Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
c0d43901
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c0d43901
编写于
10月 28, 2014
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Implement internally opaque bn access from dsa
Reviewed-by:
N
Tim Hudson
<
tjh@openssl.org
>
上级
829ccf6a
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
82 addition
and
56 deletion
+82
-56
crypto/dsa/dsa_depr.c
crypto/dsa/dsa_depr.c
+13
-3
crypto/dsa/dsa_key.c
crypto/dsa/dsa_key.c
+9
-4
crypto/dsa/dsa_ossl.c
crypto/dsa/dsa_ossl.c
+44
-42
crypto/dsa/dsa_pmeth.c
crypto/dsa/dsa_pmeth.c
+7
-2
crypto/dsa/dsatest.c
crypto/dsa/dsatest.c
+9
-5
未找到文件。
crypto/dsa/dsa_depr.c
浏览文件 @
c0d43901
...
...
@@ -89,16 +89,26 @@ DSA *DSA_generate_parameters(int bits,
void
(
*
callback
)(
int
,
int
,
void
*
),
void
*
cb_arg
)
{
BN_GENCB
cb
;
BN_GENCB
*
cb
;
DSA
*
ret
;
if
((
ret
=
DSA_new
())
==
NULL
)
return
NULL
;
cb
=
BN_GENCB_new
();
if
(
!
cb
)
{
DSA_free
(
ret
);
return
NULL
;
}
BN_GENCB_set_old
(
&
cb
,
callback
,
cb_arg
);
BN_GENCB_set_old
(
cb
,
callback
,
cb_arg
);
if
(
DSA_generate_parameters_ex
(
ret
,
bits
,
seed_in
,
seed_len
,
counter_ret
,
h_ret
,
&
cb
))
counter_ret
,
h_ret
,
cb
))
{
BN_GENCB_free
(
cb
);
return
ret
;
}
BN_GENCB_free
(
cb
);
DSA_free
(
ret
);
return
NULL
;
}
...
...
crypto/dsa/dsa_key.c
浏览文件 @
c0d43901
...
...
@@ -102,19 +102,24 @@ static int dsa_builtin_keygen(DSA *dsa)
pub_key
=
dsa
->
pub_key
;
{
BIGNUM
local_prk
;
BIGNUM
*
local_prk
=
NULL
;
BIGNUM
*
prk
;
if
((
dsa
->
flags
&
DSA_FLAG_NO_EXP_CONSTTIME
)
==
0
)
{
BN_init
(
&
local_prk
);
prk
=
&
local_prk
;
local_prk
=
prk
=
BN_new
(
);
if
(
!
local_prk
)
goto
err
;
BN_with_flags
(
prk
,
priv_key
,
BN_FLG_CONSTTIME
);
}
else
prk
=
priv_key
;
if
(
!
BN_mod_exp
(
pub_key
,
dsa
->
g
,
prk
,
dsa
->
p
,
ctx
))
goto
err
;
if
(
!
BN_mod_exp
(
pub_key
,
dsa
->
g
,
prk
,
dsa
->
p
,
ctx
))
{
if
(
local_prk
!=
NULL
)
BN_free
(
local_prk
);
goto
err
;
}
if
(
local_prk
!=
NULL
)
BN_free
(
local_prk
);
}
dsa
->
priv_key
=
priv_key
;
...
...
crypto/dsa/dsa_ossl.c
浏览文件 @
c0d43901
...
...
@@ -136,15 +136,16 @@ const DSA_METHOD *DSA_OpenSSL(void)
static
DSA_SIG
*
dsa_do_sign
(
const
unsigned
char
*
dgst
,
int
dlen
,
DSA
*
dsa
)
{
BIGNUM
*
kinv
=
NULL
,
*
r
=
NULL
,
*
s
=
NULL
;
BIGNUM
m
;
BIGNUM
xr
;
BIGNUM
*
m
;
BIGNUM
*
xr
;
BN_CTX
*
ctx
=
NULL
;
int
reason
=
ERR_R_BN_LIB
;
DSA_SIG
*
ret
=
NULL
;
int
noredo
=
0
;
BN_init
(
&
m
);
BN_init
(
&
xr
);
m
=
BN_new
();
xr
=
BN_new
();
if
(
!
m
||
!
xr
)
goto
err
;
if
(
!
dsa
->
p
||
!
dsa
->
q
||
!
dsa
->
g
)
{
...
...
@@ -177,12 +178,12 @@ redo:
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
dlen
=
BN_num_bytes
(
dsa
->
q
);
if
(
BN_bin2bn
(
dgst
,
dlen
,
&
m
)
==
NULL
)
if
(
BN_bin2bn
(
dgst
,
dlen
,
m
)
==
NULL
)
goto
err
;
/* Compute s = inv(k) (m + xr) mod q */
if
(
!
