add support for DSA with SHA2
authorNils Larsch <nils@openssl.org>
Sat, 3 Feb 2007 14:41:12 +0000 (14:41 +0000)
committerNils Larsch <nils@openssl.org>
Sat, 3 Feb 2007 14:41:12 +0000 (14:41 +0000)
16 files changed:
CHANGES
crypto/dsa/Makefile
crypto/dsa/dsa.h
crypto/dsa/dsa_ameth.c
crypto/dsa/dsa_gen.c
crypto/dsa/dsa_locl.h [new file with mode: 0644]
crypto/dsa/dsa_ossl.c
crypto/dsa/dsa_pmeth.c
crypto/dsa/dsa_sign.c
crypto/dsa/dsa_vrf.c
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/obj_xref.h
crypto/objects/obj_xref.txt
crypto/objects/objects.txt

diff --git a/CHANGES b/CHANGES
index 567fc7e7022d3100a92a8f71577292391ef8b1a0..ec1cf226f50c347ead46fc820524610c3fe5fdf8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8e and 0.9.9  [xx XXX xxxx]
 
+  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
+     Use the leftmost N bytes of the signature input if the input is
+     larger than the prime q (with N being the size in bytes of q).
+     [Nils Larsch]
+
   *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
      it yet and it is largely untested.
      [Steve Henson]
index b80048fa5c7a98c5df2f3aa4fbad425f0c28215b..cd3126e16c378143452b0c8422bd8c16f07dda1e 100644 (file)
@@ -25,7 +25,7 @@ LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
 SRC= $(LIBSRC)
 
 EXHEADER= dsa.h
-HEADER=        $(EXHEADER)
+HEADER=        dsa_locl.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
index 43fa855f109494f01397a79c7607503c8c905594..27bc5b91ca402d01f665d185ee7ddec758e82a5f 100644 (file)
@@ -254,6 +254,8 @@ DH *DSA_dup_DH(const DSA *r);
                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
 
 #define        EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+#define        EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+#define        EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
index d39833ca0d4b4cbdcb34ea288680da5e86985ed0..fab5d55f76470669af5f32e08e87c16a8dd6367d 100644 (file)
@@ -537,12 +537,17 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                case ASN1_PKEY_CTRL_PKCS7_SIGN:
                if (arg1 == 0)
                        {
+                       int snid, hnid;
                        X509_ALGOR *alg1, *alg2;
                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-                       X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1),
-                                                       V_ASN1_NULL, 0);
-                       X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_dsaWithSHA1),
-                                                       V_ASN1_UNDEF, 0);
+                       if (alg1 == NULL || alg1->algorithm == NULL)
+                               return -1;
+                       hnid = OBJ_obj2nid(alg1->algorithm);
+                       if (hnid == NID_undef)
+                               return -1;
+                       if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                               return -1; 
+                       X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
                        }
                return 1;
 
index 6a6be3b57537d864aae8d49692f9abb63ee9e427..aa0995564d126745dd0e798f0325403b67389660 100644 (file)
 #ifndef OPENSSL_NO_SHA
 
 #include <stdio.h>
-#include <time.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/bn.h>
-#include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-
-static int dsa_builtin_paramgen(DSA *ret, int bits,
-               unsigned char *seed_in, int seed_len,
-               int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+#include "dsa_locl.h"
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                unsigned char *seed_in, int seed_len,
@@ -93,41 +88,72 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
        if(ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                counter_ret, h_ret, cb);
-       return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
-                       counter_ret, h_ret, cb);
+       else
+               {
+               const EVP_MD *evpmd;
+               size_t qbits = bits >= 2048 ? 256 : 160;
+
+               if (bits >= 2048)
+                       {
+                       qbits = 256;
+                       evpmd = EVP_sha256();
+                       }
+               else
+                       {
+                       qbits = 160;
+                       evpmd = EVP_sha1();
+                       }
+
+               return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+                               seed_in, seed_len, counter_ret, h_ret, cb);
+               }
        }
 
