1 files changed, 350 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..f1a85afcde
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,350 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_FIPS
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+static DSA_METHOD openssl_dsa_meth = {
+"OpenSSL DSA method",
+dsa_do_sign,
+dsa_sign_setup,
+dsa_do_verify,
+dsa_mod_exp,
+dsa_bn_mod_exp,
+dsa_init,
+dsa_finish,
+0,
+NULL
+};
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+        return &openssl_dsa_meth;
+}
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+        BIGNUM m;
+        BIGNUM xr;
+        BN_CTX *ctx=NULL;
+        int i,reason=ERR_R_BN_LIB;
+        DSA_SIG *ret=NULL;
+        BN_init(&m);
+        BN_init(&xr);
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                reason=DSA_R_MISSING_PARAMETERS;
+                goto err;
+                }
+        s=BN_new();
+        if (s == NULL) goto err;
+        i=BN_num_bytes(dsa->q); /* should be 20 */
+        if ((dlen > i) || (dlen > 50))
+                {
+                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+                goto err;
+                }
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        if ((dsa->kinv == NULL) || (dsa->r == NULL))
+                {
+                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+                }
+        else
+                {
+                kinv=dsa->kinv;
+                dsa->kinv=NULL;
+                r=dsa->r;
+                dsa->r=NULL;
+                }
+        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+        /* Compute  s = inv(k) (m + xr) mod q */
+        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+        if (!BN_add(s, &xr, &m)) goto err;              /* s = m + xr */
+        if (BN_cmp(s,dsa->q) > 0)
+                BN_sub(s,s,dsa->q);
+        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+        ret=DSA_SIG_new();
+        if (ret == NULL) goto err;
+        ret->r = r;
+        ret->s = s;
+        
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_DO_SIGN,reason);
+                BN_free(r);
+                BN_free(s);
+                }
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_clear_free(&m);
+        BN_clear_free(&xr);
+        if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+            BN_clear_free(kinv);
+        return(ret);
+        }
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+        {
+        BN_CTX *ctx;
+        BIGNUM k,*kinv=NULL,*r=NULL;
+        int ret=0;
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+                return 0;
+                }
+        BN_init(&k);
+        if (ctx_in == NULL)
+                {
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+                }
+        else
+                ctx=ctx_in;
+        if ((r=BN_new()) == NULL) goto err;
+        kinv=NULL;
+        /* Get random k */
+        do
+                if (!BN_rand_range(&k, dsa->q)) goto err;
+        while (BN_is_zero(&k));
+        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+                {
+                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+                                dsa->p,ctx)) goto err;
+                }
+        /* Compute r = (g^k mod p) mod q */
+        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+        /* Compute  part of 's = inv(k) (m + xr) mod q' */
+        if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+        if (*kinvp != NULL) BN_clear_free(*kinvp);
+        *kinvp=kinv;
+        kinv=NULL;
+        if (*rp != NULL) BN_clear_free(*rp);
+        *rp=r;
+        ret=1;
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL) BN_clear_free(r);
+                }
+        if (ctx_in == NULL) BN_CTX_free(ctx);
+        if (kinv != NULL) BN_clear_free(kinv);
+        BN_clear_free(&k);
+        return(ret);
+        }
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+        {
+        BN_CTX *ctx;
+        BIGNUM u1,u2,t1;
+        BN_MONT_CTX *mont=NULL;
+        int ret = -1;
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+                return -1;
+                }
+        BN_init(&u1);
+        BN_init(&u2);
+        BN_init(&t1);
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+                {
+                ret = 0;
+                goto err;
+                }
+        if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+                {
+                ret = 0;
+                goto err;
+                }
+        /* Calculate W = inv(S) mod Q
+         * save W in u2 */
+        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+        /* save M in u1 */
+        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+        /* u1 = M * w mod q */
