsa = DSA_new(); - if (to->pkey.dsa == NULL) - return 0; - } - - if ((a = BN_dup(from->pkey.dsa->p)) == NULL) - return 0; - BN_free(to->pkey.dsa->p); - to->pkey.dsa->p = a; - - if ((a = BN_dup(from->pkey.dsa->q)) == NULL) - return 0; - BN_free(to->pkey.dsa->q); - to->pkey.dsa->q = a; - - if ((a = BN_dup(from->pkey.dsa->g)) == NULL) - return 0; - BN_free(to->pkey.dsa->g); - to->pkey.dsa->g = a; - return 1; -} - -static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || - BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || - BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) - return 0; - else - return 1; -} - -static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) - return 0; - else - return 1; -} - -static void int_dsa_free(EVP_PKEY *pkey) -{ - DSA_free(pkey->pkey.dsa); -} - -static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) -{ - int ret = 0; - const char *ktype = NULL; - const BIGNUM *priv_key, *pub_key; - - if (ptype == 2) - priv_key = x->priv_key; - else - priv_key = NULL; - - if (ptype > 0) - pub_key = x->pub_key; - else - pub_key = NULL; - - if (ptype == 2) - ktype = "Private-Key"; - else if (ptype == 1) - ktype = "Public-Key"; - else - ktype = "DSA-Parameters"; - - if (priv_key) { - if (!BIO_indent(bp, off, 128)) - goto err; - if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) - <= 0) - goto err; - } - - if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off)) - goto err; - ret = 1; - err: - return ret; -} - -static int dsa_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - DSA *dsa; - - if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) { - DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); - return 0; - } - EVP_PKEY_assign_DSA(pkey, dsa); - return 1; -} - -static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_DSAparams(pkey->pkey.dsa, pder); -} - -static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); -} - -static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); -} - -static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); -} - -static int old_dsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - DSA *dsa; - - if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) { - DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); - return 0; - } - EVP_PKEY_assign_DSA(pkey, dsa); - return 1; -} - -static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); -} - -static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) -{ - DSA_SIG *dsa_sig; - const unsigned char *p; - - if (!sig) { - if (BIO_puts(bp, "\n") <= 0) - return 0; - else - return 1; - } - p = sig->data; - dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); - if (dsa_sig) { - int rv = 0; - const BIGNUM *r, *s; - - DSA_SIG_get0(dsa_sig, &r, &s); - - if (BIO_write(bp, "\n", 1) != 1) - goto err; - - if (!ASN1_bn_print(bp, "r: ", r, NULL, indent)) - goto err; - if (!ASN1_bn_print(bp, "s: ", s, NULL, indent)) - goto err; - rv = 1; - err: - DSA_SIG_free(dsa_sig); - return rv; - } - return X509_signature_dump(bp, sig, indent); -} - -static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - case ASN1_PKEY_CTRL_PKCS7_SIGN: - if (arg1 == 0) { - int snid, hnid; - X509_ALGOR *alg1, *alg2; - PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); - if (alg1 == NULL || alg1->algorithm == NULL) - return -1; - hnid = OBJ_obj2nid(alg1->algorithm); - if (hnid == NID_undef) - return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) - return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } - return 1; -#ifndef OPENSSL_NO_CMS - case ASN1_PKEY_CTRL_CMS_SIGN: - if (arg1 == 0) { - int snid, hnid; - X509_ALGOR *alg1, *alg2; - CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); - if (alg1 == NULL || alg1->algorithm == NULL) - return -1; - hnid = OBJ_obj2nid(alg1->algorithm); - if (hnid == NID_undef) - return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) - return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } - return 1; - - case ASN1_PKEY_CTRL_CMS_RI_TYPE: - *(int *)arg2 = CMS_RECIPINFO_NONE; - return 1; -#endif - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha256; - return 1; - - default: - return -2; - - } - -} - -/* NB these are sorted in pkey_id order, lowest first */ - -const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { - - { - EVP_PKEY_DSA2, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA1, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA4, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA3, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA, - EVP_PKEY_DSA, - 0, - - "DSA", - "OpenSSL DSA method", - - dsa_pub_decode, - dsa_pub_encode, - dsa_pub_cmp, - dsa_pub_print, - - dsa_priv_decode, - dsa_priv_encode, - dsa_priv_print, - - int_dsa_size, - dsa_bits, - dsa_security_bits, - - dsa_param_decode, - dsa_param_encode, - dsa_missing_parameters, - dsa_copy_parameters, - dsa_cmp_parameters, - dsa_param_print, - dsa_sig_print, - - int_dsa_free, - dsa_pkey_ctrl, - old_dsa_priv_decode, - old_dsa_priv_encode} -}; + + default: + return -2; + + } + +} + +/* NB these are sorted in pkey_id order, lowest first */ + +const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { + + { + EVP_PKEY_DSA2, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS}, + + { + EVP_PKEY_DSA1, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS}, + + { + EVP_PKEY_DSA4, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS}, + + { + EVP_PKEY_DSA3, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS}, + + { + EVP_PKEY_DSA, + EVP_PKEY_DSA, + 0, + + "DSA", + "OpenSSL DSA method", + + dsa_pub_decode, + dsa_pub_encode, + dsa_pub_cmp, + dsa_pub_print, + + dsa_priv_decode, + dsa_priv_encode, + dsa_priv_print, + + int_dsa_size, + dsa_bits, + dsa_security_bits, + + dsa_param_decode, + dsa_param_encode, + dsa_missing_parameters, + dsa_copy_parameters, + dsa_cmp_parameters, + dsa_param_print, + dsa_sig_print, + + int_dsa_free, + dsa_pkey_ctrl, + old_dsa_priv_decode, + old_dsa_priv_encode} +}; diff --git a/contrib/libs/openssl/crypto/dsa/dsa_asn1.c b/contrib/libs/openssl/crypto/dsa/dsa_asn1.c index 9cafd5ca8a..d90dbdc295 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_asn1.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_asn1.c @@ -1,155 +1,155 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" #include "dsa_local.h" -#include <openssl/asn1.h> -#include <openssl/asn1t.h> -#include <openssl/rand.h> - -ASN1_SEQUENCE(DSA_SIG) = { - ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), - ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) -} static_ASN1_SEQUENCE_END(DSA_SIG) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) - -DSA_SIG *DSA_SIG_new(void) -{ - DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); - if (sig == NULL) - DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE); - return sig; -} - -void DSA_SIG_free(DSA_SIG *sig) -{ - if (sig == NULL) - return; - BN_clear_free(sig->r); - BN_clear_free(sig->s); - OPENSSL_free(sig); -} - -void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -{ - if (pr != NULL) - *pr = sig->r; - if (ps != NULL) - *ps = sig->s; -} - -int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) -{ - if (r == NULL || s == NULL) - return 0; - BN_clear_free(sig->r); - BN_clear_free(sig->s); - sig->r = r; - sig->s = s; - return 1; -} - -/* Override the default free and new methods */ -static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)DSA_new(); - if (*pval != NULL) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { - DSA_free((DSA *)*pval); - *pval = NULL; - return 2; - } - return 1; -} - -ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { - ASN1_EMBED(DSA, version, INT32), - ASN1_SIMPLE(DSA, p, BIGNUM), - ASN1_SIMPLE(DSA, q, BIGNUM), - ASN1_SIMPLE(DSA, g, BIGNUM), - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, priv_key, CBIGNUM) -} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) - -ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { - ASN1_SIMPLE(DSA, p, BIGNUM), - ASN1_SIMPLE(DSA, q, BIGNUM), - ASN1_SIMPLE(DSA, g, BIGNUM), -} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) - -ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = { - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, p, BIGNUM), - ASN1_SIMPLE(DSA, q, BIGNUM), - ASN1_SIMPLE(DSA, g, BIGNUM) -} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) - -DSA *DSAparams_dup(DSA *dsa) -{ - return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); -} - -int DSA_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa) -{ - DSA_SIG *s; - - s = DSA_do_sign(dgst, dlen, dsa); - if (s == NULL) { - *siglen = 0; - return 0; - } - *siglen = i2d_DSA_SIG(s, &sig); - DSA_SIG_free(s); - return 1; -} - -/* data has already been hashed (probably with SHA or SHA-1). */ -/*- - * returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) -{ - DSA_SIG *s; - const unsigned char *p = sigbuf; - unsigned char *der = NULL; - int derlen = -1; - int ret = -1; - - s = DSA_SIG_new(); - if (s == NULL) - return ret; - if (d2i_DSA_SIG(&s, &p, siglen) == NULL) - goto err; - /* Ensure signature uses DER and doesn't have trailing garbage */ - derlen = i2d_DSA_SIG(s, &der); - if (derlen != siglen || memcmp(sigbuf, der, derlen)) - goto err; - ret = DSA_do_verify(dgst, dgst_len, s, dsa); - err: - OPENSSL_clear_free(der, derlen); - DSA_SIG_free(s); - return ret; -} +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/rand.h> + +ASN1_SEQUENCE(DSA_SIG) = { + ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), + ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) +} static_ASN1_SEQUENCE_END(DSA_SIG) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) + +DSA_SIG *DSA_SIG_new(void) +{ + DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); + if (sig == NULL) + DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE); + return sig; +} + +void DSA_SIG_free(DSA_SIG *sig) +{ + if (sig == NULL) + return; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + OPENSSL_free(sig); +} + +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} + +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + +/* Override the default free and new methods */ +static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DSA_new(); + if (*pval != NULL) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { + DSA_free((DSA *)*pval); + *pval = NULL; + return 2; + } + return 1; +} + +ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { + ASN1_EMBED(DSA, version, INT32), + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM), + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, priv_key, CBIGNUM) +} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) + +ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM), +} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) + +ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = { + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, p, BIGNUM), + ASN1_SIMPLE(DSA, q, BIGNUM), + ASN1_SIMPLE(DSA, g, BIGNUM) +} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) + +DSA *DSAparams_dup(DSA *dsa) +{ + return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); +} + +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa) +{ + DSA_SIG *s; + + s = DSA_do_sign(dgst, dlen, dsa); + if (s == NULL) { + *siglen = 0; + return 0; + } + *siglen = i2d_DSA_SIG(s, &sig); + DSA_SIG_free(s); + return 1; +} + +/* data has already been hashed (probably with SHA or SHA-1). */ +/*- + * returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) +{ + DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; + int ret = -1; + + s = DSA_SIG_new(); + if (s == NULL) + return ret; + if (d2i_DSA_SIG(&s, &p, siglen) == NULL) + goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; + ret = DSA_do_verify(dgst, dgst_len, s, dsa); + err: + OPENSSL_clear_free(der, derlen); + DSA_SIG_free(s); + return ret; +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_depr.c b/contrib/libs/openssl/crypto/dsa/dsa_depr.c index f51aea7497..f665f2e4f5 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_depr.