/* DSA sign and verify */ static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa) { int ret=0; char *hptr=NULL; DSA_SIG *psign=NULL; char msg[64]="ENGINE_dsa_do_sign"; if (!p_surewarehk_Dsa_Sign) { SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED); goto err; } /* extract ref to private key */ else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx))) { SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS); goto err; } else { if((psign = DSA_SIG_new()) == NULL) { SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE); goto err; } psign->r=BN_new(); psign->s=BN_new(); bn_expand2(psign->r, 20/sizeof(BN_ULONG)); bn_expand2(psign->s, 20/sizeof(BN_ULONG)); if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) || !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG)) goto err; ret=p_surewarehk_Dsa_Sign(msg,flen,from, (unsigned long *)psign->r->d, (unsigned long *)psign->s->d, hptr); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret); } psign->r->top=20/sizeof(BN_ULONG); bn_fix_top(psign->r); psign->s->top=20/sizeof(BN_ULONG); bn_fix_top(psign->s); err: if (psign) { DSA_SIG_free(psign); psign=NULL; } return psign; }
/* returns * 1: correct signature * 0: incorrect signature * -1: error */ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; int ret=-1; s = DSA_SIG_new(); if (s == NULL) return(ret); if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: DSA_SIG_free(s); return(ret); }
static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbs_len) { int ok = 0; EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx); DSA_SIG *s = unpack_cp_signature(sig, siglen); if (!s) return 0; if (pub_key) ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key)); DSA_SIG_free(s); return ok; }
ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length, const ops_dsa_signature_t *sig, const ops_dsa_public_key_t *dsa) { DSA_SIG *osig; DSA *odsa; int ret; osig=DSA_SIG_new(); osig->r=sig->r; osig->s=sig->s; odsa=DSA_new(); odsa->p=dsa->p; odsa->q=dsa->q; odsa->g=dsa->g; odsa->pub_key=dsa->y; if (debug) { fprintf(stderr,"hash passed in:\n"); unsigned i; for (i=0; i<hash_length; i++) { fprintf(stderr,"%02x ", hash[i]); } fprintf(stderr,"\n"); } //printf("hash_length=%ld\n", hash_length); //printf("Q=%d\n", BN_num_bytes(odsa->q)); unsigned int qlen=BN_num_bytes(odsa->q); if (qlen < hash_length) hash_length=qlen; // ret=DSA_do_verify(hash,hash_length,osig,odsa); ret=DSA_do_verify(hash,hash_length,osig,odsa); if (debug) { fprintf(stderr,"ret=%d\n",ret); } assert(ret >= 0); odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL; DSA_free(odsa); osig->r=osig->s=NULL; DSA_SIG_free(osig); return ret != 0; }
static int xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED, const unsigned char *dgst, unsigned int dlen, unsigned char *sig, unsigned int *siglen, void *dsa) { DSA_SIG *s; int rSize, sSize; s = DSA_do_sign(dgst, dlen, dsa); if(s == NULL) { *siglen=0; return(0); } rSize = BN_num_bytes(s->r); sSize = BN_num_bytes(s->s); if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) || (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, "size(r)=%d or size(s)=%d > %d", rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2); DSA_SIG_free(s); return(0); } memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE); BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize); BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize); *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE; DSA_SIG_free(s); return(1); }
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa) { DSA_SIG *s; RAND_seed(dgst, dlen); s=DSA_do_sign(dgst,dlen,dsa); if (s == NULL) { *siglen=0; return(0); } *siglen=i2d_DSA_SIG(s,&sig); DSA_SIG_free(s); return(1); }
