Example #1
0
void
key_free(struct key *k)
{
	if (k->type == KEY_RSA)
		RSA_free((RSA *)k->data);
	else if (k->type == KEY_DSA)
		DSA_free((DSA *)k->data);
	else if (k->data != NULL)
		free(k->data);
	
	free(k);
}
Example #2
0
/** dsa_init - this is called at startup.  Errors will return -1, and
 *  should be caught by the try() macro
 */
int dsa_init()
{
	char *fn; 

	ou_seed();	/* initialize the random seed, cannot fail */

	dispatch = NULL;

	probe = DSA_generate_parameters(DSA_KEYLEN, NULL, 0, NULL, NULL, NULL, 
		NULL);
	if(probe == NULL) 
		return -1;

	try(load_probekeys());

	dispatch = DSA_generate_parameters(DSA_KEYLEN, NULL, 0, NULL, NULL, 
		NULL, NULL);
	if(dispatch == NULL)
		return 0;	/* no big deal, yet */

	fn = fm_abs(FM_KEY_DISPATCH_PUBLIC);

	if(load_keys(fn, NULL, &dispatch) == -1) {
		DSA_free(dispatch);
		dispatch = NULL;
	}

	free(fn);
	
	return 0;
}

/** dsa_close -  frees up memory used for key signing and verification, run
 * this at exit */
void dsa_close()
{
	DSA_free(probe);
	DSA_free(dispatch);
}
Example #3
0
// See https://tools.ietf.org/html/rfc4253: ... the "ssh-dss" key format has ...
SEXP R_dsa_pubkey_build(SEXP p, SEXP q, SEXP g, SEXP y){
  DSA *dsa = DSA_new();
  MY_DSA_set0_pqg(dsa, new_bignum_from_r(p), new_bignum_from_r(q), new_bignum_from_r(g));
  MY_DSA_set0_key(dsa, new_bignum_from_r(y), NULL);
  unsigned char *buf = NULL;
  int len = i2d_DSA_PUBKEY(dsa, &buf);
  bail(len);
  DSA_free(dsa);
  SEXP res = allocVector(RAWSXP, len);
  memcpy(RAW(res), buf, len);
  OPENSSL_free(buf);
  return res;
}
/* Override the default free and new methods */
static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
{
	if(operation == ASN1_OP_NEW_PRE) {
		*pval = (ASN1_VALUE *)DSA_new();
		if(*pval) return 2;
		return 0;
	} else if(operation == ASN1_OP_FREE_PRE) {
		DSA_free((DSA *)*pval);
		*pval = NULL;
		return 2;
	}
	return 1;
}
Example #5
0
static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
{
  DSA *dtmp;
  if(!key) return NULL;
  dtmp = EVP_PKEY_get1_DSA(key);
  EVP_PKEY_free(key);
  if(!dtmp) return NULL;
  if(dsa) {
    DSA_free(*dsa);
    *dsa = dtmp;
  }
  return dtmp;
}
/*
 * Generate DSA algorithm parameters from optional seed input, returning result
 * into NSS_DSAAlgParamss.[pqg]. This is called from both GenerateParameters and from
 * KeyPairGenerate (if no GenerateParameters has yet been called). 
 */
void DSAKeyPairGenContext::dsaGenParams(
	uint32				keySizeInBits,
	const void			*inSeed,		// optional
	unsigned			inSeedLen,
	NSS_DSAAlgParams 	&algParams,
	SecNssCoder			&coder)			// contents of algParams mallocd from here
{
	unsigned char seedBuf[SHA1_DIGEST_SIZE];
	void *seedPtr;
	
	/* validate key size */
	if((keySizeInBits < DSA_MIN_KEY_SIZE) || 
	   (keySizeInBits > DSA_MAX_KEY_SIZE) ||
	   (keySizeInBits & DSA_KEY_BITS_MASK)) {
		CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);
	}
	
	/* seed from one of three sources */
	if(inSeed == NULL) {
		/* 20 random seed bytes */
		session().getRandomBytes(SHA1_DIGEST_SIZE, seedBuf);
		seedPtr = seedBuf;
	}
	else if(inSeedLen == SHA1_DIGEST_SIZE) {
		/* perfect */
		seedPtr = (void *)inSeed;
	}
	else {
		/* hash caller's seed */
		cspGenSha1Hash(inSeed, inSeedLen, seedBuf);
		seedPtr = seedBuf;
	}