-static int dsa_builtin_paramgen(DSA *ret, int bits,
-               unsigned char *seed_in, int seed_len,
-               int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+       const EVP_MD *evpmd, unsigned char *seed_in, size_t seed_len,
+       int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        int ok=0;
-       unsigned char seed[SHA_DIGEST_LENGTH];
-       unsigned char md[SHA_DIGEST_LENGTH];
-       unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+       unsigned char seed[SHA256_DIGEST_LENGTH];
+       unsigned char md[SHA256_DIGEST_LENGTH];
+       unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
        BIGNUM *r0,*W,*X,*c,*test;
        BIGNUM *g=NULL,*q=NULL,*p=NULL;
        BN_MONT_CTX *mont=NULL;
-       int k,n=0,i,b,m=0;
+       size_t i;
+       int k,n=0,b,m=0, qsize = qbits >> 3;
        int counter=0;
        int r=0;
        BN_CTX *ctx=NULL;
        unsigned int h=2;
 
-       if (bits < 512) bits=512;
-       bits=(bits+63)/64*64;
+       if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
+           qsize != SHA256_DIGEST_LENGTH)
+               /* invalid q size */
+               return 0;
 
-       if (seed_len < 20)
-               seed_in = NULL; /* seed buffer too small -- ignore */
-       if (seed_len > 20) 
-               seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
-                               * but our internal buffers are restricted to 160 bits*/
-       if ((seed_in != NULL) && (seed_len == 20))
-               memcpy(seed,seed_in,seed_len);
+       if (evpmd == NULL)
+               /* use SHA1 as default */
+               evpmd = EVP_sha1();
 
-       if ((ctx=BN_CTX_new()) == NULL) goto err;
+       if (bits < 512)
+               bits = 512;
 
-       if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+       bits = (bits+63)/64*64;
+
+       if (seed_len < qsize)
+               seed_in = NULL;         /* seed buffer too small -- ignore */
+       if (seed_len > qsize) 
+               seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+                                        * but our internal buffers are restricted to 160 bits*/
+       if (seed_in != NULL)
+               memcpy(seed, seed_in, seed_len);
+
+       if ((ctx=BN_CTX_new()) == NULL)
+               goto err;
+
+       if ((mont=BN_MONT_CTX_new()) == NULL)
+               goto err;
 
        BN_CTX_start(ctx);
        r0 = BN_CTX_get(ctx);
@@ -154,7 +180,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
 
                        if (!seed_len)
                                {
-                               RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
+                               RAND_pseudo_bytes(seed, qsize);
                                seed_is_random = 1;
                                }
                        else
@@ -162,25 +188,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                                seed_is_random = 0;
                                seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
                                }
-                       memcpy(buf,seed,SHA_DIGEST_LENGTH);
-                       memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+                       memcpy(buf , seed, qsize);
+                       memcpy(buf2, seed, qsize);
                        /* precompute "SEED + 1" for step 7: */
-                       for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                       for (i = qsize-1; i >= 0; i--)
                                {
                                buf[i]++;
-                               if (buf[i] != 0) break;
+                               if (buf[i] != 0)
+                                       break;
                                }
 
                        /* step 2 */
-                       EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-                       EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
-                       for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                       EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL);
+                       EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL);
+                       for (i = 0; i < qsize; i++)
                                md[i]^=buf2[i];
 
                        /* step 3 */
-                       md[0]|=0x80;
-                       md[SHA_DIGEST_LENGTH-1]|=0x01;
-                       if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
+                       md[0] |= 0x80;
+                       md[qsize-1] |= 0x01;
+                       if (!BN_bin2bn(md, qsize, q))
+                               goto err;
 
                        /* step 4 */
                        r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
@@ -215,18 +243,19 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        for (k=0; k<=n; k++)
                                {
                                /* obtain "SEED + offset + k" by incrementing: */
-                               for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                               for (i = qsize-1; i >= 0; i--)
                                        {
                                        buf[i]++;
-                                       if (buf[i] != 0) break;
+                                       if (buf[i] != 0)
+                                               break;
                                        }
 
-                               EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+                               EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
 
                                /* step 8 */
-                               if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+                               if (!BN_bin2bn(md, qsize, r0))
                                        goto err;
-                               if (!BN_lshift(r0,r0,160*k)) goto err;
+                               if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
                                if (!BN_add(W,W,r0)) goto err;
                                }
 
