diff options
| author | Nils Larsch <nils@openssl.org> | 2007-02-03 14:41:12 +0000 |
|---|---|---|
| committer | Nils Larsch <nils@openssl.org> | 2007-02-03 14:41:12 +0000 |
| commit | 357d5de5b9c3a84f170ce91abeafa71c26fefdd9 (patch) | |
| tree | 143cfee4a5a284e905093d0e2bad33549cf1a762 /crypto/dsa | |
| parent | 0501f02b060e45f2e2d275d779d864f3159f8ea9 (diff) | |
add support for DSA with SHA2
Diffstat (limited to 'crypto/dsa')
| -rw-r--r-- | crypto/dsa/Makefile | 2 | ||||
| -rw-r--r-- | crypto/dsa/dsa.h | 2 | ||||
| -rw-r--r-- | crypto/dsa/dsa_ameth.c | 13 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 115 | ||||
| -rw-r--r-- | crypto/dsa/dsa_locl.h | 59 | ||||
| -rw-r--r-- | crypto/dsa/dsa_ossl.c | 43 | ||||
| -rw-r--r-- | crypto/dsa/dsa_pmeth.c | 51 | ||||
| -rw-r--r-- | crypto/dsa/dsa_sign.c | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa_vrf.c | 5 |
9 files changed, 224 insertions, 70 deletions
diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index b80048fa5c..cd3126e16c 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -25,7 +25,7 @@ LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ SRC= $(LIBSRC) EXHEADER= dsa.h -HEADER= $(EXHEADER) +HEADER= dsa_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 43fa855f10..27bc5b91ca 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -254,6 +254,8 @@ DH *DSA_dup_DH(const DSA *r); EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) #define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index d39833ca0d..fab5d55f76 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -537,12 +537,17 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_PKCS7_SIGN: if (arg1 == 0) { + int snid, hnid; X509_ALGOR *alg1, *alg2; PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1), - V_ASN1_NULL, 0); - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_dsaWithSHA1), - V_ASN1_UNDEF, 0); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); } return 1; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 6a6be3b575..aa0995564d 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -74,17 +74,12 @@ #ifndef OPENSSL_NO_SHA #include <stdio.h> -#include <time.h> #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/bn.h> -#include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/sha.h> - -static int dsa_builtin_paramgen(DSA *ret, int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); +#include "dsa_locl.h" int DSA_generate_parameters_ex(DSA *ret, int bits, unsigned char *seed_in, int seed_len, @@ -93,41 +88,72 @@ int DSA_generate_parameters_ex(DSA *ret, int bits, if(ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); - return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb); + else + { + const EVP_MD *evpmd; + size_t qbits = bits >= 2048 ? 256 : 160; + + if (bits >= 2048) + { + qbits = 256; + evpmd = EVP_sha256(); + } + else + { + qbits = 160; + evpmd = EVP_sha1(); + } + + return dsa_builtin_paramgen(ret, bits, qbits, evpmd, + seed_in, seed_len, counter_ret, h_ret, cb); + } } -static int dsa_builtin_paramgen(DSA *ret, int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, unsigned char *seed_in, size_t seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { int ok=0; - unsigned char seed[SHA_DIGEST_LENGTH]; - unsigned char md[SHA_DIGEST_LENGTH]; - unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; + unsigned char seed[SHA256_DIGEST_LENGTH]; + unsigned char md[SHA256_DIGEST_LENGTH]; + unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int k,n=0,i,b,m=0; + size_t i; + int k,n=0,b,m=0, qsize = qbits >> 3; int counter=0; int r=0; BN_CTX *ctx=NULL; unsigned int h=2; - if (bits < 512) bits=512; - bits=(bits+63)/64*64; + if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && + qsize != SHA256_DIGEST_LENGTH) + /* invalid q size */ + return 0; - if (seed_len < 20) - seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > 20) - seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, - * but our internal buffers are restricted to 160 bits*/ - if ((seed_in != NULL) && (seed_len == 20)) - memcpy(seed,seed_in,seed_len); + if (evpmd == NULL) + /* use SHA1 as default */ + evpmd = EVP_sha1(); - if ((ctx=BN_CTX_new()) == NULL) goto err; + if (bits < 512) + bits = 512; - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; + bits = (bits+63)/64*64; + + if (seed_len < qsize) + seed_in = NULL; /* seed buffer too small -- ignore */ + if (seed_len > qsize) + seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits*/ + if (seed_in != NULL) + memcpy(seed, seed_in, seed_len); + + if ((ctx=BN_CTX_new()) == NULL) + goto err; + + if ((mont=BN_MONT_CTX_new()) == NULL) + goto err; BN_CTX_start(ctx); r0 = BN_CTX_get(ctx); @@ -154,7 +180,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, if (!seed_len) { - RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); + RAND_pseudo_bytes(seed, qsize); seed_is_random = 1; } else @@ -162,25 +188,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, seed_is_random = 0; seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ } - memcpy(buf,seed,SHA_DIGEST_LENGTH); - memcpy(buf2,seed,SHA_DIGEST_LENGTH); + memcpy(buf , seed, qsize); + memcpy(buf2, seed, qsize); /* precompute "SEED + 1" for step 7: */ - for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) + for (i = qsize-1; i >= 0; i--) { buf[i]++; - if (buf[i] != 0) break; + if (buf[i] != 0) + break; } /* step 2 */ - EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); - EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); - for (i=0; i<SHA_DIGEST_LENGTH; i++) + EVP_Digest(seed, qsize, md, NULL, evpmd, NULL); + EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL); + for (i = 0; i < qsize; i++) md[i]^=buf2[i]; /* step 3 */ - md[0]|=0x80; - md[SHA_DIGEST_LENGTH-1]|=0x01; - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; + md[0] |= 0x80; + md[qsize-1] |= 0x01; + if (!BN_bin2bn(md, qsize, q)) + goto err; /* step 4 */ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, @@ -215,18 +243,19 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, for (k=0; k<=n; k++) { /* obtain "SEED + offset + k" by incrementing: */ - for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) + for (i = qsize-1; i >= 0; i--) { buf[i]++; - if (buf[i] != 0) break; + if (buf[i] != 