+        if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+        /* u2 = r * w mod q */
+        if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+                {
+                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+                                dsa->p,ctx)) goto err;
+                }
+        mont=(BN_MONT_CTX *)dsa->method_mont_p;
+#if 0
+        {
+        BIGNUM t2;
+        BN_init(&t2);
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+        BN_free(&t2);
+        }
+        /* let u1 = u1 mod q */
+        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+        {
+        if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+                                                dsa->p,ctx,mont)) goto err;
+        /* BN_copy(&u1,&t1); */
+        /* let u1 = u1 mod q */
+        if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+        }
+#endif
+        /* V is now in u1.  If the signature is correct, it will be
+         * equal to R. */
+        ret=(BN_ucmp(&u1, sig->r) == 0);
+        err:
+        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_free(&u1);
+        BN_free(&u2);
+        BN_free(&t1);
+        return(ret);
+        }
+static int dsa_init(DSA *dsa)
+{
+        dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+        return(1);
+}
+static int dsa_finish(DSA *dsa)
+{
+        if(dsa->method_mont_p)
+                BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+        return(1);
+}
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont)
+{
+        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+        
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx)
+{
+        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+#endif

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c new file mode 100644 index 0000000000..f1a85afcde --- /dev/null +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,350 @@
	1	/* crypto/dsa/dsa_ossl.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
	60
	61	#include <stdio.h>
	62	#include "cryptlib.h"
	63	#include <openssl/bn.h>
	64	#include <openssl/dsa.h>
	65	#include <openssl/rand.h>
	66	#include <openssl/asn1.h>
	67
	68	#ifndef OPENSSL_FIPS
	69	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);
	70	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);
	71	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
	72	DSA *dsa);
	73	static int dsa_init(DSA *dsa);
	74	static int dsa_finish(DSA *dsa);
	75	static int dsa_mod_exp(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM p1,
	76	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx,
	77	BN_MONT_CTX *in_mont);
	78	static int dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
	79	const BIGNUM m, BN_CTX ctx,
	80	BN_MONT_CTX *m_ctx);
	81
	82	static DSA_METHOD openssl_dsa_meth = {
	83	"OpenSSL DSA method",
	84	dsa_do_sign,
	85	dsa_sign_setup,
	86	dsa_do_verify,
	87	dsa_mod_exp,
	88	dsa_bn_mod_exp,
	89	dsa_init,
	90	dsa_finish,
	91	0,
	92	NULL
	93	};
	94
	95	const DSA_METHOD *DSA_OpenSSL(void)
	96	{
	97	return &openssl_dsa_meth;
	98	}
	99
	100	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
	101	{
	102	BIGNUM kinv=NULL,r=NULL,*s=NULL;
	103	BIGNUM m;
	104	BIGNUM xr;
	105	BN_CTX *ctx=NULL;
	106	int i,reason=ERR_R_BN_LIB;
	107	DSA_SIG *ret=NULL;
	108
	109	BN_init(&m);
	110	BN_init(&xr);
	111
	112	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)
	113	{
	114	reason=DSA_R_MISSING_PARAMETERS;
	115	goto err;
	116	}
	117
	118	s=BN_new();
	119	if (s == NULL) goto err;
	120
	121	i=BN_num_bytes(dsa->q); /* should be 20 */
	122	if ((dlen > i) \|\| (dlen > 50))
	123	{
	124	reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
	125	goto err;
	126	}
	127
	128	ctx=BN_CTX_new();
	129	if (ctx == NULL) goto err;
	130
	131	if ((dsa->kinv == NULL) \|\| (dsa->r == NULL))
	132	{
	133	if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
	134	}
	135	else
	136	{
	137	kinv=dsa->kinv;
	138	dsa->kinv=NULL;
	139	r=dsa->r;
	140	dsa->r=NULL;
	141	}
	142
	143	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
	144
	145	/* Compute s = inv(k) (m + xr) mod q */
	146	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
	147	if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
	148	if (BN_cmp(s,dsa->q) > 0)
	149	BN_sub(s,s,dsa->q);
	150	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
	151
	152	ret=DSA_SIG_new();
	153	if (ret == NULL) goto err;
	154	ret->r = r;
	155	ret->s = s;
	156
	157	err:
	158	if (!ret)
	159	{
	160	DSAerr(DSA_F_DSA_DO_SIGN,reason);
	161	BN_free(r);
	162	BN_free(s);
	163	}
	164	if (ctx != NULL) BN_CTX_free(ctx);
	165	BN_clear_free(&m);
	166	BN_clear_free(&xr);
	167	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
	168	BN_clear_free(kinv);
	169	return(ret);
	170	}