int HsOpenSSL_dsa_verify(DSA *dsa, const unsigned char *ddata, int dlen, const BIGNUM *r, const BIGNUM *s) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L DSA_SIG* sig = DSA_SIG_new(); DSA_SIG_set0(sig, BN_dup(r), BN_dup(s)); int res = DSA_do_verify(ddata, dlen, sig, dsa); DSA_SIG_free(sig); return res; #else DSA_SIG sig; sig.r = (BIGNUM *)r; sig.s = (BIGNUM *)s; return dsa->meth->dsa_do_verify(ddata, dlen, &sig, dsa); #endif }
DSA_SIG *DSA_SIG_parse(CBS *cbs) { DSA_SIG *ret = DSA_SIG_new(); if (ret == NULL) { return NULL; } CBS child; if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || !parse_integer(&child, &ret->r) || !parse_integer(&child, &ret->s) || CBS_len(&child) != 0) { OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR); DSA_SIG_free(ret); return NULL; } return ret; }
static void pgpFreeSigDSA(pgpDigAlg pgpsig) { struct pgpDigSigDSA_s *sig = pgpsig->data; if (sig) { if (sig->dsa_sig) { DSA_SIG_free(sig->dsa_sig); } else { /* If sig->dsa_sig was constructed, * the memory management of these BNs * are freed with it. */ BN_clear_free(sig->r); BN_clear_free(sig->s); } free(pgpsig->data); } }
DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp, long len) { if (len < 0) { return NULL; } CBS cbs; CBS_init(&cbs, *inp, (size_t)len); DSA_SIG *ret = DSA_SIG_parse(&cbs); if (ret == NULL) { return NULL; } if (out_sig != NULL) { DSA_SIG_free(*out_sig); *out_sig = ret; } *inp = CBS_data(&cbs); return ret; }
static void check_license_signature(license_raw *lptr) { unsigned char message_digest[SHA_DIGEST_LENGTH]; SHA_CTX sha_ctx; DSA *dsa = DSA_new(); SHA1_Init(&sha_ctx); SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature)); SHA1_Final(message_digest, &sha_ctx); dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL); dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL); dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL); dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL); // calculate the right len of the signiture DSA_SIG *temp_sig=DSA_SIG_new(); int siglen = -1; const unsigned char *data =lptr->dsa_signature; if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){ fprintf(stderr, "License signature verification failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); exit(EXIT_FAILURE); } unsigned char *tmp_buff= NULL; siglen = i2d_DSA_SIG(temp_sig, &tmp_buff); OPENSSL_cleanse(tmp_buff, siglen); OPENSSL_free(tmp_buff); DSA_SIG_free(temp_sig); switch(DSA_verify(0, message_digest, sizeof(message_digest), lptr->dsa_signature, siglen, dsa)) { case 0: fputs("License file is corrupted: invalid DSA signature.\n", stderr); exit(EXIT_FAILURE); case 1: break; /* valid signature */ default: fprintf(stderr, "License signature verification failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); exit(EXIT_FAILURE); } DSA_free(dsa); }
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { DSA_SIG *dsa_sig; const unsigned char *p; if (!sig) { if (BIO_puts(bp, "\n") <= 0) return 0; else return 1; } p = sig->data; dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); if (dsa_sig) { int rv = 0; size_t buf_len = 0; unsigned char *m=NULL; update_buflen(dsa_sig->r, &buf_len); update_buflen(dsa_sig->s, &buf_len); m = OPENSSL_malloc(buf_len+10); if (m == NULL) { DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE); goto err; } if (BIO_write(bp, "\n", 1) != 1) goto err; if (!ASN1_bn_print(bp,"r: ",dsa_sig->r,m,indent)) goto err; if (!ASN1_bn_print(bp,"s: ",dsa_sig->s,m,indent)) goto err; rv = 1; err: if (m) OPENSSL_free(m); DSA_SIG_free(dsa_sig); return rv; } return X509_signature_dump(bp, sig, indent); }
