自学教程：C++ DSA_SIG_free函数代码示例

/* DSA sign and verify */static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa){	int ret=0;	char *hptr=NULL;	DSA_SIG *psign=NULL;	char msg[64]="ENGINE_dsa_do_sign";	if (!p_surewarehk_Dsa_Sign)	{		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);		goto err;	}	/* extract ref to private key */	else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))	{		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);		goto err;	}	else	{		if((psign = DSA_SIG_new()) == NULL)		{			SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);			goto err;		}		psign->r=BN_new();		psign->s=BN_new();		bn_expand2(psign->r, 20/sizeof(BN_ULONG));		bn_expand2(psign->s, 20/sizeof(BN_ULONG));		if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||			!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))			goto err;		ret=p_surewarehk_Dsa_Sign(msg,flen,from,					  (unsigned long *)psign->r->d,					  (unsigned long *)psign->s->d,					  hptr);		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);	}	psign->r->top=20/sizeof(BN_ULONG);	bn_fix_top(psign->r);	psign->s->top=20/sizeof(BN_ULONG);	bn_fix_top(psign->s);err:		if (psign)	{		DSA_SIG_free(psign);		psign=NULL;	}	return psign;}

/* returns *      1: correct signature *      0: incorrect signature *     -1: error */int DSA_verify(int type, const unsigned char *dgst, int dgst_len,	     const unsigned char *sigbuf, int siglen, DSA *dsa)	{	DSA_SIG *s;	int ret=-1;	s = DSA_SIG_new();	if (s == NULL) return(ret);	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;	ret=DSA_do_verify(dgst,dgst_len,s,dsa);err:	DSA_SIG_free(s);	return(ret);	}

static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,                                 size_t siglen, const unsigned char *tbs,                                 size_t tbs_len){    int ok = 0;    EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);    DSA_SIG *s = unpack_cp_signature(sig, siglen);    if (!s)        return 0;    if (pub_key)        ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));    DSA_SIG_free(s);    return ok;}

ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,			     const ops_dsa_signature_t *sig,			     const ops_dsa_public_key_t *dsa)    {    DSA_SIG *osig;    DSA *odsa;    int ret;    osig=DSA_SIG_new();    osig->r=sig->r;    osig->s=sig->s;    odsa=DSA_new();    odsa->p=dsa->p;    odsa->q=dsa->q;    odsa->g=dsa->g;    odsa->pub_key=dsa->y;    if (debug)        {        fprintf(stderr,"hash passed in:/n");        unsigned i;        for (i=0; i<hash_length; i++)            {            fprintf(stderr,"%02x ", hash[i]);            }        fprintf(stderr,"/n");        }    //printf("hash_length=%ld/n", hash_length);    //printf("Q=%d/n", BN_num_bytes(odsa->q));    unsigned int qlen=BN_num_bytes(odsa->q);    if (qlen < hash_length)        hash_length=qlen;    //    ret=DSA_do_verify(hash,hash_length,osig,odsa);    ret=DSA_do_verify(hash,hash_length,osig,odsa);    if (debug)        {        fprintf(stderr,"ret=%d/n",ret);        }    assert(ret >= 0);    odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;    DSA_free(odsa);     osig->r=osig->s=NULL;    DSA_SIG_free(osig);    return ret != 0;    }

static intxmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,                        const unsigned char *dgst, unsigned int dlen,                        unsigned char *sig, unsigned int *siglen, void *dsa) {    DSA_SIG *s;    int rSize, sSize;    s = DSA_do_sign(dgst, dlen, dsa);    if(s == NULL) {        *siglen=0;        return(0);    }    rSize = BN_num_bytes(s->r);    sSize = BN_num_bytes(s->s);    if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||       (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {        xmlSecError(XMLSEC_ERRORS_HERE,                    NULL,                    NULL,                    XMLSEC_ERRORS_R_INVALID_SIZE,                    "size(r)=%d or size(s)=%d > %d",                    rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);        DSA_SIG_free(s);        return(0);    }    memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);    BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);    BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize);    *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;    DSA_SIG_free(s);    return(1);}

int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,	     unsigned int *siglen, DSA *dsa)	{	DSA_SIG *s;	RAND_seed(dgst, dlen);	s=DSA_do_sign(dgst,dlen,dsa);	if (s == NULL)		{		*siglen=0;		return(0);		}	*siglen=i2d_DSA_SIG(s,&sig);	DSA_SIG_free(s);	return(1);	}

int HsOpenSSL_dsa_verify(DSA *dsa, const unsigned char *ddata, int dlen,                         const BIGNUM *r, const BIGNUM *s) {#if OPENSSL_VERSION_NUMBER >= 0x10100000L  DSA_SIG* sig = DSA_SIG_new();  DSA_SIG_set0(sig, BN_dup(r), BN_dup(s));  int res = DSA_do_verify(ddata, dlen, sig, dsa);  DSA_SIG_free(sig);  return res;#else  DSA_SIG sig;  sig.r = (BIGNUM *)r;  sig.s = (BIGNUM *)s;  return dsa->meth->dsa_do_verify(ddata, dlen, &sig, dsa);#endif}

