69 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
72 			 DSA *dsa);
73 static int dsa_init(DSA *dsa);
74 static int dsa_finish(DSA *dsa);
104 #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \  argument
107 	if((dsa)->meth->dsa_mod_exp) \
108 		_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
115 #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \  argument
118 	if((dsa)->meth->bn_mod_exp) \
119 		_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
131 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)  in dsa_do_sign()  argument
143 	if (!dsa->p || !dsa->q || !dsa->g)  in dsa_do_sign()
154 	if ((dsa->kinv == NULL) || (dsa->r == NULL))  in dsa_do_sign()
156 		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;  in dsa_do_sign()
160 		kinv=dsa->kinv;  in dsa_do_sign()
161 		dsa->kinv=NULL;  in dsa_do_sign()
162 		r=dsa->r;  in dsa_do_sign()
163 		dsa->r=NULL;  in dsa_do_sign()
167 	if (dlen > BN_num_bytes(dsa->q))  in dsa_do_sign()
171 		dlen = BN_num_bytes(dsa->q);  in dsa_do_sign()
176 	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */  in dsa_do_sign()
178 	if (BN_cmp(s,dsa->q) > 0)  in dsa_do_sign()
179 		if (!BN_sub(s,s,dsa->q)) goto err;  in dsa_do_sign()
180 	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;  in dsa_do_sign()
202 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)  in dsa_sign_setup()  argument
208 	if (!dsa->p || !dsa->q || !dsa->g)  in dsa_sign_setup()
228 		if (!BN_rand_range(&k, dsa->q)) goto err;  in dsa_sign_setup()
230 	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)  in dsa_sign_setup()
235 	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)  in dsa_sign_setup()
237 		if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,  in dsa_sign_setup()
239 						dsa->p, ctx))  in dsa_sign_setup()
245 	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)  in dsa_sign_setup()
255 		if (!BN_add(&kq, &kq, dsa->q)) goto err;  in dsa_sign_setup()
256 		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))  in dsa_sign_setup()
258 			if (!BN_add(&kq, &kq, dsa->q)) goto err;  in dsa_sign_setup()
267 	DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,  in dsa_sign_setup()
268 			dsa->method_mont_p);  in dsa_sign_setup()
269 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;  in dsa_sign_setup()
272 	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;  in dsa_sign_setup()
294 			 DSA *dsa)  in dsa_do_verify()  argument
300 	if (!dsa->p || !dsa->q || !dsa->g)  in dsa_do_verify()
306 	i = BN_num_bits(dsa->q);  in dsa_do_verify()
314 	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)  in dsa_do_verify()
326 	    BN_ucmp(sig->r, dsa->q) >= 0)  in dsa_do_verify()
332 	    BN_ucmp(sig->s, dsa->q) >= 0)  in dsa_do_verify()
340 	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;  in dsa_do_verify()
351 	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;  in dsa_do_verify()
354 	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;  in dsa_do_verify()
357 	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)  in dsa_do_verify()
359 		mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,  in dsa_do_verify()
360 					CRYPTO_LOCK_DSA, dsa->p, ctx);  in dsa_do_verify()
366 	DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);  in dsa_do_verify()
369 	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;  in dsa_do_verify()
386 static int dsa_init(DSA *dsa)  in dsa_init()  argument
388 	dsa->flags|=DSA_FLAG_CACHE_MONT_P;  in dsa_init()
392 static int dsa_finish(DSA *dsa)  in dsa_finish()  argument
394 	if(dsa->method_mont_p)  in dsa_finish()
395 		BN_MONT_CTX_free(dsa->method_mont_p);  in dsa_finish()