	171
	172	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
	173	{
	174	BN_CTX *ctx;
	175	BIGNUM k,kinv=NULL,r=NULL;
	176	int ret=0;
	177
	178	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)
	179	{
	180	DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
	181	return 0;
	182	}
	183
	184	BN_init(&k);
	185
	186	if (ctx_in == NULL)
	187	{
	188	if ((ctx=BN_CTX_new()) == NULL) goto err;
	189	}
	190	else
	191	ctx=ctx_in;
	192
	193	if ((r=BN_new()) == NULL) goto err;
	194	kinv=NULL;
	195
	196	/* Get random k */
	197	do
	198	if (!BN_rand_range(&k, dsa->q)) goto err;
	199	while (BN_is_zero(&k));
	200
	201	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
	202	{
	203	if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
	204	if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
	205	dsa->p,ctx)) goto err;
	206	}
	207
	208	/* Compute r = (g^k mod p) mod q */
	209	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
	210	(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
	211	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
	212
	213	/* Compute part of 's = inv(k) (m + xr) mod q' */
	214	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
	215
	216	if (kinvp != NULL) BN_clear_free(kinvp);
	217	*kinvp=kinv;
	218	kinv=NULL;
	219	if (rp != NULL) BN_clear_free(rp);
	220	*rp=r;
	221	ret=1;
	222	err:
	223	if (!ret)
	224	{
	225	DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
	226	if (kinv != NULL) BN_clear_free(kinv);
	227	if (r != NULL) BN_clear_free(r);
	228	}
	229	if (ctx_in == NULL) BN_CTX_free(ctx);
	230	if (kinv != NULL) BN_clear_free(kinv);
	231	BN_clear_free(&k);
	232	return(ret);
	233	}
	234
	235	static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
	236	DSA *dsa)
	237	{
	238	BN_CTX *ctx;
	239	BIGNUM u1,u2,t1;
	240	BN_MONT_CTX *mont=NULL;
	241	int ret = -1;
	242	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)
	243	{
	244	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
	245	return -1;
	246	}
	247
	248	BN_init(&u1);
	249	BN_init(&u2);
	250	BN_init(&t1);
	251
	252	if ((ctx=BN_CTX_new()) == NULL) goto err;
	253
	254	if (BN_is_zero(sig->r) \|\| sig->r->neg \|\| BN_ucmp(sig->r, dsa->q) >= 0)
	255	{
	256	ret = 0;
	257	goto err;
	258	}
	259	if (BN_is_zero(sig->s) \|\| sig->s->neg \|\| BN_ucmp(sig->s, dsa->q) >= 0)
	260	{
	261	ret = 0;
	262	goto err;
	263	}
	264
	265	/* Calculate W = inv(S) mod Q
	266	* save W in u2 */
	267	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
	268
	269	/* save M in u1 */
	270	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
	271
	272	/* u1 = M * w mod q */
	273	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
	274
	275	/* u2 = r * w mod q */
	276	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
	277
	278	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
	279	{
	280	if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
	281	if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
	282	dsa->p,ctx)) goto err;
	283	}
	284	mont=(BN_MONT_CTX *)dsa->method_mont_p;
	285
	286	#if 0
	287	{
	288	BIGNUM t2;
	289
	290	BN_init(&t2);
	291	/* v = ( g^u1 * y^u2 mod p ) mod q */
	292	/* let t1 = g ^ u1 mod p */
	293	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
	294	/* let t2 = y ^ u2 mod p */
	295	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
	296	/* let u1 = t1 * t2 mod p */
	297	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
	298	BN_free(&t2);
	299	}
	300	/* let u1 = u1 mod q */
	301	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
	302	#else
	303	{
	304	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
	305	dsa->p,ctx,mont)) goto err;
	306	/* BN_copy(&u1,&t1); */
	307	/* let u1 = u1 mod q */
	308	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
	309	}
	310	#endif
	311	/* V is now in u1. If the signature is correct, it will be
	312	* equal to R. */
	313	ret=(BN_ucmp(&u1, sig->r) == 0);
	314
	315	err:
	316	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
	317	if (ctx != NULL) BN_CTX_free(ctx);
	318	BN_free(&u1);
	319	BN_free(&u2);
	320	BN_free(&t1);
	321	return(ret);
	322	}
	323
	324	static int dsa_init(DSA *dsa)
	325	{
	326	dsa->flags\|=DSA_FLAG_CACHE_MONT_P;
	327	return(1);
	328	}
	329
	330	static int dsa_finish(DSA *dsa)
	331	{
	332	if(dsa->method_mont_p)
	333	BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
	334	return(1);
	335	}
	336
	337	static int dsa_mod_exp(DSA dsa, BIGNUM rr, BIGNUM a1, BIGNUM p1,
	338	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx,
	339	BN_MONT_CTX *in_mont)
	340	{
	341	return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
	342	}
	343
	344	static int dsa_bn_mod_exp(DSA dsa, BIGNUM r, BIGNUM a, const BIGNUM p,
	345	const BIGNUM m, BN_CTX ctx,
	346	BN_MONT_CTX *m_ctx)
	347	{
	348	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
	349	}
	350	#endif