OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
05-Oct-2007 15:14:56
Branch: OpenSSL-fips-0_9_8-stable Handle:
2007100514145401
Modified files: (Branch:
OpenSSL-fips-0_9_8-stable)
openssl/crypto/dsa dsa_gen.c
openssl/fips/dsa fips_dsa_gen.c fips_dssvs.c
Log:
Fix bug in DSA parameter generation code which stopped
it copying a
generated random seed to the supplied seed parameter.
Summary:
Revision Changes Path
1.25.4.2 +9 -2 openssl/crypto/dsa/dsa_gen.c
1.1.6.3 +9 -2 openssl/fips/dsa/fips_dsa_gen.c
1.1.6.4 +79 -0 openssl/fips/dsa/fips_dssvs.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_gen.c
============================================================
================
$ cvs diff -u -r1.25.4.1 -r1.25.4.2 dsa_gen.c
--- openssl/crypto/dsa/dsa_gen.c 22 Mar 2007 00:38:02
-0000 1.25.4.1
+++ openssl/crypto/dsa/dsa_gen.c 5 Oct 2007 13:14:54
-0000 1.25.4.2
-119,13 +119,20
if (bits < 512) bits=512;
bits=(bits+63)/64*64;
- if (seed_len < 20)
+ /* NB: seed_len == 0 is special case: copy generated
seed to
+ * seed_in if it is not NULL.
+ */
+ if (seed_len && (seed_len < 20))
seed_in = NULL; /* seed buffer too small -- ignore */
if (seed_len > 20)
seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows
larger SEED,
* but our internal buffers are
restricted to 160 bits*/
if ((seed_in != NULL) && (seed_len == 20))
+ {
memcpy(seed,seed_in,seed_len);
+ /* set seed_in to NULL to avoid it being copied back
*/
+ seed_in = NULL;
+ }
if ((ctx=BN_CTX_new()) == NULL) goto err;
-302,7 +309,7
ok=0;
goto err;
}
- if ((m > 1) && (seed_in != NULL))
memcpy(seed_in,seed,20);
+ if (seed_in != NULL) memcpy(seed_in,seed,20);
if (counter_ret != NULL) *counter_ret=counter;
if (h_ret != NULL) *h_ret=h;
}
.
patch -p0 <<' .'
Index: openssl/fips/dsa/fips_dsa_gen.c
============================================================
================
$ cvs diff -u -r1.1.6.2 -r1.1.6.3 fips_dsa_gen.c
--- openssl/fips/dsa/fips_dsa_gen.c 15 Aug 2007 13:35:37
-0000 1.1.6.2
+++ openssl/fips/dsa/fips_dsa_gen.c 5 Oct 2007 13:14:55
-0000 1.1.6.3
-133,13 +133,20
if (bits < 512) bits=512;
bits=(bits+63)/64*64;
- if (seed_len < 20)
+ /* NB: seed_len == 0 is special case: copy generated
seed to
+ * seed_in if it is not NULL.
+ */
+ if (seed_len && (seed_len < 20))
seed_in = NULL; /* seed buffer too small -- ignore */
if (seed_len > 20)
seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows
larger SEED,
* but our internal buffers are
restricted to 160 bits*/
if ((seed_in != NULL) && (seed_len == 20))
+ {
memcpy(seed,seed_in,seed_len);
+ /* set seed_in to NULL to avoid it being copied back
*/
+ seed_in = NULL;
+ }
if ((ctx=BN_CTX_new()) == NULL) goto err;
-316,7 +323,7
ok=0;
goto err;
}
- if ((m > 1) && (seed_in != NULL))
memcpy(seed_in,seed,20);
+ if (seed_in != NULL) memcpy(seed_in,seed,20);
if (counter_ret != NULL) *counter_ret=counter;
if (h_ret != NULL) *h_ret=h;
}
.
patch -p0 <<' .'
Index: openssl/fips/dsa/fips_dssvs.c
============================================================
================
$ cvs diff -u -r1.1.6.3 -r1.1.6.4 fips_dssvs.c
--- openssl/fips/dsa/fips_dssvs.c 12 Sep 2007 21:35:39
-0000 1.1.6.3
+++ openssl/fips/dsa/fips_dssvs.c 5 Oct 2007 13:14:55
-0000 1.1.6.4
-112,6 +112,83
}
}
+
+void pqgver()
+ {
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ int counter, counter2;
+ unsigned long h, h2;
+ DSA *dsa=NULL;
+ int nmod=0;
+ unsigned char seed[1024];
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ nmod=atoi(value);
+ else if(!strcmp(keyword,"P"))
+ p=hex2bn(value);
+ else if(!strcmp(keyword,"Q"))
+ q=hex2bn(value);
+ else if(!strcmp(keyword,"G"))
+ g=hex2bn(value);
+ else if(!strcmp(keyword,"Seed"))
+ {
+ int slen = hex2bin(value, seed);
+ if (slen != 20)
+ {
+ fprintf(stderr, "Seed parse length
errorn");
+ exit (1);
+ }
+ }
+ else if(!strcmp(keyword,"c"))
+ counter =atoi(buf+4);
+ else if(!strcmp(keyword,"H"))
+ {
+ h = atoi(value);
+ if (!p || !q || !g)
+ {
+ fprintf(stderr, "Parse Errorn");
+ exit (1);
+ }
+ pbn("P",p);
+ pbn("Q",q);
+ pbn("G",g);
+ pv("Seed",seed,20);
+ printf("c = %dn",counter);
+ printf("H = %lxn",h);
+ dsa = FIPS_dsa_new();
+ if (!DSA_generate_parameters_ex(dsa, nmod,seed,20
,&counter2,&h2,NULL))
+ {
+ do_print_errors();
+ exit(1);
+ }
+ if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q,
q) || BN_cmp(dsa->g, g)
+ || (counter != counter2) || (h != h2))
+ printf("Result = Fn");
+ else
+ printf("Result = Tn");
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ p = NULL;
+ q = NULL;
+ g = NULL;
+ FIPS_dsa_free(dsa);
+ dsa = NULL;
+ }
+ }
+ }
+
+
void keypair()
{
char buf[1024];
-329,6 +406,8
primes();
else if(!strcmp(argv[1],"pqg"))
pqg();
+ else if(!strcmp(argv[1],"pqgver"))
+ pqgver();
else if(!strcmp(argv[1],"keypair"))
keypair();
else if(!strcmp(argv[1],"siggen"))
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
