- BN_CTX *ctx;
- BIGNUM k,*kinv=NULL,*r=NULL;
- int ret=0;
-
- if (ctx_in == NULL)
- {
- if ((ctx=BN_CTX_new()) == NULL) goto err;
- }
- else
- ctx=ctx_in;
-
- BN_init(&k);
- if ((r=BN_new()) == NULL) goto err;
- kinv=NULL;
-
- /* Get random k */
- for (;;)
- {
- if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
- if (BN_cmp(&k,dsa->q) >= 0)
- BN_sub(&k,&k,dsa->q);
- if (!BN_is_zero(&k)) break;
- }
-
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
- {
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
- }
-
- /* Compute r = (g^k mod p) mod q */
- if (!BN_mod_exp_mont(r,dsa->g,&k,dsa->p,ctx,
- (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
- if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
- /* Compute part of 's = inv(k) (m + xr) mod q' */
- if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
- if (*kinvp != NULL) BN_clear_free(*kinvp);
- *kinvp=kinv;
- kinv=NULL;
- if (*rp != NULL) BN_clear_free(*rp);
- *rp=r;
- ret=1;
-err:
- if (!ret)
- {
- DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
- if (kinv != NULL) BN_clear_free(kinv);
- if (r != NULL) BN_clear_free(r);
- }
- if (ctx_in == NULL) BN_CTX_free(ctx);
- if (kinv != NULL) BN_clear_free(kinv);
- BN_clear_free(&k);
- return(ret);