static int constructDSASignature(struct pgpDigSigDSA_s *sig) { int rc; if (sig->dsa_sig) { /* We've already constructed it, so just reuse it */ return 1; } /* Create the DSA signature */ DSA_SIG *dsa_sig = DSA_SIG_new(); if (!dsa_sig) return 0; if (!DSA_SIG_set0(dsa_sig, sig->r, sig->s)) { rc = 0; goto done; } sig->dsa_sig = dsa_sig; rc = 1; done: if (rc == 0) { DSA_SIG_free(sig->dsa_sig); } return rc; }
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, const unsigned char *sig, const unsigned char *m, unsigned long m_len) { unsigned char hash[SHA_DIGEST_LENGTH]; DSA_SIG * dsasig; BIGNUM * r; BIGNUM * s; int ret = -1; r = BN_new(); BN_bin2bn(sig, 20, r); s = BN_new(); BN_bin2bn(sig + 20, 20, s); dsasig = DSA_SIG_new(); #ifdef HAVE_OPAQUE_STRUCTS DSA_SIG_set0(dsasig, r, s); #else dsasig->r = r; dsasig->s = s; #endif if(!_libssh2_sha1(m, m_len, hash)) /* _libssh2_sha1() succeeded */ ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx); DSA_SIG_free(dsasig); return (ret == 1) ? 0 : -1; }
int HsOpenSSL_dsa_verify(DSA *dsa, const unsigned char *ddata, int dlen, const BIGNUM *r, const BIGNUM *s) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L DSA_SIG* sig = DSA_SIG_new(); DSA_SIG_set0(sig, BN_dup(r), BN_dup(s)); int res = DSA_do_verify(ddata, dlen, sig, dsa); DSA_SIG_free(sig); return res; #else DSA_SIG sig; sig.r = (BIGNUM *)r; sig.s = (BIGNUM *)s; return dsa->meth->dsa_do_verify(ddata, dlen, &sig, dsa); #endif }
/* Unpack signature according to cryptopro rules */ DSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen) { DSA_SIG *sig; BIGNUM *r = NULL, *s = NULL; sig = DSA_SIG_new(); if (sig == NULL) { GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE); return NULL; } s = BN_bin2bn(sigbuf, siglen / 2, NULL); r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL); DSA_SIG_set0(sig, r, s); return sig; }
/** * Setup DSA key digest in DER encoding ... * @param sig: input is signature output alloced ptr (unless failure). * caller must free alloced ptr if this routine returns true. * @param len: input is initial siglen, output is output len. * @return false on failure. */ static int setup_dsa_sig(unsigned char** sig, unsigned int* len) { unsigned char* orig = *sig; unsigned int origlen = *len; int newlen; BIGNUM *R, *S; DSA_SIG *dsasig; /* extract the R and S field from the sig buffer */ if(origlen < 1 + 2*SHA_DIGEST_LENGTH) return 0; R = BN_new(); if(!R) return 0; (void) BN_bin2bn(orig + 1, SHA_DIGEST_LENGTH, R); S = BN_new(); if(!S) return 0; (void) BN_bin2bn(orig + 21, SHA_DIGEST_LENGTH, S); dsasig = DSA_SIG_new(); if(!dsasig) return 0; #ifdef HAVE_DSA_SIG_SET0 if(!DSA_SIG_set0(dsasig, R, S)) return 0; #else dsasig->r = R; dsasig->s = S; #endif *sig = NULL; newlen = i2d_DSA_SIG(dsasig, sig); if(newlen < 0) { DSA_SIG_free(dsasig); free(*sig); return 0; } *len = (unsigned int)newlen; DSA_SIG_free(dsasig); return 1; }
static DSA_SIG * __pkcs11h_openssl_dsa_do_sign( IN const unsigned char *dgst, IN int dlen, OUT DSA *dsa ) { pkcs11h_certificate_t certificate = __pkcs11h_openssl_dsa_get_pkcs11h_certificate (dsa); unsigned char *sigbuf = NULL; size_t siglen; DSA_SIG *sig = NULL; DSA_SIG *ret = NULL; BIGNUM *r = NULL; BIGNUM *s = NULL; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_dsa_do_sign - entered dgst=%p, dlen=%d, dsa=%p", (void *)dgst, dlen, (void *)dsa ); _PKCS11H_ASSERT (dgst!=NULL); _PKCS11H_ASSERT (dsa!=NULL); _PKCS11H_ASSERT (certificate!=NULL); if ( (rv = pkcs11h_certificate_signAny ( certificate, CKM_DSA, dgst, (size_t)dlen, NULL, &siglen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } if ((rv = _pkcs11h_mem_malloc ((void *)&sigbuf, siglen)) != CKR_OK) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot cannot allocate signature buffer"); goto cleanup; } if ( (rv = pkcs11h_certificate_signAny ( certificate, CKM_DSA, dgst, (size_t)dlen, sigbuf, &siglen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } if ((sig = DSA_SIG_new ()) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate DSA_SIG"); goto cleanup; } if ((r = BN_bin2bn (&sigbuf[0], siglen/2, NULL)) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert dsa r"); goto cleanup; } if ((s = BN_bin2bn (&sigbuf[siglen/2], siglen/2, NULL)) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert dsa s"); goto cleanup; } DSA_SIG_set0 (sig, r, s); ret = sig; sig = NULL; r = NULL; s = NULL; cleanup: if (sigbuf != NULL) { _pkcs11h_mem_free ((void *)&sigbuf); } if (sig != NULL) { DSA_SIG_free (sig); sig = NULL; } if (r != NULL) { BN_clear_free (r); } if (s != NULL) { BN_clear_free (s); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_dsa_do_sign - return sig=%p", (void *)sig ); return ret; }