BIGNUM m;
BIGNUM xr;
BN_CTX *ctx=NULL;
- int i, j, reason=ERR_R_BN_LIB;
+ int reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
BN_init(&m);
s=BN_new();
if (s == NULL) goto err;
-
- /* reject a excessive digest length (currently at most
- * dsa-with-SHA256 is supported) */
- if (dlen > SHA256_DIGEST_LENGTH)
- {
- reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
- goto err;
- }
-
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
dsa->r=NULL;
}
- if (BN_bin2bn(dgst,dlen,&m) == NULL)
- goto err;
- i = BN_num_bytes(dsa->q);
- if (dlen > i)
- {
+
+ if (dlen > BN_num_bytes(dsa->q))
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
- if (!BN_rshift(&m, &m, (dlen - i) << 3))
- goto err;
- }
+ dlen = BN_num_bytes(dsa->q);
+ if (BN_bin2bn(dgst,dlen,&m) == NULL)
+ goto err;
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
if (BN_cmp(s,dsa->q) > 0)
- BN_sub(s,s,dsa->q);
+ if (!BN_sub(s,s,dsa->q)) goto err;
if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
ret=DSA_SIG_new();
while (BN_is_zero(&k));
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
{
- BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+ BN_set_flags(&k, BN_FLG_CONSTTIME);
}
if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
BN_CTX *ctx;
BIGNUM u1,u2,t1;
BN_MONT_CTX *mont=NULL;
- int ret = -1, i, j;
+ int ret = -1, i;
if (!dsa->p || !dsa->q || !dsa->g)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
return -1;
}
-
- /* reject a excessive digest length (currently at most
- * dsa-with-SHA256 is supported) */
- if (dgst_len > SHA256_DIGEST_LENGTH)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return -1;
- }
-
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
/* save M in u1 */
- if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
- j = dgst_len << 3;
- if (j > i)
- {
+ if (dgst_len > (i >> 3))
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
- if (!BN_rshift(&u1, &u1, j - i))
- goto err;
- }
+ dgst_len = (i >> 3);
+ if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
/* u1 = M * w mod q */
if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
projects / oweals / openssl.git / blobdiff