85 static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
91   DSA *dsa = OPENSSL_malloc(sizeof(DSA));  in DSA_new()  local
92   if (dsa == NULL) {  in DSA_new()
97   OPENSSL_memset(dsa, 0, sizeof(DSA));  in DSA_new()
99   dsa->references = 1;  in DSA_new()
101   CRYPTO_MUTEX_init(&dsa->method_mont_lock);  in DSA_new()
102   CRYPTO_new_ex_data(&dsa->ex_data);  in DSA_new()
104   return dsa;  in DSA_new()
107 void DSA_free(DSA *dsa) {  in DSA_free()  argument
108   if (dsa == NULL) {  in DSA_free()
112   if (!CRYPTO_refcount_dec_and_test_zero(&dsa->references)) {  in DSA_free()
116   CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);  in DSA_free()
118   BN_clear_free(dsa->p);  in DSA_free()
119   BN_clear_free(dsa->q);  in DSA_free()
120   BN_clear_free(dsa->g);  in DSA_free()
121   BN_clear_free(dsa->pub_key);  in DSA_free()
122   BN_clear_free(dsa->priv_key);  in DSA_free()
123   BN_MONT_CTX_free(dsa->method_mont_p);  in DSA_free()
124   BN_MONT_CTX_free(dsa->method_mont_q);  in DSA_free()
125   CRYPTO_MUTEX_cleanup(&dsa->method_mont_lock);  in DSA_free()
126   OPENSSL_free(dsa);  in DSA_free()
129 int DSA_up_ref(DSA *dsa) {  in DSA_up_ref()  argument
130   CRYPTO_refcount_inc(&dsa->references);  in DSA_up_ref()
134 void DSA_get0_key(const DSA *dsa, const BIGNUM **out_pub_key,  in DSA_get0_key()  argument
137     *out_pub_key = dsa->pub_key;  in DSA_get0_key()
140     *out_priv_key = dsa->priv_key;  in DSA_get0_key()
144 void DSA_get0_pqg(const DSA *dsa, const BIGNUM **out_p, const BIGNUM **out_q,  in DSA_get0_pqg()  argument
147     *out_p = dsa->p;  in DSA_get0_pqg()
150     *out_q = dsa->q;  in DSA_get0_pqg()
153     *out_g = dsa->g;  in DSA_get0_pqg()
157 int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key) {  in DSA_set0_key()  argument
158   if (dsa->pub_key == NULL && pub_key == NULL) {  in DSA_set0_key()
163     BN_free(dsa->pub_key);  in DSA_set0_key()
164     dsa->pub_key = pub_key;  in DSA_set0_key()
167     BN_free(dsa->priv_key);  in DSA_set0_key()
168     dsa->priv_key = priv_key;  in DSA_set0_key()
174 int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {  in DSA_set0_pqg()  argument
175   if ((dsa->p == NULL && p == NULL) ||  in DSA_set0_pqg()
176       (dsa->q == NULL && q == NULL) ||  in DSA_set0_pqg()
177       (dsa->g == NULL && g == NULL)) {  in DSA_set0_pqg()
182     BN_free(dsa->p);  in DSA_set0_pqg()
183     dsa->p = p;  in DSA_set0_pqg()
186     BN_free(dsa->q);  in DSA_set0_pqg()
187     dsa->q = q;  in DSA_set0_pqg()
190     BN_free(dsa->g);  in DSA_set0_pqg()
191     dsa->g = g;  in DSA_set0_pqg()
197 int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,  in DSA_generate_parameters_ex()  argument
427     BN_free(dsa->p);  in DSA_generate_parameters_ex()
428     BN_free(dsa->q);  in DSA_generate_parameters_ex()
429     BN_free(dsa->g);  in DSA_generate_parameters_ex()
430     dsa->p = BN_dup(p);  in DSA_generate_parameters_ex()
431     dsa->q = BN_dup(q);  in DSA_generate_parameters_ex()
432     dsa->g = BN_dup(g);  in DSA_generate_parameters_ex()
433     if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {  in DSA_generate_parameters_ex()
455 DSA *DSAparams_dup(const DSA *dsa) {  in DSAparams_dup()  argument
460   ret->p = BN_dup(dsa->p);  in DSAparams_dup()
461   ret->q = BN_dup(dsa->q);  in DSAparams_dup()
462   ret->g = BN_dup(dsa->g);  in DSAparams_dup()
470 int DSA_generate_key(DSA *dsa) {  in DSA_generate_key()  argument
480   priv_key = dsa->priv_key;  in DSA_generate_key()
488   if (!BN_rand_range_ex(priv_key, 1, dsa->q)) {  in DSA_generate_key()
492   pub_key = dsa->pub_key;  in DSA_generate_key()
500   if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, &dsa->method_mont_lock,  in DSA_generate_key()
501                               dsa->p, ctx) ||  in DSA_generate_key()
502       !BN_mod_exp_mont_consttime(pub_key, dsa->g, priv_key, dsa->p, ctx,  in DSA_generate_key()
503                                  dsa->method_mont_p)) {  in DSA_generate_key()
507   dsa->priv_key = priv_key;  in DSA_generate_key()
508   dsa->pub_key = pub_key;  in DSA_generate_key()
512   if (dsa->pub_key == NULL) {  in DSA_generate_key()
515   if (dsa->priv_key == NULL) {  in DSA_generate_key()
560 DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) {  in DSA_do_sign()  argument
561   if (!dsa->p || !dsa->q || !dsa->g) {  in DSA_do_sign()
568   if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {  in DSA_do_sign()
576   if (BN_num_bits(dsa->q) % 8 != 0) {  in DSA_do_sign()
599   if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) {  in DSA_do_sign()
