aboutsummaryrefslogtreecommitdiff
path: root/openssl/fips/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/fips/dsa')
-rw-r--r--openssl/fips/dsa/Makefile191
-rw-r--r--openssl/fips/dsa/fips_dsa_gen.c339
-rw-r--r--openssl/fips/dsa/fips_dsa_key.c169
-rw-r--r--openssl/fips/dsa/fips_dsa_lib.c95
-rw-r--r--openssl/fips/dsa/fips_dsa_ossl.c435
-rw-r--r--openssl/fips/dsa/fips_dsa_selftest.c180
-rw-r--r--openssl/fips/dsa/fips_dsa_sign.c256
-rw-r--r--openssl/fips/dsa/fips_dsatest.c271
-rw-r--r--openssl/fips/dsa/fips_dssvs.c542
9 files changed, 2478 insertions, 0 deletions
diff --git a/openssl/fips/dsa/Makefile b/openssl/fips/dsa/Makefile
new file mode 100644
index 000000000..251615e9a
--- /dev/null
+++ b/openssl/fips/dsa/Makefile
@@ -0,0 +1,191 @@
+#
+# OpenSSL/fips/dsa/Makefile
+#
+
+DIR= dsa
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_dsatest.c fips_dssvs.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_dsa_ossl.c fips_dsa_gen.c fips_dsa_selftest.c fips_dsa_key.c \
+ fips_dsa_lib.c fips_dsa_sign.c
+LIBOBJ=fips_dsa_ossl.o fips_dsa_gen.o fips_dsa_selftest.o fips_dsa_key.o \
+ fips_dsa_lib.o fips_dsa_sign.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/dsa/req
+A=../testvectors/dsa/rsp
+
+fips_test:
+ -rm -rf $A
+ mkdir $A
+ if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
+ if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
+ if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
+ if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dsa_gen.o: ../../include/openssl/opensslconf.h
+fips_dsa_gen.o: ../../include/openssl/opensslv.h
+fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_gen.o: fips_dsa_gen.c
+fips_dsa_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dsa_key.o: ../../include/openssl/opensslconf.h
+fips_dsa_key.o: ../../include/openssl/opensslv.h
+fips_dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_key.o: ../../include/openssl/symhacks.h ../fips_locl.h fips_dsa_key.c
+fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_lib.o: ../../include/openssl/e_os2.h
+fips_dsa_lib.o: ../../include/openssl/opensslconf.h
+fips_dsa_lib.o: ../../include/openssl/opensslv.h
+fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
+fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
+fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+fips_dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsa_ossl.o: ../../include/openssl/objects.h
+fips_dsa_ossl.o: ../../include/openssl/opensslconf.h
+fips_dsa_ossl.o: ../../include/openssl/opensslv.h
+fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+fips_dsa_ossl.o: ../../include/openssl/x509_vfy.h fips_dsa_ossl.c
+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
+fips_dsa_selftest.o: ../../include/openssl/objects.h
+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
+fips_dsa_selftest.o: ../../include/openssl/opensslv.h
+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
+fips_dsa_selftest.o: ../../include/openssl/safestack.h
+fips_dsa_selftest.o: ../../include/openssl/stack.h
+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
+fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_sign.o: ../../include/openssl/obj_mac.h
+fips_dsa_sign.o: ../../include/openssl/objects.h
+fips_dsa_sign.o: ../../include/openssl/opensslconf.h
+fips_dsa_sign.o: ../../include/openssl/opensslv.h
+fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
+fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_sign.o: fips_dsa_sign.c
+fips_dsatest.o: ../../e_os.h ../../include/openssl/asn1.h
+fips_dsatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsatest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+fips_dsatest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+fips_dsatest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+fips_dsatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsatest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsatest.o: ../../include/openssl/objects.h
+fips_dsatest.o: ../../include/openssl/opensslconf.h
+fips_dsatest.o: ../../include/openssl/opensslv.h
+fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_dsatest.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_dsatest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_dsatest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_dsatest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_dsatest.o: ../../include/openssl/x509_vfy.h ../fips_utl.h fips_dsatest.c
+fips_dssvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dssvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dssvs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dssvs.o: ../../include/openssl/opensslconf.h
+fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dssvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dssvs.c
diff --git a/openssl/fips/dsa/fips_dsa_gen.c b/openssl/fips/dsa/fips_dsa_gen.c
new file mode 100644
index 000000000..0cecf34ab
--- /dev/null
+++ b/openssl/fips/dsa/fips_dsa_gen.c
@@ -0,0 +1,339 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/* Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
+#define HASH EVP_sha()
+#else
+/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
+ * FIPS PUB 180-1) */
+#define HASH EVP_sha1()
+#endif
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
+
+#ifndef OPENSSL_NO_SHA
+
+#include <stdio.h>
+#include <time.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_FIPS
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+ {
+ if(ret->meth->dsa_paramgen)
+ return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, cb);
+ return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, cb);
+ }
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+ {
+ int ok=0;
+ unsigned char seed[SHA_DIGEST_LENGTH];
+ unsigned char md[SHA_DIGEST_LENGTH];
+ unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+ BIGNUM *r0,*W,*X,*c,*test;
+ BIGNUM *g=NULL,*q=NULL,*p=NULL;
+ BN_MONT_CTX *mont=NULL;
+ int k,n=0,i,b,m=0;
+ int counter=0;
+ int r=0;
+ BN_CTX *ctx=NULL;
+ unsigned int h=2;
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
+ FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+ {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
+ if (bits < 512) bits=512;
+ bits=(bits+63)/64*64;
+
+ /* NB: seed_len == 0 is special case: copy generated seed to
+ * seed_in if it is not NULL.
