| OLD | NEW |
|---|
| 1 /* crypto/dsa/dsa_gen.c */ | 1 /* crypto/dsa/dsa_gen.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in | 67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in |
| 68 * FIPS PUB 180-1) */ | 68 * FIPS PUB 180-1) */ |
| 69 #define HASH EVP_sha1() | 69 #define HASH EVP_sha1() |
| 70 #endif | 70 #endif |
| 71 | 71 |
| 72 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ | 72 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ |
| 73 | 73 |
| 74 #ifndef OPENSSL_NO_SHA | 74 #ifndef OPENSSL_NO_SHA |
| 75 | 75 |
| 76 #include <stdio.h> | 76 #include <stdio.h> |
| 77 #include <time.h> | |
| 78 #include "cryptlib.h" | 77 #include "cryptlib.h" |
| 79 #include <openssl/evp.h> | 78 #include <openssl/evp.h> |
| 80 #include <openssl/bn.h> | 79 #include <openssl/bn.h> |
| 81 #include <openssl/dsa.h> | |
| 82 #include <openssl/rand.h> | 80 #include <openssl/rand.h> |
| 83 #include <openssl/sha.h> | 81 #include <openssl/sha.h> |
| 84 | 82 #include "dsa_locl.h" |
| 85 #ifndef OPENSSL_FIPS | |
| 86 | |
| 87 static int dsa_builtin_paramgen(DSA *ret, int bits, | |
| 88 » » unsigned char *seed_in, int seed_len, | |
| 89 » » int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); | |
| 90 | 83 |
| 91 int DSA_generate_parameters_ex(DSA *ret, int bits, | 84 int DSA_generate_parameters_ex(DSA *ret, int bits, |
| 92 » » unsigned char *seed_in, int seed_len, | 85 » » const unsigned char *seed_in, int seed_len, |
| 93 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) | 86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) |
| 94 { | 87 { |
| 95 if(ret->meth->dsa_paramgen) | 88 if(ret->meth->dsa_paramgen) |
| 96 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, | 89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, |
| 97 counter_ret, h_ret, cb); | 90 counter_ret, h_ret, cb); |
| 98 » return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, | 91 » else |
| 99 » » » counter_ret, h_ret, cb); | 92 » » { |
| 93 » » const EVP_MD *evpmd; |
| 94 » » size_t qbits = bits >= 2048 ? 256 : 160; |
| 95 |
| 96 » » if (bits >= 2048) |
| 97 » » » { |
| 98 » » » qbits = 256; |
| 99 » » » evpmd = EVP_sha256(); |
| 100 » » » } |
| 101 » » else |
| 102 » » » { |
| 103 » » » qbits = 160; |
| 104 » » » evpmd = EVP_sha1(); |
| 105 » » » } |
| 106 |
| 107 » » return dsa_builtin_paramgen(ret, bits, qbits, evpmd, |
| 108 » » » » seed_in, seed_len, counter_ret, h_ret, cb); |
| 109 » » } |
| 100 } | 110 } |
| 101 | 111 |
| 102 static int dsa_builtin_paramgen(DSA *ret, int bits, | 112 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, |
| 103 » » unsigned char *seed_in, int seed_len, | 113 » const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, |
| 104 » » int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) | 114 » int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) |
| 105 { | 115 { |
| 106 int ok=0; | 116 int ok=0; |
| 107 » unsigned char seed[SHA_DIGEST_LENGTH]; | 117 » unsigned char seed[SHA256_DIGEST_LENGTH]; |
| 108 » unsigned char md[SHA_DIGEST_LENGTH]; | 118 » unsigned char md[SHA256_DIGEST_LENGTH]; |
