This is from an email sent to openssl-users:
I'm signing and verifying documents using DSA and have run into a couple of
problems.
I'm working with OpenSSL 0.9.7 on Linux with a Broadcom crypto card based on
the 5821 (so OpenSSL engine type is "ubsec"). I have version 1.81 of the
Broadcom driver.
(1) While testing I found that verification of certain signed documents
crashed
OpenSSL. The problem appears to be that hw_ubsec.c:ubsec_dsa_verify() calls
p_UBSEC_dsa_verify_ioctl() and if this call fails then the code tries using
software crypto, indirectly calling dsa_ossl.c:dsa_do_verify(). However,
dsa_do_verify() tries to do:
if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,
dsa->pub_key,&u2,
dsa->p,ctx,mont))
goto err;
and this dies because dsa_mod_exp is NULL. The current workaround is to
set up
pointers in ubsec_dsa for dsa_mod_exp and dsa_bn_mod_exp (just in case):
#ifndef OPENSSL_NO_DSA
static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont)
{
return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
}
static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
}
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD ubsec_dsa =
{
"UBSEC DSA method",
ubsec_dsa_do_sign, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
ubsec_dsa_verify, /* dsa_do_verify */
dsa_mod_exp, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
dsa_bn_mod_exp, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
#endif
Not sure if this is entirely kosher, but I don't know why they were NULL to
begin with?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