+ */
+ if (seed_len && (seed_len < 20))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > 20)
+ seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+ * but our internal buffers are restricted to 160 bits*/
+ if ((seed_in != NULL) && (seed_len == 20))
+ {
+ memcpy(seed,seed_in,seed_len);
+ /* set seed_in to NULL to avoid it being copied back */
+ seed_in = NULL;
+ }
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ g = BN_CTX_get(ctx);
+ W = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ c = BN_CTX_get(ctx);
+ p = BN_CTX_get(ctx);
+ test = BN_CTX_get(ctx);
+
+ if (!BN_lshift(test,BN_value_one(),bits-1))
+ goto err;
+
+ for (;;)
+ {
+ for (;;) /* find q */
+ {
+ int seed_is_random;
+
+ /* step 1 */
+ if(!BN_GENCB_call(cb, 0, m++))
+ goto err;
+
+ if (!seed_len)
+ {
+ RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
+ seed_is_random = 1;
+ }
+ else
+ {
+ seed_is_random = 0;
+ seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
+ }
+ memcpy(buf,seed,SHA_DIGEST_LENGTH);
+ memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+ /* precompute "SEED + 1" for step 7: */
+ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+ {
+ buf[i]++;
+ if (buf[i] != 0) break;
+ }
+
+ /* step 2 */
+ EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+ EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
+ for (i=0; i<SHA_DIGEST_LENGTH; i++)
+ md[i]^=buf2[i];
+
+ /* step 3 */
+ md[0]|=0x80;
+ md[SHA_DIGEST_LENGTH-1]|=0x01;
+ if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
+
+ /* step 4 */
+ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+ seed_is_random, cb);
+ if (r > 0)
+ break;
+ if (r != 0)
+ goto err;
+
+ /* do a callback call */
+ /* step 5 */
+ }
+
+ if(!BN_GENCB_call(cb, 2, 0)) goto err;
+ if(!BN_GENCB_call(cb, 3, 0)) goto err;
+
+ /* step 6 */
+ counter=0;
+ /* "offset = 2" */
+
+ n=(bits-1)/160;
+ b=(bits-1)-n*160;
+
+ for (;;)
+ {
+ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+ goto err;
+
+ /* step 7 */
+ BN_zero(W);
+ /* now 'buf' contains "SEED + offset - 1" */
+ for (k=0; k<=n; k++)
+ {
+ /* obtain "SEED + offset + k" by incrementing: */
+ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+ {
+ buf[i]++;
+ if (buf[i] != 0) break;
+ }
+
+ EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+
+ /* step 8 */
+ if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+ goto err;
+ if (!BN_lshift(r0,r0,160*k)) goto err;
+ if (!BN_add(W,W,r0)) goto err;
+ }
+
+ /* more of step 8 */
+ if (!BN_mask_bits(W,bits-1)) goto err;
+ if (!BN_copy(X,W)) goto err;
+ if (!BN_add(X,X,test)) goto err;
+
+ /* step 9 */
+ if (!BN_lshift1(r0,q)) goto err;
+ if (!BN_mod(c,X,r0,ctx)) goto err;
+ if (!BN_sub(r0,c,BN_value_one())) goto err;
+ if (!BN_sub(p,X,r0)) goto err;
+
+ /* step 10 */
+ if (BN_cmp(p,test) >= 0)
+ {
+ /* step 11 */
+ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
+ ctx, 1, cb);
+ if (r > 0)
+ goto end; /* found it */
+ if (r != 0)
+ goto err;
+ }
+
+ /* step 13 */
+ counter++;
+ /* "offset = offset + n + 1" */
+
+ /* step 14 */
+ if (counter >= 4096) break;
+ }
+ }
+end:
+ if(!BN_GENCB_call(cb, 2, 1))
+ goto err;
+
+ /* We now need to generate g */
+ /* Set r0=(p-1)/q */
+ if (!BN_sub(test,p,BN_value_one())) goto err;
+ if (!BN_div(r0,NULL,test,q,ctx)) goto err;
+
+ if (!BN_set_word(test,h)) goto err;
+ if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
+
+ for (;;)
+ {
+ /* g=test^r0%p */
+ if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
+ if (!BN_is_one(g)) break;
+ if (!BN_add(test,test,BN_value_one())) goto err;
+ h++;
+ }
+
+ if(!BN_GENCB_call(cb, 3, 1))
+ goto err;
+
+ ok=1;
+err:
+ if (ok)
+ {
+ if(ret->p) BN_free(ret->p);
+ if(ret->q) BN_free(ret->q);
+ if(ret->g) BN_free(ret->g);
+ ret->p=BN_dup(p);
+ ret->q=BN_dup(q);
+ ret->g=BN_dup(g);
+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
+ {
+ ok=0;
+ goto err;
+ }
+ if (seed_in != NULL) memcpy(seed_in,seed,20);
+ if (counter_ret != NULL) *counter_ret=counter;
+ if (h_ret != NULL) *h_ret=h;
+ }
+ if(ctx)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (mont != NULL) BN_MONT_CTX_free(mont);
+ return ok;
+ }
+#endif
+#endif
diff --git a/openssl/fips/dsa/fips_dsa_key.c b/openssl/fips/dsa/fips_dsa_key.c
new file mode 100644
index 000000000..b5f8cfa1d
--- /dev/null
+++ b/openssl/fips/dsa/fips_dsa_key.c
@@ -0,0 +1,169 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#ifndef OPENSSL_NO_SHA
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/fips.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+static int fips_dsa_pairwise_fail = 0;
+
+void FIPS_corrupt_dsa_keygen(void)
+ {
+ fips_dsa_pairwise_fail = 1;
+ }
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+int fips_check_dsa(DSA *dsa)
+ {
+ EVP_PKEY pk;
+ unsigned char tbs[] = "DSA Pairwise Check Data";
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!fips_pkey_signature_test(&pk, tbs, -1,
+ NULL, 0, EVP_dss1(), 0, NULL))
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+ fips_set_selftest_fail();
+ return 0;
+ }
+ return 1;
+ }
+
+int DSA_generate_key(DSA *dsa)
+ {
+ if(dsa->meth->dsa_keygen)
+ return dsa->meth->dsa_keygen(dsa);
+ return dsa_builtin_keygen(dsa);
+ }
+
+static int dsa_builtin_keygen(DSA *dsa)
+ {
+ int ok=0;
+ BN_CTX *ctx=NULL;
+ BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+ if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+ {
+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ if (dsa->priv_key == NULL)
+ {
+ if ((priv_key=BN_new()) == NULL) goto err;
+ }
+ else
+ priv_key=dsa->priv_key;
+
+ do
+ if (!BN_rand_range(priv_key,dsa->q)) goto err;
+ while (BN_is_zero(priv_key));
+
+ if (dsa->pub_key == NULL)
+ {
+ if ((pub_key=BN_new()) == NULL) goto err;
+ }
+ else
+ pub_key=dsa->pub_key;
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+ }
+ else
+ prk = priv_key;
+
+ if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
+ }
+
+ dsa->priv_key=priv_key;
+ dsa->pub_key=pub_key;
+ if (fips_dsa_pairwise_fail)
+ BN_add_word(dsa->pub_key, 1);
+ if(!fips_check_dsa(dsa))
+ goto err;
+ ok=1;
+
+err:
+ if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+ if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+ if (ctx != NULL) BN_CTX_free(ctx);
+ return(ok);
+ }
+#endif
+
+#endif
diff --git a/openssl/fips/dsa/fips_dsa_lib.c b/openssl/fips/dsa/fips_dsa_lib.c
new file mode 100644
index 000000000..2545966d2
--- /dev/null
+++ b/openssl/fips/dsa/fips_dsa_lib.c
@@ -0,0 +1,95 @@
+/* fips_dsa_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+
+/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
+ * reduce external dependencies.
