Add additional parameter to dsa_builtin_paramgen to output the generated

seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index a7d478324e2d8510cb05b0a52a4f0d98d625d462..e6a545201614609706a1cdd604ad9735a709659d 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -105,12 +105,13 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
                        }
 
                return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
-                               seed_in, seed_len, counter_ret, h_ret, cb);
+                       seed_in, seed_len, NULL, counter_ret, h_ret, cb);
                }
        }
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+       unsigned char *seed_out,
        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        int ok=0;
@@ -336,6 +337,8 @@ err:
                        }
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
+               if (seed_out)
+                       memcpy(seed_out, seed, qsize);
                }
        if(ctx)
                {

diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
index 2b8cfee3dbd5e27430e79a274f533d528d6cfbb6..21e2e4524224a29224375ec2e4bfb6b346623a1e 100644 (file)
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -56,4 +56,5 @@
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+       unsigned char *seed_out,
        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 4ce91e20c64375899819bdecfb839bb23220d61f..0ad12e008df7f6802bc262ddcce056b1d2c728d7 100644 (file)
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -252,7 +252,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
        if (!dsa)
                return 0;
        ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-                                  NULL, 0, NULL, NULL, pcb);
+                                  NULL, 0, NULL, NULL, NULL, pcb);
        if (ret)
                EVP_PKEY_assign_DSA(pkey, dsa);
        else

diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index cf357b462a27bcda50ff8f600bdfcf9635dab1e6..00ad347b9ac828bc0dbd6e02ea10ea48eaf4d9ee 100644 (file)
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -363,7 +363,12 @@ int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT
        if (!BN_copy(&point->Z, BN_value_one())) goto err;
        BN_set_negative(&point->Z, 0);
        point->Z_is_one = 1;
-       ret = 1;
+       if (BN_num_bits(x) > BN_num_bits(&group->field))
+               ret = 2;
+       else if (BN_num_bits(y) > BN_num_bits(&group->field))
+               ret = 2;
+       else
+               ret = 1;
 
   err:
        return ret;
@@ -937,6 +942,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT
                {
                return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
                }
+
+       if (EC_POINT_is_at_infinity(group, b))
+               return 1;
        
        if (a->Z_is_one && b->Z_is_one)
                {
@@ -967,6 +975,15 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT
        return ret;
        }
 
+int ec_GF2m_simple_range(const EC_GROUP *group, const EC_POINT *a)
+       {
+       if (BN_num_bits(&a->X) > BN_num_bits(&group->field))
+               return 0;
+       if (BN_num_bits(&a->Y) > BN_num_bits(&group->field))
+               return 0;
+       return 1;
+       }
+
 
 /* Forces the given EC_POINT to internally use affine coordinates. */
 int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 12fb0e6d6d7378d57e0ec2965f97eb62cd001d6d..522802c07ae13c3c34bb31185da508cf20077233 100644 (file)
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
                ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
                return 0;
                }
-       
+
+       if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
+               {
+               ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+               goto err;
+               }
+
        if ((ctx = BN_CTX_new()) == NULL)
                goto err;
        if ((point = EC_POINT_new(eckey->group)) == NULL)

diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
index fd751e5eb18f6b754fa0af419c8851cad1851c2e..4e9c4dab364f040bd4169f4cdd5b83d8ad1c2825 100644 (file)
--- a/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
@@ -323,6 +323,7 @@ int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
 int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
 int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
 int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_range(const EC_GROUP *group, const EC_POINT *a);
 int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
 int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
 int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
@@ -379,6 +380,7 @@ int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
 int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
 int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
 int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_range(const EC_GROUP *group, const EC_POINT *a);
 int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
 int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
 int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);

diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index 4d26f8bdf6921f4ae9a9e5be06fbde3f54b55628..3e56b71a211aa421baa3da6696ffe9890d1937c6 100644 (file)
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -441,8 +441,11 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POIN
                        }
                point->Z_is_one = Z_is_one;
                }
-       
-       ret = 1;
+
+       if (BN_cmp(&point->X, x) || BN_cmp(&point->Y, y))
+               ret = 2;
+       else
+               ret = 1;
        
  err:
        if (new_ctx != NULL)
@@ -1406,6 +1409,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *
                {
                return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
                }
+
+       if (EC_POINT_is_at_infinity(group, b))
+               return 1;
        
        if (a->Z_is_one && b->Z_is_one)
                {
@@ -1494,7 +1500,6 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *
        return ret;
        }
 
-
 int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
        {
        BN_CTX *new_ctx = NULL;