1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* crypto/dsa/dsa_ossl.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "cryptlib.h" 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 64221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <openssl/sha.h> 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/dsa.h> 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/asn1.h> 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 72221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom DSA *dsa); 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_init(DSA *dsa); 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_finish(DSA *dsa); 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic DSA_METHOD openssl_dsa_meth = { 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project"OpenSSL DSA method", 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectdsa_do_sign, 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectdsa_sign_setup, 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectdsa_do_verify, 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectNULL, /* dsa_mod_exp, */ 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectNULL, /* dsa_bn_mod_exp, */ 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectdsa_init, 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectdsa_finish, 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project0, 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectNULL, 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectNULL, 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectNULL 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project}; 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* These macro wrappers replace attempts to use the dsa_mod_exp() and 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * having a the macro work as an expression by bundling an "err_instr". So; 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * dsa->method_mont_p)) goto err; 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * can be replaced by; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * dsa->method_mont_p); 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do { \ 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int _tmp_res53; \ 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((dsa)->meth->dsa_mod_exp) \ 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (a2), (p2), (m), (ctx), (in_mont)); \ 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else \ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (m), (ctx), (in_mont)); \ 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!_tmp_res53) err_instr; \ 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } while(0) 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do { \ 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int _tmp_res53; \ 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((dsa)->meth->bn_mod_exp) \ 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (m), (ctx), (m_ctx)); \ 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else \ 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!_tmp_res53) err_instr; \ 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } while(0) 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst DSA_METHOD *DSA_OpenSSL(void) 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return &openssl_dsa_meth; 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *kinv=NULL,*r=NULL,*s=NULL; 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM m; 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM xr; 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx=NULL; 137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int reason=ERR_R_BN_LIB; 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSA_SIG *ret=NULL; 139392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int noredo = 0; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&m); 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&xr); 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!dsa->p || !dsa->q || !dsa->g) 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason=DSA_R_MISSING_PARAMETERS; 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s=BN_new(); 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s == NULL) goto err; 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx=BN_CTX_new(); 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) goto err; 154392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromredo: 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dsa->kinv == NULL) || (dsa->r == NULL)) 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project kinv=dsa->kinv; 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsa->kinv=NULL; 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=dsa->r; 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsa->r=NULL; 165392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom noredo = 1; 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 168221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 169221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (dlen > BN_num_bytes(dsa->q)) 170221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* if the digest length is greater than the size of q use the 171221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * BN_num_bits(dsa->q) leftmost bits of the digest, see 172221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * fips 186-3, 4.2 */ 173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom dlen = BN_num_bytes(dsa->q); 174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (BN_bin2bn(dgst,dlen,&m) == NULL) 175221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Compute s = inv(k) (m + xr) mod q */ 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_cmp(s,dsa->q) > 0) 18143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!BN_sub(s,s,dsa->q)) goto err; 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=DSA_SIG_new(); 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) goto err; 186392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Redo if r or s is zero as required by FIPS 186-3: this is 187392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * very unlikely. 188392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 189392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (BN_is_zero(r) || BN_is_zero(s)) 190392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 191392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (noredo) 192392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 193392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom reason = DSA_R_NEED_NEW_SETUP_VALUES; 194392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 195392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 196392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto redo; 197392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->r = r; 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->s = s; 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ret) 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSAerr(DSA_F_DSA_DO_SIGN,reason); 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(r); 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(s); 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) BN_CTX_free(ctx); 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_clear_free(&m); 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_clear_free(&xr); 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_clear_free(kinv); 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx; 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!dsa->p || !dsa->q || !dsa->g) 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&k); 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&kq); 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx_in == NULL) 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ctx=BN_CTX_new()) == NULL) goto err; 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx=ctx_in; 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((r=BN_new()) == NULL) goto err; 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Get random k */ 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_rand_range(&k, dsa->q)) goto err; 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (BN_is_zero(&k)); 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_set_flags(&k, BN_FLG_CONSTTIME); 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_LOCK_DSA, 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsa->p, ctx)) 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Compute r = (g^k mod p) mod q */ 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_copy(&kq, &k)) goto err; 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We do not want timing information to leak the length of k, 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so we compute g^k using an equivalent exponent of fixed length. 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (This is a kludge that we need because the BN_mod_exp_mont() 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * does not let us specify the desired timing behaviour.) */ 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(&kq, &kq, dsa->q)) goto err; 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(&kq, &kq, dsa->q)) goto err; 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project K = &kq; 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project K = &k; 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsa->method_mont_p); 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(r,r,dsa->q,ctx)) goto err; 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Compute part of 's = inv(k) (m + xr) mod q' */ 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*kinvp != NULL) BN_clear_free(*kinvp); 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *kinvp=kinv; 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project kinv=NULL; 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*rp != NULL) BN_clear_free(*rp); 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *rp=r; 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ret) 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); 298221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (r != NULL) 299221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BN_clear_free(r); 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx_in == NULL) BN_CTX_free(ctx); 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_clear_free(&k); 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_clear_free(&kq); 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 308221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom DSA *dsa) 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM u1,u2,t1; 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX *mont=NULL; 313221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ret = -1, i; 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!dsa->p || !dsa->q || !dsa->g) 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 320221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i = BN_num_bits(dsa->q); 321221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* fips 186-3 allows only different sizes for q */ 322221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (i != 160 && i != 224 && i != 256) 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&u1); 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&u2); 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&t1); 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ctx=BN_CTX_new()) == NULL) goto err; 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_ucmp(sig->r, dsa->q) >= 0) 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_ucmp(sig->s, dsa->q) >= 0) 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 0; 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Calculate W = inv(S) mod Q 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * save W in u2 */ 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* save M in u1 */ 357221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (dgst_len > (i >> 3)) 358221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* if the digest length is greater than the size of q use the 359221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * BN_num_bits(dsa->q) leftmost bits of the digest, see 360221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * fips 186-3, 4.2 */ 361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom dgst_len = (i >> 3); 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* u1 = M * w mod q */ 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* u2 = r * w mod q */ 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsa->flags & DSA_FLAG_CACHE_MONT_P) 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_LOCK_DSA, dsa->p, ctx); 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!mont) 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* BN_copy(&u1,&t1); */ 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* let u1 = u1 mod q */ 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* V is now in u1. If the signature is correct, it will be 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * equal to R. */ 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=(BN_ucmp(&u1, sig->r) == 0); 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* XXX: surely this is wrong - if ret is 0, it just didn't verify; 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project there is no error in BN. Test should be ret == -1 (Ben) */ 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) BN_CTX_free(ctx); 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(&u1); 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(&u2); 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(&t1); 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_init(DSA *dsa) 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsa->flags|=DSA_FLAG_CACHE_MONT_P; 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int dsa_finish(DSA *dsa) 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(dsa->method_mont_p) 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX_free(dsa->method_mont_p); 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 413