@@ -300,7 +329,7 @@ err:
                        ok=0;
                        goto err;
                        }
-               if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+               if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed, qsize);
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
                }
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
new file mode 100644 (file)
index 0000000..f1bbf72
--- /dev/null
@@ -0,0 +1,59 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/dsa.h>
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+       const EVP_MD *evpmd, unsigned char *seed_in, size_t seed_len,
+       int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
index 36220a6a55139e2a9e345afd64b9fb91cd61172c..96df46b70dcb69d8caddebb2600fc517b2cc75d7 100644 (file)
@@ -61,6 +61,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
+#include <openssl/sha.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
@@ -133,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        BIGNUM m;
        BIGNUM xr;
        BN_CTX *ctx=NULL;
-       int i,reason=ERR_R_BN_LIB;
+       int i, j, reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
 
        BN_init(&m);
@@ -148,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        s=BN_new();
        if (s == NULL) goto err;
 
-       i=BN_num_bytes(dsa->q); /* should be 20 */
-       if ((dlen > i) || (dlen > 50))
+       /* reject a excessive digest length (currently at most
+        * dsa-with-SHA256 is supported) */
+       if (dlen > SHA256_DIGEST_LENGTH)
                {
                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
                goto err;
@@ -170,7 +172,17 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                dsa->r=NULL;
                }
 
-       if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+       if (BN_bin2bn(dgst,dlen,&m) == NULL)
+               goto err;
+       i = BN_num_bytes(dsa->q);
+       if (dlen > i)
+               {
+               /* if the digest length is greater than the size of q use the
+                * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                * fips 186-3, 4.2 */
+               if (!BN_rshift(&m, &m, (dlen - i) << 3))
+                       goto err; 
+               }
 
        /* Compute  s = inv(k) (m + xr) mod q */
        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -296,14 +308,16 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        BN_CTX *ctx;
        BIGNUM u1,u2,t1;
        BN_MONT_CTX *mont=NULL;
-       int ret = -1;
+       int ret = -1, i, j;
        if (!dsa->p || !dsa->q || !dsa->g)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
                return -1;
                }
 
-       if (BN_num_bits(dsa->q) != 160)
+       i = BN_num_bits(dsa->q);
+       /* fips 186-3 allows only different sizes for q */
+       if (i != 160 && i != 224 && i != 256)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
                return -1;
@@ -315,6 +329,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                return -1;
                }
 
+       /* reject a excessive digest length (currently at most
+        * dsa-with-SHA256 is supported) */
+       if (dgst_len > SHA256_DIGEST_LENGTH)
+               {
+               DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+               return -1;
+               }
+
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);
@@ -340,6 +362,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 
        /* save M in u1 */
        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+       j = dgst_len << 3;
+       if (j > i)
+               {
+               /* if the digest length is greater than the size of q use the
+                * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                * fips 186-3, 4.2 */
+               if (!BN_rshift(&u1, &u1, j - i))
+                       goto err; 
+               }
 
        /* u1 = M * w mod q */
        if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
index bd4ee72339a5f7855eb3d8362067aaab80474f13..935258b24d1d88a7205176a95cc54f9e7042b9c9 100644 (file)
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include "evp_locl.h"
+#include "dsa_locl.h"
 
 /* DSA pkey context structure */
 
 typedef struct
        {
        /* Parameter gen parameters */
-       int nbits;
+       int nbits;              /* size of p in bits (default: 1024) */
+       int qbits;              /* size of q in bits (default: 160)  */
+       const EVP_MD *pmd;      /* MD for parameter generation */
        /* Keygen callback info */
        int gentmp[2];
        /* message digest */
-       const EVP_MD *md;
+       const EVP_MD *md;       /* MD for the signature */
        } DSA_PKEY_CTX;
 
 static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
@@ -82,6 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
        if (!dctx)
                return 0;
        dctx->nbits = 1024;
+       dctx->qbits = 160;
+       dctx->pmd = NULL;
        dctx->md = NULL;
 
        ctx->data = dctx;
@@ -99,7 +103,9 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
                sctx = src->data;
        dctx = dst->data;
        dctx->nbits = sctx->nbits;
-       dctx->md = sctx->md;
+       dctx->qbits = sctx->qbits;
+       dctx->pmd = sctx->pmd;
+       dctx->md  = sctx->md;
        return 1;
        }
 