	DSA *dsaKey = DSA_generate_parameters(keySizeInBits,
		(unsigned char *)seedPtr,	
		SHA1_DIGEST_SIZE,
		NULL,		// counter_ret
		NULL,		// h_ret
		NULL, 
		NULL);
	if(dsaKey == NULL) {
		throwRsaDsa("DSA_generate_parameters");
	}
	
	/* stuff dsaKey->[pqg] into a caller's NSS_DSAAlgParams */
	bnToCssmData(dsaKey->p, algParams.p, coder);
	bnToCssmData(dsaKey->q, algParams.q, coder);
	bnToCssmData(dsaKey->g, algParams.g, coder);
	
	DSA_free(dsaKey);
}
Example #7
0
int main()
{
   DSA *key;
   FILE *fp1, *fp2;
   unsigned char digest[8] = "1234567";
   int siglen;
   unsigned char signature[1000];
   int retcode;

   key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL);

   if (key == NULL)
   {
      printf("\nFailed to generate parameters\n");
      exit(1);
   }
   fp1 = fopen("params.dat", "w");
   DSAparams_print_fp(fp1, key);
   fclose(fp1);

   DSA_generate_key(key);
   if (key == NULL)
   {
      printf("\nFailed to generate key\n");
      exit(1);
   }

   fp2 = fopen("key.dat", "w");

   DSA_print_fp(fp2, key, 0);
   fclose(fp2);

   retcode = DSA_sign(0, digest, 8, signature, &siglen, key);
   if (retcode == 0)
   {
      printf("\n *** Error in signing ***\n\n");
      exit(1);
   }
   printf("\n%s\n",signature);

   retcode = DSA_verify(0, digest, 8, signature, siglen, key);
   if (retcode == 1)
      printf("\n *** Valid signature ***\n\n");
   if (retcode == 0)
      printf("\n *** Incorrect signature ***\n\n");
   if (retcode == -1)
      printf("\n *** Error in verifying ***\n\n");

   DSA_free(key);
   return 0;
}
Example #8
0
DSA *DSA_new_method(ENGINE *engine)
{
    DSA *ret = OPENSSL_zalloc(sizeof(*ret));

    if (ret == NULL) {
        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    ret->references = 1;
    ret->lock = CRYPTO_THREAD_lock_new();
    if (ret->lock == NULL) {
        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
        OPENSSL_free(ret);
        return NULL;
    }

    ret->meth = DSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
    if (engine) {
        if (!ENGINE_init(engine)) {
            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
            goto err;
        }
        ret->engine = engine;
    } else
        ret->engine = ENGINE_get_default_DSA();
    if (ret->engine) {
        ret->meth = ENGINE_get_DSA(ret->engine);
        if (ret->meth == NULL) {
            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
            goto err;
        }
    }
#endif

    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;

    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
        goto err;

    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
err:
        DSA_free(ret);
        ret = NULL;
    }

    return ret;
}
Example #9
0
static int dsa_test(void)
{
    BN_GENCB *cb;
    DSA *dsa = NULL;
    int counter, ret = 0, i, j;
    unsigned char buf[256];
    unsigned long h;
    unsigned char sig[256];
    unsigned int siglen;
    const BIGNUM *p = NULL, *q = NULL, *g = NULL;

    if (!TEST_ptr(cb = BN_GENCB_new()))
        goto end;

    BN_GENCB_set(cb, dsa_cb, NULL);
    if (!TEST_ptr(dsa = DSA_new())
        || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
                                                &counter, &h, cb)))
        goto end;

    if (!TEST_int_eq(counter, 105))
        goto end;
    if (!TEST_int_eq(h, 2))
        goto end;

    DSA_get0_pqg(dsa, &p, &q, &g);
    i = BN_bn2bin(q, buf);
    j = sizeof(out_q);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
        goto end;

    i = BN_bn2bin(p, buf);
    j = sizeof(out_p);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
        goto end;

    i = BN_bn2bin(g, buf);
    j = sizeof(out_g);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
        goto end;

