1 /* crypto/dsa/dsa_ossl.c */
65 #include <openssl/dsa.h>
69 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
73                          DSA_SIG *sig, DSA *dsa);
74 static int dsa_init(DSA *dsa);
75 static int dsa_finish(DSA *dsa);
97  *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
98  *                 dsa->method_mont_p)) goto err;
102  *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
103  *                 dsa->method_mont_p);
106 #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
109         if ((dsa)->meth->dsa_mod_exp) \
110                 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
117 #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
120         if ((dsa)->meth->bn_mod_exp) \
121                 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
133 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
146     if (!dsa->p || !dsa->q || !dsa->g) {
158     if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
159         if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
162         kinv = dsa->kinv;
163         dsa->kinv = NULL;
164         r = dsa->r;
165         dsa->r = NULL;
169     if (dlen > BN_num_bytes(dsa->q))
172          * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
175         dlen = BN_num_bytes(dsa->q);
180     if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
184     if (BN_cmp(s, dsa->q) > 0)
185         if (!BN_sub(s, s, dsa->q))
187     if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
217     if (kinv != NULL)           /* dsa->kinv is NULL now if we used it */
222 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
229     if (!dsa->p || !dsa->q || !dsa->g) {
248         if (!BN_rand_range(&k, dsa->q))
251     if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
255     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
256         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
257                                     CRYPTO_LOCK_DSA, dsa->p, ctx))
263     if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
274         if (!BN_add(&kq, &kq, dsa->q))
276         if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
277             if (!BN_add(&kq, &kq, dsa->q))
285     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
286                    dsa->method_mont_p);
287     if (!BN_mod(r, r, dsa->q, ctx))
291     if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
316                          DSA_SIG *sig, DSA *dsa)
322     if (!dsa->p || !dsa->q || !dsa->g) {
327     i = BN_num_bits(dsa->q);
334     if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
346         BN_ucmp(sig->r, dsa->q) >= 0) {
351         BN_ucmp(sig->s, dsa->q) >= 0) {
359     if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
366          * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
374     if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
378     if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
381     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
382         mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
383                                       CRYPTO_LOCK_DSA, dsa->p, ctx);
388     DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
392     if (!BN_mod(&u1, &t1, dsa->q, ctx))
411 static int dsa_init(DSA *dsa)
413     dsa->flags |= DSA_FLAG_CACHE_MONT_P;
417 static int dsa_finish(DSA *dsa)
419     if (dsa->method_mont_p)
420         BN_MONT_CTX_free(dsa->method_mont_p);

Indexes created Fri Aug 02 20:52:59 MDT 2024