| 109 » unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; | 119 » unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; |
| 110 BIGNUM *r0,*W,*X,*c,*test; | 120 BIGNUM *r0,*W,*X,*c,*test; |
| 111 BIGNUM *g=NULL,*q=NULL,*p=NULL; | 121 BIGNUM *g=NULL,*q=NULL,*p=NULL; |
| 112 BN_MONT_CTX *mont=NULL; | 122 BN_MONT_CTX *mont=NULL; |
| 113 » int k,n=0,i,b,m=0; | 123 » int i, k, n=0, m=0, qsize = qbits >> 3; |
| 114 int counter=0; | 124 int counter=0; |
| 115 int r=0; | 125 int r=0; |
| 116 BN_CTX *ctx=NULL; | 126 BN_CTX *ctx=NULL; |
| 117 unsigned int h=2; | 127 unsigned int h=2; |
| 118 | 128 |
| 119 » if (bits < 512) bits=512; | 129 » if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && |
| 120 » bits=(bits+63)/64*64; | 130 » qsize != SHA256_DIGEST_LENGTH) |
| 131 » » /* invalid q size */ |
| 132 » » return 0; |
| 133 |
| 134 » if (evpmd == NULL) |
| 135 » » /* use SHA1 as default */ |
| 136 » » evpmd = EVP_sha1(); |
| 137 |
| 138 » if (bits < 512) |
| 139 » » bits = 512; |
| 140 |
| 141 » bits = (bits+63)/64*64; |
| 121 | 142 |
| 122 /* NB: seed_len == 0 is special case: copy generated seed to | 143 /* NB: seed_len == 0 is special case: copy generated seed to |
| 123 * seed_in if it is not NULL. | 144 * seed_in if it is not NULL. |
| 124 */ | 145 */ |
| 125 » if (seed_len && (seed_len < 20)) | 146 » if (seed_len && (seed_len < (size_t)qsize)) |
| 126 » » seed_in = NULL; /* seed buffer too small -- ignore */ | 147 » » seed_in = NULL;»» /* seed buffer too small -- ignore */ |
| 127 » if (seed_len > 20) | 148 » if (seed_len > (size_t)qsize) |
| 128 » » seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, | 149 » » seed_len = qsize;» /* App. 2.2 of FIPS PUB 186 allows large
r SEED, |
| 129 » » * but our internal buffers are restricted to 160
bits*/ | 150 » » » » » * but our internal buffers are restrict
ed to 160 bits*/ |
| 130 » if ((seed_in != NULL) && (seed_len == 20)) | 151 » if (seed_in != NULL) |
| 131 » » { | 152 » » memcpy(seed, seed_in, seed_len); |
| 132 » » memcpy(seed,seed_in,seed_len); | |
| 133 » » /* set seed_in to NULL to avoid it being copied back */ | |
| 134 » » seed_in = NULL; | |
| 135 » » } | |
| 136 | 153 |
| 137 » if ((ctx=BN_CTX_new()) == NULL) goto err; | 154 » if ((ctx=BN_CTX_new()) == NULL) |
| 155 » » goto err; |
| 138 | 156 |
| 139 » if ((mont=BN_MONT_CTX_new()) == NULL) goto err; | 157 » if ((mont=BN_MONT_CTX_new()) == NULL) |
| 158 » » goto err; |
| 140 | 159 |
| 141 BN_CTX_start(ctx); | 160 BN_CTX_start(ctx); |
| 142 r0 = BN_CTX_get(ctx); | 161 r0 = BN_CTX_get(ctx); |
| 143 g = BN_CTX_get(ctx); | 162 g = BN_CTX_get(ctx); |
| 144 W = BN_CTX_get(ctx); | 163 W = BN_CTX_get(ctx); |
| 145 q = BN_CTX_get(ctx); | 164 q = BN_CTX_get(ctx); |
| 146 X = BN_CTX_get(ctx); | 165 X = BN_CTX_get(ctx); |
| 147 c = BN_CTX_get(ctx); | 166 c = BN_CTX_get(ctx); |
| 148 p = BN_CTX_get(ctx); | 167 p = BN_CTX_get(ctx); |
| 149 test = BN_CTX_get(ctx); | 168 test = BN_CTX_get(ctx); |
| 150 | 169 |
| 151 if (!BN_lshift(test,BN_value_one(),bits-1)) | 170 if (!BN_lshift(test,BN_value_one(),bits-1)) |
| 152 goto err; | 171 goto err; |
| 153 | 172 |
| 154 for (;;) | 173 for (;;) |
| 155 { | 174 { |
