X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_pmeth.c;h=715d8d675bb766994d06d8ee2339bb71246a5a9a;hb=4a5397fb68279702e6e0b20c514ff18713bdd38b;hp=f91d03c20859aef4f487493db4092f64b25f28b3;hpb=c927df3fa19a2afda7bbacefbb366f7382b5269b;p=oweals%2Fopenssl.git diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index f91d03c208..715d8d675b 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== @@ -59,20 +59,23 @@ #include "cryptlib.h" #include #include -#include #include +#include #include "evp_locl.h" +#include "dsa_locl.h" /* DSA pkey context structure */ typedef struct { /* Parameter gen parameters */ - int nbits; + int nbits; /* size of p in bits (default: 1024) */ + int qbits; /* size of q in bits (default: 160) */ + const EVP_MD *pmd; /* MD for parameter generation */ /* Keygen callback info */ int gentmp[2]; /* message digest */ - const EVP_MD *md; + const EVP_MD *md; /* MD for the signature */ } DSA_PKEY_CTX; static int pkey_dsa_init(EVP_PKEY_CTX *ctx) @@ -82,6 +85,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) if (!dctx) return 0; dctx->nbits = 1024; + dctx->qbits = 160; + dctx->pmd = NULL; dctx->md = NULL; ctx->data = dctx; @@ -91,6 +96,20 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) return 1; } +static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + DSA_PKEY_CTX *dctx, *sctx; + if (!pkey_dsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + dctx->qbits = sctx->qbits; + dctx->pmd = sctx->pmd; + dctx->md = sctx->md; + return 1; + } + static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) { DSA_PKEY_CTX *dctx = ctx->data; @@ -98,8 +117,8 @@ static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) OPENSSL_free(dctx); } -static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen, - const unsigned char *tbs, int tbslen) +static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) { int ret, type; unsigned int sltmp; @@ -113,15 +132,15 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen, ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); - if (ret < 0) + if (ret <= 0) return ret; *siglen = sltmp; return 1; } static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, int siglen, - const unsigned char *tbs, int tbslen) + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) { int ret, type; DSA_PKEY_CTX *dctx = ctx->data; @@ -148,8 +167,31 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->nbits = p1; return 1; + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + if (p1 != 160 && p1 != 224 && p1 && p1 != 256) + return -2; + dctx->qbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) + { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1) + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; @@ -157,6 +199,15 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->md = p2; return 1; + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + DSAerr(DSA_F_PKEY_DSA_CTRL, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; default: return -2; @@ -172,6 +223,18 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, nbits = atoi(value); return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); } + if (!strcmp(type, "dsa_paramgen_q_bits")) + { + int qbits = atoi(value); + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); + } + if (!strcmp(type, "dsa_paramgen_md")) + { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + (void *)EVP_get_digestbyname(value)); + } return -2; } @@ -191,8 +254,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) dsa = DSA_new(); if (!dsa) return 0; - ret = DSA_generate_parameters_ex(dsa, dctx->nbits, NULL, 0, NULL, NULL, - pcb); + ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, NULL, pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else @@ -200,17 +263,37 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return ret; } +static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DSA *dsa = NULL; + if (ctx->pkey == NULL) + { + DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); + return 0; + } + dsa = DSA_new(); + if (!dsa) + return 0; + EVP_PKEY_assign_DSA(pkey, dsa); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DSA_generate_key(pkey->pkey.dsa); + } + const EVP_PKEY_METHOD dsa_pkey_meth = { EVP_PKEY_DSA, - 0, + EVP_PKEY_FLAG_AUTOARGLEN, pkey_dsa_init, + pkey_dsa_copy, pkey_dsa_cleanup, 0, pkey_dsa_paramgen, - 0,0, + 0, + pkey_dsa_keygen, 0, pkey_dsa_sign, @@ -226,6 +309,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth = 0,0, + 0,0, + pkey_dsa_ctrl, pkey_dsa_ctrl_str