Separate DSA functionality from ASN.1 encoding.
New functions DSA_do_sign and DSA_do_verify to provide access to
the raw DSA values.
diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl
index 382473a..d45501a 100644
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -22,8 +22,8 @@
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
-LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c $(ERRC).c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o $(ERRC).o
SRC= $(LIBSRC)
@@ -84,6 +84,16 @@
# DO NOT DELETE THIS LINE -- make depend depends on it.
+dsa_asn1.o: ../../include/asn1.h ../../include/asn1_mac.h ../../include/bio.h
+dsa_asn1.o: ../../include/blowfish.h ../../include/bn.h ../../include/buffer.h
+dsa_asn1.o: ../../include/cast.h ../../include/des.h ../../include/dh.h
+dsa_asn1.o: ../../include/e_os.h ../../include/err.h ../../include/evp.h
+dsa_asn1.o: ../../include/idea.h ../../include/md2.h ../../include/md5.h
+dsa_asn1.o: ../../include/mdc2.h ../../include/objects.h ../../include/pkcs7.h
+dsa_asn1.o: ../../include/rc2.h ../../include/rc4.h ../../include/rc5.h
+dsa_asn1.o: ../../include/ripemd.h ../../include/rsa.h ../../include/sha.h
+dsa_asn1.o: ../../include/stack.h ../../include/x509.h ../../include/x509_vfy.h
+dsa_asn1.o: ../cryptlib.h ../crypto.h ../opensslv.h dsa.h
dsa_err.o: ../../include/bn.h ../../include/err.h dsa.h
dsa_gen.o: ../../include/bio.h ../../include/bn.h ../../include/buffer.h
dsa_gen.o: ../../include/e_os.h ../../include/err.h ../../include/rand.h
diff --git a/crypto/dsa/dsa.err b/crypto/dsa/dsa.err
index 1131e9f..e20449b 100644
--- a/crypto/dsa/dsa.err
+++ b/crypto/dsa/dsa.err
@@ -10,6 +10,11 @@
#define DSA_F_DSA_SIGN 106
#define DSA_F_DSA_SIGN_SETUP 107
#define DSA_F_DSA_VERIFY 108
+#define DSA_F_DSA_SIG_NEW 109
+#define DSA_F_D2I_DSA_SIG 110
+#define DSA_F_I2D_DSA_SIG 111
+#define DSA_F_DSA_DO_SIGN 112
+#define DSA_F_DSA_DO_VERIFY 113
/* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index a231c19..d531efb 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -97,6 +97,12 @@
int references;
} DSA;
+typedef struct DSA_SIG_st
+ {
+ BIGNUM *r;
+ BIGNUM *s;
+ } DSA_SIG;
+
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
(char *(*)())d2i_DSAparams,(char *)(x))
#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
@@ -110,6 +116,15 @@
#ifndef NOPROTO
+DSA_SIG * DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+
+DSA_SIG * DSA_do_sign(unsigned char *dgst,int dlen,DSA *dsa);
+int DSA_do_verify(unsigned char *dgst,int dgst_len,
+ DSA_SIG *sig,DSA *dsa);
+
DSA * DSA_new(void);
int DSA_size(DSA *);
/* next 4 return -1 on error */
@@ -146,6 +161,14 @@
#else
+DSA_SIG * DSA_SIG_new();
+void DSA_SIG_free();
+int i2d_DSA_SIG();
+DSA_SIG * d2i_DSA_SIG();
+
+DSA_SIG * DSA_do_sign();
+int DSA_do_verify();
+
DSA * DSA_new();
int DSA_size();
int DSA_sign_setup();
@@ -189,6 +212,11 @@
#define DSA_F_DSA_SIGN 106
#define DSA_F_DSA_SIGN_SETUP 107
#define DSA_F_DSA_VERIFY 108
+#define DSA_F_DSA_SIG_NEW 109
+#define DSA_F_D2I_DSA_SIG 110
+#define DSA_F_I2D_DSA_SIG 111
+#define DSA_F_DSA_DO_SIGN 112
+#define DSA_F_DSA_DO_VERIFY 113
/* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000..b7fa7ed
--- /dev/null
+++ b/crypto/dsa/dsa_asn1.c
@@ -0,0 +1,102 @@
+/* crypto/dsa/dsa_asn1.c */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "dsa.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+
+DSA_SIG *DSA_SIG_new(void)
+{
+ DSA_SIG *ret;
+
+ ret = Malloc(sizeof(DSA_SIG));
+ if (ret == NULL)
+ {
+ DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ ret->r = NULL;
+ ret->s = NULL;
+ return(ret);
+}
+
+void DSA_SIG_free(r)
+DSA_SIG *r;
+{
+ if (r == NULL) return;