+ */
+
+DSA *FIPS_dsa_new(void)
+ {
+ DSA *ret;
+ ret = OPENSSL_malloc(sizeof(DSA));
+ if (!ret)
+ return NULL;
+ memset(ret, 0, sizeof(DSA));
+ ret->meth = DSA_OpenSSL();
+ if (ret->meth->init)
+ ret->meth->init(ret);
+ return ret;
+ }
+
+void FIPS_dsa_free(DSA *r)
+ {
+ if (!r)
+ return;
+ if (r->meth->finish)
+ r->meth->finish(r);
+ if (r->p != NULL) BN_clear_free(r->p);
+ if (r->q != NULL) BN_clear_free(r->q);
+ if (r->g != NULL) BN_clear_free(r->g);
+ if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+ if (r->kinv != NULL) BN_clear_free(r->kinv);
+ if (r->r != NULL) BN_clear_free(r->r);
+ OPENSSL_free(r);
+ }
+
diff --git a/openssl/fips/dsa/fips_dsa_ossl.c b/openssl/fips/dsa/fips_dsa_ossl.c
new file mode 100644
index 000000000..50a6c1331
--- /dev/null
+++ b/openssl/fips/dsa/fips_dsa_ossl.c
@@ -0,0 +1,435 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
+ DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+
+static const DSA_METHOD openssl_dsa_meth = {
+"OpenSSL FIPS DSA method",
+dsa_do_sign,
+dsa_sign_setup,
+dsa_do_verify,
+dsa_mod_exp,
+dsa_bn_mod_exp,
+dsa_init,
+dsa_finish,
+DSA_FLAG_FIPS_METHOD,
+NULL
+};
+#if 0
+int FIPS_dsa_check(struct dsa_st *dsa)
+ {
+ if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign
+ || dsa->meth->dsa_sign_setup != dsa_sign_setup
+ || dsa->meth->dsa_mod_exp != dsa_mod_exp
+ || dsa->meth->bn_mod_exp != dsa_bn_mod_exp
+ || dsa->meth->init != dsa_init
+ || dsa->meth->finish != dsa_finish)
+ {
+ FIPSerr(FIPS_F_FIPS_DSA_CHECK,FIPS_R_NON_FIPS_METHOD);
+ return 0;
+ }
+ return 1;
+ }
+#endif
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+ return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa)
+ {
+ BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+ BIGNUM m;
+ BIGNUM xr;
+ BN_CTX *ctx=NULL;
+ int i,reason=ERR_R_BN_LIB;
+ DSA_SIG *ret=NULL;
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+ return NULL;
+ }
+
+ if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+ {
+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
+ return NULL;
+ }
+
+ BN_init(&m);
+ BN_init(&xr);
+
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ reason=DSA_R_MISSING_PARAMETERS;
+ goto err;
+ }
+
+ s=BN_new();
+ if (s == NULL) goto err;
+
+ i=BN_num_bytes(dsa->q); /* should be 20 */
+ if ((dlen > i) || (dlen > 50))
+ {
+ reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+ goto err;
+ }
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+
+ if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+
+ if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+ /* Compute s = inv(k) (m + xr) mod q */
+ if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
+ if (BN_cmp(s,dsa->q) > 0)
+ BN_sub(s,s,dsa->q);
+ if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+ ret= DSA_SIG_new();
+ if (ret == NULL) goto err;
+ ret->r = r;
+ ret->s = s;
+
+err:
+ if (!ret)
+ {
+ DSAerr(DSA_F_DSA_DO_SIGN,reason);
+ BN_free(r);
+ BN_free(s);
+ }
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_clear_free(&m);
+ BN_clear_free(&xr);
+ if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+ BN_clear_free(kinv);
+ return(ret);
+ }
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+ {
+ BN_CTX *ctx;
+ BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
+ int ret=0;
+
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ BN_init(&k);
+ BN_init(&kq);
+
+ if (ctx_in == NULL)
+ {
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ }
+ else
+ ctx=ctx_in;
+
+ if ((r=BN_new()) == NULL) goto err;
+
+ /* Get random k */
+ do
+ if (!BN_rand_range(&k, dsa->q)) goto err;
+ while (BN_is_zero(&k));
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_set_flags(&k, BN_FLG_CONSTTIME);
+ }
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
+ {
+ if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA,
+ dsa->p, ctx))
+ goto err;
+ }
+
+ /* Compute r = (g^k mod p) mod q */
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ if (!BN_copy(&kq, &k)) goto err;
+
+ /* We do not want timing information to leak the length of k,
+ * so we compute g^k using an equivalent exponent of fixed length.
+ *
+ * (This is a kludge that we need because the BN_mod_exp_mont()
+ * does not let us specify the desired timing behaviour.) */
+
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+ {
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ }
+
+ K = &kq;
+ }
+ else
+ {
+ K = &k;
+ }
+ if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
+ (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+ if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+
+ if (*kinvp != NULL) BN_clear_free(*kinvp);
+ *kinvp=kinv;
+ kinv=NULL;
+ if (*rp != NULL) BN_clear_free(*rp);
+ *rp=r;
+ ret=1;
+err:
+ if (!ret)
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+ if (kinv != NULL) BN_clear_free(kinv);
+ if (r != NULL) BN_clear_free(r);
+ }
+ if (ctx_in == NULL) BN_CTX_free(ctx);
+ if (kinv != NULL) BN_clear_free(kinv);
+ BN_clear_free(&k);
+ BN_clear_free(&kq);
+ return(ret);
+ }
+
+static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
+ DSA *dsa)
+ {
+ BN_CTX *ctx;
+ BIGNUM u1,u2,t1;
+ BN_MONT_CTX *mont=NULL;
+ int ret = -1;
+
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+ return -1;
+ }
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->q) != 160)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
+ return -1;
+ }
+
+ BN_init(&u1);
+ BN_init(&u2);
+ BN_init(&t1);
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+ {
+ ret = 0;
+ goto err;
+ }
+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+ {
+ ret = 0;
+ goto err;
+ }
+
+ /* Calculate W = inv(S) mod Q
+ * save W in u2 */
+ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+