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbs_len) { int ok = 0; EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx); DSA_SIG *s=unpack_cp_signature(sig,siglen); if (!s) return 0; #ifdef DEBUG_SIGN fprintf(stderr,"R="); BN_print_fp(stderr,s->r); fprintf(stderr,"\nS="); BN_print_fp(stderr,s->s); fprintf(stderr,"\n"); #endif if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key)); DSA_SIG_free(s); return ok; }
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbs_len) { int ok = 0; EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx); DSA_SIG *s=unpack_cp_signature(sig,siglen); if (!s) return 0; #ifdef DEBUG_SIGN TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"R="); BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->r); TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"\nS="); BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->s); TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"\n"); #endif if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,(EC_KEY*)EVP_PKEY_get0(pub_key)); DSA_SIG_free(s); return ok; }
unsigned __ops_dsa_verify(const uint8_t *hash, size_t hash_length, const __ops_dsa_sig_t *sig, const __ops_dsa_pubkey_t *dsa) { unsigned qlen; DSA_SIG *osig; DSA *odsa; int ret; osig = DSA_SIG_new(); osig->r = sig->r; osig->s = sig->s; odsa = DSA_new(); odsa->p = dsa->p; odsa->q = dsa->q; odsa->g = dsa->g; odsa->pub_key = dsa->y; if (__ops_get_debug_level(__FILE__)) { hexdump(stderr, "input hash", hash, hash_length); (void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q)); } if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) { hash_length = qlen; } ret = DSA_do_verify(hash, (int)hash_length, osig, odsa); if (__ops_get_debug_level(__FILE__)) { (void) fprintf(stderr, "ret=%d\n", ret); } if (ret < 0) { (void) fprintf(stderr, "__ops_dsa_verify: DSA verification\n"); return 0; } odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL; DSA_free(odsa); osig->r = osig->s = NULL; DSA_SIG_free(osig); return (unsigned)ret; }
/* OpenSSL sadly wants to ASN1 encode the resulting bignums so we use this * function to skip that. Returns > 0 on success */ int HsOpenSSL_dsa_sign(DSA *dsa, const unsigned char *ddata, int dlen, const BIGNUM **r, const BIGNUM **s) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L DSA_SIG *const sig = DSA_do_sign(ddata, dlen, dsa); if (!sig) return 0; DSA_SIG_get0(sig, r, s); *r = BN_dup(*r); *s = BN_dup(*s); DSA_SIG_free(sig); return 1; #else DSA_SIG *const sig = dsa->meth->dsa_do_sign(ddata, dlen, dsa); if (!sig) return 0; *r = sig->r; *s = sig->s; free(sig); return 1; #endif }
/* verify */ void DSASigner::verify( const void *data, size_t dataLen, const void *sig, size_t sigLen) { bool throwSigVerify = false; DSA_SIG *dsaSig = NULL; CSSM_RETURN crtn = CSSM_OK; int irtn; if(mDsaKey == NULL) { CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); } if(mDsaKey->pub_key == NULL) { CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } /* incoming sig is DER encoded....decode into internal format */ dsaSig = DSA_SIG_new(); crtn = DSASigDecode(dsaSig, sig, sigLen); if(crtn) { goto abort; } irtn = DSA_do_verify((unsigned char *)data, dataLen, dsaSig, mDsaKey); if(irtn != 1) { throwSigVerify = true; } abort: if(dsaSig != NULL) { DSA_SIG_free(dsaSig); } if(throwSigVerify) { clearOpensslErrors(); CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); } else if(crtn) { CssmError::throwMe(crtn); } }
static int xmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED, const unsigned char *dgst, unsigned int dgst_len, const unsigned char *sigbuf, unsigned int siglen, void *dsa) { DSA_SIG *s; int ret = -1; s = DSA_SIG_new(); if (s == NULL) { return(ret); } if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, "invalid length %d (%d expected)", siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE); goto err; } s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL); s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2), XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL); if((s->r == NULL) || (s->s == NULL)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "BN_bin2bn", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto err; } ret = DSA_do_verify(dgst, dgst_len, s, dsa); err: DSA_SIG_free(s); return(ret); }
