From 198ce9a611b451656e7c984e16452e285597a015 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 19 Jan 2011 14:35:53 +0000 Subject: [PATCH] Add additional parameter to dsa_builtin_paramgen to output the generated seed to: this doesn't introduce any binary compatibility issues as the function is only used internally. The seed output is needed for FIPS 140-2 algorithm testing: the functionality used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0 --- crypto/dsa/dsa_gen.c | 5 ++++- crypto/dsa/dsa_locl.h | 1 + crypto/dsa/dsa_pmeth.c | 2 +- crypto/ec/ec2_smpl.c | 19 ++++++++++++++++++- crypto/ec/ec_key.c | 8 +++++++- crypto/ec/ec_lcl.h | 2 ++ crypto/ec/ecp_smpl.c | 11 ++++++++--- 7 files changed, 41 insertions(+), 7 deletions(-) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index a7d478324e..e6a5452016 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -105,12 +105,13 @@ int DSA_generate_parameters_ex(DSA *ret, int bits, } return dsa_builtin_paramgen(ret, bits, qbits, evpmd, - seed_in, seed_len, counter_ret, h_ret, cb); + seed_in, seed_len, NULL, counter_ret, h_ret, cb); } } int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { int ok=0; @@ -336,6 +337,8 @@ err: } if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; + if (seed_out) + memcpy(seed_out, seed, qsize); } if(ctx) { diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h index 2b8cfee3db..21e2e45242 100644 --- a/crypto/dsa/dsa_locl.h +++ b/crypto/dsa/dsa_locl.h @@ -56,4 +56,5 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 4ce91e20c6..0ad12e008d 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -252,7 +252,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (!dsa) return 0; ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, - NULL, 0, NULL, NULL, pcb); + NULL, 0, NULL, NULL, NULL, pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index cf357b462a..00ad347b9a 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -363,7 +363,12 @@ int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT if (!BN_copy(&point->Z, BN_value_one())) goto err; BN_set_negative(&point->Z, 0); point->Z_is_one = 1; - ret = 1; + if (BN_num_bits(x) > BN_num_bits(&group->field)) + ret = 2; + else if (BN_num_bits(y) > BN_num_bits(&group->field)) + ret = 2; + else + ret = 1; err: return ret; @@ -937,6 +942,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { @@ -967,6 +975,15 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT return ret; } +int ec_GF2m_simple_range(const EC_GROUP *group, const EC_POINT *a) + { + if (BN_num_bits(&a->X) > BN_num_bits(&group->field)) + return 0; + if (BN_num_bits(&a->Y) > BN_num_bits(&group->field)) + return 0; + return 1; + } + /* Forces the given EC_POINT to internally use affine coordinates. */ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 12fb0e6d6d..522802c07a 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey) ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } - + + if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); + goto err; + } + if ((ctx = BN_CTX_new()) == NULL) goto err; if ((point = EC_POINT_new(eckey->group)) == NULL) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index fd751e5eb1..4e9c4dab36 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -323,6 +323,7 @@ int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +int ec_GFp_simple_range(const EC_GROUP *group, const EC_POINT *a); int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); @@ -379,6 +380,7 @@ int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +int ec_GF2m_simple_range(const EC_GROUP *group, const EC_POINT *a); int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 4d26f8bdf6..3e56b71a21 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -441,8 +441,11 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POIN } point->Z_is_one = Z_is_one; } - - ret = 1; + + if (BN_cmp(&point->X, x) || BN_cmp(&point->Y, y)) + ret = 2; + else + ret = 1; err: if (new_ctx != NULL) @@ -1406,6 +1409,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT * { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { @@ -1494,7 +1500,6 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT * return ret; } - int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { BN_CTX *new_ctx = NULL; -- 2.25.1