wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bug in DSA parameter generation code which stopped it copying a

Browse source 
generated random seed to the supplied seed parameter.
This commit is contained in:
Dr. Stephen Henson 2007-10-05 13:14:55 +00:00
parent e6e5592a50
commit d73ed541db
3 changed files with 97 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
crypto/dsa/dsa_gen.c
View file

@ -119,13 +119,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
if (bits < 512) bits=512;
bits=(bits+63)/64*64;
if (seed_len < 20)
/* NB: seed_len == 0 is special case: copy generated seed to
* seed_in if it is not NULL.
*/
if (seed_len && (seed_len < 20))
seed_in = NULL; /* seed buffer too small -- ignore */
if (seed_len > 20)
seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
* but our internal buffers are restricted to 160 bits*/
if ((seed_in != NULL) && (seed_len == 20))
{
memcpy(seed,seed_in,seed_len);
/* set seed_in to NULL to avoid it being copied back */
seed_in = NULL;
}
if ((ctx=BN_CTX_new()) == NULL) goto err;
@ -302,7 +309,7 @@ err:
ok=0;
goto err;
}
if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
if (seed_in != NULL) memcpy(seed_in,seed,20);
if (counter_ret != NULL) *counter_ret=counter;
if (h_ret != NULL) *h_ret=h;
}

11
fips/dsa/fips_dsa_gen.c
View file

@ -133,13 +133,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
if (bits < 512) bits=512;
bits=(bits+63)/64*64;
if (seed_len < 20)
/* NB: seed_len == 0 is special case: copy generated seed to
* seed_in if it is not NULL.
*/
if (seed_len && (seed_len < 20))
seed_in = NULL; /* seed buffer too small -- ignore */
if (seed_len > 20)
seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
* but our internal buffers are restricted to 160 bits*/
if ((seed_in != NULL) && (seed_len == 20))
{
memcpy(seed,seed_in,seed_len);
/* set seed_in to NULL to avoid it being copied back */
seed_in = NULL;
}
if ((ctx=BN_CTX_new()) == NULL) goto err;
@ -316,7 +323,7 @@ err:
ok=0;
goto err;
}
if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
if (seed_in != NULL) memcpy(seed_in,seed,20);
if (counter_ret != NULL) *counter_ret=counter;
if (h_ret != NULL) *h_ret=h;
}

79
fips/dsa/fips_dssvs.c
View file

@ -112,6 +112,83 @@ void pqg()
}
}
void pqgver()
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
int counter, counter2;
unsigned long h, h2;
DSA *dsa=NULL;
int nmod=0;
unsigned char seed[1024];
while(fgets(buf,sizeof buf,stdin) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
fputs(buf,stdout);
continue;
}
if(!strcmp(keyword,"[mod"))
nmod=atoi(value);
else if(!strcmp(keyword,"P"))
p=hex2bn(value);
else if(!strcmp(keyword,"Q"))
q=hex2bn(value);
else if(!strcmp(keyword,"G"))
g=hex2bn(value);
else if(!strcmp(keyword,"Seed"))
{
int slen = hex2bin(value, seed);
if (slen != 20)
{
fprintf(stderr, "Seed parse length error\n");
exit (1);
}
}
else if(!strcmp(keyword,"c"))
counter =atoi(buf+4);
else if(!strcmp(keyword,"H"))
{
h = atoi(value);
if (!p || !q || !g)
{
fprintf(stderr, "Parse Error\n");
exit (1);
}
pbn("P",p);
pbn("Q",q);
pbn("G",g);
pv("Seed",seed,20);
printf("c = %d\n",counter);
printf("H = %lx\n",h);
dsa = FIPS_dsa_new();
if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
{
do_print_errors();
exit(1);
}
if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
|| (counter != counter2) || (h != h2))
printf("Result = F\n");
else
printf("Result = T\n");
BN_free(p);
BN_free(q);
BN_free(g);
p = NULL;
q = NULL;
g = NULL;
FIPS_dsa_free(dsa);
dsa = NULL;
}
}
}
void keypair()
{
char buf[1024];
@ -329,6 +406,8 @@ int main(int argc,char **argv)
primes();
else if(!strcmp(argv[1],"pqg"))
pqg();
else if(!strcmp(argv[1],"pqgver"))
pqgver();
else if(!strcmp(argv[1],"keypair"))
keypair();
else if(!strcmp(argv[1],"siggen"))