@@ -160,8 +166,27 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                dctx->nbits = p1;
                return 1;
 
+               case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
+               if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
+                       return -2;
+               dctx->qbits = p1;
+               return 1;
+
+               case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
+               if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
+                       {
+                       DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+                       return 0;
+                       }
+               dctx->md = p2;
+               return 1;
+
                case EVP_PKEY_CTRL_MD:
-               if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1)
+               if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
                        {
                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
                        return 0;
@@ -187,6 +212,18 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
                nbits = atoi(value);
                return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
                }
+       if (!strcmp(type, "dsa_paramgen_q_bits"))
+               {
+               int qbits = atoi(value);
+               return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                        EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
+               }
+       if (!strcmp(type, "dsa_paramgen_md"))
+               {
+               return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                        EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 
+                                        (void *)EVP_get_digestbyname(value));
+               }
        return -2;
        }
 
@@ -206,8 +243,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
        dsa = DSA_new();
        if (!dsa)
                return 0;
-       ret = DSA_generate_parameters_ex(dsa, dctx->nbits, NULL, 0, NULL, NULL,
-                                                                       pcb);
+       ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+                                  NULL, 0, NULL, NULL, pcb);
        if (ret)
                EVP_PKEY_assign_DSA(pkey, dsa);
        else
index 89205026f01b71d40a331013bee9ef897b72b6ac..6ac8e486e80ebe5bbb373f6eecb32e1291102cce 100644 (file)
 
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
-#include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
index c4aeddd0560483686e504188226003b6f2266bfe..226a75ff3f27ade628dfae661b4fe35dc87a626a 100644 (file)
 
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
-#include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
index 7e0a63c2657fd04fe2cdc91048b58255247490f6..9c6bad789108e0c3f2aabf8e70f5c5890eba2df0 100644 (file)
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 833
-#define NUM_SN 829
-#define NUM_LN 829
-#define NUM_OBJ 785
+#define NUM_NID 835
+#define NUM_SN 831
+#define NUM_LN 831
+#define NUM_OBJ 787
 
-static unsigned char lvalues[5542]={
+static unsigned char lvalues[5560]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -853,6 +853,8 @@ static unsigned char lvalues[5542]={
 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5517] OBJ_ecdsa_with_SHA256 */
 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5525] OBJ_ecdsa_with_SHA384 */
 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5533] OBJ_ecdsa_with_SHA512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5541] OBJ_dsa_with_SHA224 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5550] OBJ_dsa_with_SHA256 */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2202,6 +2204,10 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[5525]),0},
 {"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
        &(lvalues[5533]),0},
+{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
+       &(lvalues[5541]),0},
+{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
+       &(lvalues[5550]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2452,6 +2458,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[470]),/* "documentVersion" */
 &(nid_objs[392]),/* "domain" */
 &(nid_objs[452]),/* "domainRelatedObject" */
+&(nid_objs[833]),/* "dsa_with_SHA224" */
+&(nid_objs[834]),/* "dsa_with_SHA256" */
 &(nid_objs[827]),/* "ecdsa-with-Recommended" */
 &(nid_objs[416]),/* "ecdsa-with-SHA1" */
 &(nid_objs[829]),/* "ecdsa-with-SHA224" */
@@ -3304,6 +3312,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[66]),/* "dsaWithSHA" */
 &(nid_objs[113]),/* "dsaWithSHA1" */
 &(nid_objs[70]),/* "dsaWithSHA1-old" */
+&(nid_objs[833]),/* "dsa_with_SHA224" */
+&(nid_objs[834]),/* "dsa_with_SHA256" */
 &(nid_objs[297]),/* "dvcs" */
 &(nid_objs[827]),/* "ecdsa-with-Recommended" */
 &(nid_objs[416]),/* "ecdsa-with-SHA1" */
@@ -4486,6 +4496,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[673]),/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
 &(nid_objs[674]),/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
 &(nid_objs[675]),/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+&(nid_objs[833]),/* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
+&(nid_objs[834]),/* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
 &(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
 &(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
 &(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
index c471c2faebe7110a1e441188764321e72780077c..db846f49c09e2da15fd69ecaf91a926e9a014713 100644 (file)
 #define NID_sha224             675
 #define OBJ_sha224             OBJ_nist_hashalgs,4L
 