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_depr.c @@ -1,62 +1,62 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file contains deprecated function(s) that are now wrappers to the new - * version(s). - */ - -/* - * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB - * 180-1) - */ -#define xxxHASH EVP_sha1() - -#include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L -NON_EMPTY_TRANSLATION_UNIT -#else - -# include <stdio.h> -# include <time.h> -# include "internal/cryptlib.h" -# include <openssl/evp.h> -# include <openssl/bn.h> -# include <openssl/dsa.h> -# include <openssl/sha.h> - -DSA *DSA_generate_parameters(int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback) (int, int, void *), - void *cb_arg) -{ - BN_GENCB *cb; - DSA *ret; - - if ((ret = DSA_new()) == NULL) - return NULL; - cb = BN_GENCB_new(); - if (cb == NULL) - goto err; - - BN_GENCB_set_old(cb, callback, cb_arg); - - if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb)) { - BN_GENCB_free(cb); - return ret; - } - BN_GENCB_free(cb); -err: - DSA_free(ret); - return NULL; -} -#endif +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file contains deprecated function(s) that are now wrappers to the new + * version(s). + */ + +/* + * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, + * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB + * 180-1) + */ +#define xxxHASH EVP_sha1() + +#include <openssl/opensslconf.h> +#if OPENSSL_API_COMPAT >= 0x00908000L +NON_EMPTY_TRANSLATION_UNIT +#else + +# include <stdio.h> +# include <time.h> +# include "internal/cryptlib.h" +# include <openssl/evp.h> +# include <openssl/bn.h> +# include <openssl/dsa.h> +# include <openssl/sha.h> + +DSA *DSA_generate_parameters(int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback) (int, int, void *), + void *cb_arg) +{ + BN_GENCB *cb; + DSA *ret; + + if ((ret = DSA_new()) == NULL) + return NULL; + cb = BN_GENCB_new(); + if (cb == NULL) + goto err; + + BN_GENCB_set_old(cb, callback, cb_arg); + + if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb)) { + BN_GENCB_free(cb); + return ret; + } + BN_GENCB_free(cb); +err: + DSA_free(ret); + return NULL; +} +#endif diff --git a/contrib/libs/openssl/crypto/dsa/dsa_err.c b/contrib/libs/openssl/crypto/dsa/dsa_err.c index 8dcf0548ac..345c202d34 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_err.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_err.c @@ -1,78 +1,78 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT +/* + * Generated by util/mkerr.pl DO NOT EDIT * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <openssl/err.h> -#include <openssl/dsaerr.h> - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA DSA_str_functs[] = { - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0), - "dsa_builtin_paramgen"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0), - "dsa_builtin_paramgen2"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0), - "old_dsa_priv_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"}, - {0, NULL} -}; - -static const ERR_STRING_DATA DSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), - "invalid digest type"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/err.h> +#include <openssl/dsaerr.h> + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA DSA_str_functs[] = { + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0), + "dsa_builtin_paramgen"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0), + "dsa_builtin_paramgen2"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0), + "old_dsa_priv_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"}, + {0, NULL} +}; + +static const ERR_STRING_DATA DSA_str_reasons[] = { + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), + "invalid digest type"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), "missing private key"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL), - "seed_len is less than the length of q"}, - {0, NULL} -}; - -#endif - -int ERR_load_DSA_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) { - ERR_load_strings_const(DSA_str_functs); - ERR_load_strings_const(DSA_str_reasons); - } -#endif - return 1; -} + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL), + "seed_len is less than the length of q"}, + {0, NULL} +}; + +#endif + +int ERR_load_DSA_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) { + ERR_load_strings_const(DSA_str_functs); + ERR_load_strings_const(DSA_str_reasons); + } +#endif + return 1; +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_gen.c b/contrib/libs/openssl/crypto/dsa/dsa_gen.c index 5d066a06c5..47f7b041ef 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_gen.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_gen.c @@ -1,614 +1,614 @@ -/* +/* * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB - * 180-1) - */ -#define xxxHASH EVP_sha1() - -#include <openssl/opensslconf.h> -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/evp.h> -#include <openssl/bn.h> -#include <openssl/rand.h> -#include <openssl/sha.h> + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, + * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB + * 180-1) + */ +#define xxxHASH EVP_sha1() + +#include <openssl/opensslconf.h> +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/evp.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/sha.h> #include "dsa_local.h" - -int DSA_generate_parameters_ex(DSA *ret, int bits, - const unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb) -{ - if (ret->meth->dsa_paramgen) - return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb); - else { - const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); - size_t qbits = EVP_MD_size(evpmd) * 8; - - return dsa_builtin_paramgen(ret, bits, qbits, evpmd, - seed_in, seed_len, NULL, counter_ret, - h_ret, cb); - } -} - -int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, - size_t seed_len, unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) -{ - int ok = 0; - unsigned char seed[SHA256_DIGEST_LENGTH]; - unsigned char md[SHA256_DIGEST_LENGTH]; - unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH]; - BIGNUM *r0, *W, *X, *c, *test; - BIGNUM *g = NULL, *q = NULL, *p = NULL; - BN_MONT_CTX *mont = NULL; - int i, k, n = 0, m = 0, qsize = qbits >> 3; - int counter = 0; - int r = 0; - BN_CTX *ctx = NULL; - unsigned int h = 2; - - if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && - qsize != SHA256_DIGEST_LENGTH) - /* invalid q size */ - return 0; - - if (evpmd == NULL) { - if (qsize == SHA_DIGEST_LENGTH) - evpmd = EVP_sha1(); - else if (qsize == SHA224_DIGEST_LENGTH) - evpmd = EVP_sha224(); - else - evpmd = EVP_sha256(); - } else { - qsize = EVP_MD_size(evpmd); - } - - if (bits < 512) - bits = 512; - - bits = (bits + 63) / 64 * 64; - - if (seed_in != NULL) { - if (seed_len < (size_t)qsize) { - DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL); - return 0; - } - if (seed_len > (size_t)qsize) { - /* Only consume as much seed as is expected. */ - seed_len = qsize; - } - memcpy(seed, seed_in, seed_len); - } - - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - - BN_CTX_start(ctx); - - r0 = BN_CTX_get(ctx); - g = BN_CTX_get(ctx); - W = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - c = BN_CTX_get(ctx); - p = BN_CTX_get(ctx); - test = BN_CTX_get(ctx); - - if (test == NULL) - goto err; - - if (!BN_lshift(test, BN_value_one(), bits - 1)) - goto err; - - for (;;) { - for (;;) { /* find q */ - int use_random_seed = (seed_in == NULL); - - /* step 1 */ - if (!BN_GENCB_call(cb, 0, m++)) - goto err; - - if (use_random_seed) { - if (RAND_bytes(seed, qsize) <= 0) - goto err; - } else { - /* If we come back through, use random seed next time. */ - seed_in = NULL; - } - memcpy(buf, seed, qsize); - memcpy(buf2, seed, qsize); - /* precompute "SEED + 1" for step 7: */ - for (i = qsize - 1; i >= 0; i--) { - buf[i]++; - if (buf[i] != 0) - break; - } - - /* step 2 */ - if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) - goto err; - if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) - goto err; - for (i = 0; i < qsize; i++) - md[i] ^= buf2[i]; - - /* step 3 */ - md[0] |= 0x80; - md[qsize - 1] |= 0x01; - if (!BN_bin2bn(md, qsize, q)) - goto err; - - /* step 4 */ - r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, - use_random_seed, cb); - if (r > 0) - break; - if (r != 0) - goto err; - - /* do a callback call */ - /* step 5 */ - } - - if (!BN_GENCB_call(cb, 2, 0)) - goto err; - if (!BN_GENCB_call(cb, 3, 0)) - goto err; - - /* step 6 */ - counter = 0; - /* "offset = 2" */ - - n = (bits - 1) / 160; - - for (;;) { - if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) - goto err; - - /* step 7 */ - BN_zero(W); - /* now 'buf' contains "SEED + offset - 1" */ - for (k = 0; k <= n; k++) { - /* - * obtain "SEED + offset + k" by incrementing: - */ - for (i = qsize - 1; i >= 0; i--) { - buf[i]++; - if (buf[i] != 0) - break; - } - - if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) - goto err; - - /* step 8 */ - if (!BN_bin2bn(md, qsize, r0)) - goto err; - if (!BN_lshift(r0, r0, (qsize << 3) * k)) - goto err; - if (!BN_add(W, W, r0)) - goto err; - } - - /* more of step 8 */ - if (!BN_mask_bits(W, bits - 1)) - goto err; - if (!BN_copy(X, W)) - goto err; - if (!BN_add(X, X, test)) - goto err; - - /* step 9 */ - if (!BN_lshift1(r0, q)) - goto err; - if (!BN_mod(c, X, r0, ctx)) - goto err; - if (!BN_sub(r0, c, BN_value_one())) - goto err; - if (!BN_sub(p, X, r0)) - goto err; - - /* step 10 */ - if (BN_cmp(p, test) >= 0) { - /* step 11 */ - r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); - if (r > 0) - goto end; /* found it */ - if (r != 0) - goto err; - } - - /* step 13 */ - counter++; - /* "offset = offset + n + 1" */ - - /* step 14 */ - if (counter >= 4096) - break; - } - } - end: - if (!BN_GENCB_call(cb, 2, 1)) - goto err; - - /* We now need to generate g */ - /* Set r0=(p-1)/q */ - if (!BN_sub(test, p, BN_value_one())) - goto err; - if (!BN_div(r0, NULL, test, q, ctx)) - goto err; - - if (!BN_set_word(test, h)) - goto err; - if (!BN_MONT_CTX_set(mont, p, ctx)) - goto err; - - for (;;) { - /* g=test^r0%p */ - if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) - goto err; - if (!BN_is_one(g)) - break; - if (!BN_add(test, test, BN_value_one())) - goto err; - h++; - } - - if (!BN_GENCB_call(cb, 3, 1)) - goto err; - - ok = 1; - err: - if (ok) { - BN_free(ret->p); - BN_free(ret->q); - BN_free(ret->g); - ret->p = BN_dup(p); - ret->q = BN_dup(q); - ret->g = BN_dup(g); - if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { - ok = 0; - goto err; - } - if (counter_ret != NULL) - *counter_ret = counter; - if (h_ret != NULL) - *h_ret = h; - if (seed_out) - memcpy(seed_out, seed, qsize); - } + +int DSA_generate_parameters_ex(DSA *ret, int bits, + const unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb) +{ + if (ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + else { + const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); + size_t qbits = EVP_MD_size(evpmd) * 8; + + return dsa_builtin_paramgen(ret, bits, qbits, evpmd, + seed_in, seed_len, NULL, counter_ret, + h_ret, cb); + } +} + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, + size_t seed_len, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +{ + int ok = 0; + unsigned char seed[SHA256_DIGEST_LENGTH]; + unsigned char md[SHA256_DIGEST_LENGTH]; + unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH]; + BIGNUM *r0, *W, *X, *c, *test; + BIGNUM *g = NULL, *q = NULL, *p = NULL; + BN_MONT_CTX *mont = NULL; + int i, k, n = 0, m = 0, qsize = qbits >> 3; + int counter = 0; + int r = 0; + BN_CTX *ctx = NULL; + unsigned int