BN_mod_mul
(
&
xr
,
dsa
->
priv_key
,
r
,
dsa
->
q
,
ctx
))
goto
err
;
/* s = xr */
if
(
!
BN_add
(
s
,
&
xr
,
&
m
))
goto
err
;
/* s = m + xr */
if
(
!
BN_mod_mul
(
xr
,
dsa
->
priv_key
,
r
,
dsa
->
q
,
ctx
))
goto
err
;
/* s = xr */
if
(
!
BN_add
(
s
,
xr
,
m
))
goto
err
;
/* s = m + xr */
if
(
BN_cmp
(
s
,
dsa
->
q
)
>
0
)
if
(
!
BN_sub
(
s
,
s
,
dsa
->
q
))
goto
err
;
if
(
!
BN_mod_mul
(
s
,
s
,
kinv
,
dsa
->
q
,
ctx
))
goto
err
;
...
...
@@ -212,8 +213,8 @@ err:
BN_free
(
s
);
}
if
(
ctx
!=
NULL
)
BN_CTX_free
(
ctx
);
BN_clear_free
(
&
m
);
BN_clear_free
(
&
xr
);
BN_clear_free
(
m
);
BN_clear_free
(
xr
);
if
(
kinv
!=
NULL
)
/* dsa->kinv is NULL now if we used it */
BN_clear_free
(
kinv
);
return
(
ret
);
...
...
@@ -228,8 +229,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
BIGNUM
**
kinvp
,
BIGNUM
**
rp
,
const
unsigned
char
*
dgst
,
int
dlen
)
{
BN_CTX
*
ctx
;
BIGNUM
k
,
kq
,
*
K
,
*
kinv
=
NULL
,
*
r
=
NULL
;
BN_CTX
*
ctx
=
NULL
;
BIGNUM
*
k
,
*
kq
,
*
K
,
*
kinv
=
NULL
,
*
r
=
NULL
;
int
ret
=
0
;
if
(
!
dsa
->
p
||
!
dsa
->
q
||
!
dsa
->
g
)
...
...
@@ -238,8 +239,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
return
0
;
}
BN_init
(
&
k
);
BN_init
(
&
kq
);
k
=
BN_new
();
kq
=
BN_new
();
if
(
!
k
||
!
kq
)
goto
err
;
if
(
ctx_in
==
NULL
)
{
...
...
@@ -259,18 +261,18 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
/* We calculate k from SHA512(private_key + H(message)
* + random). This protects the private key from a weak
* PRNG. */
if
(
!
BN_generate_dsa_nonce
(
&
k
,
dsa
->
q
,
dsa
->
priv_key
,
dgst
,
if
(
!
BN_generate_dsa_nonce
(
k
,
dsa
->
q
,
dsa
->
priv_key
,
dgst
,
dlen
,
ctx
))
goto
err
;
}
else
#endif
if
(
!
BN_rand_range
(
&
k
,
dsa
->
q
))
goto
err
;
}
while
(
BN_is_zero
(
&
k
));
if
(
!
BN_rand_range
(
k
,
dsa
->
q
))
goto
err
;
}
while
(
BN_is_zero
(
k
));
if
((
dsa
->
flags
&
DSA_FLAG_NO_EXP_CONSTTIME
)
==
0
)
{
BN_set_flags
(
&
k
,
BN_FLG_CONSTTIME
);
BN_set_flags
(
k
,
BN_FLG_CONSTTIME
);
}
if
(
dsa
->
flags
&
DSA_FLAG_CACHE_MONT_P
)
...
...
@@ -285,7 +287,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if
((
dsa
->
flags
&
DSA_FLAG_NO_EXP_CONSTTIME
)
==
0
)
{
if
(
!
BN_copy
(
&
kq
,
&
k
))
goto
err
;
if
(
!
BN_copy
(
kq
,
k
))
goto
err
;
/* We do not want timing information to leak the length of k,
* so we compute g^k using an equivalent exponent of fixed length.
...
...
@@ -293,24 +295,24 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
* (This is a kludge that we need because the BN_mod_exp_mont()
* does not let us specify the desired timing behaviour.) */
if
(
!
BN_add
(
&
kq
,
&
kq
,
dsa
->
q
))
goto
err
;
if
(
BN_num_bits
(
&
kq
)
<=
BN_num_bits
(
dsa
->
q
))
if
(
!
BN_add
(
kq
,
kq
,
dsa
->
q
))
goto
err
;
if
(
BN_num_bits
(
kq
)
<=
BN_num_bits
(
dsa
->
q
))
{
if
(
!
BN_add
(
&
kq
,
&
kq
,
dsa
->
q
))
goto
err
;
if
(
!