    DSA_generate_key(dsa);
    DSA_sign(0, str1, 20, sig, &siglen, dsa);
    if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
        ret = 1;

 end:
    DSA_free(dsa);
    BN_GENCB_free(cb);
    return ret;
}
Example #10
0
ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,
			     const ops_dsa_signature_t *sig,
			     const ops_dsa_public_key_t *dsa)
    {
    DSA_SIG *osig;
    DSA *odsa;
    int ret;

    osig=DSA_SIG_new();
    osig->r=sig->r;
    osig->s=sig->s;

    odsa=DSA_new();
    odsa->p=dsa->p;
    odsa->q=dsa->q;
    odsa->g=dsa->g;
    odsa->pub_key=dsa->y;

    if (debug)
        {
        fprintf(stderr,"hash passed in:\n");
        unsigned i;
        for (i=0; i<hash_length; i++)
            {
            fprintf(stderr,"%02x ", hash[i]);
            }
        fprintf(stderr,"\n");
        }
    //printf("hash_length=%ld\n", hash_length);
    //printf("Q=%d\n", BN_num_bytes(odsa->q));
    unsigned int qlen=BN_num_bytes(odsa->q);
    if (qlen < hash_length)
        hash_length=qlen;
    //    ret=DSA_do_verify(hash,hash_length,osig,odsa);
    ret=DSA_do_verify(hash,hash_length,osig,odsa);
    if (debug)
        {
        fprintf(stderr,"ret=%d\n",ret);
        }
    assert(ret >= 0);

    odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;
    DSA_free(odsa);
 
    osig->r=osig->s=NULL;
    DSA_SIG_free(osig);

    return ret != 0;
    }
Example #11
0
File: pki.c Project: rofl0r/libssh
/**
 * @brief clean up the key and deallocate all existing keys
 * @param[in] key ssh_key to clean
 */
void ssh_key_clean (ssh_key key){
    if(key == NULL)
        return;
#ifdef HAVE_LIBGCRYPT
    if(key->dsa) gcry_sexp_release(key->dsa);
    if(key->rsa) gcry_sexp_release(key->rsa);
#elif defined HAVE_LIBCRYPTO
    if(key->dsa) DSA_free(key->dsa);
    if(key->rsa) RSA_free(key->rsa);
#endif
    key->flags=SSH_KEY_FLAG_EMPTY;
    key->type=SSH_KEYTYPE_UNKNOWN;
    key->type_c=NULL;
    key->dsa = NULL;
    key->rsa = NULL;
}
Example #12
0
File: gost_pmeth.c Project: 5y/node
static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
    DSA *dsa = NULL;
    if (data->sign_param_nid == NID_undef) {
        GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
        return 0;
    }
    dsa = DSA_new();
    if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
        DSA_free(dsa);
        return 0;
    }
    EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);
    return 1;
}
Example #13
0
DSA *DSA_parse_parameters(CBS *cbs) {
  DSA *ret = DSA_new();
  if (ret == NULL) {
    return NULL;
  }
  CBS child;
  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
      !parse_integer(&child, &ret->p) ||
      !parse_integer(&child, &ret->q) ||
      !parse_integer(&child, &ret->g) ||
      CBS_len(&child) != 0) {
    OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
    DSA_free(ret);
    return NULL;
  }
  return ret;
}
Example #14
0
static DSA *get_fips_dsa(void) {
  DSA *dsa = DSA_new();
  if (!dsa) {
    return NULL;
  }
  dsa->p = BN_bin2bn(fips_p, sizeof(fips_p), NULL);
  dsa->q = BN_bin2bn(fips_q, sizeof(fips_q), NULL);
  dsa->g = BN_bin2bn(fips_g, sizeof(fips_g), NULL);
  dsa->pub_key = BN_bin2bn(fips_y, sizeof(fips_y), NULL);
  dsa->priv_key = BN_bin2bn(fips_x, sizeof(fips_x), NULL);
  if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL ||
      dsa->pub_key == NULL || dsa->priv_key == NULL) {
    DSA_free(dsa);
    return NULL;
  }
  return dsa;
}
Example #15
0
DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len) {
  if (len < 0) {
    return NULL;
  }
  CBS cbs;
  CBS_init(&cbs, *inp, (size_t)len);
  DSA *ret = DSA_parse_parameters(&cbs);
  if (ret == NULL) {
    return NULL;
  }
  if (out != NULL) {
    DSA_free(*out);
    *out = ret;
  }
  *inp = CBS_data(&cbs);
  return ret;
}
Example #16
0
static void check_license_signature(license_raw *lptr)
{
    unsigned char message_digest[SHA_DIGEST_LENGTH];
    SHA_CTX sha_ctx;
    DSA *dsa = DSA_new();