h = 2; + + if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && + qsize != SHA256_DIGEST_LENGTH) + /* invalid q size */ + return 0; + + if (evpmd == NULL) { + if (qsize == SHA_DIGEST_LENGTH) + evpmd = EVP_sha1(); + else if (qsize == SHA224_DIGEST_LENGTH) + evpmd = EVP_sha224(); + else + evpmd = EVP_sha256(); + } else { + qsize = EVP_MD_size(evpmd); + } + + if (bits < 512) + bits = 512; + + bits = (bits + 63) / 64 * 64; + + if (seed_in != NULL) { + if (seed_len < (size_t)qsize) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL); + return 0; + } + if (seed_len > (size_t)qsize) { + /* Only consume as much seed as is expected. */ + seed_len = qsize; + } + memcpy(seed, seed_in, seed_len); + } + + if ((mont = BN_MONT_CTX_new()) == NULL) + goto err; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + BN_CTX_start(ctx); + + r0 = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + W = BN_CTX_get(ctx); + q = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + c = BN_CTX_get(ctx); + p = BN_CTX_get(ctx); + test = BN_CTX_get(ctx); + + if (test == NULL) + goto err; + + if (!BN_lshift(test, BN_value_one(), bits - 1)) + goto err; + + for (;;) { + for (;;) { /* find q */ + int use_random_seed = (seed_in == NULL); + + /* step 1 */ + if (!BN_GENCB_call(cb, 0, m++)) + goto err; + + if (use_random_seed) { + if (RAND_bytes(seed, qsize) <= 0) + goto err; + } else { + /* If we come back through, use random seed next time. */ + seed_in = NULL; + } + memcpy(buf, seed, qsize); + memcpy(buf2, seed, qsize); + /* precompute "SEED + 1" for step 7: */ + for (i = qsize - 1; i >= 0; i--) { + buf[i]++; + if (buf[i] != 0) + break; + } + + /* step 2 */ + if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) + goto err; + if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) + goto err; + for (i = 0; i < qsize; i++) + md[i] ^= buf2[i]; + + /* step 3 */ + md[0] |= 0x80; + md[qsize - 1] |= 0x01; + if (!BN_bin2bn(md, qsize, q)) + goto err; + + /* step 4 */ + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, + use_random_seed, cb); + if (r > 0) + break; + if (r != 0) + goto err; + + /* do a callback call */ + /* step 5 */ + } + + if (!BN_GENCB_call(cb, 2, 0)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; + + /* step 6 */ + counter = 0; + /* "offset = 2" */ + + n = (bits - 1) / 160; + + for (;;) { + if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) + goto err; + + /* step 7 */ + BN_zero(W); + /* now 'buf' contains "SEED + offset - 1" */ + for (k = 0; k <= n; k++) { + /* + * obtain "SEED + offset + k" by incrementing: + */ + for (i = qsize - 1; i >= 0; i--) { + buf[i]++; + if (buf[i] != 0) + break; + } + + if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) + goto err; + + /* step 8 */ + if (!BN_bin2bn(md, qsize, r0)) + goto err; + if (!BN_lshift(r0, r0, (qsize << 3) * k)) + goto err; + if (!BN_add(W, W, r0)) + goto err; + } + + /* more of step 8 */ + if (!BN_mask_bits(W, bits - 1)) + goto err; + if (!BN_copy(X, W)) + goto err; + if (!BN_add(X, X, test)) + goto err; + + /* step 9 */ + if (!BN_lshift1(r0, q)) + goto err; + if (!BN_mod(c, X, r0, ctx)) + goto err; + if (!BN_sub(r0, c, BN_value_one())) + goto err; + if (!BN_sub(p, X, r0)) + goto err; + + /* step 10 */ + if (BN_cmp(p, test) >= 0) { + /* step 11 */ + r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); + if (r > 0) + goto end; /* found it */ + if (r != 0) + goto err; + } + + /* step 13 */ + counter++; + /* "offset = offset + n + 1" */ + + /* step 14 */ + if (counter >= 4096) + break; + } + } + end: + if (!BN_GENCB_call(cb, 2, 1)) + goto err; + + /* We now need to generate g */ + /* Set r0=(p-1)/q */ + if (!BN_sub(test, p, BN_value_one())) + goto err; + if (!BN_div(r0, NULL, test, q, ctx)) + goto err; + + if (!BN_set_word(test, h)) + goto err; + if (!BN_MONT_CTX_set(mont, p, ctx)) + goto err; + + for (;;) { + /* g=test^r0%p */ + if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) + goto err; + if (!BN_is_one(g)) + break; + if (!BN_add(test, test, BN_value_one())) + goto err; + h++; + } + + if (!BN_GENCB_call(cb, 3, 1)) + goto err; + + ok = 1; + err: + if (ok) { + BN_free(ret->p); + BN_free(ret->q); + BN_free(ret->g); + ret->p = BN_dup(p); + ret->q = BN_dup(q); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { + ok = 0; + goto err; + } + if (counter_ret != NULL) + *counter_ret = counter; + if (h_ret != NULL) + *h_ret = h; + if (seed_out) + memcpy(seed_out, seed, qsize); + } BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_MONT_CTX_free(mont); - return ok; -} - -/* - * This is a parameter generation algorithm for the DSA2 algorithm as - * described in FIPS 186-3. - */ - -int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, - const EVP_MD *evpmd, const unsigned char *seed_in, - size_t seed_len, int idx, unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb) -{ - int ok = -1; - unsigned char *seed = NULL, *seed_tmp = NULL; - unsigned char md[EVP_MAX_MD_SIZE]; - int mdsize; - BIGNUM *r0, *W, *X, *c, *test; - BIGNUM *g = NULL, *q = NULL, *p = NULL; - BN_MONT_CTX *mont = NULL; - int i, k, n = 0, m = 0, qsize = N >> 3; - int counter = 0; - int r = 0; - BN_CTX *ctx = NULL; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - unsigned int h = 2; - - if (mctx == NULL) - goto err; - - /* make sure L > N, otherwise we'll get trapped in an infinite loop */ - if (L <= N) { - DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); - goto err; - } - - if (evpmd == NULL) { - if (N == 160) - evpmd = EVP_sha1(); - else if (N == 224) - evpmd = EVP_sha224(); - else - evpmd = EVP_sha256(); - } - - mdsize = EVP_MD_size(evpmd); - /* If unverifiable g generation only don't need seed */ - if (!ret->p || !ret->q || idx >= 0) { - if (seed_len == 0) - seed_len = mdsize; - - seed = OPENSSL_malloc(seed_len); - - if (seed_out) - seed_tmp = seed_out; - else - seed_tmp = OPENSSL_malloc(seed_len); - - if (seed == NULL || seed_tmp == NULL) - goto err; - - if (seed_in) - memcpy(seed, seed_in, seed_len); - - } - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - - BN_CTX_start(ctx); - r0 = BN_CTX_get(ctx); - g = BN_CTX_get(ctx); - W = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - c = BN_CTX_get(ctx); - test = BN_CTX_get(ctx); - if (test == NULL) - goto err; - - /* if p, q already supplied generate g only */ - if (ret->p && ret->q) { - p = ret->p; - q = ret->q; - if (idx >= 0) - memcpy(seed_tmp, seed, seed_len); - goto g_only; - } else { - p = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - if (q == NULL) - goto err; - } - - if (!BN_lshift(test, BN_value_one(), L - 1)) - goto err; - for (;;) { - for (;;) { /* find q */ - unsigned char *pmd; - /* step 1 */ - if (!BN_GENCB_call(cb, 0, m++)) - goto err; - - if (!seed_in) { - if (RAND_bytes(seed, seed_len) <= 0) - goto err; - } - /* step 2 */ - if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL)) - goto err; - /* Take least significant bits of md */ - if (mdsize > qsize) - pmd = md + mdsize - qsize; - else - pmd = md; - - if (mdsize < qsize) - memset(md + mdsize, 0, qsize - mdsize); - - /* step 3 */ - pmd[0] |= 0x80; - pmd[qsize - 1] |= 0x01; - if (!BN_bin2bn(pmd, qsize, q)) - goto err; - - /* step 4 */ - r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, - seed_in ? 1 : 0, cb); - if (r > 0) - break; - if (r != 0) - goto err; - /* Provided seed didn't produce a prime: error */ - if (seed_in) { - ok = 0; - DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME); - goto err; - } - - /* do a callback call */ - /* step 5 */ - } - /* Copy seed to seed_out before we mess with it */ - if (seed_out) - memcpy(seed_out, seed, seed_len); - - if (!BN_GENCB_call(cb, 2, 0)) - goto err; - if (!BN_GENCB_call(cb, 3, 0)) - goto err; - - /* step 6 */ - counter = 0; - /* "offset = 1" */ - - n = (L - 1) / (mdsize << 3); - - for (;;) { - if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) - goto err; - - /* step 7 */ - BN_zero(W); - /* now 'buf' contains "SEED + offset - 1" */ - for (k = 0; k <= n; k++) { - /* - * obtain "SEED + offset + k" by incrementing: - */ - for (i = seed_len - 1; i >= 0; i--) { - seed[i]++; - if (seed[i] != 0) - break; - } - - if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL)) - goto err; - - /* step 8 */ - if (!BN_bin2bn(md, mdsize, r0)) - goto err; - if (!BN_lshift(r0, r0, (mdsize << 3) * k)) - goto err; - if (!BN_add(W, W, r0)) - goto err; - } - - /* more of step 8 */ - if (!BN_mask_bits(W, L - 1)) - goto err; - if (!BN_copy(X, W)) - goto err; - if (!BN_add(X, X, test)) - goto err; - - /* step 9 */ - if (!BN_lshift1(r0, q)) - goto err; - if (!BN_mod(c, X, r0, ctx)) - goto err; - if (!BN_sub(r0, c, BN_value_one())) - goto err; - if (!BN_sub(p, X, r0)) - goto err; - - /* step 10 */ - if (BN_cmp(p, test) >= 0) { - /* step 11 */ - r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); - if (r > 0) - goto end; /* found it */ - if (r != 0) - goto err; - } - - /* step 13 */ - counter++; - /* "offset = offset + n + 1" */ - - /* step 14 */ - if (counter >= (int)(4 * L)) - break; - } - if (seed_in) { - ok = 0; - DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); - goto err; - } - } - end: - if (!BN_GENCB_call(cb, 2, 1)) - goto err; - - g_only: - - /* We now need to generate g */ - /* Set r0=(p-1)/q */ - if (!BN_sub(test, p, BN_value_one())) - goto err; - if (!BN_div(r0, NULL, test, q, ctx)) - goto err; - - if (idx < 0) { - if (!BN_set_word(test, h)) - goto err; - } else - h = 1; - if (!BN_MONT_CTX_set(mont, p, ctx)) - goto err; - - for (;;) { - static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e }; - if (idx >= 0) { - md[0] = idx & 0xff; - md[1] = (h >> 8) & 0xff; - md[2] = h & 0xff; - if (!EVP_DigestInit_ex(mctx, evpmd, NULL)) - goto err; - if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len)) - goto err; - if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen))) - goto err; - if (!EVP_DigestUpdate(mctx, md, 3)) - goto err; - if (!EVP_DigestFinal_ex(mctx, md, NULL)) - goto err; - if (!BN_bin2bn(md, mdsize, test)) - goto err; - } - /* g=test^r0%p */ - if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) - goto err; - if (!BN_is_one(g)) - break; - if (idx < 0 && !BN_add(test, test, BN_value_one())) - goto err; - h++; - if (idx >= 0 && h > 0xffff) - goto err; - } - - if (!BN_GENCB_call(cb, 3, 1)) - goto err; - - ok = 1; - err: - if (ok == 1) { - if (p != ret->p) { - BN_free(ret->p); - ret->p = BN_dup(p); - } - if (q != ret->q) { - BN_free(ret->q); - ret->q = BN_dup(q); - } - BN_free(ret->g); - ret->g = BN_dup(g); - if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { - ok = -1; - goto err; - } - if (counter_ret != NULL) - *counter_ret = counter; - if (h_ret != NULL) - *h_ret = h; - } - OPENSSL_free(seed); - if (seed_out != seed_tmp) - OPENSSL_free(seed_tmp); + BN_CTX_free(ctx); + BN_MONT_CTX_free(mont); + return ok; +} + +/* + * This is a parameter generation algorithm for the DSA2 algorithm as + * described in FIPS 186-3. + */ + +int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, + const EVP_MD *evpmd, const unsigned char *seed_in, + size_t seed_len, int idx, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb) +{ + int ok = -1; + unsigned char *seed = NULL, *seed_tmp = NULL; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdsize; + BIGNUM *r0, *W, *X, *c, *test; + BIGNUM *g = NULL, *q = NULL, *p = NULL; + BN_MONT_CTX *mont = NULL; + int i, k, n = 0, m = 0, qsize = N >> 3; + int counter = 0; + int r = 0; + BN_CTX *ctx = NULL; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + unsigned int h = 2; + + if (mctx == NULL) + goto err; + + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + + if (evpmd == NULL) { + if (N == 160) + evpmd = EVP_sha1(); + else if (N == 224) + evpmd = EVP_sha224(); + else + evpmd = EVP_sha256(); + } + + mdsize = EVP_MD_size(evpmd); + /* If unverifiable g generation only don't need seed */ + if (!ret->p || !ret->q || idx >= 0) { + if (seed_len == 0) + seed_len = mdsize; + + seed = OPENSSL_malloc(seed_len); + + if (seed_out) + seed_tmp = seed_out; + else + seed_tmp = OPENSSL_malloc(seed_len); + + if (seed == NULL || seed_tmp == NULL) + goto err; + + if (seed_in) + memcpy(seed, seed_in, seed_len); + + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + if ((mont = BN_MONT_CTX_new()) == NULL) + goto err; + + BN_CTX_start(ctx); + r0 = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + W = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + c = BN_CTX_get(ctx); + test = BN_CTX_get(ctx); + if (test == NULL) + goto err; + + /* if p, q already supplied generate g only */ + if (ret->p && ret->q) { + p = ret->p; + q = ret->q; + if (idx >= 0) + memcpy(seed_tmp, seed, seed_len); + goto g_only; + } else { + p = BN_CTX_get(ctx); + q = BN_CTX_get(ctx); + if (q == NULL) + goto err; + } + + if (!BN_lshift(test, BN_value_one(), L - 1)) + goto err; + for (;;) { + for (;;) { /* find q */ + unsigned char *pmd; + /* step 1 */ + if (!BN_GENCB_call(cb, 0, m++)) + goto err; + + if (!seed_in) { + if (RAND_bytes(seed, seed_len) <= 0) + goto err; + } + /* step 2 */ + if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL)) + goto err; + /* Take least significant bits of md */ + if (mdsize > qsize) + pmd = md + mdsize - qsize; + else + pmd = md; + + if (mdsize < qsize) + memset(md + mdsize, 0, qsize - mdsize); + + /* step 3 */ + pmd[0] |= 0x80; + pmd[qsize - 1] |= 0x01; + if (!BN_bin2bn(pmd, qsize, q)) + goto err; + + /* step 4 */ + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, + seed_in ? 