Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several

[openssl.git] / crypto / dsa / dsa_ossl.c

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index b6e08584a68758eb861dd1bf23051a88b11089b9..8f7eceaf163b70cac2d77eebc2a04660145db2e4 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -64,9 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -231,16 +228,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                if (!BN_rand_range(&k, dsa->q)) goto err;
        while (BN_is_zero(&k));
 
-       if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+       if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-               if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                       if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-                               dsa->p,ctx)) goto err;
+               if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                               CRYPTO_LOCK_DSA,
+                                               dsa->p, ctx))
+                       goto err;
                }
 
        /* Compute r = (g^k mod p) mod q */
        DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
-                       (BN_MONT_CTX *)dsa->method_mont_p);
+                       dsa->method_mont_p);
        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
        /* Compute  part of 's = inv(k) (m + xr) mod q' */
@@ -284,13 +282,13 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 
        if ((ctx=BN_CTX_new()) == NULL) goto err;
 
-       if (BN_is_zero(sig->r) || BN_get_sign(sig->r) ||
+       if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
            BN_ucmp(sig->r, dsa->q) >= 0)
                {
                ret = 0;
                goto err;
                }
-       if (BN_is_zero(sig->s) || BN_get_sign(sig->s) ||
+       if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
            BN_ucmp(sig->s, dsa->q) >= 0)
                {
                ret = 0;
@@ -310,13 +308,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        /* u2 = r * w mod q */
        if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
 
-       if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+
+       if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-               if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                       if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-                               dsa->p,ctx)) goto err;
+               mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                       CRYPTO_LOCK_DSA, dsa->p, ctx);
+               if (!mont)
+                       goto err;
                }
-       mont=(BN_MONT_CTX *)dsa->method_mont_p;
 
 
        DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
@@ -329,6 +328,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        ret=(BN_ucmp(&u1, sig->r) == 0);
 
        err:
+       /* XXX: surely this is wrong - if ret is 0, it just didn't verify
+          there is no error in BN. Test should be ret == -1 (Ben) */
        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
        if (ctx != NULL) BN_CTX_free(ctx);
        BN_free(&u1);
@@ -346,7 +347,7 @@ static int dsa_init(DSA *dsa)
 static int dsa_finish(DSA *dsa)
 {
        if(dsa->method_mont_p)
-               BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+               BN_MONT_CTX_free(dsa->method_mont_p);
        return(1);
 }