+ /* save M in u1 */
+ if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+
+ /* u1 = M * w mod q */
+ if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+
+ /* u2 = r * w mod q */
+ if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
+ {
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
+ }
+
+#if 0
+ {
+ BIGNUM t2;
+
+ BN_init(&t2);
+ /* v = ( g^u1 * y^u2 mod p ) mod q */
+ /* let t1 = g ^ u1 mod p */
+ if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+ /* let t2 = y ^ u2 mod p */
+ if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+ /* let u1 = t1 * t2 mod p */
+ if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+ BN_free(&t2);
+ }
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+ {
+ if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+ dsa->p,ctx,mont)) goto err;
+ /* BN_copy(&u1,&t1); */
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+ }
+#endif
+ /* V is now in u1. If the signature is correct, it will be
+ * equal to R. */
+ ret=(BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+ if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_free(&u1);
+ BN_free(&u2);
+ BN_free(&t1);
+ return(ret);
+ }
+
+static int dsa_init(DSA *dsa)
+{
+ FIPS_selftest_check();
+ dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+ return(1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+ if(dsa->method_mont_p)
+ BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+ return(1);
+}
+
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+#else /* ndef OPENSSL_FIPS */
+
+static void *dummy=&dummy;
+
+#endif /* ndef OPENSSL_FIPS */
diff --git a/openssl/fips/dsa/fips_dsa_selftest.c b/openssl/fips/dsa/fips_dsa_selftest.c
new file mode 100644
index 000000000..6880760a7
--- /dev/null
+++ b/openssl/fips/dsa/fips_dsa_selftest.c
@@ -0,0 +1,180 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/* seed, out_p, out_q, out_g are taken the NIST test vectors */
+
+static unsigned char seed[20] = {
+ 0x77, 0x8f, 0x40, 0x74, 0x6f, 0x66, 0xbe, 0x33, 0xce, 0xbe, 0x99, 0x34,
+ 0x4c, 0xfc, 0xf3, 0x28, 0xaa, 0x70, 0x2d, 0x3a
+ };
+
+static unsigned char out_p[] = {
+ 0xf7, 0x7c, 0x1b, 0x83, 0xd8, 0xe8, 0x5c, 0x7f, 0x85, 0x30, 0x17, 0x57,
+ 0x21, 0x95, 0xfe, 0x26, 0x04, 0xeb, 0x47, 0x4c, 0x3a, 0x4a, 0x81, 0x4b,
+ 0x71, 0x2e, 0xed, 0x6e, 0x4f, 0x3d, 0x11, 0x0f, 0x7c, 0xfe, 0x36, 0x43,
+ 0x51, 0xd9, 0x81, 0x39, 0x17, 0xdf, 0x62, 0xf6, 0x9c, 0x01, 0xa8, 0x69,
+ 0x71, 0xdd, 0x29, 0x7f, 0x47, 0xe6, 0x65, 0xa6, 0x22, 0xe8, 0x6a, 0x12,
+ 0x2b, 0xc2, 0x81, 0xff, 0x32, 0x70, 0x2f, 0x9e, 0xca, 0x53, 0x26, 0x47,
+ 0x0f, 0x59, 0xd7, 0x9e, 0x2c, 0xa5, 0x07, 0xc4, 0x49, 0x52, 0xa3, 0xe4,
+ 0x6b, 0x04, 0x00, 0x25, 0x49, 0xe2, 0xe6, 0x7f, 0x28, 0x78, 0x97, 0xb8,
+ 0x3a, 0x32, 0x14, 0x38, 0xa2, 0x51, 0x33, 0x22, 0x44, 0x7e, 0xd7, 0xef,
+ 0x45, 0xdb, 0x06, 0x4a, 0xd2, 0x82, 0x4a, 0x82, 0x2c, 0xb1, 0xd7, 0xd8,
+ 0xb6, 0x73, 0x00, 0x4d, 0x94, 0x77, 0x94, 0xef
+ };
+
+static unsigned char out_q[] = {
+ 0xd4, 0x0a, 0xac, 0x9f, 0xbd, 0x8c, 0x80, 0xc2, 0x38, 0x7e, 0x2e, 0x0c,
+ 0x52, 0x5c, 0xea, 0x34, 0xa1, 0x83, 0x32, 0xf3
+ };
+
+static unsigned char out_g[] = {
+ 0x34, 0x73, 0x8b, 0x57, 0x84, 0x8e, 0x55, 0xbf, 0x57, 0xcc, 0x41, 0xbb,
+ 0x5e, 0x2b, 0xd5, 0x42, 0xdd, 0x24, 0x22, 0x2a, 0x09, 0xea, 0x26, 0x1e,
+ 0x17, 0x65, 0xcb, 0x1a, 0xb3, 0x12, 0x44, 0xa3, 0x9e, 0x99, 0xe9, 0x63,
+ 0xeb, 0x30, 0xb1, 0x78, 0x7b, 0x09, 0x40, 0x30, 0xfa, 0x83, 0xc2, 0x35,
+ 0xe1, 0xc4, 0x2d, 0x74, 0x1a, 0xb1, 0x83, 0x54, 0xd8, 0x29, 0xf4, 0xcf,
+ 0x7f, 0x6f, 0x67, 0x1c, 0x36, 0x49, 0xee, 0x6c, 0xa2, 0x3c, 0x2d, 0x6a,
+ 0xe9, 0xd3, 0x9a, 0xf6, 0x57, 0x78, 0x6f, 0xfd, 0x33, 0xcd, 0x3c, 0xed,
+ 0xfd, 0xd4, 0x41, 0xe6, 0x5c, 0x8b, 0xe0, 0x68, 0x31, 0x47, 0x47, 0xaf,
+ 0x12, 0xa7, 0xf9, 0x32, 0x0d, 0x94, 0x15, 0x48, 0xd0, 0x54, 0x85, 0xb2,
+ 0x04, 0xb5, 0x4d, 0xd4, 0x9d, 0x05, 0x22, 0x25, 0xd9, 0xfd, 0x6c, 0x36,
+ 0xef, 0xbe, 0x69, 0x6c, 0x55, 0xf4, 0xee, 0xec
+ };
+
+static const unsigned char str1[]="12345678901234567890";
+
+void FIPS_corrupt_dsa()
+ {
+ ++seed[0];
+ }
+
+int FIPS_selftest_dsa()
+ {
+ DSA *dsa=NULL;
+ int counter,i,j, ret = 0;
+ unsigned int slen;
+ unsigned char buf[256];
+ unsigned long h;
+ EVP_MD_CTX mctx;
+ EVP_PKEY pk;
+
+ EVP_MD_CTX_init(&mctx);
+
+ dsa = FIPS_dsa_new();
+
+ if(dsa == NULL)
+ goto err;
+ if(!DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,NULL))
+ goto err;
+ if (counter != 378)
+ goto err;
+ if (h != 2)
+ goto err;
+ i=BN_bn2bin(dsa->q,buf);
+ j=sizeof(out_q);
+ if (i != j || memcmp(buf,out_q,i) != 0)
+ goto err;
+
+ i=BN_bn2bin(dsa->p,buf);
+ j=sizeof(out_p);
+ if (i != j || memcmp(buf,out_p,i) != 0)
+ goto err;
+
+ i=BN_bn2bin(dsa->g,buf);
+ j=sizeof(out_g);
+ if (i != j || memcmp(buf,out_g,i) != 0)
+ goto err;
+ DSA_generate_key(dsa);
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+ goto err;
+ if (!EVP_SignUpdate(&mctx, str1, 20))
+ goto err;
+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+ goto err;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+ goto err;
+ if (!EVP_VerifyUpdate(&mctx, str1, 20))
+ goto err;
+ if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
+ goto err;
+
+ ret = 1;
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ if (dsa)
+ FIPS_dsa_free(dsa);
+ if (ret == 0)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return ret;
+ }
+#endif
diff --git a/openssl/fips/dsa/fips_dsa_sign.c b/openssl/fips/dsa/fips_dsa_sign.c
new file mode 100644
index 000000000..32ea0b0fe
--- /dev/null
+++ b/openssl/fips/dsa/fips_dsa_sign.c
@@ -0,0 +1,256 @@
+/* fips_dsa_sign.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/* FIPS versions of DSA_sign() and DSA_verify().
