add API necessary for CAVS testing of the new DSA parameter generation

This commit is contained in:
Tomas Mraz 2011-05-24 14:57:29 +02:00
parent 0b4cee3bc2
commit 19062db533
2 changed files with 240 additions and 3 deletions

232
openssl-1.0.0d-cavs.patch Normal file
View File

@ -0,0 +1,232 @@
diff -up openssl-1.0.0d/crypto/dsa/dsa_gen.c.cavs openssl-1.0.0d/crypto/dsa/dsa_gen.c
--- openssl-1.0.0d/crypto/dsa/dsa_gen.c.cavs 2011-05-23 19:59:56.000000000 +0200
+++ openssl-1.0.0d/crypto/dsa/dsa_gen.c 2011-05-23 22:32:45.000000000 +0200
@@ -85,6 +85,14 @@
#endif
#include "dsa_locl.h"
+#ifndef OPENSSL_FIPS
+static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
+static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
+#endif
+
int DSA_generate_parameters_ex(DSA *ret, int bits,
const unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
@@ -113,22 +121,26 @@ int DSA_generate_parameters_ex(DSA *ret,
}
}
+#ifdef OPENSSL_FIPS
+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+ {
+ return dsa_builtin_paramgen(ret, bits, qbits,
+ evpmd, seed_in, seed_len,
+ counter_ret, h_ret, cb);
+ }
+#endif
+
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
{
int ok=0;
unsigned char seed[SHA256_DIGEST_LENGTH];
- unsigned char md[SHA256_DIGEST_LENGTH];
- unsigned char buf[SHA256_DIGEST_LENGTH];
- BIGNUM *r0,*W,*X,*c,*test;
BIGNUM *g=NULL,*q=NULL,*p=NULL;
- BN_MONT_CTX *mont=NULL;
- int i, k, b, n=0, m=0, qsize = qbits >> 3;
- int counter=0;
- int r=0;
+ size_t qsize = qbits >> 3;
BN_CTX *ctx=NULL;
- unsigned int h=2;
#ifdef OPENSSL_FIPS
if(FIPS_selftest_failed())
@@ -148,6 +160,65 @@ int dsa_builtin_paramgen(DSA *ret, size_
goto err;
}
#endif
+ if (seed_len && (seed_len < (size_t)qsize))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > sizeof(seed))
+ seed_len = sizeof(seed); /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+ * but our internal buffers are restricted to 256 bits*/
+ if (seed_in != NULL)
+ memcpy(seed, seed_in, seed_len);
+ else
+ seed_len = 0;
+
+ if ((ctx=BN_CTX_new()) == NULL)
+ goto err;
+
+ BN_CTX_start(ctx);
+
+ if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd,
+ seed, seed_len, &p, &q, counter_ret, cb))
+ goto err;
+
+ if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb))
+ goto err;
+
+ ok=1;
+err:
+ if (ok)
+ {
+ if(ret->p) BN_free(ret->p);
+ if(ret->q) BN_free(ret->q);
+ if(ret->g) BN_free(ret->g);
+ ret->p=BN_dup(p);
+ ret->q=BN_dup(q);
+ ret->g=BN_dup(g);
+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
+ ok=0;
+ }
+ if(ctx)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return ok;
+ }
+
+#ifndef OPENSSL_FIPS
+static
+#endif
+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb)
+ {
+ int ok=0;
+ unsigned char md[SHA256_DIGEST_LENGTH];
+ unsigned char buf[SHA256_DIGEST_LENGTH];
+ BIGNUM *r0,*W,*X,*c,*test;
+ BIGNUM *g=NULL,*q=NULL,*p=NULL;
+ BN_MONT_CTX *mont=NULL;
+ int i, k, b, n=0, m=0, qsize = qbits >> 3;
+ int counter=0;
+ int r=0;
if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
qsize != SHA256_DIGEST_LENGTH)
@@ -169,28 +240,12 @@ int dsa_builtin_paramgen(DSA *ret, size_
bits = (bits+63)/64*64;
- if (seed_len && (seed_len < (size_t)qsize))
- seed_in = NULL; /* seed buffer too small -- ignore */
- if (seed_len > (size_t)qsize)
- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