0) + break; } - EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); + EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL); /* step 8 */ - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) + if (!BN_bin2bn(md, qsize, r0)) goto err; - if (!BN_lshift(r0,r0,160*k)) goto err; + if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; if (!BN_add(W,W,r0)) goto err; } @@ -300,7 +329,7 @@ err: ok=0; goto err; } - if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); + if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed, qsize); if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; } diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h new file mode 100644 index 0000000000..f1bbf72fb8 --- /dev/null +++ b/crypto/dsa/dsa_locl.h @@ -0,0 +1,59 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/dsa.h> + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, unsigned char *seed_in, size_t seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 36220a6a55..96df46b70d 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -61,6 +61,7 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/bn.h> +#include <openssl/sha.h> #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> @@ -133,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) BIGNUM m; BIGNUM xr; BN_CTX *ctx=NULL; - int i,reason=ERR_R_BN_LIB; + int i, j, reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; BN_init(&m); @@ -148,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) s=BN_new(); if (s == NULL) goto err; - i=BN_num_bytes(dsa->q); /* should be 20 */ - if ((dlen > i) || (dlen > 50)) + /* reject a excessive digest length (currently at most + * dsa-with-SHA256 is supported) */ + if (dlen > SHA256_DIGEST_LENGTH) { reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; goto err; @@ -170,7 +172,17 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) dsa->r=NULL; } - if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; + if (BN_bin2bn(dgst,dlen,&m) == NULL) + goto err; + i = BN_num_bytes(dsa->q); + if (dlen > i) + { + /* if the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 */ + if (!BN_rshift(&m, &m, (dlen - i) << 3)) + goto err; + } /* Compute s = inv(k) (m + xr) mod q */ if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ @@ -296,14 +308,16 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BN_CTX *ctx; BIGNUM u1,u2,t1; BN_MONT_CTX *mont=NULL; - int ret = -1; + int ret = -1, i, j; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); return -1; } - if (BN_num_bits(dsa->q) != 160) + i = BN_num_bits(dsa->q); + /* fips 186-3 allows only different sizes for q */ + if (i != 160 && i != 224 && i != 256) { DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); return -1; @@ -315,6 +329,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } + /* reject a excessive digest length (currently at most + * dsa-with-SHA256 is supported) */ + if (dgst_len > SHA256_DIGEST_LENGTH) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return -1; + } + BN_init(&u1); BN_init(&u2); BN_init(&t1); @@ -340,6 +362,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, /* save M in u1 */ if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; + j = dgst_len << 3; + if (j > i) + { + /* if the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 */ + if (!BN_rshift(&u1, &u1, j - i)) + goto err; + } /* u1 = M * w mod q */ if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index bd4ee72339..935258b24d 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -59,20 +59,22 @@ #include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> -#include <openssl/rsa.h> #include <openssl/evp.h> #include "evp_locl.h" +#include "dsa_locl.h" /* DSA pkey context structure */ typedef struct { /* Parameter gen parameters */ - int nbits; + int nbits; /* size of p in bits (default: 1024) */ + int qbits; /* size of q in bits (default: 160) */ + const EVP_MD *pmd; /* MD for parameter generation */ /* Keygen callback info */ int gentmp[2]; /* message digest */ - const EVP_MD *md; + const EVP_MD *md; /* MD for the signature */ } DSA_PKEY_CTX; static int pkey_dsa_init(EVP_PKEY_CTX *ctx) @@ -82,6 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) if (!dctx) return 0; dctx->nbits = 1024; + dctx->qbits = 160; + dctx->pmd = NULL; dctx->md = NULL; ctx->data = dctx; @@ -99,7 +103,9 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) sctx = src->data; dctx = dst->data; dctx->nbits = sctx->nbits; - dctx->md = sctx->md; + dctx->qbits = sctx->qbits; + dctx->pmd = sctx->pmd; + dctx->md = sctx->md; return 1; } @@ -160,8 +166,27 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->nbits = p1; return 1; + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + if (p1 != 160 && p1 != 224 && p1 && p1 != 256) + return -2; + dctx->qbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) + { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1) + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; @@ -187,6 +212,18 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, nbits = atoi(value); return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); } + if (!strcmp(type, "dsa_paramgen_q_bits")) + { + int qbits = atoi(value); + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); + } + if (!strcmp(type, "dsa_paramgen_md")) + { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + (void *)EVP_get_digestbyname(value)); + } return -2; } @@ -206,8 +243,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) dsa = DSA_new(); if (!dsa) return 0; - ret = DSA_generate_parameters_ex(dsa, dctx->nbits, NULL, 0, NULL, NULL, - pcb); + ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 89205026f0..6ac8e486e8 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -58,12 +58,8 @@ /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ -#include <stdio.h> #include "cryptlib.h" -#include <openssl/bn.h> #include <openssl/dsa.h> -#include <openssl/rand.h> -#include <openssl/asn1.h> DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index c4aeddd056..226a75ff3f 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -58,13 +58,8 @@ /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ -#include <stdio.h> #include "cryptlib.h" -#include <openssl/bn.h> #include <openssl/dsa.h> -#include <openssl/rand.h> -#include <openssl/asn1.h> -#include <openssl/asn1_mac.h> int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) |