    SHA1_Init(&sha_ctx);
    SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature));
    SHA1_Final(message_digest, &sha_ctx);

    dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL);
    dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL);
    dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL);
    dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL);

  // calculate the right len of the signiture
  DSA_SIG *temp_sig=DSA_SIG_new();
  int siglen = -1;
  const unsigned char *data =lptr->dsa_signature; 
  if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){
  	fprintf(stderr, "License signature verification failed: %s\n",
	    ERR_error_string(ERR_get_error(), NULL));
	  exit(EXIT_FAILURE);
  }
  unsigned char *tmp_buff= NULL;
  siglen = i2d_DSA_SIG(temp_sig, &tmp_buff);
  OPENSSL_cleanse(tmp_buff, siglen);
	OPENSSL_free(tmp_buff);
	DSA_SIG_free(temp_sig);

    switch(DSA_verify(0, message_digest, sizeof(message_digest),
        lptr->dsa_signature, siglen, dsa)) {
    case 0:
	fputs("License file is corrupted: invalid DSA signature.\n", stderr);
	exit(EXIT_FAILURE);
    case 1:
	break; /* valid signature */
    default:
	fprintf(stderr, "License signature verification failed: %s\n",
	    ERR_error_string(ERR_get_error(), NULL));
	exit(EXIT_FAILURE);
    }

    DSA_free(dsa);
}
Example #17
0
/*
 * DSA: generate keys and sign, verify input plaintext.
 */
static int FIPS_dsa_test(int bad)
{
    DSA *dsa = NULL;
    EVP_PKEY pk;
    unsigned char dgst[] = "etaonrishdlc";
    unsigned char buf[60];
    unsigned int slen;
    int r = 0;
    EVP_MD_CTX mctx;

    ERR_clear_error();
    EVP_MD_CTX_init(&mctx);
    dsa = DSA_new();
    if (!dsa)
        goto end;
    if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))
        goto end;
    if (!DSA_generate_key(dsa))
        goto end;
    if (bad)
        BN_add_word(dsa->pub_key, 1);

    pk.type = EVP_PKEY_DSA;
    pk.pkey.dsa = dsa;

    if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
        goto end;
    if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
        goto end;
    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
        goto end;

    if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
        goto end;
    if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
        goto end;
    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
end:
    EVP_MD_CTX_cleanup(&mctx);
    if (dsa)
        DSA_free(dsa);
    if (r != 1)
        return 0;
    return 1;
}
Example #18
0
static void pgpFreeKeyDSA(pgpDigAlg pgpkey)
{
    struct pgpDigKeyDSA_s *key = pgpkey->data;
    if (key) {
        if (key->dsa_key) {
            DSA_free(key->dsa_key);
        } else {
            /* If sig->dsa_key was constructed,
             * the memory management of these BNs
             * are freed with it. */
            BN_clear_free(key->p);
            BN_clear_free(key->q);
            BN_clear_free(key->g);
            BN_clear_free(key->y);
        }
        free(key);
    }
}
Example #19
0
unsigned 
__ops_dsa_verify(const uint8_t *hash, size_t hash_length,
	       const __ops_dsa_sig_t *sig,
	       const __ops_dsa_pubkey_t *dsa)
{
	unsigned	qlen;
	DSA_SIG        *osig;
	DSA            *odsa;
	int             ret;

	osig = DSA_SIG_new();
	osig->r = sig->r;
	osig->s = sig->s;

	odsa = DSA_new();
	odsa->p = dsa->p;
	odsa->q = dsa->q;
	odsa->g = dsa->g;
	odsa->pub_key = dsa->y;

	if (__ops_get_debug_level(__FILE__)) {
		hexdump(stderr, "input hash", hash, hash_length);
		(void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q));
	}
	if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {
		hash_length = qlen;
	}
	ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);
	if (__ops_get_debug_level(__FILE__)) {
		(void) fprintf(stderr, "ret=%d\n", ret);
	}
	if (ret < 0) {
		(void) fprintf(stderr, "__ops_dsa_verify: DSA verification\n");
		return 0;
	}

	odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;
	DSA_free(odsa);

	osig->r = osig->s = NULL;
	DSA_SIG_free(osig);

