diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-02-16 13:03:46 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-02-16 13:03:46 +1000 |
| commit | 8083fd3a183d4c881d6b15727cbc6cb7faeb3280 (patch) | |
| tree | 82e998aa30cc9dc610b4f262df1f7ef73b23edad /crypto/dsa/dsa_key.c | |
| parent | 98ad3fe82bd3e7e7f929dd1fa4ef3915426002c0 (diff) | |
Add FFC param/key validation
Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10910)
Diffstat (limited to 'crypto/dsa/dsa_key.c')
| -rw-r--r-- | crypto/dsa/dsa_key.c | 49 |
1 files changed, 24 insertions, 25 deletions
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 00e7213b97..c93ea15b76 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -20,31 +20,43 @@ #include "crypto/dsa.h" #include "dsa_local.h" -static int dsa_builtin_keygen(OPENSSL_CTX *libctx, DSA *dsa); +static int dsa_builtin_keygen(DSA *dsa); int DSA_generate_key(DSA *dsa) { +#ifndef FIPS_MODE if (dsa->meth->dsa_keygen != NULL) return dsa->meth->dsa_keygen(dsa); - return dsa_builtin_keygen(NULL, dsa); +#endif + return dsa_builtin_keygen(dsa); } -int dsa_generate_key_ctx(OPENSSL_CTX *libctx, DSA *dsa) +int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key, + BIGNUM *pub_key) { -#ifndef FIPS_MODE - if (dsa->meth->dsa_keygen != NULL) - return dsa->meth->dsa_keygen(dsa); -#endif - return dsa_builtin_keygen(libctx, dsa); + int ret = 0; + BIGNUM *prk = BN_new(); + + if (prk == NULL) + return 0; + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); + + /* pub_key = g ^ priv_key mod p */ + if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx)) + goto err; + ret = 1; +err: + BN_clear_free(prk); + return ret; } -static int dsa_builtin_keygen(OPENSSL_CTX *libctx, DSA *dsa) +static int dsa_builtin_keygen(DSA *dsa) { int ok = 0; BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; - if ((ctx = BN_CTX_new_ex(libctx)) == NULL) + if ((ctx = BN_CTX_new_ex(dsa->libctx)) == NULL) goto err; if (dsa->priv_key == NULL) { @@ -65,21 +77,8 @@ static int dsa_builtin_keygen(OPENSSL_CTX *libctx, DSA *dsa) pub_key = dsa->pub_key; } - { - BIGNUM *prk = BN_new(); - - if (prk == NULL) - goto err; - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - - /* pub_key = g ^ priv_key mod p */ - if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx)) { - BN_free(prk); - goto err; - } - /* We MUST free prk before any further use of priv_key */ - BN_free(prk); - } + if (!dsa_generate_public_key(ctx, dsa, priv_key, pub_key)) + goto err; dsa->priv_key = priv_key; dsa->pub_key = pub_key; |