There may be more than one single quote to fix.

[oweals/openssl.git] / crypto / dsa / dsa_ossl.c

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 094356518f2e74419fbeed3a741f79c473625dd3..37dd5fc994092968b3606579825b1bd3df1e6e9b 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -91,7 +92,7 @@ dsa_finish,
 NULL
 };
 
-DSA_METHOD *DSA_OpenSSL(void)
+const DSA_METHOD *DSA_OpenSSL(void)
 {
        return &openssl_dsa_meth;
 }
@@ -105,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        int i,reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
 
+       if (!dsa->p || !dsa->q || !dsa->g)
+               {
+               reason=DSA_R_MISSING_PARAMETERS;
+               goto err;
+               }
        BN_init(&m);
        BN_init(&xr);
        s=BN_new();
@@ -167,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        BIGNUM k,*kinv=NULL,*r=NULL;
        int ret=0;
 
+       if (!dsa->p || !dsa->q || !dsa->g)
+               {
+               DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+               return 0;
+               }
        if (ctx_in == NULL)
                {
                if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -179,13 +190,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        kinv=NULL;
 
        /* Get random k */
-       for (;;)
-               {
-               if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
-               if (BN_cmp(&k,dsa->q) >= 0)
-                       BN_sub(&k,&k,dsa->q);
-               if (!BN_is_zero(&k)) break;
-               }
+       do
+               if (!BN_rand_range(&k, dsa->q)) goto err;
+       while (BN_is_zero(&k));
 
        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
                {
@@ -228,12 +235,28 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        BIGNUM u1,u2,t1;
        BN_MONT_CTX *mont=NULL;
        int ret = -1;
+       if (!dsa->p || !dsa->q || !dsa->g)
+               {
+               DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+               return -1;
+               }
 
        if ((ctx=BN_CTX_new()) == NULL) goto err;
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);
 
+       if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+               {
+               ret = 0;
+               goto err;
+               }
+       if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+               {
+               ret = 0;
+               goto err;
+               }
+
        /* Calculate W = inv(S) mod Q
         * save W in u2 */
        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;