- /* save M in u1 */
- if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn;
-
- /* u1 = M * w mod q */
- if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn;
-
- /* u2 = r * w mod q */
- if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn;
-
- /* v = ( g^u1 * y^u2 mod p ) mod q */
- /* let t1 = g ^ u1 mod p */
- if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn;
- /* let t2 = y ^ u2 mod p */
- if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn;
- /* let u1 = t1 * t2 mod p */
- if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn;
- /* let u1 = u1 mod q */
- if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn;
- /* V is now in u1. If the signature is correct, it will be
- * equal to R. */
- ret=(BN_ucmp(u1, r) == 0);
- if (0)
- {
-err: /* ASN1 error */
- DSAerr(DSA_F_DSA_VERIFY,c.error);
- }
- if (0)