603   if (digest_len > BN_num_bytes(dsa->q)) {  in DSA_do_sign()
607     digest_len = BN_num_bytes(dsa->q);  in DSA_do_sign()
618   size_t q_width = bn_minimal_width(dsa->q);  in DSA_do_sign()
623   bn_reduce_once_in_place(m.d, 0 /* no carry word */, dsa->q->d,  in DSA_do_sign()
628   if (!mod_mul_consttime(&xr, dsa->priv_key, r, dsa->method_mont_q, ctx) ||  in DSA_do_sign()
629       !bn_mod_add_consttime(s, &xr, &m, dsa->q, ctx) ||  in DSA_do_sign()
630       !mod_mul_consttime(s, s, kinv, dsa->method_mont_q, ctx)) {  in DSA_do_sign()
661                   const DSA *dsa) {  in DSA_do_verify()  argument
663   if (!DSA_do_check_signature(&valid, digest, digest_len, sig, dsa)) {  in DSA_do_verify()
670                            size_t digest_len, DSA_SIG *sig, const DSA *dsa) {  in DSA_do_check_signature()  argument
678   if (!dsa->p || !dsa->q || !dsa->g) {  in DSA_do_check_signature()
683   i = BN_num_bits(dsa->q);  in DSA_do_check_signature()
690   if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {  in DSA_do_check_signature()
705       BN_ucmp(sig->r, dsa->q) >= 0) {  in DSA_do_check_signature()
710       BN_ucmp(sig->s, dsa->q) >= 0) {  in DSA_do_check_signature()
717   if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) {  in DSA_do_check_signature()
734   if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) {  in DSA_do_check_signature()
739   if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) {  in DSA_do_check_signature()
743   if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,  in DSA_do_check_signature()
744                               (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p,  in DSA_do_check_signature()
749   if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,  in DSA_do_check_signature()
750                         dsa->method_mont_p)) {  in DSA_do_check_signature()
756   if (!BN_mod(&u1, &t1, dsa->q, ctx)) {  in DSA_do_check_signature()
778              uint8_t *out_sig, unsigned int *out_siglen, const DSA *dsa) {  in DSA_sign()  argument
781   s = DSA_do_sign(digest, digest_len, dsa);  in DSA_sign()
793                const uint8_t *sig, size_t sig_len, const DSA *dsa) {  in DSA_verify()  argument
795   if (!DSA_check_signature(&valid, digest, digest_len, sig, sig_len, dsa)) {  in DSA_verify()
803                         const DSA *dsa) {  in DSA_check_signature()  argument
825   ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);  in DSA_check_signature()
847 int DSA_size(const DSA *dsa) {  in DSA_size()  argument
848   size_t order_len = BN_num_bytes(dsa->q);  in DSA_size()
868 static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx, BIGNUM **out_kinv,  in dsa_sign_setup()  argument
870   if (!dsa->p || !dsa->q || !dsa->g) {  in dsa_sign_setup()
882       !BN_rand_range_ex(&k, 1, dsa->q) ||  in dsa_sign_setup()
883       !BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,  in dsa_sign_setup()
884                               (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p,  in dsa_sign_setup()
886       !BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_q,  in dsa_sign_setup()
887                               (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->q,  in dsa_sign_setup()
890       !BN_mod_exp_mont_consttime(r, dsa->g, &k, dsa->p, ctx,  in dsa_sign_setup()
891                                  dsa->method_mont_p) ||  in dsa_sign_setup()
899       !BN_mod(r, r, dsa->q, ctx) ||  in dsa_sign_setup()
902       !bn_mod_inverse_prime(kinv, &k, dsa->q, ctx, dsa->method_mont_q)) {  in dsa_sign_setup()
934 int DSA_set_ex_data(DSA *dsa, int idx, void *arg) {  in DSA_set_ex_data()  argument
935   return CRYPTO_set_ex_data(&dsa->ex_data, idx, arg);  in DSA_set_ex_data()
938 void *DSA_get_ex_data(const DSA *dsa, int idx) {  in DSA_get_ex_data()  argument
939   return CRYPTO_get_ex_data(&dsa->ex_data, idx);  in DSA_get_ex_data()
942 DH *DSA_dup_DH(const DSA *dsa) {  in DSA_dup_DH()  argument
943   if (dsa == NULL) {  in DSA_dup_DH()
951   if (dsa->q != NULL) {  in DSA_dup_DH()
952     ret->priv_length = BN_num_bits(dsa->q);  in DSA_dup_DH()
953     if ((ret->q = BN_dup(dsa->q)) == NULL) {  in DSA_dup_DH()
957   if ((dsa->p != NULL && (ret->p = BN_dup(dsa->p)) == NULL) ||  in DSA_dup_DH()
958       (dsa->g != NULL && (ret->g = BN_dup(dsa->g)) == NULL) ||  in DSA_dup_DH()
959       (dsa->pub_key != NULL && (ret->pub_key = BN_dup(dsa->pub_key)) == NULL) ||  in DSA_dup_DH()
960       (dsa->priv_key != NULL &&  in DSA_dup_DH()
961        (ret->priv_key = BN_dup(dsa->priv_key)) == NULL)) {  in DSA_dup_DH()