+ if (r->r) BN_clear_free(r->r);
+ if (r->s) BN_clear_free(r->s);
+ Free(r);
+}
+
+int i2d_DSA_SIG(v,pp)
+DSA_SIG *v;
+unsigned char **pp;
+{
+ int t=0,len;
+ ASN1_INTEGER rbs,sbs;
+ unsigned char *p;
+
+ rbs.data=Malloc(BN_num_bits(v->r)/8+1);
+ if (rbs.data == NULL)
+ {
+ DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ rbs.type=V_ASN1_INTEGER;
+ rbs.length=BN_bn2bin(v->r,rbs.data);
+ sbs.data=Malloc(BN_num_bits(v->s)/8+1);
+ if (sbs.data == NULL)
+ {
+ Free(rbs.data);
+ DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ sbs.type=V_ASN1_INTEGER;
+ sbs.length=BN_bn2bin(v->s,sbs.data);
+
+ len=i2d_ASN1_INTEGER(&rbs,NULL);
+ len+=i2d_ASN1_INTEGER(&sbs,NULL);
+
+ if (pp)
+ {
+ p=*pp;
+ ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+ i2d_ASN1_INTEGER(&rbs,&p);
+ i2d_ASN1_INTEGER(&sbs,&p);
+ }
+ t=ASN1_object_size(1,len,V_ASN1_SEQUENCE);
+ Free(rbs.data);
+ Free(sbs.data);
+ return(t);
+}
+
+DSA_SIG *d2i_DSA_SIG(a,pp,length)
+DSA_SIG **a;
+unsigned char **pp;
+long length;
+{
+ int i=ERR_R_NESTED_ASN1_ERROR;
+ ASN1_INTEGER *bs=NULL;
+ M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+ if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL)
+ goto err_bn;
+ M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+ if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
+ goto err_bn;
+ ASN1_BIT_STRING_free(bs);
+ M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+ i=ERR_R_BN_LIB;
+err:
+ DSAerr(DSA_F_D2I_DSA_SIG,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret);
+ if (bs != NULL) ASN1_BIT_STRING_free(bs);
+ return(NULL);
+}
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 4cb58a8..c3a4f4d 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -72,6 +72,11 @@
{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"},
{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"},
{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"},
+{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"},
+{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"},
+{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"},
+{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"},
+{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"},
{0,NULL},
};
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index f43d023..92098e2 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -65,30 +65,22 @@
#include "rand.h"
#include "asn1.h"
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
-
-int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
-int type;
+DSA_SIG * DSA_do_sign(dgst,dlen,dsa)
unsigned char *dgst;
int dlen;
-unsigned char *sig; /* out */
-unsigned int *siglen; /* out */
DSA *dsa;
{
- BIGNUM *kinv=NULL,*r=NULL;
+ BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
BIGNUM m;
- BIGNUM xr,s;
+ BIGNUM xr;
BN_CTX *ctx=NULL;
- unsigned char *p;
- int i,len=0,ret=0,reason=ERR_R_BN_LIB;
- ASN1_INTEGER rbs,sbs;
- MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
- MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
+ int i,reason=ERR_R_BN_LIB;
+ DSA_SIG *ret=NULL;
BN_init(&m);
BN_init(&xr);
- BN_init(&s);
+ s=BN_new();
+ if (s == NULL) goto err;
i=BN_num_bytes(dsa->q); /* should be 20 */
if ((dlen > i) || (dlen > 50))
@@ -116,44 +108,51 @@
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
- if (!BN_add(&s, &xr, &m)) goto err; /* s = m + xr */
- if (BN_cmp(&s,dsa->q) > 0)
- BN_sub(&s,&s,dsa->q);
- if (!BN_mod_mul(&s,&s,kinv,dsa->q,ctx)) goto err;
+ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
+ if (BN_cmp(s,dsa->q) > 0)
+ BN_sub(s,s,dsa->q);
+ if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
- /*
- * Now create a ASN.1 sequence of the integers R and S.
