]>
Commit | Line | Data |
---|---|---|
d2e9e320 | 1 | /* |
f11f86f6 | 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
0f113f3e | 3 | * |
3cdbea65 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
f41ac0ee P |
10 | /* |
11 | * DSA low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
3c27208f | 16 | #include <openssl/opensslconf.h> |
474e469b | 17 | #include <stdio.h> |
b39fc560 | 18 | #include "internal/cryptlib.h" |
474e469b RS |
19 | #include <openssl/evp.h> |
20 | #include <openssl/bn.h> | |
21 | #include <openssl/rand.h> | |
22 | #include <openssl/sha.h> | |
f11f86f6 | 23 | #include "crypto/dsa.h" |
706457b7 | 24 | #include "dsa_local.h" |
0e4aa0d2 | 25 | |
f11f86f6 SL |
26 | int dsa_generate_ffc_parameters(OPENSSL_CTX *libctx, DSA *dsa, int type, |
27 | int pbits, int qbits, int gindex, | |
28 | BN_GENCB *cb) | |
0f113f3e | 29 | { |
f11f86f6 | 30 | int ret = 0, res; |
0f113f3e | 31 | |
f11f86f6 SL |
32 | if (qbits <= 0) { |
33 | const EVP_MD *evpmd = pbits >= 2048 ? EVP_sha256() : EVP_sha1(); | |
34 | ||
35 | qbits = EVP_MD_size(evpmd) * 8; | |
0f113f3e | 36 | } |
f11f86f6 SL |
37 | dsa->params.gindex = gindex; |
38 | #ifndef FIPS_MODE | |
39 | if (type == DSA_PARAMGEN_TYPE_FIPS_186_2) | |
40 | ret = ffc_params_FIPS186_2_generate(libctx, &dsa->params, | |
41 | FFC_PARAM_TYPE_DSA, | |
42 | pbits, qbits, NULL, &res, cb); | |
43 | else | |
44 | #endif | |
45 | ret = ffc_params_FIPS186_4_generate(libctx, &dsa->params, | |
46 | FFC_PARAM_TYPE_DSA, | |
47 | pbits, qbits, NULL, &res, cb); | |
48 | if (ret > 0) | |
49 | dsa->dirty_cnt++; | |
50 | return ret; | |
0f113f3e | 51 | } |
0e4aa0d2 | 52 | |
f11f86f6 SL |
53 | int dsa_generate_parameters_ctx(OPENSSL_CTX *libctx, DSA *dsa, int bits, |
54 | const unsigned char *seed_in, int seed_len, | |
55 | int *counter_ret, unsigned long *h_ret, | |
56 | BN_GENCB *cb) | |
0f113f3e | 57 | { |
f11f86f6 SL |
58 | #ifndef FIPS_MODE |
59 | if (dsa->meth->dsa_paramgen) | |
60 | return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len, | |
61 | counter_ret, h_ret, cb); | |
62 | #endif | |
63 | if (seed_in != NULL | |
64 | && !ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, -1)) | |
0f113f3e MC |
65 | return 0; |
66 | ||
f11f86f6 SL |
67 | #ifndef FIPS_MODE |
68 | /* The old code used FIPS 186-2 DSA Parameter generation */ | |
69 | if (bits <= 1024 && seed_len == 20) { | |
70 | if (!dsa_generate_ffc_parameters(libctx, dsa, | |
71 | DSA_PARAMGEN_TYPE_FIPS_186_2, | |
72 | bits, 160, -1, cb)) | |
73 | return 0; | |
74 | } else | |
75 | #endif | |
76 | { | |
77 | if (!dsa_generate_ffc_parameters(libctx, dsa, | |
78 | DSA_PARAMGEN_TYPE_FIPS_186_4, | |
79 | bits, -1, -1, cb)) | |
f00a10b8 | 80 | return 0; |
0f113f3e MC |
81 | } |
82 | ||
f11f86f6 SL |
83 | if (counter_ret != NULL) |
84 | *counter_ret = dsa->params.pcounter; | |
85 | if (h_ret != NULL) | |
86 | *h_ret = dsa->params.h; | |
87 | return 1; | |
0f113f3e MC |
88 | } |
89 | ||
f11f86f6 SL |
90 | int DSA_generate_parameters_ex(DSA *dsa, int bits, |
91 | const unsigned char *seed_in, int seed_len, | |
92 | int *counter_ret, unsigned long *h_ret, | |
93 | BN_GENCB *cb) | |
0f113f3e | 94 | { |
f11f86f6 SL |
95 | return dsa_generate_parameters_ctx(NULL, dsa, bits, |
96 | seed_in, seed_len, | |
97 | counter_ret, h_ret, cb); | |
0f113f3e | 98 | } |