1 : 0, cb); + if (r > 0) + break; + if (r != 0) + goto err; + /* Provided seed didn't produce a prime: error */ + if (seed_in) { + ok = 0; + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME); + goto err; + } + + /* do a callback call */ + /* step 5 */ + } + /* Copy seed to seed_out before we mess with it */ + if (seed_out) + memcpy(seed_out, seed, seed_len); + + if (!BN_GENCB_call(cb, 2, 0)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; + + /* step 6 */ + counter = 0; + /* "offset = 1" */ + + n = (L - 1) / (mdsize << 3); + + for (;;) { + if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) + goto err; + + /* step 7 */ + BN_zero(W); + /* now 'buf' contains "SEED + offset - 1" */ + for (k = 0; k <= n; k++) { + /* + * obtain "SEED + offset + k" by incrementing: + */ + for (i = seed_len - 1; i >= 0; i--) { + seed[i]++; + if (seed[i] != 0) + break; + } + + if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL)) + goto err; + + /* step 8 */ + if (!BN_bin2bn(md, mdsize, r0)) + goto err; + if (!BN_lshift(r0, r0, (mdsize << 3) * k)) + goto err; + if (!BN_add(W, W, r0)) + goto err; + } + + /* more of step 8 */ + if (!BN_mask_bits(W, L - 1)) + goto err; + if (!BN_copy(X, W)) + goto err; + if (!BN_add(X, X, test)) + goto err; + + /* step 9 */ + if (!BN_lshift1(r0, q)) + goto err; + if (!BN_mod(c, X, r0, ctx)) + goto err; + if (!BN_sub(r0, c, BN_value_one())) + goto err; + if (!BN_sub(p, X, r0)) + goto err; + + /* step 10 */ + if (BN_cmp(p, test) >= 0) { + /* step 11 */ + r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); + if (r > 0) + goto end; /* found it */ + if (r != 0) + goto err; + } + + /* step 13 */ + counter++; + /* "offset = offset + n + 1" */ + + /* step 14 */ + if (counter >= (int)(4 * L)) + break; + } + if (seed_in) { + ok = 0; + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + } + end: + if (!BN_GENCB_call(cb, 2, 1)) + goto err; + + g_only: + + /* We now need to generate g */ + /* Set r0=(p-1)/q */ + if (!BN_sub(test, p, BN_value_one())) + goto err; + if (!BN_div(r0, NULL, test, q, ctx)) + goto err; + + if (idx < 0) { + if (!BN_set_word(test, h)) + goto err; + } else + h = 1; + if (!BN_MONT_CTX_set(mont, p, ctx)) + goto err; + + for (;;) { + static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e }; + if (idx >= 0) { + md[0] = idx & 0xff; + md[1] = (h >> 8) & 0xff; + md[2] = h & 0xff; + if (!EVP_DigestInit_ex(mctx, evpmd, NULL)) + goto err; + if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len)) + goto err; + if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen))) + goto err; + if (!EVP_DigestUpdate(mctx, md, 3)) + goto err; + if (!EVP_DigestFinal_ex(mctx, md, NULL)) + goto err; + if (!BN_bin2bn(md, mdsize, test)) + goto err; + } + /* g=test^r0%p */ + if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) + goto err; + if (!BN_is_one(g)) + break; + if (idx < 0 && !BN_add(test, test, BN_value_one())) + goto err; + h++; + if (idx >= 0 && h > 0xffff) + goto err; + } + + if (!BN_GENCB_call(cb, 3, 1)) + goto err; + + ok = 1; + err: + if (ok == 1) { + if (p != ret->p) { + BN_free(ret->p); + ret->p = BN_dup(p); + } + if (q != ret->q) { + BN_free(ret->q); + ret->q = BN_dup(q); + } + BN_free(ret->g); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { + ok = -1; + goto err; + } + if (counter_ret != NULL) + *counter_ret = counter; + if (h_ret != NULL) + *h_ret = h; + } + OPENSSL_free(seed); + if (seed_out != seed_tmp) + OPENSSL_free(seed_tmp); BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_MONT_CTX_free(mont); - EVP_MD_CTX_free(mctx); - return ok; -} + BN_CTX_free(ctx); + BN_MONT_CTX_free(mont); + EVP_MD_CTX_free(mctx); + return ok; +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_key.c b/contrib/libs/openssl/crypto/dsa/dsa_key.c index bdeddd4f61..b9f6325898 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_key.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_key.c @@ -1,77 +1,77 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include <time.h> -#include "internal/cryptlib.h" -#include <openssl/bn.h> +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <time.h> +#include "internal/cryptlib.h" +#include <openssl/bn.h> #include "dsa_local.h" - -static int dsa_builtin_keygen(DSA *dsa); - -int DSA_generate_key(DSA *dsa) -{ - if (dsa->meth->dsa_keygen) - return dsa->meth->dsa_keygen(dsa); - return dsa_builtin_keygen(dsa); -} - -static int dsa_builtin_keygen(DSA *dsa) -{ - int ok = 0; - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - - if (dsa->priv_key == NULL) { - if ((priv_key = BN_secure_new()) == NULL) - goto err; - } else - priv_key = dsa->priv_key; - - do - if (!BN_priv_rand_range(priv_key, dsa->q)) - goto err; - while (BN_is_zero(priv_key)) ; - - if (dsa->pub_key == NULL) { - if ((pub_key = BN_new()) == NULL) - goto err; - } else - pub_key = dsa->pub_key; - - { - BIGNUM *prk = BN_new(); - - if (prk == NULL) - goto err; - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - - if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) { - BN_free(prk); - goto err; - } - /* We MUST free prk before any further use of priv_key */ - BN_free(prk); - } - - dsa->priv_key = priv_key; - dsa->pub_key = pub_key; - ok = 1; - - err: - if (pub_key != dsa->pub_key) - BN_free(pub_key); - if (priv_key != dsa->priv_key) - BN_free(priv_key); - BN_CTX_free(ctx); - return ok; -} + +static int dsa_builtin_keygen(DSA *dsa); + +int DSA_generate_key(DSA *dsa) +{ + if (dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); +} + +static int dsa_builtin_keygen(DSA *dsa) +{ + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + if (dsa->priv_key == NULL) { + if ((priv_key = BN_secure_new()) == NULL) + goto err; + } else + priv_key = dsa->priv_key; + + do + if (!BN_priv_rand_range(priv_key, dsa->q)) + goto err; + while (BN_is_zero(priv_key)) ; + + if (dsa->pub_key == NULL) { + if ((pub_key = BN_new()) == NULL) + goto err; + } else + pub_key = dsa->pub_key; + + { + BIGNUM *prk = BN_new(); + + if (prk == NULL) + goto err; + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); + + if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) { + BN_free(prk); + goto err; + } + /* We MUST free prk before any further use of priv_key */ + BN_free(prk); + } + + dsa->priv_key = priv_key; + dsa->pub_key = pub_key; + ok = 1; + + err: + if (pub_key != dsa->pub_key) + BN_free(pub_key); + if (priv_key != dsa->priv_key) + BN_free(priv_key); + BN_CTX_free(ctx); + return ok; +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_lib.c b/contrib/libs/openssl/crypto/dsa/dsa_lib.c index f98af5853d..9449c7dbcd 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_lib.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_lib.c @@ -1,358 +1,358 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include <openssl/bn.h> +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include "internal/refcount.h" +#include <openssl/bn.h> #include "dsa_local.h" -#include <openssl/asn1.h> -#include <openssl/engine.h> -#include <openssl/dh.h> - -DSA *DSA_new(void) -{ - return DSA_new_method(NULL); -} - -int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) -{ - /* - * NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. - */ - const DSA_METHOD *mtmp; - mtmp = dsa->meth; - if (mtmp->finish) - mtmp->finish(dsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dsa->engine); - dsa->engine = NULL; -#endif - dsa->meth = meth; - if (meth->init) - meth->init(dsa); - return 1; -} - -const DSA_METHOD *DSA_get_method(DSA *d) -{ - return d->meth; -} - -DSA *DSA_new_method(ENGINE *engine) -{ - DSA *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->references = 1; - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - - ret->meth = DSA_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */ - if (engine) { - if (!ENGINE_init(engine)) { - DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_DSA(); - if (ret->engine) { - ret->meth = ENGINE_get_DSA(ret->engine); - if (ret->meth == NULL) { - DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - - ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data)) - goto err; - - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL); - goto err; - } - - return ret; - - err: - DSA_free(ret); - return NULL; -} - -void DSA_free(DSA *r) -{ - int i; - - if (r == NULL) - return; - - CRYPTO_DOWN_REF(&r->references, &i, r->lock); - REF_PRINT_COUNT("DSA", r); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - if (r->meth != NULL && r->meth->finish != NULL) - r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); - - CRYPTO_THREAD_lock_free(r->lock); - - BN_clear_free(r->p); - BN_clear_free(r->q); - BN_clear_free(r->g); - BN_clear_free(r->pub_key); - BN_clear_free(r->priv_key); - OPENSSL_free(r); -} - -int DSA_up_ref(DSA *r) -{ - int i; - - if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) - return 0; - - REF_PRINT_COUNT("DSA", r); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -int DSA_size(const DSA *r) -{ - int ret, i; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. However, - * i2d_ASN1_INTEGER() will not look beyond - * the first byte, as long as the second - * parameter is NULL. */ - - i = BN_num_bits(r->q); - bs.length = (i + 7) / 8; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - i += i; /* r and s */ - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); - return ret; -} - -int DSA_set_ex_data(DSA *d, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&d->ex_data, idx, arg); -} - -void *DSA_get_ex_data(DSA *d, int idx) -{ - return CRYPTO_get_ex_data(&d->ex_data, idx); -} - -int DSA_security_bits(const DSA *d) -{ - if (d->p && d->q) - return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q)); - return -1; -} - -#ifndef OPENSSL_NO_DH -DH *DSA_dup_DH(const DSA *r) -{ - /* - * DSA has p, q, g, optional pub_key, optional priv_key. DH has p, - * optional length, g, optional pub_key, optional priv_key, optional q. - */ - - DH *ret = NULL; - BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; - - if (r == NULL) - goto err; - ret = DH_new(); - if (ret == NULL) - goto err; - if (r->p != NULL || r->g != NULL || r->q != NULL) { - if (r->p == NULL || r->g == NULL || r->q == NULL) { - /* Shouldn't happen */ - goto