| 156 for (;;) /* find q */ | 175 for (;;) /* find q */ |
| 157 { | 176 { |
| 158 int seed_is_random; | 177 int seed_is_random; |
| 159 | 178 |
| 160 /* step 1 */ | 179 /* step 1 */ |
| 161 if(!BN_GENCB_call(cb, 0, m++)) | 180 if(!BN_GENCB_call(cb, 0, m++)) |
| 162 goto err; | 181 goto err; |
| 163 | 182 |
| 164 if (!seed_len) | 183 if (!seed_len) |
| 165 { | 184 { |
| 166 » » » » RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); | 185 » » » » RAND_pseudo_bytes(seed, qsize); |
| 167 seed_is_random = 1; | 186 seed_is_random = 1; |
| 168 } | 187 } |
| 169 else | 188 else |
| 170 { | 189 { |
| 171 seed_is_random = 0; | 190 seed_is_random = 0; |
| 172 seed_len=0; /* use random seed if 'seed_in' turn
s out to be bad*/ | 191 seed_len=0; /* use random seed if 'seed_in' turn
s out to be bad*/ |
| 173 } | 192 } |
| 174 » » » memcpy(buf,seed,SHA_DIGEST_LENGTH); | 193 » » » memcpy(buf , seed, qsize); |
| 175 » » » memcpy(buf2,seed,SHA_DIGEST_LENGTH); | 194 » » » memcpy(buf2, seed, qsize); |
| 176 /* precompute "SEED + 1" for step 7: */ | 195 /* precompute "SEED + 1" for step 7: */ |
| 177 » » » for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) | 196 » » » for (i = qsize-1; i >= 0; i--) |
| 178 { | 197 { |
| 179 buf[i]++; | 198 buf[i]++; |
| 180 » » » » if (buf[i] != 0) break; | 199 » » » » if (buf[i] != 0) |
| 200 » » » » » break; |
| 181 } | 201 } |
| 182 | 202 |
| 183 /* step 2 */ | 203 /* step 2 */ |
| 184 » » » EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); | 204 » » » EVP_Digest(seed, qsize, md, NULL, evpmd, NULL); |
| 185 » » » EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); | 205 » » » EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL); |
| 186 » » » for (i=0; i<SHA_DIGEST_LENGTH; i++) | 206 » » » for (i = 0; i < qsize; i++) |
| 187 md[i]^=buf2[i]; | 207 md[i]^=buf2[i]; |
| 188 | 208 |
| 189 /* step 3 */ | 209 /* step 3 */ |
| 190 » » » md[0]|=0x80; | 210 » » » md[0] |= 0x80; |
| 191 » » » md[SHA_DIGEST_LENGTH-1]|=0x01; | 211 » » » md[qsize-1] |= 0x01; |
| 192 » » » if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; | 212 » » » if (!BN_bin2bn(md, qsize, q)) |
| 213 » » » » goto err; |
| 193 | 214 |
| 194 /* step 4 */ | 215 /* step 4 */ |
| 195 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, | 216 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, |
| 196 seed_is_random, cb); | 217 seed_is_random, cb); |
| 197 if (r > 0) | 218 if (r > 0) |
| 198 break; | 219 break; |
| 199 if (r != 0) | 220 if (r != 0) |
| 200 goto err; | 221 goto err; |
| 201 | 222 |
| 202 /* do a callback call */ | 223 /* do a callback call */ |
| 203 /* step 5 */ | 224 /* step 5 */ |
| 204 } | 225 } |
| 205 | 226 |
| 206 if(!BN_GENCB_call(cb, 2, 0)) goto err; | 227 if(!BN_GENCB_call(cb, 2, 0)) goto err; |
| 207 if(!BN_GENCB_call(cb, 3, 0)) goto err; | 228 if(!BN_GENCB_call(cb, 3, 0)) goto err; |
| 208 | 229 |
| 209 /* step 6 */ | 230 /* step 6 */ |
| 210 counter=0; | 231 counter=0; |
| 211 /* "offset = 2" */ | 232 /* "offset = 2" */ |
| 212 | 233 |
| 213 n=(bits-1)/160; | 234 n=(bits-1)/160; |
| 214 b=(bits-1)-n*160; | |
| 215 | 235 |
| 216 for (;;) | 236 for (;;) |