- */
- rbs.data=rbuf;
- sbs.data=sbuf;
- rbs.type = V_ASN1_INTEGER;
- sbs.type = V_ASN1_INTEGER;
- rbs.length=BN_bn2bin(r,rbs.data);
- sbs.length=BN_bn2bin(&s,sbs.data);
-
- len =i2d_ASN1_INTEGER(&rbs,NULL);
- len+=i2d_ASN1_INTEGER(&sbs,NULL);
-
- p=sig;
- ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
- i2d_ASN1_INTEGER(&rbs,&p);
- i2d_ASN1_INTEGER(&sbs,&p);
- *siglen=(p-sig);
- ret=1;
+ ret=DSA_SIG_new();
+ if (ret == NULL) goto err;
+ ret->r = r;
+ ret->s = s;
+
err:
- if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
-
-#if 1 /* do the right thing :-) */
- if (kinv != NULL) BN_clear_free(kinv);
- if (r != NULL) BN_clear_free(r);
-#endif
+ if (!ret)
+ {
+ DSAerr(DSA_F_DSA_DO_SIGN,reason);
+ BN_free(r);
+ BN_free(s);
+ }
if (ctx != NULL) BN_CTX_free(ctx);
BN_clear_free(&m);
BN_clear_free(&xr);
- BN_clear_free(&s);
return(ret);
}
+/* data has already been hashed (probably with SHA or SHA-1). */
+
+int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
+int type;
+unsigned char *dgst;
+int dlen;
+unsigned char *sig; /* out */
+unsigned int *siglen; /* out */
+DSA *dsa;
+ {
+ DSA_SIG *s;
+ s=DSA_do_sign(dgst,dlen,dsa);
+ if (s == NULL)
+ {
+ *siglen=0;
+ return(0);
+ }
+ *siglen=i2d_DSA_SIG(s,&sig);
+ DSA_SIG_free(s);
+ return(1);
+ }
+
int DSA_sign_setup(dsa,ctx_in,kinvp,rp)
DSA *dsa;
BN_CTX *ctx_in;
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 37e8781..3b74c81 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
#include <stdio.h>
#include "cryptlib.h"
@@ -66,57 +66,34 @@
#include "asn1.h"
#include "asn1_mac.h"
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- * 1: correct signature
- * 0: incorrect signature
- * -1: error
- */
-int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
-int type;
+int DSA_do_verify(dgst,dgst_len,sig,dsa)
unsigned char *dgst;
int dgst_len;
-unsigned char *sigbuf;
-int siglen;
+DSA_SIG *sig;
DSA *dsa;
{
- /* The next 3 are used by the M_ASN1 macros */
- long length=siglen;
- ASN1_CTX c;
- unsigned char **pp= &sigbuf;
BN_CTX *ctx;
- BIGNUM r,u1,u2,t1;
- ASN1_INTEGER *bs=NULL;
+ BIGNUM u1,u2,t1;
BN_MONT_CTX *mont=NULL;
int ret = -1;
if ((ctx=BN_CTX_new()) == NULL) goto err;
-
BN_init(&u1);
BN_init(&u2);
- BN_init(&r);
BN_init(&t1);
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
- M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
- if ((BN_bin2bn(bs->data,bs->length,&r)) == NULL) goto err_bn;
- M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
- if ((BN_bin2bn(bs->data,bs->length,&u1)) == NULL) goto err_bn;
- if (!asn1_Finish(&c)) goto err;
-
/* Calculate W = inv(S) mod Q
* save W in u2 */
- if ((BN_mod_inverse(&u2,&u1,dsa->q,ctx)) == NULL) goto err_bn;
+ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
/* save M in u1 */
- if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err_bn;
+ if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
/* u1 = M * w mod q */
- if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err_bn;