err; - } - p = BN_dup(r->p); - g = BN_dup(r->g); - q = BN_dup(r->q); - if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g)) - goto err; - p = g = q = NULL; - } - - if (r->pub_key != NULL) { - pub_key = BN_dup(r->pub_key); - if (pub_key == NULL) - goto err; - if (r->priv_key != NULL) { - priv_key = BN_dup(r->priv_key); - if (priv_key == NULL) - goto err; - } - if (!DH_set0_key(ret, pub_key, priv_key)) - goto err; - } else if (r->priv_key != NULL) { - /* Shouldn't happen */ - goto err; - } - - return ret; - - err: - BN_free(p); - BN_free(g); - BN_free(q); - BN_free(pub_key); - BN_free(priv_key); - DH_free(ret); - return NULL; -} -#endif - -void DSA_get0_pqg(const DSA *d, - const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -{ - if (p != NULL) - *p = d->p; - if (q != NULL) - *q = d->q; - if (g != NULL) - *g = d->g; -} - -int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -{ - /* If the fields p, q and g in d are NULL, the corresponding input - * parameters MUST be non-NULL. - */ - if ((d->p == NULL && p == NULL) - || (d->q == NULL && q == NULL) - || (d->g == NULL && g == NULL)) - return 0; - - if (p != NULL) { - BN_free(d->p); - d->p = p; - } - if (q != NULL) { - BN_free(d->q); - d->q = q; - } - if (g != NULL) { - BN_free(d->g); - d->g = g; - } - - return 1; -} - -void DSA_get0_key(const DSA *d, - const BIGNUM **pub_key, const BIGNUM **priv_key) -{ - if (pub_key != NULL) - *pub_key = d->pub_key; - if (priv_key != NULL) - *priv_key = d->priv_key; -} - -int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) -{ - /* If the field pub_key in d is NULL, the corresponding input - * parameters MUST be non-NULL. The priv_key field may - * be left NULL. - */ - if (d->pub_key == NULL && pub_key == NULL) - return 0; - - if (pub_key != NULL) { - BN_free(d->pub_key); - d->pub_key = pub_key; - } - if (priv_key != NULL) { - BN_free(d->priv_key); - d->priv_key = priv_key; - } - - return 1; -} - -const BIGNUM *DSA_get0_p(const DSA *d) -{ - return d->p; -} - -const BIGNUM *DSA_get0_q(const DSA *d) -{ - return d->q; -} - -const BIGNUM *DSA_get0_g(const DSA *d) -{ - return d->g; -} - -const BIGNUM *DSA_get0_pub_key(const DSA *d) -{ - return d->pub_key; -} - -const BIGNUM *DSA_get0_priv_key(const DSA *d) -{ - return d->priv_key; -} - -void DSA_clear_flags(DSA *d, int flags) -{ - d->flags &= ~flags; -} - -int DSA_test_flags(const DSA *d, int flags) -{ - return d->flags & flags; -} - -void DSA_set_flags(DSA *d, int flags) -{ - d->flags |= flags; -} - -ENGINE *DSA_get0_engine(DSA *d) -{ - return d->engine; -} - -int DSA_bits(const DSA *dsa) -{ - return BN_num_bits(dsa->p); -} +#include <openssl/asn1.h> +#include <openssl/engine.h> +#include <openssl/dh.h> + +DSA *DSA_new(void) +{ + return DSA_new_method(NULL); +} + +int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ + const DSA_METHOD *mtmp; + mtmp = dsa->meth; + if (mtmp->finish) + mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(dsa->engine); + dsa->engine = NULL; +#endif + dsa->meth = meth; + if (meth->init) + meth->init(dsa); + return 1; +} + +const DSA_METHOD *DSA_get_method(DSA *d) +{ + return d->meth; +} + +DSA *DSA_new_method(ENGINE *engine) +{ + DSA *ret = OPENSSL_zalloc(sizeof(*ret)); + + if (ret == NULL) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->references = 1; + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } + + ret->meth = DSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE + ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */ + if (engine) { + if (!ENGINE_init(engine)) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); + goto err; + } + ret->engine = engine; + } else + ret->engine = ENGINE_get_default_DSA(); + if (ret->engine) { + ret->meth = ENGINE_get_DSA(ret->engine); + if (ret->meth == NULL) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); + goto err; + } + } +#endif + + ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; + + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data)) + goto err; + + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL); + goto err; + } + + return ret; + + err: + DSA_free(ret); + return NULL; +} + +void DSA_free(DSA *r) +{ + int i; + + if (r == NULL) + return; + + CRYPTO_DOWN_REF(&r->references, &i, r->lock); + REF_PRINT_COUNT("DSA", r); + if (i > 0) + return; + REF_ASSERT_ISNT(i < 0); + + if (r->meth != NULL && r->meth->finish != NULL) + r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(r->engine); +#endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); + + CRYPTO_THREAD_lock_free(r->lock); + + BN_clear_free(r->p); + BN_clear_free(r->q); + BN_clear_free(r->g); + BN_clear_free(r->pub_key); + BN_clear_free(r->priv_key); + OPENSSL_free(r); +} + +int DSA_up_ref(DSA *r) +{ + int i; + + if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) + return 0; + + REF_PRINT_COUNT("DSA", r); + REF_ASSERT_ISNT(i < 2); + return ((i > 1) ? 1 : 0); +} + +int DSA_size(const DSA *r) +{ + int ret, i; + ASN1_INTEGER bs; + unsigned char buf[4]; /* 4 bytes looks really small. However, + * i2d_ASN1_INTEGER() will not look beyond + * the first byte, as long as the second + * parameter is NULL. */ + + i = BN_num_bits(r->q); + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0] = 0xff; + + i = i2d_ASN1_INTEGER(&bs, NULL); + i += i; /* r and s */ + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + return ret; +} + +int DSA_set_ex_data(DSA *d, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); +} + +void *DSA_get_ex_data(DSA *d, int idx) +{ + return CRYPTO_get_ex_data(&d->ex_data, idx); +} + +int DSA_security_bits(const DSA *d) +{ + if (d->p && d->q) + return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q)); + return -1; +} + +#ifndef OPENSSL_NO_DH +DH *DSA_dup_DH(const DSA *r) +{ + /* + * DSA has p, q, g, optional pub_key, optional priv_key. DH has p, + * optional length, g, optional pub_key, optional priv_key, optional q. + */ + + DH *ret = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; + + if (r == NULL) + goto err; + ret = DH_new(); + if (ret == NULL) + goto err; + if (r->p != NULL || r->g != NULL || r->q != NULL) { + if (r->p == NULL || r->g == NULL || r->q == NULL) { + /* Shouldn't happen */ + goto err; + } + p = BN_dup(r->p); + g = BN_dup(r->g); + q = BN_dup(r->q); + if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g)) + goto err; + p = g = q = NULL; + } + + if (r->pub_key != NULL) { + pub_key = BN_dup(r->pub_key); + if (pub_key == NULL) + goto err; + if (r->priv_key != NULL) { + priv_key = BN_dup(r->priv_key); + if (priv_key == NULL) + goto err; + } + if (!DH_set0_key(ret, pub_key, priv_key)) + goto err; + } else if (r->priv_key != NULL) { + /* Shouldn't happen */ + goto err; + } + + return ret; + + err: + BN_free(p); + BN_free(g); + BN_free(q); + BN_free(pub_key); + BN_free(priv_key); + DH_free(ret); + return NULL; +} +#endif + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = d->p; + if (q != NULL) + *q = d->q; + if (g != NULL) + *g = d->g; +} + +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + /* If the fields p, q and g in d are NULL, the corresponding input + * parameters MUST be non-NULL. + */ + if ((d->p == NULL && p == NULL) + || (d->q == NULL && q == NULL) + || (d->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(d->p); + d->p = p; + } + if (q != NULL) { + BN_free(d->q); + d->q = q; + } + if (g != NULL) { + BN_free(d->g); + d->g = g; + } + + return 1; +} + +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = d->pub_key; + if (priv_key != NULL) + *priv_key = d->priv_key; +} + +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +{ + /* If the field pub_key in d is NULL, the corresponding input + * parameters MUST be non-NULL. The priv_key field may + * be left NULL. + */ + if (d->pub_key == NULL && pub_key == NULL) + return 0; + + if (pub_key != NULL) { + BN_free(d->pub_key); + d->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(d->priv_key); + d->priv_key = priv_key; + } + + return 1; +} + +const BIGNUM *DSA_get0_p(const DSA *d) +{ + return d->p; +} + +const BIGNUM *DSA_get0_q(const DSA *d) +{ + return d->q; +} + +const BIGNUM *DSA_get0_g(const DSA *d) +{ + return d->g; +} + +const BIGNUM *DSA_get0_pub_key(const DSA *d) +{ + return d->pub_key; +} + +const BIGNUM *DSA_get0_priv_key(const DSA *d) +{ + return d->priv_key; +} + +void DSA_clear_flags(DSA *d, int flags) +{ + d->flags &= ~flags; +} + +int DSA_test_flags(const DSA *d, int flags) +{ + return d->flags & flags; +} + +void DSA_set_flags(DSA *d, int flags) +{ + d->flags |= flags; +} + +ENGINE *DSA_get0_engine(DSA *d) +{ + return d->engine; +} + +int DSA_bits(const DSA *dsa) +{ + return BN_num_bits(dsa->p); +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_meth.c b/contrib/libs/openssl/crypto/dsa/dsa_meth.c index 1e6ee2f4ed..337cc2cd7b 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_meth.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_meth.c @@ -1,224 +1,224 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Licensed under the OpenSSL licenses, (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * https://www.openssl.org/source/license.html - * or in the file LICENSE in the source distribution. - */ - +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + #include "dsa_local.h" -#include <string.h> -#include <openssl/err.h> - -DSA_METHOD *DSA_meth_new(const char *name, int flags) -{ - DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam)); - - if (dsam != NULL) { - dsam->flags = flags; - - dsam->name = OPENSSL_strdup(name); - if (dsam->name != NULL) - return dsam; - - OPENSSL_free(dsam); - } - - DSAerr(DSA_F_DSA_METH_NEW, ERR_R_MALLOC_FAILURE); - return NULL; -} - -void DSA_meth_free(DSA_METHOD *dsam) -{ - if (dsam != NULL) { - OPENSSL_free(dsam->name); - OPENSSL_free(dsam); - } -} - -DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam) -{ - DSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); - - if (ret != NULL) { - memcpy(ret, dsam, sizeof(*dsam)); - - ret->name = OPENSSL_strdup(dsam->name); - if (ret->name != NULL) - return ret; - - OPENSSL_free(ret); - } - - DSAerr(DSA_F_DSA_METH_DUP, ERR_R_MALLOC_FAILURE); - return NULL; -} - -const char *DSA_meth_get0_name(const DSA_METHOD *dsam) -{ - return dsam->name; -} - -int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name) -{ - char *tmpname = OPENSSL_strdup(name); - - if (tmpname == NULL) { - DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE); - return 0; - } - - OPENSSL_free(dsam->name); - dsam->name = tmpname; - - return 1; -} - -int DSA_meth_get_flags(const DSA_METHOD *dsam) -{ - return dsam->flags; -} - -int DSA_meth_set_flags(DSA_METHOD *dsam, int flags) -{ - dsam->flags = flags; - return 1; -} - -void *DSA_meth_get0_app_data(const DSA_METHOD *dsam) -{ - return dsam->app_data; -} - -int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data) -{ - dsam->app_data = app_data; - return 1; -} - -DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA *) -{ - return dsam->dsa_do_sign; -} - -int DSA_meth_set_sign(DSA_METHOD *dsam, - DSA_SIG *(*sign) (const unsigned char *, int, DSA *)) -{ - dsam->dsa_do_sign = sign; - return 1; -} - -int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) - (DSA *, BN_CTX *, BIGNUM **, BIGNUM **) -{ - return dsam->dsa_sign_setup; -} - -int DSA_meth_set_sign_setup(DSA_METHOD *dsam, - int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)) -{ - dsam->dsa_sign_setup = sign_setup; - return 1; -} - -int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA_SIG *, DSA *) -{ - return dsam->dsa_do_verify; -} - -int DSA_meth_set_verify(DSA_METHOD *dsam, - int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)) -{ - dsam->dsa_do_verify = verify; - return 1; -} - -int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *) -{ - return dsam->dsa_mod_exp; -} - -int DSA_meth_set_mod_exp(DSA_METHOD *dsam, - int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *)) -{ - dsam->dsa_mod_exp = mod_exp; - return 1; -} - -int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *) -{ - return dsam->bn_mod_exp; -} - -int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, - int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) -{ - dsam->bn_mod_exp = bn_mod_exp; - return 1; -} - -int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *) -{ - return dsam->init; -} - -int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)) -{ - dsam->init = init; - return 1; -} - -int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *) -{ - return dsam->finish; -} - -int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)) -{ - dsam->finish = finish; - return 1; -} - -int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) - (DSA *, int, const unsigned char *, int, int *, unsigned long *, - BN_GENCB *) -{ - return dsam->dsa_paramgen; -} - -int DSA_meth_set_paramgen(DSA_METHOD *dsam, - int (*paramgen) (DSA *, int, const unsigned char *, int, int *, - unsigned long *, BN_GENCB *)) -{ - dsam->dsa_paramgen = paramgen; - return 1; -} - -int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *) -{ - return dsam->dsa_keygen; -} - -int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)) -{ - dsam->dsa_keygen = keygen; - return 1; -} +#include <string.h> +#include <openssl/err.h> + +DSA_METHOD *DSA_meth_new(const char *name, int flags) +{ + DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam)); + + if (dsam != NULL) { + dsam->flags = flags; + + dsam->name = OPENSSL_strdup(name); + if (dsam->name != NULL) + return dsam; + + OPENSSL_free(dsam); + } + + DSAerr(DSA_F_DSA_METH_NEW, ERR_R_MALLOC_FAILURE); + return NULL; +} + +void DSA_meth_free(DSA_METHOD *dsam) +{ + if (dsam != NULL) { + OPENSSL_free(dsam->name); + OPENSSL_free(dsam); + } +} + +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam) +{ + DSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret != NULL) { + memcpy(ret, dsam, sizeof(*dsam)); + + ret->name = OPENSSL_strdup(dsam->name); + if (ret->name != NULL) + return ret; + + OPENSSL_free(ret); + } + + DSAerr(DSA_F_DSA_METH_DUP, ERR_R_MALLOC_FAILURE); + return NULL; +} + +const char *DSA_meth_get0_name(const DSA_METHOD *dsam) +{ + return dsam->name; +} + +int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name) +{ + char *tmpname = OPENSSL_strdup(name); + + if (tmpname == NULL) { + DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE); + return 0; + } + + OPENSSL_free(dsam->name); + dsam->name = tmpname; + + return 1; +} + +int DSA_meth_get_flags(const DSA_METHOD *dsam) +{ + return dsam->flags; +} + +int DSA_meth_set_flags(DSA_METHOD *dsam, int flags) +{ + dsam->flags = flags; + return 1; +} + +void *DSA_meth_get0_app_data(const DSA_METHOD *dsam) +{ + return dsam->app_data; +} + +int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data) +{ + dsam->app_data = app_data; + return 1; +} + +DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *) +{ + return dsam->dsa_do_sign; +} + +int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *)) +{ + dsam->dsa_do_sign = sign; + return 1; +} + +int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **) +{ + return dsam->dsa_sign_setup; +} + +int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)) +{ + dsam->dsa_sign_setup = sign_setup; + return 1; +} + +int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *) +{ + return dsam->dsa_do_verify; +} + +int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)) +{ + dsam->dsa_do_verify = verify; + return 1; +} + +int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *) +{ + return dsam->dsa_mod_exp; +} + +int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)) +{ + dsam->dsa_mod_exp = mod_exp; + return 1; +} + +int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *) +{ + return dsam->bn_mod_exp; +} + +int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) +{ + dsam->bn_mod_exp = bn_mod_exp; + return 1; +} + +int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *) +{ + return dsam->init; +} + +int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)) +{ + dsam->init = init; + return 1; +} + +int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *) +{ + return dsam->finish; +} + +int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)) +{ + dsam->finish = finish; + return 1; +} + +int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *) +{ + return dsam->dsa_paramgen; +} + +int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)) +{ + dsam->dsa_paramgen = paramgen; + return 1; +} + +int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *) +{ + return dsam->dsa_keygen; +} + +int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)) +{ + dsam->dsa_keygen = keygen; + return 1; +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_ossl.c b/contrib/libs/openssl/crypto/dsa/dsa_ossl.c index a983def64e..1b53813041 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_ossl.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_ossl.c @@ -1,199 +1,199 @@ -/* +/* * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" #include "crypto/bn.h" -#include <openssl/bn.h> -#include <openssl/sha.h> +#include <openssl/bn.h> +#include <openssl/sha.h> #include "dsa_local.h" -#include <openssl/asn1.h> - -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp, const unsigned char *dgst, int dlen); -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -static int dsa_init(DSA *dsa); -static int dsa_finish(DSA *dsa); -static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, - BN_CTX *ctx); - -static DSA_METHOD openssl_dsa_meth = { - "OpenSSL DSA method", - dsa_do_sign, - dsa_sign_setup_no_digest, - dsa_do_verify, - NULL, /* dsa_mod_exp, */ - NULL, /* dsa_bn_mod_exp, */ - dsa_init, - dsa_finish, - DSA_FLAG_FIPS_METHOD, - NULL, - NULL, - NULL -}; - -static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth; - -void DSA_set_default_method(const DSA_METHOD *meth) -{ - default_DSA_method = meth; -} - -const DSA_METHOD *DSA_get_default_method(void) -{ - return default_DSA_method; -} - -const DSA_METHOD *DSA_OpenSSL(void) -{ - return &openssl_dsa_meth; -} - -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - BIGNUM *kinv = NULL; - BIGNUM *m, *blind, *blindm, *tmp; - BN_CTX *ctx = NULL; - int reason = ERR_R_BN_LIB; - DSA_SIG *ret = NULL; - int rv = 0; - - if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { - reason = DSA_R_MISSING_PARAMETERS; - goto err; - } +#include <openssl/asn1.h> + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp, const unsigned char *dgst, int dlen); +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); +static int dsa_init(DSA *dsa); +static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); + +static DSA_METHOD openssl_dsa_meth = { + "OpenSSL DSA method", + dsa_do_sign, + dsa_sign_setup_no_digest, + dsa_do_verify, + NULL, /* dsa_mod_exp, */ + NULL, /* dsa_bn_mod_exp, */ + dsa_init, + dsa_finish, + DSA_FLAG_FIPS_METHOD, + NULL, + NULL, + NULL +}; + +static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth; + +void DSA_set_default_method(const DSA_METHOD *meth) +{ + default_DSA_method = meth; +} + +const DSA_METHOD *DSA_get_default_method(void) +{ + return default_DSA_method; +} + +const DSA_METHOD *DSA_OpenSSL(void) +{ + return &openssl_dsa_meth; +} + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ + BIGNUM *kinv = NULL; + BIGNUM *m, *blind, *blindm, *tmp; + BN_CTX *ctx = NULL; + int reason = ERR_R_BN_LIB; + DSA_SIG *ret = NULL; + int rv = 0; + + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { + reason = DSA_R_MISSING_PARAMETERS; + goto err; + } if (dsa->priv_key == NULL) { reason = DSA_R_MISSING_PRIVATE_KEY; goto err; } - - ret = DSA_SIG_new(); - if (ret == NULL) - goto err; - ret->r = BN_new(); - ret->s = BN_new(); - if (ret->r == NULL || ret->s == NULL) - goto err; - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - m = BN_CTX_get(ctx); - blind = BN_CTX_get(ctx); - blindm = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - - redo: - if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) - goto err; - - if (dlen > BN_num_bytes(dsa->q)) - /* - * if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3, - * 4.2 - */ - dlen = BN_num_bytes(dsa->q); - if (BN_bin2bn(dgst, dlen, m) == NULL) - goto err; - - /* - * The normal signature calculation is: - * - * s := k^-1 * (m + r * priv_key) mod q - * - * We will blind this to protect against side channel attacks - * - * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q - */ - - /* Generate a blinding value */ - do { - if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) - goto err; - } while (BN_is_zero(blind)); - BN_set_flags(blind, BN_FLG_CONSTTIME); - BN_set_flags(blindm, BN_FLG_CONSTTIME); - BN_set_flags(tmp, BN_FLG_CONSTTIME); - - /* tmp := blind * priv_key * r mod q */ - if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) - goto err; - if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx)) - goto err; - - /* blindm := blind * m mod q */ - if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) - goto err; - - /* s : = (blind * priv_key * r) + (blind * m) mod q */ - if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q)) - goto err; - - /* s := s * k^-1 mod q */ - if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx)) - goto err; - - /* s:= s * blind^-1 mod q */ - if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) - goto err; - if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx)) - goto err; - - /* - * Redo if r or s is zero as required by FIPS 186-3: this is very - * unlikely. - */ - if (BN_is_zero(ret->r) || BN_is_zero(ret->s)) - goto redo; - - rv = 1; - - err: - if (rv == 0) { - DSAerr(DSA_F_DSA_DO_SIGN, reason); - DSA_SIG_free(ret); - ret = NULL; - } - BN_CTX_free(ctx); - BN_clear_free(kinv); - return ret; -} - -static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp) -{ - return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0); -} - -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp, - const unsigned char *dgst, int dlen) -{ - BN_CTX *ctx = NULL; - BIGNUM *k, *kinv = NULL, *r = *rp; - BIGNUM *l; - int ret = 0; - int q_bits, q_words; - - if (!dsa->p || !dsa->q || !dsa->g) { - DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); - return 0; - } - + + ret = DSA_SIG_new(); + if (ret == NULL) + goto err; + ret->r = BN_new(); + ret->s = BN_new(); + if (ret->r == NULL || ret->s == NULL) + goto err; + + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + + redo: + if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) + goto err; + + if (dlen > BN_num_bytes(dsa->q)) + /* + * if the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3, + * 4.2 + */ + dlen = BN_num_bytes(dsa->q); + if (BN_bin2bn(dgst, dlen, m) == NULL) + goto err; + + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod q + * + * We will blind this to protect against side channel attacks + * + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q + */ + + /* Generate a blinding value */ + do { + if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod q */ + if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) + goto err; + if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx)) + goto err; + + /* blindm := blind * m mod q */ + if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) + goto err; + + /* s : = (blind * priv_key * r) + (blind * m) mod q */ + if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q)) + goto err; + + /* s := s * k^-1 mod q */ + if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx)) + goto err; + + /* s:= s * blind^-1 mod q */ + if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) + goto err; + if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx)) + goto err; + + /* + * Redo if r or s is zero as required by FIPS 