fips/dsa/fips_dsa_ossl.c

1 /* crypto/dsa/dsa_ossl.c */
63 #include <openssl/dsa.h>
75                             DSA *dsa);
76 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
79                          DSA_SIG *sig, DSA *dsa);
80 static int dsa_init(DSA *dsa);
81 static int dsa_finish(DSA *dsa);
82 static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
85 static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
102 int FIPS_dsa_check(struct dsa_st *dsa)
104     if (dsa->meth != &openssl_dsa_meth
105         || dsa->meth->dsa_do_sign != dsa_do_sign
106         || dsa->meth->dsa_sign_setup != dsa_sign_setup
107         || dsa->meth->dsa_mod_exp != dsa_mod_exp
108         || dsa->meth->bn_mod_exp != dsa_bn_mod_exp
109         || dsa->meth->init != dsa_init || dsa->meth->finish != dsa_finish) {
123                             DSA *dsa)
138         && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
146     if (!dsa->p || !dsa->q || !dsa->g) {
155     i = BN_num_bytes(dsa->q);   /* should be 20 */
165     if (!dsa->meth->dsa_sign_setup(dsa, ctx, &kinv, &r))
172     if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
176     if (BN_cmp(s, dsa->q) > 0)
177         BN_sub(s, s, dsa->q);
178     if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
197     if (kinv != NULL)           /* dsa->kinv is NULL now if we used it */
202 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
209     if (!dsa->p || !dsa->q || !dsa->g) {
228         if (!BN_rand_range(&k, dsa->q))
231     if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
235     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
236         if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
237                                     CRYPTO_LOCK_DSA, dsa->p, ctx))
243     if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
254         if (!BN_add(&kq, &kq, dsa->q))
256         if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
257             if (!BN_add(&kq, &kq, dsa->q))
265     if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, K, dsa->p, ctx,
266                                (BN_MONT_CTX *)dsa->method_mont_p))
268     if (!BN_mod(r, r, dsa->q, ctx))
272     if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
301                          DSA_SIG *sig, DSA *dsa)
308     if (!dsa->p || !dsa->q || !dsa->g) {
318     if (BN_num_bits(dsa->q) != 160) {
323     if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
329         && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
341     if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) {
345     if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) {
353     if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
361     if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
365     if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
368     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
369         mont = BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
370                                       CRYPTO_LOCK_DSA, dsa->p, ctx);
381         if (!BN_mod_exp_mont(&t1, dsa->g, &u1, dsa->p, ctx, mont))
384         if (!BN_mod_exp_mont(&t2, dsa->pub_key, &u2, dsa->p, ctx, mont))
387         if (!BN_mod_mul(&u1, &t1, &t2, dsa->p, ctx))
392     if (!BN_mod(&u1, &u1, dsa->q, ctx))
396         if (!dsa->meth->dsa_mod_exp(dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2,
397                                     dsa->p, ctx, mont))
401         if (!BN_mod(&u1, &t1, dsa->q, ctx))
421 static int dsa_init(DSA *dsa)
424     dsa->flags |= DSA_FLAG_CACHE_MONT_P;
428 static int dsa_finish(DSA *dsa)
430     if (dsa->method_mont_p)
431         BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
435 static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
442 static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,