wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)

Browse source
This commit is contained in:
Dr. Stephen Henson 2011-01-25 16:02:27 +00:00
parent d3203b931e
commit c31945e682
3 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
crypto/dsa/dsa.h
View file

@ -298,6 +298,7 @@ void ERR_load_DSA_strings(void);
#define DSA_R_INVALID_DIGEST_TYPE 106 #define DSA_R_INVALID_DIGEST_TYPE 106
#define DSA_R_MISSING_PARAMETERS 101 #define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 103 #define DSA_R_MODULUS_TOO_LARGE 103
#define DSA_R_NEED_NEW_SETUP_VALUES 110
#define DSA_R_NO_PARAMETERS_SET 107 #define DSA_R_NO_PARAMETERS_SET 107
#define DSA_R_PARAMETER_ENCODING_ERROR 105 #define DSA_R_PARAMETER_ENCODING_ERROR 105

1
crypto/dsa/dsa_err.c
View file

@ -105,6 +105,7 @@ static ERR_STRING_DATA DSA_str_reasons[]=
{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
{ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"},
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
{0,NULL} {0,NULL}

16
crypto/dsa/dsa_ossl.c
View file

@ -136,6 +136,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
BN_CTX *ctx=NULL; BN_CTX *ctx=NULL;
int reason=ERR_R_BN_LIB; int reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL; DSA_SIG *ret=NULL;
int noredo = 0;
BN_init(&m); BN_init(&m);
BN_init(&xr); BN_init(&xr);
@ -159,7 +160,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
ctx=BN_CTX_new(); ctx=BN_CTX_new();
if (ctx == NULL) goto err; if (ctx == NULL) goto err;
redo:
if ((dsa->kinv == NULL) || (dsa->r == NULL)) if ((dsa->kinv == NULL) || (dsa->r == NULL))
{ {
if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
@ -170,6 +171,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
dsa->kinv=NULL; dsa->kinv=NULL;
r=dsa->r; r=dsa->r;
dsa->r=NULL; dsa->r=NULL;
noredo = 1;
} }
@ -190,6 +192,18 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
ret=DSA_SIG_new(); ret=DSA_SIG_new();
if (ret == NULL) goto err; if (ret == NULL) goto err;
/* Redo if r or s is zero as required by FIPS 186-3: this is
* very unlikely.
*/
if (BN_is_zero(r) || BN_is_zero(s))
{
if (noredo)
{
reason = DSA_R_NEED_NEW_SETUP_VALUES;
goto err;
}
goto redo;
}
ret->r = r; ret->r = r;
ret->s = s; ret->s = s;