+ * These include a tiny ASN1 encoder/decoder to handle the specific
+ * case of a DSA signature.
+ */
+
+int FIPS_dsa_size(DSA *r)
+ {
+ int ilen;
+ ilen = BN_num_bytes(r->q);
+ if (ilen > 20)
+ return -1;
+ /* If MSB set need padding byte */
+ ilen ++;
+ /* Also need 2 bytes INTEGER header for r and s plus
+ * 2 bytes SEQUENCE header making 6 in total.
+ */
+ return ilen * 2 + 6;
+ }
+
+/* Tiny ASN1 encoder for DSA_SIG structure. We can assume r, s smaller than
+ * 0x80 octets as by the DSA standards they will be less than 2^160
+ */
+
+int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig)
+ {
+ int rlen, slen, rpad, spad, seqlen;
+ rlen = BN_num_bytes(sig->r);
+ if (rlen > 20)
+ return -1;
+ if (BN_num_bits(sig->r) & 0x7)
+ rpad = 0;
+ else
+ rpad = 1;
+ slen = BN_num_bytes(sig->s);
+ if (slen > 20)
+ return -1;
+ if (BN_num_bits(sig->s) & 0x7)
+ spad = 0;
+ else
+ spad = 1;
+ /* Length of SEQUENCE, (1 tag + 1 len octet) * 2 + content octets */
+ seqlen = rlen + rpad + slen + spad + 4;
+ /* Actual encoded length: include SEQUENCE header */
+ if (!out)
+ return seqlen + 2;
+
+ /* Output SEQUENCE header */
+ *out++ = V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED;
+ *out++ = (unsigned char)seqlen;
+
+ /* Output r */
+ *out++ = V_ASN1_INTEGER;
+ *out++ = (unsigned char)(rlen + rpad);
+ if (rpad)
+ *out++ = 0;
+ BN_bn2bin(sig->r, out);
+ out += rlen;
+
+ /* Output s */
+ *out++ = V_ASN1_INTEGER;
+ *out++ = (unsigned char)(slen + spad);
+ if (spad)
+ *out++ = 0;
+ BN_bn2bin(sig->s, out);
+ return seqlen + 2;
+ }
+
+/* Companion DSA_SIG decoder */
+
+int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen)
+ {
+ int seqlen, rlen, slen;
+ const unsigned char *rbin;
+ /* Sanity check */
+
+ /* Need SEQUENCE tag */
+ if (*in++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
+ return 0;
+ /* Get length octet */
+ seqlen = *in++;
+ /* Check sensible length value */
+ if (seqlen < 4 || seqlen > 0x7F)
+ return 0;
+ /* Check INTEGER tag */
+ if (*in++ != V_ASN1_INTEGER)
+ return 0;
+ rlen = *in++;
+ seqlen -= 2 + rlen;
+ /* Check sensible seqlen value */
+ if (seqlen < 2)
+ return 0;
+ rbin = in;
+ in += rlen;
+ /* Check INTEGER tag */
+ if (*in++ != V_ASN1_INTEGER)
+ return 0;
+ slen = *in++;
+ /* Remaining bytes of SEQUENCE should exactly match
+ * encoding of s
+ */
+ if (seqlen != (slen + 2))
+ return 0;
+ if (!sig->r && !(sig->r = BN_new()))
+ return 0;
+ if (!sig->s && !(sig->s = BN_new()))
+ return 0;
+ if (!BN_bin2bn(rbin, rlen, sig->r))
+ return 0;
+ if (!BN_bin2bn(in, slen, sig->s))
+ return 0;
+ return 1;
+ }
+
+static int fips_dsa_sign(int type, const unsigned char *x, int y,
+ unsigned char *sig, unsigned int *siglen, EVP_MD_SVCTX *sv)
+ {
+ DSA *dsa = sv->key;
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int dlen;
+ DSA_SIG *s;
+ EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
+ s=dsa->meth->dsa_do_sign(dig,dlen,dsa);
+ OPENSSL_cleanse(dig, dlen);
+ if (s == NULL)
+ {
+ *siglen=0;
+ return 0;
+ }
+ *siglen= FIPS_dsa_sig_encode(sig, s);
+ DSA_SIG_free(s);
+ if (*siglen < 0)
+ return 0;
+ return 1;
+ }
+
+static int fips_dsa_verify(int type, const unsigned char *x, int y,
+ const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
+ {
+ DSA *dsa = sv->key;
+ DSA_SIG *s;
+ int ret=-1;
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int dlen;
+
+ s = DSA_SIG_new();
+ if (s == NULL)
+ return ret;
+ if (!FIPS_dsa_sig_decode(s,sigbuf,siglen))
+ goto err;
+ EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
+ ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
+ OPENSSL_cleanse(dig, dlen);
+err:
+ DSA_SIG_free(s);
+ return ret;
+ }
+
+static int init(EVP_MD_CTX *ctx)
+ { return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+ { return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dss1_md=
+ {
+ NID_dsa,
+ NID_dsaWithSHA1,
+ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ (evp_sign_method *)fips_dsa_sign,
+ (evp_verify_method *)fips_dsa_verify,
+ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, EVP_PKEY_DSA4,0},
+ SHA_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA_CTX),
+ };
+
+const EVP_MD *EVP_dss1(void)
+ {
+ return(&dss1_md);
+ }
+#endif
diff --git a/openssl/fips/dsa/fips_dsatest.c b/openssl/fips/dsa/fips_dsatest.c
new file mode 100644
index 000000000..c7e0f5164
--- /dev/null
+++ b/openssl/fips/dsa/fips_dsatest.c
@@ -0,0 +1,271 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+
+#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
+int main(int argc, char *argv[])
+{
+ printf("No FIPS DSA support\n");
+ return(0);
+}
+#else
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#include <openssl/dsa.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+#include "fips_utl.h"
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
+
+/* seed, out_p, out_q, out_g are taken from the earlier validation test
+ * vectors.
