From: Dr. Stephen Henson Date: Tue, 25 Jan 2011 16:55:15 +0000 (+0000) Subject: Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of X-Git-Tag: OpenSSL-fips-2_0-rc1~867 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f7a2afa652a9eecb09863754c9a3f3f15ed329a9;p=oweals%2Fopenssl.git Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign() and DSA_do_verify(). --- diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index 8073c4ecfe..8724c7f043 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -142,17 +142,11 @@ dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dsa_lib.o: ../cryptlib.h dsa_lib.c +dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index c37460b2d6..6058534374 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -61,6 +61,7 @@ #include #include #include +#include /* Override the default new methods */ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, @@ -87,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) -IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) /* Override the default free and new methods */ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, @@ -148,3 +149,40 @@ DSA *DSAparams_dup(DSA *dsa) { return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); } + +int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) + { + DSA_SIG *s; + RAND_seed(dgst, dlen); + s=DSA_do_sign(dgst,dlen,dsa); + if (s == NULL) + { + *siglen=0; + return(0); + } + *siglen=i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return(1); + } + +/* data has already been hashed (probably with SHA or SHA-1). */ +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) + { + DSA_SIG *s; + int ret=-1; + + s = DSA_SIG_new(); + if (s == NULL) return(ret); + if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + ret=DSA_do_verify(dgst,dgst_len,s,dsa); +err: + DSA_SIG_free(s); + return(ret); + } diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 17555e5892..e02365a8b1 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -61,30 +61,38 @@ #include "cryptlib.h" #include #include +#include DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) +int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { - DSA_SIG *s; - RAND_seed(dgst, dlen); - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) - { - *siglen=0; - return(0); - } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); + return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +DSA_SIG *DSA_SIG_new(void) { - return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); + DSA_SIG *sig; + sig = OPENSSL_malloc(sizeof(DSA_SIG)); + if (!sig) + return NULL; + sig->r = NULL; + sig->s = NULL; + return sig; + } + +void DSA_SIG_free(DSA_SIG *sig) + { + if (sig) + { + if (sig->r) + BN_free(sig->r); + if (sig->s) + BN_free(sig->s); + OPENSSL_free(sig); + } } diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 226a75ff3f..286ed28cfa 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -66,24 +66,3 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, { return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } - -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) - { - DSA_SIG *s; - int ret=-1; - - s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); -err: - DSA_SIG_free(s); - return(ret); - }