- * but our internal buffers are restricted to 256 bits*/
- if (seed_in != NULL)
- memcpy(seed, seed_in, seed_len);
-
- if ((ctx=BN_CTX_new()) == NULL)
- goto err;
-
- if ((mont=BN_MONT_CTX_new()) == NULL)
- goto err;
-
- BN_CTX_start(ctx);
r0 = BN_CTX_get(ctx);
- g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);
- q = BN_CTX_get(ctx);
+ *q_ret = q = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
c = BN_CTX_get(ctx);
- p = BN_CTX_get(ctx);
+ *p_ret = p = BN_CTX_get(ctx);
test = BN_CTX_get(ctx);
if (!BN_lshift(test,BN_value_one(),bits-1))
@@ -312,7 +367,33 @@ end:
if(!BN_GENCB_call(cb, 2, 1))
goto err;
- /* We now need to generate g */
+ ok=1;
+err:
+ if (ok)
+ {
+ if (counter_ret != NULL) *counter_ret=counter;
+ }
+ return ok;
+ }
+
+#ifndef OPENSSL_FIPS
+static
+#endif
+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb)
+ {
+ int ok=0;
+ BIGNUM *r0, *test, *g = NULL;
+ BN_MONT_CTX *mont;
+ unsigned int h=2;
+
+ if ((mont=BN_MONT_CTX_new()) == NULL)
+ goto err;
+
+ r0 = BN_CTX_get(ctx);
+ *g_ret = g = BN_CTX_get(ctx);
+ test = BN_CTX_get(ctx);
+
/* Set r0=(p-1)/q */
if (!BN_sub(test,p,BN_value_one())) goto err;
if (!BN_div(r0,NULL,test,q,ctx)) goto err;
@@ -336,25 +417,8 @@ end:
err:
if (ok)
{
- if(ret->p) BN_free(ret->p);
- if(ret->q) BN_free(ret->q);
- if(ret->g) BN_free(ret->g);
- ret->p=BN_dup(p);
- ret->q=BN_dup(q);
- ret->g=BN_dup(g);
- if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
- {
- ok=0;
- goto err;
- }
- if (counter_ret != NULL) *counter_ret=counter;
if (h_ret != NULL) *h_ret=h;
}
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
if (mont != NULL) BN_MONT_CTX_free(mont);
return ok;
}
diff -up openssl-1.0.0d/crypto/dsa/dsa.h.cavs openssl-1.0.0d/crypto/dsa/dsa.h
--- openssl-1.0.0d/crypto/dsa/dsa.h.cavs 2011-05-23 19:59:56.000000000 +0200
+++ openssl-1.0.0d/crypto/dsa/dsa.h 2011-05-23 22:33:33.000000000 +0200
@@ -266,6 +266,17 @@ int DSA_print_fp(FILE *bp, const DSA *x,
DH *DSA_dup_DH(const DSA *r);
#endif
+#ifdef OPENSSL_FIPS
+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
+#endif
+
#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)

View File

@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0d
Release: 3%{?dist}
Release: 4%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2
@ -70,8 +70,9 @@ Patch57: openssl-1.0.0c-fips186-3.patch
Patch58: openssl-1.0.0c-fips-md5-allow.patch
Patch59: openssl-1.0.0c-pkcs12-fips-default.patch
Patch60: openssl-1.0.0d-apps-dgst.patch
Patch61: openssl-1.0.0d-cavs.patch
# Backported fixes including security fixes
Patch61: openssl-1.0.0d-padlock64.patch
Patch81: openssl-1.0.0d-padlock64.patch
License: OpenSSL
Group: System Environment/Libraries
@ -161,7 +162,8 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch58 -p1 -b .md5-allow
%patch59 -p1 -b .fips-default
%patch60 -p1 -b .dgst
%patch61 -p1 -b .padlock64
%patch61 -p1 -b .cavs
%patch81 -p1 -b .padlock64
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@ -411,6 +413,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
* Tue May 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-4
- add API necessary for CAVS testing of the new DSA parameter generation
* Thu Apr 28 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-3
- add support for VIA Padlock on 64bit arch from upstream (#617539)
- do not return bogus values from load_certs (#652286)