X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_pmeth.c;h=715d8d675bb766994d06d8ee2339bb71246a5a9a;hb=5999d45a5d390c610ff5acf13b81bd0d1797ecd8;hp=bd4ee72339a5f7855eb3d8362067aaab80474f13;hpb=b7683e3a5d93aa5319263b7bbfd0fee18f25955e;p=oweals%2Fopenssl.git diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index bd4ee72339..715d8d675b 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== @@ -59,20 +59,23 @@ #include "cryptlib.h" #include #include -#include #include +#include #include "evp_locl.h" +#include "dsa_locl.h" /* DSA pkey context structure */ typedef struct { /* Parameter gen parameters */ - int nbits; + int nbits; /* size of p in bits (default: 1024) */ + int qbits; /* size of q in bits (default: 160) */ + const EVP_MD *pmd; /* MD for parameter generation */ /* Keygen callback info */ int gentmp[2]; /* message digest */ - const EVP_MD *md; + const EVP_MD *md; /* MD for the signature */ } DSA_PKEY_CTX; static int pkey_dsa_init(EVP_PKEY_CTX *ctx) @@ -82,6 +85,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) if (!dctx) return 0; dctx->nbits = 1024; + dctx->qbits = 160; + dctx->pmd = NULL; dctx->md = NULL; ctx->data = dctx; @@ -99,7 +104,9 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) sctx = src->data; dctx = dst->data; dctx->nbits = sctx->nbits; - dctx->md = sctx->md; + dctx->qbits = sctx->qbits; + dctx->pmd = sctx->pmd; + dctx->md = sctx->md; return 1; } @@ -125,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); - if (ret < 0) + if (ret <= 0) return ret; *siglen = sltmp; return 1; @@ -160,8 +167,31 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->nbits = p1; return 1; + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + if (p1 != 160 && p1 != 224 && p1 && p1 != 256) + return -2; + dctx->qbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) + { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1) + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; @@ -169,9 +199,15 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->md = p2; return 1; + case EVP_PKEY_CTRL_DIGESTINIT: case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: return 1; - + + case EVP_PKEY_CTRL_PEER_KEY: + DSAerr(DSA_F_PKEY_DSA_CTRL, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; default: return -2; @@ -187,6 +223,18 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, nbits = atoi(value); return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); } + if (!strcmp(type, "dsa_paramgen_q_bits")) + { + int qbits = atoi(value); + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); + } + if (!strcmp(type, "dsa_paramgen_md")) + { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + (void *)EVP_get_digestbyname(value)); + } return -2; } @@ -206,8 +254,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) dsa = DSA_new(); if (!dsa) return 0; - ret = DSA_generate_parameters_ex(dsa, dctx->nbits, NULL, 0, NULL, NULL, - pcb); + ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, NULL, pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else