bool dsa160_key::verify(byte_array const& digest, byte_array const& signature) const { assert(type() != invalid); assert(digest.size() == SHA256_DIGEST_LENGTH); // The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits. int digest_size = 160/8; DSA_SIG *sig = DSA_SIG_new(); if (!sig) return false; byte_array_iwrap<flurry::iarchive> read(signature); read.archive() >> sig->r >> sig->s; // @todo Check if there's more data in the signature, fail. int rc = DSA_do_verify((const unsigned char*)digest.const_data(), digest_size, sig, dsa_); DSA_SIG_free(sig); return rc == 1; }
static int fips_dsa_sign(int type, const unsigned char *x, int y, unsigned char *sig, unsigned int *siglen, EVP_MD_SVCTX *sv) { DSA *dsa = sv->key; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; DSA_SIG *s; EVP_DigestFinal_ex(sv->mctx, dig, &dlen); s=dsa->meth->dsa_do_sign(dig,dlen,dsa); OPENSSL_cleanse(dig, dlen); if (s == NULL) { *siglen=0; return 0; } *siglen= FIPS_dsa_sig_encode(sig, s); DSA_SIG_free(s); if (*siglen < 0) return 0; return 1; }
static int fips_dsa_verify(int type, const unsigned char *x, int y, const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv) { DSA *dsa = sv->key; DSA_SIG *s; int ret=-1; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; s = DSA_SIG_new(); if (s == NULL) return ret; if (!FIPS_dsa_sig_decode(s,sigbuf,siglen)) goto err; EVP_DigestFinal_ex(sv->mctx, dig, &dlen); ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa); OPENSSL_cleanse(dig, dlen); err: DSA_SIG_free(s); return ret; }
void ssh_signature_free(ssh_signature sig) { if (sig == NULL) { return; } switch(sig->type) { case SSH_KEYTYPE_DSS: #ifdef HAVE_LIBGCRYPT gcry_sexp_release(sig->dsa_sig); #elif defined HAVE_LIBCRYPTO DSA_SIG_free(sig->dsa_sig); #endif break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: #ifdef HAVE_LIBGCRYPT gcry_sexp_release(sig->rsa_sig); #elif defined HAVE_LIBCRYPTO SAFE_FREE(sig->rsa_sig); #endif break; case SSH_KEYTYPE_ECDSA: #ifdef HAVE_GCRYPT_ECC gcry_sexp_release(sig->ecdsa_sig); #elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC) ECDSA_SIG_free(sig->ecdsa_sig); #endif break; case SSH_KEYTYPE_ED25519: SAFE_FREE(sig->ed25519_sig); break; case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: break; } SAFE_FREE(sig); }
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { DSA_SIG *dsa_sig; const uint8_t *p; if (!sig) { return BIO_puts(bp, "\n") > 0; } p = sig->data; dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); if (dsa_sig == NULL) { return X509_signature_dump(bp, sig, indent); } int rv = 0; size_t buf_len = 0; uint8_t *m = NULL; update_buflen(dsa_sig->r, &buf_len); update_buflen(dsa_sig->s, &buf_len); m = OPENSSL_malloc(buf_len + 10); if (m == NULL) { OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } if (BIO_write(bp, "\n", 1) != 1 || !ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent) || !ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) { goto err; } rv = 1; err: OPENSSL_free(m); DSA_SIG_free(dsa_sig); return rv; }