	return (unsigned)ret;
}
DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
	     long length)
{
	EVP_PKEY *pkey;
	DSA *key;
	unsigned char *q;
	q = *pp;
	pkey = d2i_PUBKEY(NULL, &q, length);
	if(!pkey) return NULL;
	key = EVP_PKEY_get1_DSA(pkey);
	EVP_PKEY_free(pkey);
	if(!key) return NULL;
	*pp = q;
	if(a) {
		DSA_free(*a);
		*a = key;
	}
	return key;
}
static
PKCS11H_BOOL
__pkcs11h_openssl_session_setDSA(
	IN const pkcs11h_openssl_session_t openssl_session,
	IN EVP_PKEY * evp
) {
	PKCS11H_BOOL ret = FALSE;
	DSA *dsa = NULL;

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: __pkcs11h_openssl_session_setDSA - entered openssl_session=%p, evp=%p",
		(void *)openssl_session,
		(void *)evp
	);

	if (
		(dsa = EVP_PKEY_get1_DSA (evp)) == NULL
	) {
		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get DSA key");
		goto cleanup;
	}

	DSA_set_method (dsa, __openssl_methods.dsa);
	DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session);

	ret = TRUE;

cleanup:

	if (dsa != NULL) {
		DSA_free (dsa);
		dsa = NULL;
	}

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: __pkcs11h_openssl_session_setDSA - return ret=%d",
		ret
	);

	return ret;
}
Example #22
0
DSA_SIG* ops_dsa_sign(unsigned char* hashbuf, unsigned hashsize, const ops_dsa_secret_key_t *sdsa, const ops_dsa_public_key_t *dsa)
    {
    DSA *odsa;
    DSA_SIG *dsasig;

    odsa=DSA_new();
    odsa->p=dsa->p;
    odsa->q=dsa->q;
    odsa->g=dsa->g;
    odsa->pub_key=dsa->y;
    odsa->priv_key=sdsa->x;

    dsasig=DSA_do_sign(hashbuf,hashsize,odsa);

    odsa->p=odsa->q=odsa->g=odsa->pub_key=odsa->priv_key=NULL;
    DSA_free(odsa);

    return dsasig;
    }
Example #23
0
int32_t CryptoNative_DsaGenerateKey(DSA** dsa, int32_t bits)
{
    *dsa = DSA_new();
    if (!dsa)
    {
        assert(false);
        return 0;
    }

    if (!DSA_generate_parameters_ex(*dsa, bits, NULL, 0, NULL, NULL, NULL) ||
        !DSA_generate_key(*dsa))
    {
        DSA_free(*dsa);
        *dsa = NULL;
        return 0;
    }

    return 1;
}
DSA *
DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
    int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *),
    void *cb_arg)
{
	BN_GENCB cb;
	DSA *ret;

	if ((ret = DSA_new()) == NULL)
		return NULL;

	BN_GENCB_set_old(&cb, callback, cb_arg);

	if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
	    counter_ret, h_ret, &cb))
		return ret;
	DSA_free(ret);
	return NULL;
}
Example #25
0
//
// キーのメモリ領域解放
//
void key_free(Key *key)
{
	if (key == NULL) {
		return;
	}

	switch (key->type) {
		case KEY_RSA1:
		case KEY_RSA:
			if (key->rsa != NULL)
				RSA_free(key->rsa);
			key->rsa = NULL;
			break;

		case KEY_DSA:
			if (key->dsa != NULL)
				DSA_free(key->dsa);
			key->dsa = NULL;
			break;

		case KEY_ECDSA256:
		case KEY_ECDSA384:
		case KEY_ECDSA521:
			if (key->ecdsa != NULL)
				EC_KEY_free(key->ecdsa);
			key->ecdsa = NULL;
			break;

		case KEY_ED25519:
			if (key->ed25519_pk) {
				memset(key->ed25519_pk, 0, ED25519_PK_SZ);
				free(key->ed25519_pk);
				key->ed25519_pk = NULL;
			}
			if (key->ed25519_sk) {
				memset(key->ed25519_sk, 0, ED25519_SK_SZ);
				free(key->ed25519_sk);
				key->ed25519_sk = NULL;
			}
			break;
	}
	free(key);
}
Example #26
0
/* DSA: generate key and sign a known digest, then verify the signature
 * against the digest
*/
static int FIPS_dsa_test()
    {
    DSA *dsa = NULL;
    unsigned char dgst[] = "etaonrishdlc";
    unsigned char sig[256];
    unsigned int siglen;