| 217 { | 237 { |
| 218 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) | 238 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) |
| 219 goto err; | 239 goto err; |
| 220 | 240 |
| 221 /* step 7 */ | 241 /* step 7 */ |
| 222 BN_zero(W); | 242 BN_zero(W); |
| 223 /* now 'buf' contains "SEED + offset - 1" */ | 243 /* now 'buf' contains "SEED + offset - 1" */ |
| 224 for (k=0; k<=n; k++) | 244 for (k=0; k<=n; k++) |
| 225 { | 245 { |
| 226 /* obtain "SEED + offset + k" by incrementing: *
/ | 246 /* obtain "SEED + offset + k" by incrementing: *
/ |
| 227 » » » » for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) | 247 » » » » for (i = qsize-1; i >= 0; i--) |
| 228 { | 248 { |
| 229 buf[i]++; | 249 buf[i]++; |
| 230 » » » » » if (buf[i] != 0) break; | 250 » » » » » if (buf[i] != 0) |
| 251 » » » » » » break; |
| 231 } | 252 } |
| 232 | 253 |
| 233 » » » » EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, N
ULL); | 254 » » » » EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL); |
| 234 | 255 |
| 235 /* step 8 */ | 256 /* step 8 */ |
| 236 » » » » if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) | 257 » » » » if (!BN_bin2bn(md, qsize, r0)) |
| 237 goto err; | 258 goto err; |
| 238 » » » » if (!BN_lshift(r0,r0,160*k)) goto err; | 259 » » » » if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; |
| 239 if (!BN_add(W,W,r0)) goto err; | 260 if (!BN_add(W,W,r0)) goto err; |
| 240 } | 261 } |
| 241 | 262 |
| 242 /* more of step 8 */ | 263 /* more of step 8 */ |
| 243 if (!BN_mask_bits(W,bits-1)) goto err; | 264 if (!BN_mask_bits(W,bits-1)) goto err; |
| 244 if (!BN_copy(X,W)) goto err; | 265 if (!BN_copy(X,W)) goto err; |
| 245 if (!BN_add(X,X,test)) goto err; | 266 if (!BN_add(X,X,test)) goto err; |
| 246 | 267 |
| 247 /* step 9 */ | 268 /* step 9 */ |
| 248 if (!BN_lshift1(r0,q)) goto err; | 269 if (!BN_lshift1(r0,q)) goto err; |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 302 if(ret->q) BN_free(ret->q); | 323 if(ret->q) BN_free(ret->q); |
| 303 if(ret->g) BN_free(ret->g); | 324 if(ret->g) BN_free(ret->g); |
| 304 ret->p=BN_dup(p); | 325 ret->p=BN_dup(p); |
| 305 ret->q=BN_dup(q); | 326 ret->q=BN_dup(q); |
| 306 ret->g=BN_dup(g); | 327 ret->g=BN_dup(g); |
| 307 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) | 328 if (ret->p == NULL || ret->q == NULL || ret->g == NULL) |
| 308 { | 329 { |
| 309 ok=0; | 330 ok=0; |
| 310 goto err; | 331 goto err; |
| 311 } | 332 } |
| 312 if (seed_in != NULL) memcpy(seed_in,seed,20); | |
| 313 if (counter_ret != NULL) *counter_ret=counter; | 333 if (counter_ret != NULL) *counter_ret=counter; |
| 314 if (h_ret != NULL) *h_ret=h; | 334 if (h_ret != NULL) *h_ret=h; |
| 315 } | 335 } |
| 316 if(ctx) | 336 if(ctx) |
| 317 { | 337 { |
| 318 BN_CTX_end(ctx); | 338 BN_CTX_end(ctx); |
| 319 BN_CTX_free(ctx); | 339 BN_CTX_free(ctx); |
| 320 } | 340 } |
| 321 if (mont != NULL) BN_MONT_CTX_free(mont); | 341 if (mont != NULL) BN_MONT_CTX_free(mont); |
| 322 return ok; | 342 return ok; |
| 323 } | 343 } |
| 324 #endif | 344 #endif |
| 325 #endif | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/