// Signing functions bool OSSLDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param /* = NULL */, const size_t paramLen /* = 0 */) { if (mechanism == AsymMech::DSA) { // Separate implementation for DSA signing without hash computation // Check if the private key is the right type if (!privateKey->isOfType(OSSLDSAPrivateKey::type)) { ERROR_MSG("Invalid key type supplied"); return false; } OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) privateKey; DSA* dsa = pk->getOSSLKey(); // Perform the signature operation unsigned int sigLen = pk->getOutputLength(); signature.resize(sigLen); memset(&signature[0], 0, sigLen); int dLen = dataToSign.size(); DSA_SIG* sig = DSA_do_sign(dataToSign.const_byte_str(), dLen, dsa); if (sig == NULL) return false; // Store the 2 values with padding BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]); BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]); DSA_SIG_free(sig); return true; } else { // Call default implementation return AsymmetricAlgorithm::sign(privateKey, dataToSign, signature, mechanism, param, paramLen); } }
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa) { DSA_SIG *s; #ifdef OPENSSL_FIPS if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return 0; } #endif RAND_seed(dgst, dlen); s=DSA_do_sign(dgst,dlen,dsa); if (s == NULL) { *siglen=0; return(0); } *siglen=i2d_DSA_SIG(s,&sig); DSA_SIG_free(s); return(1); }
byte_array dsa160_key::sign(byte_array const& digest) const { assert(type() == public_and_private); assert(digest.size() == SHA256_DIGEST_LENGTH); // The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits. int digest_size = 160/8; DSA_SIG *sig = DSA_do_sign((const unsigned char*)digest.data(), digest_size, dsa_); assert(sig); byte_array signature; { byte_array_owrap<flurry::oarchive> write(signature); // write to signature write.archive() << sig->r << sig->s; } DSA_SIG_free(sig); return signature; }
int DSA_check_signature(int *out_valid, const uint8_t *digest, size_t digest_len, const uint8_t *sig, size_t sig_len, const DSA *dsa) { DSA_SIG *s = NULL; int ret = 0; s = DSA_SIG_new(); if (s == NULL) { goto err; } if (d2i_DSA_SIG(&s, &sig, sig_len) == NULL) { goto err; } ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa); err: if (s) { DSA_SIG_free(s); } return ret; }
bool OSSLDSA::signFinal(ByteString& signature) { // Save necessary state before calling super class signFinal OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) currentPrivateKey; if (!AsymmetricAlgorithm::signFinal(signature)) { return false; } ByteString hash; bool bFirstResult = pCurrentHash->hashFinal(hash); delete pCurrentHash; pCurrentHash = NULL; if (!bFirstResult) { return false; } DSA* dsa = pk->getOSSLKey(); // Perform the signature operation unsigned int sigLen = pk->getOutputLength(); signature.resize(sigLen); memset(&signature[0], 0, sigLen); DSA_SIG* sig = DSA_do_sign(&hash[0], hash.size(), dsa); if (sig == NULL) return false; // Store the 2 values with padding BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]); BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]); DSA_SIG_free(sig); return true; }
void signature_free(SIGNATURE *sign){ if(!sign) return; switch(sign->type){ case TYPE_DSS: #ifdef HAVE_LIBGCRYPT gcry_sexp_release(sign->dsa_sign); #elif defined HAVE_LIBCRYPTO DSA_SIG_free(sign->dsa_sign); #endif break; case TYPE_RSA: case TYPE_RSA1: #ifdef HAVE_LIBGCRYPT gcry_sexp_release(sign->rsa_sign); #elif defined HAVE_LIBCRYPTO free(sign->rsa_sign); #endif break; default: ssh_log(NULL,SSH_LOG_RARE,"freeing a signature with no type !\n"); } free(sign); }
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { DSA_SIG *dsa_sig; const unsigned char *p; if (!sig) { if (BIO_puts(bp, "\n") <= 0) return 0; else return 1; } p = sig->data; dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); if (dsa_sig) { int rv = 0; const BIGNUM *r, *s; DSA_SIG_get0(dsa_sig, &r, &s); if (BIO_write(bp, "\n", 1) != 1) goto err; if (!ASN1_bn_print(bp, "r: ", r, NULL, indent)) goto err; if (!ASN1_bn_print(bp, "s: ", s, NULL, indent)) goto err; rv = 1; err: DSA_SIG_free(dsa_sig); return rv; } if (BIO_puts(bp, "\n") <= 0) return 0; return X509_signature_dump(bp, sig, indent); }