diff options
Diffstat (limited to 'src/crypto/dsa')
-rw-r--r-- | src/crypto/dsa/CMakeLists.txt | 2 | ||||
-rw-r--r-- | src/crypto/dsa/dsa.c | 2 | ||||
-rw-r--r-- | src/crypto/dsa/dsa_asn1.c | 2 | ||||
-rw-r--r-- | src/crypto/dsa/dsa_impl.c | 42 |
4 files changed, 26 insertions, 22 deletions
diff --git a/src/crypto/dsa/CMakeLists.txt b/src/crypto/dsa/CMakeLists.txt index e8b7793..1bb8b63 100644 --- a/src/crypto/dsa/CMakeLists.txt +++ b/src/crypto/dsa/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(../../include) +include_directories(. .. ../../include) add_library( dsa diff --git a/src/crypto/dsa/dsa.c b/src/crypto/dsa/dsa.c index 3ff29c4..65444b1 100644 --- a/src/crypto/dsa/dsa.c +++ b/src/crypto/dsa/dsa.c @@ -82,7 +82,7 @@ DSA *DSA_new(void) { return DSA_new_method(NULL); } DSA *DSA_new_method(const ENGINE *engine) { DSA *dsa = (DSA *)OPENSSL_malloc(sizeof(DSA)); if (dsa == NULL) { - OPENSSL_PUT_ERROR(DSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(DSA, DSA_new_method, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/src/crypto/dsa/dsa_asn1.c b/src/crypto/dsa/dsa_asn1.c index b6b3fa4..933fba7 100644 --- a/src/crypto/dsa/dsa_asn1.c +++ b/src/crypto/dsa/dsa_asn1.c @@ -73,7 +73,7 @@ static int dsa_sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, DSA_SIG *sig; sig = OPENSSL_malloc(sizeof(DSA_SIG)); if (!sig) { - OPENSSL_PUT_ERROR(DSA, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(DSA, dsa_sig_cb, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/src/crypto/dsa/dsa_impl.c b/src/crypto/dsa/dsa_impl.c index b10610d..2ab8ba8 100644 --- a/src/crypto/dsa/dsa_impl.c +++ b/src/crypto/dsa/dsa_impl.c @@ -83,7 +83,7 @@ static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, int ret = 0; if (!dsa->p || !dsa->q || !dsa->g) { - OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(DSA, sign_setup, DSA_R_MISSING_PARAMETERS); return 0; } @@ -171,7 +171,7 @@ static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, err: if (!ret) { - OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(DSA, sign_setup, ERR_R_BN_LIB); if (r != NULL) { BN_clear_free(r); } @@ -269,7 +269,7 @@ redo: err: if (!ret) { - OPENSSL_PUT_ERROR(DSA, reason); + OPENSSL_PUT_ERROR(DSA, sign, reason); BN_free(r); BN_free(s); } @@ -292,19 +292,19 @@ static int verify(int *out_valid, const uint8_t *dgst, size_t digest_len, *out_valid = 0; if (!dsa->p || !dsa->q || !dsa->g) { - OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(DSA, verify, DSA_R_MISSING_PARAMETERS); return 0; } i = BN_num_bits(dsa->q); /* fips 186-3 allows only different sizes for q */ if (i != 160 && i != 224 && i != 256) { - OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE); + OPENSSL_PUT_ERROR(DSA, verify, DSA_R_BAD_Q_VALUE); return 0; } if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { - OPENSSL_PUT_ERROR(DSA, DSA_R_MODULUS_TOO_LARGE); + OPENSSL_PUT_ERROR(DSA, verify, DSA_R_MODULUS_TOO_LARGE); return 0; } @@ -381,7 +381,7 @@ static int verify(int *out_valid, const uint8_t *dgst, size_t digest_len, err: if (ret != 1) { - OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(DSA, verify, ERR_R_BN_LIB); } BN_CTX_free(ctx); BN_free(&u1); @@ -487,14 +487,16 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, bits = (bits + 63) / 64 * 64; + /* NB: seed_len == 0 is special case: copy generated seed to + * seed_in if it is not NULL. */ + if (seed_len && (seed_len < (size_t)qsize)) { + seed_in = NULL; /* seed buffer too small -- ignore */ + } + if (seed_len > (size_t)qsize) { + seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits*/ + } if (seed_in != NULL) { - if (seed_len < (size_t)qsize) { - return 0; - } - if (seed_len > (size_t)qsize) { - /* Only consume as much seed as is expected. */ - seed_len = qsize; - } memcpy(seed, seed_in, seed_len); } @@ -525,19 +527,21 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, for (;;) { /* Find q. */ for (;;) { + int seed_is_random; + /* step 1 */ if (!BN_GENCB_call(cb, 0, m++)) { goto err; } - int use_random_seed = (seed_in == NULL); - if (use_random_seed) { + if (!seed_len) { if (!RAND_bytes(seed, qsize)) { goto err; } + seed_is_random = 1; } else { - /* If we come back through, use random seed next time. */ - seed_in = NULL; + seed_is_random = 0; + seed_len = 0; /* use random seed if 'seed_in' turns out to be bad*/ } memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); @@ -566,7 +570,7 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, } /* step 4 */ - r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb); + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); if (r > 0) { break; } |