+#define OBJ_dsa_with_sha2              OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA224             "dsa_with_SHA224"
+#define NID_dsa_with_SHA224            833
+#define OBJ_dsa_with_SHA224            OBJ_dsa_with_sha2,1L
+
+#define SN_dsa_with_SHA256             "dsa_with_SHA256"
+#define NID_dsa_with_SHA256            834
+#define OBJ_dsa_with_SHA256            OBJ_dsa_with_sha2,2L
+
 #define SN_hold_instruction_code               "holdInstructionCode"
 #define LN_hold_instruction_code               "Hold Instruction Code"
 #define NID_hold_instruction_code              430
index 147bfc1d2a8801ce770ffb0b999560cce2830d32..1a200207ffa3849e82108eb3f9f3749ac6e98693 100644 (file)
@@ -830,3 +830,5 @@ ecdsa_with_SHA224           829
 ecdsa_with_SHA256              830
 ecdsa_with_SHA384              831
 ecdsa_with_SHA512              832
+dsa_with_SHA224                833
+dsa_with_SHA256                834
index b385083df1640ad04e120b0657a9bf71041098fd..c5d75c34fa66e7005a048893142b67c01dea2006 100644 (file)
@@ -30,6 +30,8 @@ static const nid_triple sigoid_srt[] =
        {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
        {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
        {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
+       {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
+       {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
        };
 
 static const nid_triple * const sigoid_srt_xref[] =
@@ -50,12 +52,14 @@ static const nid_triple * const sigoid_srt_xref[] =
        &sigoid_srt[10],
        &sigoid_srt[11],
        &sigoid_srt[13],
+       &sigoid_srt[28],
        &sigoid_srt[24],
        &sigoid_srt[14],
        &sigoid_srt[25],
        &sigoid_srt[15],
        &sigoid_srt[26],
        &sigoid_srt[16],
+       &sigoid_srt[27],
        &sigoid_srt[23],
        &sigoid_srt[17],
        &sigoid_srt[18],
index 01a0adbb593c20d8984525741bb2c9249b4f9d27..e45b3d34b9bcd7b8be33a6e0d1ccfa2c9a02cc8f 100644 (file)
@@ -33,6 +33,9 @@ ecdsa_with_SHA512     sha512  X9_62_id_ecPublicKey
 ecdsa_with_Recommended undef   X9_62_id_ecPublicKey
 ecdsa_with_Specified   undef   X9_62_id_ecPublicKey
 
+dsa_with_SHA224                sha224  dsa
+dsa_with_SHA256                sha256  dsa
+
 id_GostR3411_94_with_GostR3410_2001    id_GostR3411_94 id_GostR3410_2001
 id_GostR3411_94_with_GostR3410_94      id_GostR3411_94 id_GostR3410_94
 id_GostR3411_94_with_GostR3410_94_cc   id_GostR3411_94 id_GostR3410_94_cc
index 7425196b99b1d7608e8fdda1a95eb209ed3c3e7e..e2a6c24c4ca25333c8e23edac904e73e2be61f9a 100644 (file)
@@ -831,6 +831,11 @@ nist_hashalgs 2            : SHA384                : sha384
 nist_hashalgs 3                : SHA512                : sha512
 nist_hashalgs 4                : SHA224                : sha224
 
+# OIDs for dsa-with-sha224 and dsa-with-sha256
+!Alias dsa_with_sha2 nistAlgorithms 3
+dsa_with_sha2 1                : dsa_with_SHA224
+dsa_with_sha2 2                : dsa_with_SHA256
+
 # Hold instruction CRL entry extension
 !Cname hold-instruction-code
 id-ce 23               : holdInstructionCode   : Hold Instruction Code