BN_add
(
kq
,
kq
,
dsa
->
q
))
goto
err
;
}
K
=
&
kq
;
K
=
kq
;
}
else
{
K
=
&
k
;
K
=
k
;
}
DSA_BN_MOD_EXP
(
goto
err
,
dsa
,
r
,
dsa
->
g
,
K
,
dsa
->
p
,
ctx
,
dsa
->
method_mont_p
);
if
(
!
BN_mod
(
r
,
r
,
dsa
->
q
,
ctx
))
goto
err
;
/* Compute part of 's = inv(k) (m + xr) mod q' */
if
((
kinv
=
BN_mod_inverse
(
NULL
,
&
k
,
dsa
->
q
,
ctx
))
==
NULL
)
goto
err
;
if
((
kinv
=
BN_mod_inverse
(
NULL
,
k
,
dsa
->
q
,
ctx
))
==
NULL
)
goto
err
;
if
(
*
kinvp
!=
NULL
)
BN_clear_free
(
*
kinvp
);
*
kinvp
=
kinv
;
...
...
@@ -326,8 +328,8 @@ err:
BN_clear_free
(
r
);
}
if
(
ctx_in
==
NULL
)
BN_CTX_free
(
ctx
);
BN_clear_free
(
&
k
);
BN_clear_free
(
&
kq
);
BN_clear_free
(
k
);
BN_clear_free
(
kq
);
return
(
ret
);
}
...
...
@@ -335,7 +337,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA
*
dsa
)
{
BN_CTX
*
ctx
;
BIGNUM
u1
,
u2
,
t1
;
BIGNUM
*
u1
,
*
u2
,
*
t1
;
BN_MONT_CTX
*
mont
=
NULL
;
int
ret
=
-
1
,
i
;
if
(
!
dsa
->
p
||
!
dsa
->
q
||
!
dsa
->
g
)
...
...
@@ -357,11 +359,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSAerr
(
DSA_F_DSA_DO_VERIFY
,
DSA_R_MODULUS_TOO_LARGE
);
return
-
1
;
}
BN_init
(
&
u1
);
BN_init
(
&
u2
);
BN_init
(
&
t1
);
if
((
ctx
=
BN_CTX_new
())
==
NULL
)
goto
err
;
u1
=
BN_new
(
);
u2
=
BN_new
(
);
t1
=
BN_new
(
);
ctx
=
BN_CTX_new
();
if
(
!
u1
||
!
u2
||
!
t1
||
!
ctx
)
goto
err
;
if
(
BN_is_zero
(
sig
->
r
)
||
BN_is_negative
(
sig
->
r
)
||
BN_ucmp
(
sig
->
r
,
dsa
->
q
)
>=
0
)
...
...
@@ -378,7 +380,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
/* Calculate W = inv(S) mod Q
* save W in u2 */
if
((
BN_mod_inverse
(
&
u2
,
sig
->
s
,
dsa
->
q
,
ctx
))
==
NULL
)
goto
err
;
if
((
BN_mod_inverse
(
u2
,
sig
->
s
,
dsa
->
q
,
ctx
))
==
NULL
)
goto
err
;
/* save M in u1 */
if
(
dgst_len
>
(
i
>>
3
))
...
...
@@ -386,13 +388,13 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
dgst_len
=
(
i
>>
3
);
if
(
BN_bin2bn
(
dgst
,
dgst_len
,
&
u1
)
==
NULL
)
goto
err
;
if
(
BN_bin2bn
(
dgst
,
dgst_len
,
u1
)
==
NULL
)
goto
err
;
/* u1 = M * w mod q */
if
(
!
BN_mod_mul
(
&
u1
,
&
u1
,
&
u2
,
dsa
->
q
,
ctx
))
goto
err
;
if
(
!
BN_mod_mul
(
u1
,
u1
,
u2
,
dsa
->
q
,
ctx
))
goto
err
;
/* u2 = r * w mod q */
if
(
!
BN_mod_mul
(
&
u2
,
sig
->
r
,
&
u2
,
dsa
->
q
,
ctx
))
goto
err
;
if
(
!
BN_mod_mul
(
u2
,
sig
->
r
,
u2
,
dsa
->
q
,
ctx
))
goto
err
;
if
(
dsa
->
flags
&
DSA_FLAG_CACHE_MONT_P
)
...
...
@@ -404,21 +406,21 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
}
DSA_MOD_EXP
(
goto
err
,
dsa
,
&
t1
,
dsa
->
g
,
&
u1
,
dsa
->
pub_key
,
&
u2
,
dsa
->
p
,
ctx
,
mont
);
DSA_MOD_EXP
(
goto
err
,
dsa
,
t1
,
dsa
->
g
,
u1
,
dsa
->
pub_key
,
u2
,
dsa
->
p
,
ctx
,
mont
);
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
if
(
!