+ */
+
+static unsigned char seed[20] = {
+ 0x1c, 0xfb, 0xa9, 0x6c, 0xf7, 0x95, 0xb3, 0x2e, 0x01, 0x01, 0x3c, 0x8d,
+ 0x7f, 0x6e, 0xf4, 0x59, 0xcc, 0x2f, 0x19, 0x59
+ };
+
+static unsigned char out_p[] = {
+ 0xc2, 0x3c, 0x48, 0x31, 0x7e, 0x3b, 0x4e, 0x5d, 0x3c, 0x93, 0x78, 0x60,
+ 0x5c, 0xf2, 0x60, 0xbb, 0x5a, 0xfa, 0x7f, 0x17, 0xf9, 0x26, 0x69, 0x46,
+ 0xe7, 0x07, 0xbb, 0x3b, 0x2e, 0xc4, 0xb5, 0x66, 0xf7, 0x4d, 0xae, 0x9b,
+ 0x8f, 0xf0, 0x42, 0xea, 0xb3, 0xa0, 0x7e, 0x81, 0x85, 0x89, 0xe6, 0xb0,
+ 0x29, 0x03, 0x6b, 0xcc, 0xfb, 0x8e, 0x46, 0x15, 0x4d, 0xc1, 0x69, 0xd8,
+ 0x2f, 0xef, 0x5c, 0x8b, 0x29, 0x32, 0x41, 0xbd, 0x13, 0x72, 0x3d, 0xac,
+ 0x81, 0xcc, 0x86, 0x6c, 0x06, 0x5d, 0x51, 0xa1, 0xa5, 0x07, 0x0c, 0x3e,
+ 0xbe, 0xdd, 0xf4, 0x6e, 0xa8, 0xed, 0xb4, 0x2f, 0xbd, 0x3e, 0x64, 0xea,
+ 0xee, 0x92, 0xec, 0x51, 0xe1, 0x0d, 0xab, 0x25, 0x45, 0xae, 0x55, 0x21,
+ 0x4d, 0xd6, 0x96, 0x6f, 0xe6, 0xaa, 0xd3, 0xca, 0x87, 0x92, 0xb1, 0x1c,
+ 0x3c, 0xaf, 0x29, 0x09, 0x8b, 0xc6, 0xed, 0xe1
+ };
+
+static unsigned char out_q[] = {
+ 0xae, 0x0a, 0x8c, 0xfb, 0x80, 0xe1, 0xc6, 0xd1, 0x09, 0x0f, 0x26, 0xde,
+ 0x91, 0x53, 0xc2, 0x8b, 0x2b, 0x0f, 0xde, 0x7f
+ };
+
+static unsigned char out_g[] = {
+ 0x0d, 0x7d, 0x92, 0x74, 0x10, 0xf6, 0xa4, 0x43, 0x86, 0x9a, 0xd1, 0xd9,
+ 0x56, 0x00, 0xbc, 0x18, 0x97, 0x99, 0x4e, 0x9a, 0x93, 0xfb, 0x00, 0x3d,
+ 0x6c, 0xa0, 0x1b, 0x95, 0x6b, 0xbd, 0xf7, 0x7a, 0xbc, 0x36, 0x3f, 0x3d,
+ 0xb9, 0xbf, 0xf9, 0x91, 0x37, 0x68, 0xd1, 0xb9, 0x1e, 0xfe, 0x7f, 0x10,
+ 0xc0, 0x6a, 0xcd, 0x5f, 0xc1, 0x65, 0x1a, 0xb8, 0xe7, 0xab, 0xb5, 0xc6,
+ 0x8d, 0xb7, 0x86, 0xad, 0x3a, 0xbf, 0x6b, 0x7b, 0x0a, 0x66, 0xbe, 0xd5,
+ 0x58, 0x23, 0x16, 0x48, 0x83, 0x29, 0xb6, 0xa7, 0x64, 0xc7, 0x08, 0xbe,
+ 0x55, 0x4c, 0x6f, 0xcb, 0x34, 0xc1, 0x73, 0xb0, 0x39, 0x68, 0x52, 0xdf,
+ 0x27, 0x7f, 0x32, 0xbc, 0x2b, 0x0d, 0x63, 0xed, 0x75, 0x3e, 0xb5, 0x54,
+ 0xac, 0xc8, 0x20, 0x2a, 0x73, 0xe8, 0x29, 0x51, 0x03, 0x77, 0xe8, 0xc9,
+ 0x61, 0x32, 0x25, 0xaf, 0x21, 0x5b, 0x6e, 0xda
+ };
+
+
+static const unsigned char str1[]="12345678901234567890";
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char **argv)
+ {
+ DSA *dsa=NULL;
+ EVP_PKEY pk;
+ int counter,ret=0,i,j;
+ unsigned int slen;
+ unsigned char buf[256];
+ unsigned long h;
+ BN_GENCB cb;
+ EVP_MD_CTX mctx;
+ BN_GENCB_set(&cb, dsa_cb, stderr);
+ EVP_MD_CTX_init(&mctx);
+
+ if(!FIPS_mode_set(1))
+ {
+ do_print_errors();
+ EXIT(1);
+ }
+
+ fprintf(stderr,"test generation of DSA parameters\n");
+
+ dsa = FIPS_dsa_new();
+ DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb);
+
+ fprintf(stderr,"seed\n");
+ for (i=0; i<20; i+=4)
+ {
+ fprintf(stderr,"%02X%02X%02X%02X ",
+ seed[i],seed[i+1],seed[i+2],seed[i+3]);
+ }
+ fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h);
+
+ if (dsa == NULL) goto end;
+ if (counter != 16)
+ {
+ fprintf(stderr,"counter should be 105\n");
+ goto end;
+ }
+ if (h != 2)
+ {
+ fprintf(stderr,"h should be 2\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->q,buf);
+ j=sizeof(out_q);
+ if ((i != j) || (memcmp(buf,out_q,i) != 0))
+ {
+ fprintf(stderr,"q value is wrong\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->p,buf);
+ j=sizeof(out_p);
+ if ((i != j) || (memcmp(buf,out_p,i) != 0))
+ {
+ fprintf(stderr,"p value is wrong\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->g,buf);
+ j=sizeof(out_g);
+ if ((i != j) || (memcmp(buf,out_g,i) != 0))
+ {
+ fprintf(stderr,"g value is wrong\n");
+ goto end;
+ }
+ DSA_generate_key(dsa);
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_SignUpdate(&mctx, str1, 20))
+ goto end;
+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+ goto end;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_VerifyUpdate(&mctx, str1, 20))
+ goto end;
+ if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
+ goto end;
+
+ ret = 1;
+
+end:
+ if (!ret)
+ do_print_errors();