+ if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
/* u2 = r * w mod q */
- if (!BN_mod_mul(&u2,&r,&u2,dsa->q,ctx)) goto err_bn;
+ if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{
@@ -133,42 +110,59 @@
BN_init(&t2);
/* v = ( g^u1 * y^u2 mod p ) mod q */
/* let t1 = g ^ u1 mod p */
- if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err_bn;
+ if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
/* let t2 = y ^ u2 mod p */
- if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err_bn;
+ if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
/* let u1 = t1 * t2 mod p */
if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
BN_free(&t2);
}
/* let u1 = u1 mod q */
- if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err_bn;
+ if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
#else
{
if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont))
- goto err_bn;
+ goto err;
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
- if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err_bn;
+ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
}
#endif
/* V is now in u1. If the signature is correct, it will be
* equal to R. */
- ret=(BN_ucmp(&u1, &r) == 0);
- if (0)
- {
-err: /* ASN1 error */
- DSAerr(DSA_F_DSA_VERIFY,c.error);
- }
- if (0)
- {
-err_bn: /* BN error */
- DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
- }
+ ret=(BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+ if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
if (ctx != NULL) BN_CTX_free(ctx);
- BN_free(&r);
BN_free(&u1);
BN_free(&u2);
BN_free(&t1);
- if (bs != NULL) ASN1_BIT_STRING_free(bs);
+ return(ret);
+ }
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ * 1: correct signature
+ * 0: incorrect signature
+ * -1: error
+ */
+int DSA_verify(type,dgst,dgst_len,sigbuf,siglen,dsa)
+int type;
+unsigned char *dgst;
+int dgst_len;
+unsigned char *sigbuf;
+int siglen;
+DSA *dsa;
+ {
+ DSA_SIG *s;
+ int ret=-1;
+
+ s = DSA_SIG_new();
+ if (s == NULL) return(ret);
+ if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+ DSA_SIG_free(s);
return(ret);
}
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 39bb712..924380a 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -125,6 +125,8 @@
int counter,ret=0,i,j;
unsigned char buf[256];
unsigned long h;
+ unsigned char sig[256];
+ int siglen;
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -178,8 +180,10 @@
BIO_printf(bio_err,"g value is wrong\n");
goto end;
}
-
- ret=1;
+ DSA_generate_key(dsa);
+ DSA_sign(0, "12345678901234567890", 20, sig, &siglen, dsa);
+ if (DSA_verify(0, "12345678901234567890", 20, sig, siglen, dsa) == 1)
+ ret=1;
end:
if (!ret)
ERR_print_errors(bio_err);
diff --git a/util/libeay.num b/util/libeay.num
index b30443c..1e59e52 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1304,3 +1304,10 @@
d2i_SXNETID 1330
SXNETID_new 1331
SXNETID_free 1332
+DSA_SIG_new 1333
+DSA_SIG_free 1334
+DSA_do_sign 1335
+DSA_do_verify 1336
+d2i_DSA_SIG 1337
+i2d_DSA_SIG 1338
+