BN_mod
(
&
u1
,
&
t1
,
dsa
->
q
,
ctx
))
goto
err
;
if
(
!
BN_mod
(
u1
,
t1
,
dsa
->
q
,
ctx
))
goto
err
;
/* V is now in u1. If the signature is correct, it will be
* equal to R. */
ret
=
(
BN_ucmp
(
&
u1
,
sig
->
r
)
==
0
);
ret
=
(
BN_ucmp
(
u1
,
sig
->
r
)
==
0
);
err:
if
(
ret
<
0
)
DSAerr
(
DSA_F_DSA_DO_VERIFY
,
ERR_R_BN_LIB
);
if
(
ctx
!=
NULL
)
BN_CTX_free
(
ctx
);
BN_free
(
&
u1
);
BN_free
(
&
u2
);
BN_free
(
&
t1
);
if
(
u1
)
BN_free
(
u1
);
if
(
u2
)
BN_free
(
u2
);
if
(
t1
)
BN_free
(
t1
);
return
(
ret
);
}
...
...
crypto/dsa/dsa_pmeth.c
浏览文件 @
c0d43901
...
...
@@ -246,20 +246,25 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
DSA
*
dsa
=
NULL
;
DSA_PKEY_CTX
*
dctx
=
ctx
->
data
;
BN_GENCB
*
pcb
,
cb
;
BN_GENCB
*
pcb
;
int
ret
;
if
(
ctx
->
pkey_gencb
)
{
pcb
=
&
cb
;
pcb
=
BN_GENCB_new
();
if
(
!
pcb
)
return
0
;
evp_pkey_set_cb_translate
(
pcb
,
ctx
);
}
else
pcb
=
NULL
;
dsa
=
DSA_new
();
if
(
!
dsa
)
{
if
(
pcb
)
BN_GENCB_free
(
pcb
);
return
0
;
}
ret
=
dsa_builtin_paramgen
(
dsa
,
dctx
->
nbits
,
dctx
->
qbits
,
dctx
->
pmd
,
NULL
,
0
,
NULL
,
NULL
,
NULL
,
pcb
);
if
(
pcb
)
BN_GENCB_free
(
pcb
);
if
(
ret
)
EVP_PKEY_assign_DSA
(
pkey
,
dsa
);
else
...
...
crypto/dsa/dsatest.c
浏览文件 @
c0d43901
...
...
@@ -136,7 +136,7 @@ static BIO *bio_err=NULL;
int
main
(
int
argc
,
char
**
argv
)
{
BN_GENCB
cb
;
BN_GENCB
*
cb
;
DSA
*
dsa
=
NULL
;
int
counter
,
ret
=
0
,
i
,
j
;
unsigned
char
buf
[
256
];
...
...
@@ -156,9 +156,12 @@ int main(int argc, char **argv)
BIO_printf
(
bio_err
,
"test generation of DSA parameters
\n
"
);
BN_GENCB_set
(
&
cb
,
dsa_cb
,
bio_err
);
cb
=
BN_GENCB_new
();
if
(
!
cb
)
goto
end
;
BN_GENCB_set
(
cb
,
dsa_cb
,
bio_err
);
if
(((
dsa
=
DSA_new
())
==
NULL
)
||
!
DSA_generate_parameters_ex
(
dsa
,
512
,
seed
,
20
,
&
counter
,
&
h
,
&
cb
))
seed
,
20
,
&
counter
,
&
h
,
cb
))
goto
end
;
BIO_printf
(
bio_err
,
"seed
\n
"
);
...
...
@@ -221,6 +224,7 @@ end:
if
(
!
ret
)
ERR_print_errors
(
bio_err
);
if
(
dsa
!=
NULL
)
DSA_free
(
dsa
);
if
(
cb
!=
NULL
)
BN_GENCB_free
(
cb
);
CRYPTO_cleanup_all_ex_data
();
ERR_remove_thread_state
(
NULL
);
ERR_free_strings
();
...
...
@@ -246,8 +250,8 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
if
(
p
==
1
)
c
=
'+'
;
if
(
p
==
2
)
{
c
=
'*'
;
ok
++
;
}
if
(
p
==
3
)
c
=
'\n'
;
BIO_write
(
arg
->
arg
,
&
c
,
1
);
(
void
)
BIO_flush
(
arg
->
arg
);
BIO_write
(
BN_GENCB_get_arg
(
arg
)
,
&
c
,
1
);
(
void
)
BIO_flush
(
BN_GENCB_get_arg
(
arg
)
);
if
(
!
ok
&&
(
p
==
0
)
&&
(
num
>
1
))
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录