+ if (dsa != NULL) FIPS_dsa_free(dsa);
+ EVP_MD_CTX_cleanup(&mctx);
+#if 0
+ CRYPTO_mem_leaks(bio_err);
+#endif
+ EXIT(!ret);
+ return(!ret);
+ }
+
+static int cb_exit(int ec)
+ {
+ EXIT(ec);
+ return(0); /* To keep some compilers quiet */
+ }
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
+ {
+ char c='*';
+ static int ok=0,num=0;
+
+ if (p == 0) { c='.'; num++; };
+ if (p == 1) c='+';
+ if (p == 2) { c='*'; ok++; }
+ if (p == 3) c='\n';
+ fwrite(&c,1, 1, cb->arg);
+ fflush(cb->arg);
+
+ if (!ok && (p == 0) && (num > 1))
+ {
+ fprintf(cb->arg,"error in dsatest\n");
+ cb_exit(1);
+ }
+ return 1;
+ }
+#endif
diff --git a/openssl/fips/dsa/fips_dssvs.c b/openssl/fips/dsa/fips_dssvs.c
new file mode 100644
index 000000000..aa74e8e63
--- /dev/null
+++ b/openssl/fips/dsa/fips_dssvs.c
@@ -0,0 +1,542 @@
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+ printf("No FIPS DSA support\n");
+ return(0);
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+static void pbn(const char *name, BIGNUM *bn)
+ {
+ int len, i;
+ unsigned char *tmp;
+ len = BN_num_bytes(bn);
+ tmp = OPENSSL_malloc(len);
+ if (!tmp)
+ {
+ fprintf(stderr, "Memory allocation error\n");
+ return;
+ }
+ BN_bn2bin(bn, tmp);
+ printf("%s = ", name);
+ for (i = 0; i < len; i++)
+ printf("%02X", tmp[i]);
+ fputs("\n", stdout);
+ OPENSSL_free(tmp);
+ return;
+ }
+
+void primes()
+ {
+ char buf[10240];
+ char lbuf[10240];
+ char *keyword, *value;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ fputs(buf,stdout);
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ continue;
+ if(!strcmp(keyword,"Prime"))
+ {
+ BIGNUM *pp;
+
+ pp=BN_new();
+ do_hex2bn(&pp,value);
+ printf("result= %c\n",
+ BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
+ }
+ }
+ }
+
+void pqg()
+ {
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ int nmod=0;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ nmod=atoi(value);
+ else if(!strcmp(keyword,"N"))
+ {
+ int n=atoi(value);
+
+ printf("[mod = %d]\n\n",nmod);
+
+ while(n--)
+ {
+ unsigned char seed[20];
+ DSA *dsa;
+ int counter;
+ unsigned long h;
+ dsa = FIPS_dsa_new();
+
+ if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
+ {
+ do_print_errors();
+ exit(1);
+ }
+ pbn("P",dsa->p);
+ pbn("Q",dsa->q);
+ pbn("G",dsa->g);
+ pv("Seed",seed,20);
+ printf("c = %d\n",counter);
+ printf("H = %lx\n",h);
+ putc('\n',stdout);
+ }
+ }
+ else
+ fputs(buf,stdout);
+ }
+ }
+
+void pqgver()
+ {
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ int counter, counter2;
+ unsigned long h, h2;
+ DSA *dsa=NULL;
+ int nmod=0;
+ unsigned char seed[1024];
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ nmod=atoi(value);
+ else if(!strcmp(keyword,"P"))
+ p=hex2bn(value);
+ else if(!strcmp(keyword,"Q"))
+ q=hex2bn(value);
+ else if(!strcmp(keyword,"G"))
+ g=hex2bn(value);
+ else if(!strcmp(keyword,"Seed"))
+ {
+ int slen = hex2bin(value, seed);
+ if (slen != 20)
+ {
+ fprintf(stderr, "Seed parse length error\n");
+ exit (1);
+ }
+ }
+ else if(!strcmp(keyword,"c"))
+ counter =atoi(buf+4);
+ else if(!strcmp(keyword,"H"))
+ {
+ h = atoi(value);
+ if (!p || !q || !g)
+ {
+ fprintf(stderr, "Parse Error\n");
+ exit (1);
+ }
+ pbn("P",p);
+ pbn("Q",q);
+ pbn("G",g);
+ pv("Seed",seed,20);
+ printf("c = %d\n",counter);
+ printf("H = %lx\n",h);
+ dsa = FIPS_dsa_new();
+ if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
+ {
+ do_print_errors();
+ exit(1);
+ }
+ if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
+ || (counter != counter2) || (h != h2))
+ printf("Result = F\n");
+ else
+ printf("Result = T\n");
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ p = NULL;
+ q = NULL;
+ g = NULL;
+ FIPS_dsa_free(dsa);
+ dsa = NULL;
+ }
+ }
+ }
+
+/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
+ * algorithm tests. It is an additional test to perform sanity checks on the
+ * output of the KeyPair test.