    ERR_clear_error();
    dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
    if (!dsa)
	return 0;
    if (!DSA_generate_key(dsa))
	return 0;
    if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 )
	return 0;
    if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 )
	return 0;
    DSA_free(dsa);
    return 1;
    }
Example #27
0
/*!
 * \brief Create DSA private key from key parameters.
 * \see rsa_create_pkey
 */
static int dsa_create_pkey(const knot_key_params_t *params, EVP_PKEY *key)
{
	assert(key);

	DSA *dsa = DSA_new();
	if (dsa == NULL)
		return KNOT_ENOMEM;

	dsa->p        = knot_b64_to_bignum(params->prime);
	dsa->q        = knot_b64_to_bignum(params->subprime);
	dsa->g        = knot_b64_to_bignum(params->base);
	dsa->priv_key = knot_b64_to_bignum(params->private_value);
	dsa->pub_key  = knot_b64_to_bignum(params->public_value);

	if (!EVP_PKEY_assign_DSA(key, dsa)) {
		DSA_free(dsa);
		return KNOT_DNSSEC_EASSIGN_KEY;
	}

	return KNOT_EOK;
}
static EVP_PKEY *old_priv_decode(CBS *cbs, int type) {
  EVP_PKEY *ret = EVP_PKEY_new();
  if (ret == NULL) {
    return NULL;
  }

  switch (type) {
    case EVP_PKEY_EC: {
      EC_KEY *ec_key = EC_KEY_parse_private_key(cbs, NULL);
      if (ec_key == NULL || !EVP_PKEY_assign_EC_KEY(ret, ec_key)) {
        EC_KEY_free(ec_key);
        goto err;
      }
      return ret;
    }
    case EVP_PKEY_DSA: {
      DSA *dsa = DSA_parse_private_key(cbs);
      if (dsa == NULL || !EVP_PKEY_assign_DSA(ret, dsa)) {
        DSA_free(dsa);
        goto err;
      }
      return ret;
    }
    case EVP_PKEY_RSA: {
      RSA *rsa = RSA_parse_private_key(cbs);
      if (rsa == NULL || !EVP_PKEY_assign_RSA(ret, rsa)) {
        RSA_free(rsa);
        goto err;
      }
      return ret;
    }
    default:
      OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE);
      goto err;
  }

err:
  EVP_PKEY_free(ret);
  return NULL;
}
Example #29
0
static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb)
	{
	DSA *ret;
	int rv = 0;
	int prime_len = dctx->prime_len;
	int subprime_len = dctx->subprime_len;
	const EVP_MD *md = dctx->md;
	if (dctx->use_dsa > 2)
		return NULL;
	ret = DSA_new();
	if (!ret)
		return NULL;
	if (subprime_len == -1)
		{
		if (prime_len >= 2048)
			subprime_len = 256;
		else
			subprime_len = 160;
		}
	if (md == NULL)
		{
		if (prime_len >= 2048)
			md = EVP_sha256();
		else
			md = EVP_sha1();
		}
	if (dctx->use_dsa == 1)
		rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md,
						NULL, 0, NULL, NULL, NULL, pcb);
	else if(dctx->use_dsa == 2)
		rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md,
					   NULL, 0, -1, NULL, NULL, NULL, pcb);
	if (rv <= 0)
		{
		DSA_free(ret);
		return NULL;
		}
	return ret;
	}
Example #30
0
void
keynote_free_key(void *key, int type)
{
    if (key == NULL)
      return;

    /* DSA keys */
    if (type == KEYNOTE_ALGORITHM_DSA)
    {
	DSA_free(key);
	return;
    }

    /* RSA keys */
    if (type == KEYNOTE_ALGORITHM_RSA)
    {
	RSA_free(key);
	return;
    }

    /* X509 keys */
    if (type == KEYNOTE_ALGORITHM_X509)
    {
	RSA_free(key); /* RSA-specific */
	return;
    }

    /* BINARY keys */
    if (type == KEYNOTE_ALGORITHM_BINARY)
    {
	free(((struct keynote_binary *) key)->bn_key);
	free(key);
	return;
    }

    /* Catch-all case */
    if (type == KEYNOTE_ALGORITHM_NONE)
      free(key);
}