Commit 198ce9a6 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add additional parameter to dsa_builtin_paramgen to output the generated 

seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
parent 78c45722

crypto/dsa/dsa_gen.c

+4 −1
Original line number Diff line number Diff line
@@ -105,12 +105,13 @@ int DSA_generate_parameters_ex(DSA *ret, int bits, 
			}



		return dsa_builtin_paramgen(ret, bits, qbits, evpmd,

				seed_in, seed_len, counter_ret, h_ret, cb);

			seed_in, seed_len, NULL, counter_ret, h_ret, cb);

		}

	}



int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,

	unsigned char *seed_out,

	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)

	{

	int ok=0;
@@ -336,6 +337,8 @@ err: 
			}

		if (counter_ret != NULL) *counter_ret=counter;

		if (h_ret != NULL) *h_ret=h;

		if (seed_out)

			memcpy(seed_out, seed, qsize);

		}

	if(ctx)

		{

crypto/dsa/dsa_locl.h

+1 −0
Original line number Diff line number Diff line
@@ -56,4 +56,5 @@ 


int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,

	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,

	unsigned char *seed_out,

	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

crypto/dsa/dsa_pmeth.c

+1 −1
Original line number Diff line number Diff line
@@ -252,7 +252,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 
	if (!dsa)

		return 0;

	ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,

	                           NULL, 0, NULL, NULL, pcb);

	                           NULL, 0, NULL, NULL, NULL, pcb);

	if (ret)

		EVP_PKEY_assign_DSA(pkey, dsa);

	else

crypto/ec/ec2_smpl.c

+18 −1
Original line number Diff line number Diff line
@@ -363,6 +363,11 @@ int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT 
	if (!BN_copy(&point->Z, BN_value_one())) goto err;

	BN_set_negative(&point->Z, 0);

	point->Z_is_one = 1;

	if (BN_num_bits(x) > BN_num_bits(&group->field))

		ret = 2;

	else if (BN_num_bits(y) > BN_num_bits(&group->field))

		ret = 2;

	else

		ret = 1;



  err:
@@ -938,6 +943,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT 
		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;

		}



	if (EC_POINT_is_at_infinity(group, b))

		return 1;

	

	if (a->Z_is_one && b->Z_is_one)

		{

		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
@@ -967,6 +975,15 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT 
	return ret;

	}



int ec_GF2m_simple_range(const EC_GROUP *group, const EC_POINT *a)

	{

	if (BN_num_bits(&a->X) > BN_num_bits(&group->field))

		return 0;

	if (BN_num_bits(&a->Y) > BN_num_bits(&group->field))

		return 0;

	return 1;

	}





/* Forces the given EC_POINT to internally use affine coordinates. */

int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)

crypto/ec/ec_key.c

+7 −1
Original line number Diff line number Diff line
@@ -305,6 +305,12 @@ int EC_KEY_check_key(const EC_KEY *eckey) 
		return 0;

		}



	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))

		{

		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);

		goto err;

		}



	if ((ctx = BN_CTX_new()) == NULL)

		goto err;

	if ((point = EC_POINT_new(eckey->group)) == NULL)