+ */
+
+static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
+ BN_CTX *ctx)
+ {
+ BIGNUM *rem = NULL;
+ if (BN_num_bits(p) != nmod)
+ return 0;
+ if (BN_num_bits(q) != 160)
+ return 0;
+ if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
+ return 0;
+ if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
+ return 0;
+ rem = BN_new();
+ if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
+ || (BN_cmp(g, BN_value_one()) <= 0)
+ || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
+ {
+ BN_free(rem);
+ return 0;
+ }
+ /* Todo: check g */
+ BN_free(rem);
+ return 1;
+ }
+
+void keyver()
+ {
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
+ BIGNUM *Y2;
+ BN_CTX *ctx = NULL;
+ int nmod=0, paramcheck = 0;
+
+ ctx = BN_CTX_new();
+ Y2 = BN_new();
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ {
+ if (p)
+ BN_free(p);
+ p = NULL;
+ if (q)
+ BN_free(q);
+ q = NULL;
+ if (g)
+ BN_free(g);
+ g = NULL;
+ paramcheck = 0;
+ nmod=atoi(value);
+ }
+ else if(!strcmp(keyword,"P"))
+ p=hex2bn(value);
+ else if(!strcmp(keyword,"Q"))
+ q=hex2bn(value);
+ else if(!strcmp(keyword,"G"))
+ g=hex2bn(value);
+ else if(!strcmp(keyword,"X"))
+ X=hex2bn(value);
+ else if(!strcmp(keyword,"Y"))
+ {
+ Y=hex2bn(value);
+ if (!p || !q || !g || !X || !Y)
+ {
+ fprintf(stderr, "Parse Error\n");
+ exit (1);
+ }
+ pbn("P",p);
+ pbn("Q",q);
+ pbn("G",g);
+ pbn("X",X);
+ pbn("Y",Y);
+ if (!paramcheck)
+ {
+ if (dss_paramcheck(nmod, p, q, g, ctx))
+ paramcheck = 1;
+ else
+ paramcheck = -1;
+ }
+ if (paramcheck != 1)
+ printf("Result = F\n");
+ else
+ {
+ if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
+ printf("Result = F\n");
+ else
+ printf("Result = T\n");
+ }
+ BN_free(X);
+ BN_free(Y);
+ X = NULL;
+ Y = NULL;
+ }
+ }
+ if (p)
+ BN_free(p);
+ if (q)
+ BN_free(q);
+ if (g)
+ BN_free(g);
+ if (Y2)
+ BN_free(Y2);
+ }
+
+void keypair()
+ {
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ int nmod=0;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ nmod=atoi(value);
+ else if(!strcmp(keyword,"N"))
+ {
+ DSA *dsa;
+ int n=atoi(value);
+
+ printf("[mod = %d]\n\n",nmod);
+ dsa = FIPS_dsa_new();
+ if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
+ {
+ do_print_errors();
+ exit(1);
+ }
+ pbn("P",dsa->p);
+ pbn("Q",dsa->q);
+ pbn("G",dsa->g);
+ putc('\n',stdout);
+
+ while(n--)
+ {
+ if (!DSA_generate_key(dsa))
+ {
+ do_print_errors();
+ exit(1);
+ }
+
+ pbn("X",dsa->priv_key);
+ pbn("Y",dsa->pub_key);
+ putc('\n',stdout);
+ }
+ }
+ }
+ }
+
+void siggen()
+ {
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ int nmod=0;
+ DSA *dsa=NULL;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ {
+ nmod=atoi(value);
+ printf("[mod = %d]\n\n",nmod);
+ if (dsa)
+ FIPS_dsa_free(dsa);
+ dsa = FIPS_dsa_new();
+ if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
+ {
+ do_print_errors();
+ exit(1);
+ }
+ pbn("P",dsa->p);
+ pbn("Q",dsa->q);
+ pbn("G",dsa->g);
+ putc('\n',stdout);
+ }
+ else if(!strcmp(keyword,"Msg"))
+ {
+ unsigned char msg[1024];
+ unsigned char sbuf[60];
+ unsigned int slen;
+ int n;
+ EVP_PKEY pk;
+ EVP_MD_CTX mctx;
+ DSA_SIG *sig;
+ EVP_MD_CTX_init(&mctx);
+
+ n=hex2bin(value,msg);
+ pv("Msg",msg,n);
+
+ if (!DSA_generate_key(dsa))
+ {
+ do_print_errors();
+ exit(1);
+ }
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+ pbn("Y",dsa->pub_key);
+
+ EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
+ EVP_SignUpdate(&mctx, msg, n);
+ EVP_SignFinal(&mctx, sbuf, &slen, &pk);
+
+ sig = DSA_SIG_new();
+ FIPS_dsa_sig_decode(sig, sbuf, slen);
+
+ pbn("R",sig->r);
+ pbn("S",sig->s);
+ putc('\n',stdout);
+ DSA_SIG_free(sig);
+ EVP_MD_CTX_cleanup(&mctx);
+ }
+ }
+ if (dsa)
+ FIPS_dsa_free(dsa);
+ }
+
+void sigver()
+ {
+ DSA *dsa=NULL;
+ char buf[1024];
+ char lbuf[1024];
+ unsigned char msg[1024];
+ char *keyword, *value;
+ int nmod=0, n=0;
+ DSA_SIG sg, *sig = &sg;
+
+ sig->r = NULL;
+ sig->s = NULL;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ {
+ nmod=atoi(value);
+ if(dsa)
+ FIPS_dsa_free(dsa);
+ dsa=FIPS_dsa_new();
+ }
+ else if(!strcmp(keyword,"P"))
+ dsa->p=hex2bn(value);
+ else if(!strcmp(keyword,"Q"))
+ dsa->q=hex2bn(value);
+ else if(!strcmp(keyword,"G"))
+ {
+ dsa->g=hex2bn(value);
+
+ printf("[mod = %d]\n\n",nmod);
+ pbn("P",dsa->p);
+ pbn("Q",dsa->q);
+ pbn("G",dsa->g);
+ putc('\n',stdout);
+ }
+ else if(!strcmp(keyword,"Msg"))
+ {
+ n=hex2bin(value,msg);
+ pv("Msg",msg,n);
+ }
+ else if(!strcmp(keyword,"Y"))
+ dsa->pub_key=hex2bn(value);
+ else if(!strcmp(keyword,"R"))
+ sig->r=hex2bn(value);
+ else if(!strcmp(keyword,"S"))
+ {
+ EVP_MD_CTX mctx;
+ EVP_PKEY pk;
+ unsigned char sigbuf[60];
+ unsigned int slen;
+ int r;
+ EVP_MD_CTX_init(&mctx);
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+ sig->s=hex2bn(value);
+
+ pbn("Y",dsa->pub_key);
+ pbn("R",sig->r);
+ pbn("S",sig->s);
+
+ slen = FIPS_dsa_sig_encode(sigbuf, sig);
+ EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
+ EVP_VerifyUpdate(&mctx, msg, n);
+ r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
+ EVP_MD_CTX_cleanup(&mctx);
+
+ printf("Result = %c\n", r == 1 ? 'P' : 'F');
+ putc('\n',stdout);
+ }
+ }
+ }
+
+int main(int argc,char **argv)
+ {
+ if(argc != 2)
+ {
+ fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
+ exit(1);
+ }
+ if(!FIPS_mode_set(1))
+ {
+ do_print_errors();
+ exit(1);
+ }
+ if(!strcmp(argv[1],"prime"))
+ primes();
+ else if(!strcmp(argv[1],"pqg"))
+ pqg();
+ else if(!strcmp(argv[1],"pqgver"))
+ pqgver();
+ else if(!strcmp(argv[1],"keypair"))
+ keypair();
+ else if(!strcmp(argv[1],"keyver"))
+ keyver();
+ else if(!strcmp(argv[1],"siggen"))
+ siggen();
+ else if(!strcmp(argv[1],"sigver"))
+ sigver();
+ else
+ {
+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+ exit(1);
+ }
+
+ return 0;
+ }
+
+#endif