186-3: this is very + * unlikely. + */ + if (BN_is_zero(ret->r) || BN_is_zero(ret->s)) + goto redo; + + rv = 1; + + err: + if (rv == 0) { + DSAerr(DSA_F_DSA_DO_SIGN, reason); + DSA_SIG_free(ret); + ret = NULL; + } + BN_CTX_free(ctx); + BN_clear_free(kinv); + return ret; +} + +static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp) +{ + return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0); +} + +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp, + const unsigned char *dgst, int dlen) +{ + BN_CTX *ctx = NULL; + BIGNUM *k, *kinv = NULL, *r = *rp; + BIGNUM *l; + int ret = 0; + int q_bits, q_words; + + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); + return 0; + } + /* Reject obviously invalid parameters */ if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS); @@ -204,239 +204,239 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, return 0; } - k = BN_new(); - l = BN_new(); - if (k == NULL || l == NULL) - goto err; - - if (ctx_in == NULL) { - if ((ctx = BN_CTX_new()) == NULL) - goto err; - } else - ctx = ctx_in; - - /* Preallocate space */ - q_bits = BN_num_bits(dsa->q); - q_words = bn_get_top(dsa->q); - if (!bn_wexpand(k, q_words + 2) - || !bn_wexpand(l, q_words + 2)) - goto err; - - /* Get random k */ - do { - if (dgst != NULL) { - /* - * We calculate k from SHA512(private_key + H(message) + random). - * This protects the private key from a weak PRNG. - */ - if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst, - dlen, ctx)) - goto err; - } else if (!BN_priv_rand_range(k, dsa->q)) - goto err; - } while (BN_is_zero(k)); - - BN_set_flags(k, BN_FLG_CONSTTIME); - BN_set_flags(l, BN_FLG_CONSTTIME); - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, - dsa->lock, dsa->p, ctx)) - goto err; - } - - /* Compute r = (g^k mod p) mod q */ - - /* - * We do not want timing information to leak the length of k, so we - * compute G^k using an equivalent scalar of fixed bit-length. - * - * We unconditionally perform both of these additions to prevent a - * small timing information leakage. We then choose the sum that is - * one bit longer than the modulus. - * - * There are some concerns about the efficacy of doing this. More + k = BN_new(); + l = BN_new(); + if (k == NULL || l == NULL) + goto err; + + if (ctx_in == NULL) { + if ((ctx = BN_CTX_new()) == NULL) + goto err; + } else + ctx = ctx_in; + + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); + q_words = bn_get_top(dsa->q); + if (!bn_wexpand(k, q_words + 2) + || !bn_wexpand(l, q_words + 2)) + goto err; + + /* Get random k */ + do { + if (dgst != NULL) { + /* + * We calculate k from SHA512(private_key + H(message) + random). + * This protects the private key from a weak PRNG. + */ + if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst, + dlen, ctx)) + goto err; + } else if (!BN_priv_rand_range(k, dsa->q)) + goto err; + } while (BN_is_zero(k)); + + BN_set_flags(k, BN_FLG_CONSTTIME); + BN_set_flags(l, BN_FLG_CONSTTIME); + + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { + if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, + dsa->lock, dsa->p, ctx)) + goto err; + } + + /* Compute r = (g^k mod p) mod q */ + + /* + * We do not want timing information to leak the length of k, so we + * compute G^k using an equivalent scalar of fixed bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the modulus. + * + * There are some concerns about the efficacy of doing this. More * specifically refer to the discussion starting with: - * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 - * The fix is to rework BN so these gymnastics aren't required. - */ - if (!BN_add(l, k, dsa->q) - || !BN_add(k, l, dsa->q)) - goto err; - - BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); - - if ((dsa)->meth->bn_mod_exp != NULL) { - if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, - dsa->method_mont_p)) - goto err; - } else { - if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p)) - goto err; - } - - if (!BN_mod(r, r, dsa->q, ctx)) - goto err; - - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL) - goto err; - - BN_clear_free(*kinvp); - *kinvp = kinv; - kinv = NULL; - ret = 1; - err: - if (!ret) - DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); - if (ctx != ctx_in) - BN_CTX_free(ctx); - BN_clear_free(k); - BN_clear_free(l); - return ret; -} - -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa) -{ - BN_CTX *ctx; - BIGNUM *u1, *u2, *t1; - BN_MONT_CTX *mont = NULL; - const BIGNUM *r, *s; - int ret = -1, i; - if (!dsa->p || !dsa->q || !dsa->g) { - DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS); - return -1; - } - - i = BN_num_bits(dsa->q); - /* fips 186-3 allows only different sizes for q */ - if (i != 160 && i != 224 && i != 256) { - DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); - return -1; - } - - if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { - DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); - return -1; - } - u1 = BN_new(); - u2 = BN_new(); - t1 = BN_new(); - ctx = BN_CTX_new(); - if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL) - goto err; - - DSA_SIG_get0(sig, &r, &s); - - if (BN_is_zero(r) || BN_is_negative(r) || - BN_ucmp(r, dsa->q) >= 0) { - ret = 0; - goto err; - } - if (BN_is_zero(s) || BN_is_negative(s) || - BN_ucmp(s, dsa->q) >= 0) { - ret = 0; - goto err; - } - - /* - * Calculate W = inv(S) mod Q save W in u2 - */ - if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL) - goto err; - - /* save M in u1 */ - if (dgst_len > (i >> 3)) - /* - * if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3, - * 4.2 - */ - dgst_len = (i >> 3); - if (BN_bin2bn(dgst, dgst_len, u1) == NULL) - goto err; - - /* u1 = M * w mod q */ - if (!BN_mod_mul(u1, u1, u2, dsa->q, ctx)) - goto err; - - /* u2 = r * w mod q */ - if (!BN_mod_mul(u2, r, u2, dsa->q, ctx)) - goto err; - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, - dsa->lock, dsa->p, ctx); - if (!mont) - goto err; - } - - if (dsa->meth->dsa_mod_exp != NULL) { - if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2, - dsa->p, ctx, mont)) - goto err; - } else { - if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx, - mont)) - goto err; - } - - /* let u1 = u1 mod q */ - if (!BN_mod(u1, t1, dsa->q, ctx)) - goto err; - - /* - * V is now in u1. If the signature is correct, it will be equal to R. - */ - ret = (BN_ucmp(u1, r) == 0); - - err: - if (ret < 0) - DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); - BN_CTX_free(ctx); - BN_free(u1); - BN_free(u2); - BN_free(t1); - return ret; -} - -static int dsa_init(DSA *dsa) -{ - dsa->flags |= DSA_FLAG_CACHE_MONT_P; - return 1; -} - -static int dsa_finish(DSA *dsa) -{ - BN_MONT_CTX_free(dsa->method_mont_p); - return 1; -} - -/* - * Compute the inverse of k modulo q. - * Since q is prime, Fermat's Little Theorem applies, which reduces this to - * mod-exp operation. Both the exponent and modulus are public information - * so a mod-exp that doesn't leak the base is sufficient. A newly allocated - * BIGNUM is returned which the caller must free. - */ -static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, - BN_CTX *ctx) -{ - BIGNUM *res = NULL; - BIGNUM *r, *e; - - if ((r = BN_new()) == NULL) - return NULL; - - BN_CTX_start(ctx); - if ((e = BN_CTX_get(ctx)) != NULL - && BN_set_word(r, 2) - && BN_sub(e, q, r) - && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) - res = r; - else - BN_free(r); - BN_CTX_end(ctx); - return res; -} + * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 + * The fix is to rework BN so these gymnastics aren't required. + */ + if (!BN_add(l, k, dsa->q) + || !BN_add(k, l, dsa->q)) + goto err; + + BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); + + if ((dsa)->meth->bn_mod_exp != NULL) { + if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, + dsa->method_mont_p)) + goto err; + } else { + if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p)) + goto err; + } + + if (!BN_mod(r, r, dsa->q, ctx)) + goto err; + + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL) + goto err; + + BN_clear_free(*kinvp); + *kinvp = kinv; + kinv = NULL; + ret = 1; + err: + if (!ret) + DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); + if (ctx != ctx_in) + BN_CTX_free(ctx); + BN_clear_free(k); + BN_clear_free(l); + return ret; +} + +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa) +{ + BN_CTX *ctx; + BIGNUM *u1, *u2, *t1; + BN_MONT_CTX *mont = NULL; + const BIGNUM *r, *s; + int ret = -1, i; + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS); + return -1; + } + + i = BN_num_bits(dsa->q); + /* fips 186-3 allows only different sizes for q */ + if (i != 160 && i != 224 && i != 256) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); + return -1; + } + + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); + return -1; + } + u1 = BN_new(); + u2 = BN_new(); + t1 = BN_new(); + ctx = BN_CTX_new(); + if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL) + goto err; + + DSA_SIG_get0(sig, &r, &s); + + if (BN_is_zero(r) || BN_is_negative(r) || + BN_ucmp(r, dsa->q) >= 0) { + ret = 0; + goto err; + } + if (BN_is_zero(s) || BN_is_negative(s) || + BN_ucmp(s, dsa->q) >= 0) { + ret = 0; + goto err; + } + + /* + * Calculate W = inv(S) mod Q save W in u2 + */ + if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL) + goto err; + + /* save M in u1 */ + if (dgst_len > (i >> 3)) + /* + * if the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3, + * 4.2 + */ + dgst_len = (i >> 3); + if (BN_bin2bn(dgst, dgst_len, u1) == NULL) + goto err; + + /* u1 = M * w mod q */ + if (!BN_mod_mul(u1, u1, u2, dsa->q, ctx)) + goto err; + + /* u2 = r * w mod q */ + if (!BN_mod_mul(u2, r, u2, dsa->q, ctx)) + goto err; + + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, + dsa->lock, dsa->p, ctx); + if (!mont) + goto err; + } + + if (dsa->meth->dsa_mod_exp != NULL) { + if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2, + dsa->p, ctx, mont)) + goto err; + } else { + if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx, + mont)) + goto err; + } + + /* let u1 = u1 mod q */ + if (!BN_mod(u1, t1, dsa->q, ctx)) + goto err; + + /* + * V is now in u1. If the signature is correct, it will be equal to R. + */ + ret = (BN_ucmp(u1, r) == 0); + + err: + if (ret < 0) + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); + BN_CTX_free(ctx); + BN_free(u1); + BN_free(u2); + BN_free(t1); + return ret; +} + +static int dsa_init(DSA *dsa) +{ + dsa->flags |= DSA_FLAG_CACHE_MONT_P; + return 1; +} + +static int dsa_finish(DSA *dsa) +{ + BN_MONT_CTX_free(dsa->method_mont_p); + return 1; +} + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, *e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) != NULL + && BN_set_word(r, 2) + && BN_sub(e, q, r) + && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_CTX_end(ctx); + return res; +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c b/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c index 4ca3747a46..884983ebc8 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c @@ -1,273 +1,273 @@ -/* +/* * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/asn1t.h> -#include <openssl/x509.h> -#include <openssl/evp.h> -#include <openssl/bn.h> + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/evp.h> +#include <openssl/bn.h> #include "crypto/evp.h" #include "dsa_local.h" - -/* DSA pkey context structure */ - -typedef struct { - /* Parameter gen parameters */ + +/* DSA pkey context structure */ + +typedef struct { + /* Parameter gen parameters */ int nbits; /* size of p in bits (default: 2048) */ int qbits; /* size of q in bits (default: 224) */ - const EVP_MD *pmd; /* MD for parameter generation */ - /* Keygen callback info */ - int gentmp[2]; - /* message digest */ - const EVP_MD *md; /* MD for the signature */ -} DSA_PKEY_CTX; - -static int pkey_dsa_init(EVP_PKEY_CTX *ctx) -{ - DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx)); - - if (dctx == NULL) - return 0; + const EVP_MD *pmd; /* MD for parameter generation */ + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ + const EVP_MD *md; /* MD for the signature */ +} DSA_PKEY_CTX; + +static int pkey_dsa_init(EVP_PKEY_CTX *ctx) +{ + DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx)); + + if (dctx == NULL) + return 0; dctx->nbits = 2048; dctx->qbits = 224; - dctx->pmd = NULL; - dctx->md = NULL; - - ctx->data = dctx; - ctx->keygen_info = dctx->gentmp; - ctx->keygen_info_count = 2; - - return 1; -} - -static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - DSA_PKEY_CTX *dctx, *sctx; - - if (!pkey_dsa_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - dctx->nbits = sctx->nbits; - dctx->qbits = sctx->qbits; - dctx->pmd = sctx->pmd; - dctx->md = sctx->md; - return 1; -} - -static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) -{ - DSA_PKEY_CTX *dctx = ctx->data; - OPENSSL_free(dctx); -} - -static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - int ret; - unsigned int sltmp; - DSA_PKEY_CTX *dctx = ctx->data; - DSA *dsa = ctx->pkey->pkey.dsa; - - if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - - ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); - - if (ret <= 0) - return ret; - *siglen = sltmp; - return 1; -} - -static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) -{ - int ret; - DSA_PKEY_CTX *dctx = ctx->data; - DSA *dsa = ctx->pkey->pkey.dsa; - - if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - - ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); - - return ret; -} - -static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - DSA_PKEY_CTX *dctx = ctx->data; - - switch (type) { - case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: - if (p1 < 256) - return -2; - dctx->nbits = p1; - return 1; - - case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: - if (p1 != 160 && p1 != 224 && p1 && p1 != 256) - return -2; - dctx->qbits = p1; - return 1; - - case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { - DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); - return 0; - } - dctx->pmd = p2; - return 1; - - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *)p2) != NID_dsa && - EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && - EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && + dctx->pmd = NULL; + dctx->md = NULL; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; +} + +static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + DSA_PKEY_CTX *dctx, *sctx; + + if (!pkey_dsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + dctx->qbits = sctx->qbits; + dctx->pmd = sctx->pmd; + dctx->md = sctx->md; + return 1; +} + +static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) +{ + DSA_PKEY_CTX *dctx = ctx->data; + OPENSSL_free(dctx); +} + +static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen) +{ + int ret; + unsigned int sltmp; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; + + ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); + + if (ret <= 0) + return ret; + *siglen = sltmp; + return 1; +} + +static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; + + ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); + + return ret; +} + +static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + DSA_PKEY_CTX *dctx = ctx->data; + + switch (type) { + case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: + if (p1 < 256) + return -2; + dctx->nbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + if (p1 != 160 && p1 != 224 && p1 && p1 != 256) + return -2; + dctx->qbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->pmd = p2; + return 1; + + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 && EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) { - DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); - return 0; - } - dctx->md = p2; - return 1; - - case EVP_PKEY_CTRL_GET_MD: - *(const EVP_MD **)p2 = dctx->md; - return 1; - - case EVP_PKEY_CTRL_DIGESTINIT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - case EVP_PKEY_CTRL_CMS_SIGN: - return 1; - - case EVP_PKEY_CTRL_PEER_KEY: - DSAerr(DSA_F_PKEY_DSA_CTRL, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - default: - return -2; - - } -} - -static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - if (strcmp(type, "dsa_paramgen_bits") == 0) { - int nbits; - nbits = atoi(value); - return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); - } - if (strcmp(type, "dsa_paramgen_q_bits") == 0) { - int qbits = atoi(value); + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_GET_MD: + *(const EVP_MD **)p2 = dctx->md; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + DSAerr(DSA_F_PKEY_DSA_CTRL, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + default: + return -2; + + } +} + +static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (strcmp(type, "dsa_paramgen_bits") == 0) { + int nbits; + nbits = atoi(value); + return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); + } + if (strcmp(type, "dsa_paramgen_q_bits") == 0) { + int qbits = atoi(value); return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits); - } - if (strcmp(type, "dsa_paramgen_md") == 0) { - const EVP_MD *md = EVP_get_digestbyname(value); - - if (md == NULL) { - DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); - return 0; - } + } + if (strcmp(type, "dsa_paramgen_md") == 0) { + const EVP_MD *md = EVP_get_digestbyname(value); + + if (md == NULL) { + DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md); - } - return -2; -} - -static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DSA *dsa = NULL; - DSA_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb; - int ret; - - if (ctx->pkey_gencb) { - pcb = BN_GENCB_new(); - if (pcb == NULL) - return 0; - evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; - dsa = DSA_new(); - if (dsa == NULL) { - BN_GENCB_free(pcb); - return 0; - } - ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, - NULL, 0, NULL, NULL, NULL, pcb); - BN_GENCB_free(pcb); - if (ret) - EVP_PKEY_assign_DSA(pkey, dsa); - else - DSA_free(dsa); - return ret; -} - -static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DSA *dsa = NULL; - - if (ctx->pkey == NULL) { - DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); - return 0; - } - dsa = DSA_new(); - if (dsa == NULL) - return 0; - EVP_PKEY_assign_DSA(pkey, dsa); - /* Note: if error return, pkey is freed by parent routine */ - if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DSA_generate_key(pkey->pkey.dsa); -} - -const EVP_PKEY_METHOD dsa_pkey_meth = { - EVP_PKEY_DSA, - EVP_PKEY_FLAG_AUTOARGLEN, - pkey_dsa_init, - pkey_dsa_copy, - pkey_dsa_cleanup, - - 0, - pkey_dsa_paramgen, - - 0, - pkey_dsa_keygen, - - 0, - pkey_dsa_sign, - - 0, - pkey_dsa_verify, - - 0, 0, - - 0, 0, 0, 0, - - 0, 0, - - 0, 0, - - 0, 0, - - pkey_dsa_ctrl, - pkey_dsa_ctrl_str -}; + } + return -2; +} + +static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + DSA *dsa = NULL; + DSA_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb; + int ret; + + if (ctx->pkey_gencb) { + pcb = BN_GENCB_new(); + if (pcb == NULL) + return 0; + evp_pkey_set_cb_translate(pcb, ctx); + } else + pcb = NULL; + dsa = DSA_new(); + if (dsa == NULL) { + BN_GENCB_free(pcb); + return 0; + } + ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, NULL, pcb); + BN_GENCB_free(pcb); + if (ret) + EVP_PKEY_assign_DSA(pkey, dsa); + else + DSA_free(dsa); + return ret; +} + +static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + DSA *dsa = NULL; + + if (ctx->pkey == NULL) { + DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); + return 0; + } + dsa = DSA_new(); + if (dsa == NULL) + return 0; + EVP_PKEY_assign_DSA(pkey, dsa); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DSA_generate_key(pkey->pkey.dsa); +} + +const EVP_PKEY_METHOD dsa_pkey_meth = { + EVP_PKEY_DSA, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_dsa_init, + pkey_dsa_copy, + pkey_dsa_cleanup, + + 0, + pkey_dsa_paramgen, + + 0, + pkey_dsa_keygen, + + 0, + pkey_dsa_sign, + + 0, + pkey_dsa_verify, + + 0, 0, + + 0, 0, 0, 0, + + 0, 0, + + 0, 0, + + 0, 0, + + pkey_dsa_ctrl, + pkey_dsa_ctrl_str +}; diff --git a/contrib/libs/openssl/crypto/dsa/dsa_prn.c b/contrib/libs/openssl/crypto/dsa/dsa_prn.c index 070b881e1f..08f86acf72 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_prn.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_prn.c @@ -1,73 +1,73 @@ -/* +/* * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/evp.h> -#include <openssl/dsa.h> - -#ifndef OPENSSL_NO_STDIO -int DSA_print_fp(FILE *fp, const DSA *x, int off) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = DSA_print(b, x, off); - BIO_free(b); - return ret; -} - -int DSAparams_print_fp(FILE *fp, const DSA *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = DSAparams_print(b, x); - BIO_free(b); - return ret; -} -#endif - -int DSA_print(BIO *bp, const DSA *x, int off) -{ - EVP_PKEY *pk; - int ret; - pk = EVP_PKEY_new(); + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/evp.h> +#include <openssl/dsa.h> + +#ifndef OPENSSL_NO_STDIO +int DSA_print_fp(FILE *fp, const DSA *x, int off) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSA_print(b, x, off); + BIO_free(b); + return ret; +} + +int DSAparams_print_fp(FILE *fp, const DSA *x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSAparams_print(b, x); + BIO_free(b); + return ret; +} +#endif + +int DSA_print(BIO *bp, const DSA *x, int off) +{ + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); if (pk == NULL) - return 0; + return 0; ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); if (ret) ret = EVP_PKEY_print_private(bp, pk, off, NULL); - EVP_PKEY_free(pk); - return ret; -} - -int DSAparams_print(BIO *bp, const DSA *x) -{ - EVP_PKEY *pk; - int ret; - pk = EVP_PKEY_new(); + EVP_PKEY_free(pk); + return ret; +} + +int DSAparams_print(BIO *bp, const DSA *x) +{ + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); if (pk == NULL) - return 0; + return 0; ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); if (ret) ret = EVP_PKEY_print_params(bp, pk, 4, NULL); - EVP_PKEY_free(pk); - return ret; -} + EVP_PKEY_free(pk); + return ret; +} diff --git a/contrib/libs/openssl/crypto/dsa/dsa_sign.c b/contrib/libs/openssl/crypto/dsa/dsa_sign.c index 51c7754b93..031a62ea31 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_sign.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_sign.c @@ -1,24 +1,24 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" #include "dsa_local.h" -#include <openssl/bn.h> - -DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - return dsa->meth->dsa_do_sign(dgst, dlen, dsa); -} - -#if OPENSSL_API_COMPAT < 0x10200000L -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) -{ - return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); -} -#endif +#include <openssl/bn.h> + +DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ + return dsa->meth->dsa_do_sign(dgst, dlen, dsa); +} + +#if OPENSSL_API_COMPAT < 0x10200000L +int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ + return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); +} +#endif diff --git a/contrib/libs/openssl/crypto/dsa/dsa_vrf.c b/contrib/libs/openssl/crypto/dsa/dsa_vrf.c index 6f80a4aab7..44971966fd 100644 --- a/contrib/libs/openssl/crypto/dsa/dsa_vrf.c +++ b/contrib/libs/openssl/crypto/dsa/dsa_vrf.c @@ -1,17 +1,17 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" #include "dsa_local.h" - -int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) -{ - return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); -} + +int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa) +{ + return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); +} |