#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
if (!BN_rand_range(&k, dsa->q)) goto err;
while (BN_is_zero(&k));
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA,
+ dsa->p, ctx))
+ goto err;
}
/* Compute r = (g^k mod p) mod q */
DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
- (BN_MONT_CTX *)dsa->method_mont_p);
+ dsa->method_mont_p);
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
/* Compute part of 's = inv(k) (m + xr) mod q' */
if ((ctx=BN_CTX_new()) == NULL) goto err;
- if (BN_is_zero(sig->r) || BN_get_sign(sig->r) ||
+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, dsa->q) >= 0)
{
ret = 0;
goto err;
}
- if (BN_is_zero(sig->s) || BN_get_sign(sig->s) ||
+ if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
BN_ucmp(sig->s, dsa->q) >= 0)
{
ret = 0;
/* u2 = r * w mod q */
if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dsa->method_mont_p;
DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
ret=(BN_ucmp(&u1, sig->r) == 0);
err:
+ /* XXX: surely this is wrong - if ret is 0, it just didn't verify
+ there is no error in BN. Test should be ret == -1 (Ben) */
if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
if (ctx != NULL) BN_CTX_free(ctx);
BN_free(&u1);
static int dsa_finish(DSA *dsa)
{
if(dsa->method_mont_p)
- BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+ BN_MONT_CTX_free(dsa->method_mont_p);
return(1);
}