DSA_SIG *DSA_SIG_parse(CBS *cbs) {  DSA_SIG *ret = DSA_SIG_new();  if (ret == NULL) {    return NULL;  }  CBS child;  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||      !parse_integer(&child, &ret->r) ||      !parse_integer(&child, &ret->s) ||      CBS_len(&child) != 0) {    OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);    DSA_SIG_free(ret);    return NULL;  }  return ret;}

static void pgpFreeSigDSA(pgpDigAlg pgpsig){    struct pgpDigSigDSA_s *sig = pgpsig->data;    if (sig) {        if (sig->dsa_sig) {            DSA_SIG_free(sig->dsa_sig);        } else {            /* If sig->dsa_sig was constructed,             * the memory management of these BNs             * are freed with it. */            BN_clear_free(sig->r);            BN_clear_free(sig->s);        }        free(pgpsig->data);    }}

DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp, long len) {  if (len < 0) {    return NULL;  }  CBS cbs;  CBS_init(&cbs, *inp, (size_t)len);  DSA_SIG *ret = DSA_SIG_parse(&cbs);  if (ret == NULL) {    return NULL;  }  if (out_sig != NULL) {    DSA_SIG_free(*out_sig);    *out_sig = ret;  }  *inp = CBS_data(&cbs);  return ret;}

static void check_license_signature(license_raw *lptr){    unsigned char message_digest[SHA_DIGEST_LENGTH];    SHA_CTX sha_ctx;    DSA *dsa = DSA_new();    SHA1_Init(&sha_ctx);    SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature));    SHA1_Final(message_digest, &sha_ctx);    dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL);    dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL);    dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL);    dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL);  // calculate the right len of the signiture  DSA_SIG *temp_sig=DSA_SIG_new();  int siglen = -1;  const unsigned char *data =lptr->dsa_signature;   if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){  	fprintf(stderr, "License signature verification failed: %s/n",	    ERR_error_string(ERR_get_error(), NULL));	  exit(EXIT_FAILURE);  }  unsigned char *tmp_buff= NULL;  siglen = i2d_DSA_SIG(temp_sig, &tmp_buff);  OPENSSL_cleanse(tmp_buff, siglen);	OPENSSL_free(tmp_buff);	DSA_SIG_free(temp_sig);    switch(DSA_verify(0, message_digest, sizeof(message_digest),        lptr->dsa_signature, siglen, dsa)) {    case 0:	fputs("License file is corrupted: invalid DSA signature./n", stderr);	exit(EXIT_FAILURE);    case 1:	break; /* valid signature */    default:	fprintf(stderr, "License signature verification failed: %s/n",	    ERR_error_string(ERR_get_error(), NULL));	exit(EXIT_FAILURE);    }    DSA_free(dsa);}

static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,                         const ASN1_STRING *sig,                         int indent, ASN1_PCTX *pctx){    DSA_SIG *dsa_sig;    const unsigned char *p;    if (!sig)    {        if (BIO_puts(bp, "/n") <= 0)            return 0;        else            return 1;    }    p = sig->data;    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);    if (dsa_sig)    {        int rv = 0;        size_t buf_len = 0;        unsigned char *m=NULL;        update_buflen(dsa_sig->r, &buf_len);        update_buflen(dsa_sig->s, &buf_len);        m = OPENSSL_malloc(buf_len+10);        if (m == NULL)        {            DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);            goto err;        }        if (BIO_write(bp, "/n", 1) != 1)            goto err;        if (!ASN1_bn_print(bp,"r:   ",dsa_sig->r,m,indent))            goto err;        if (!ASN1_bn_print(bp,"s:   ",dsa_sig->s,m,indent))            goto err;        rv = 1;err:        if (m)            OPENSSL_free(m);        DSA_SIG_free(dsa_sig);        return rv;    }    return X509_signature_dump(bp, sig, indent);}

static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,	size_t siglen, const unsigned char *tbs, size_t tbs_len)	{	int ok = 0;	EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);	DSA_SIG *s=unpack_cp_signature(sig,siglen);	if (!s) return 0;#ifdef DEBUG_SIGN		fprintf(stderr,"R=");	BN_print_fp(stderr,s->r);	fprintf(stderr,"/nS=");	BN_print_fp(stderr,s->s);	fprintf(stderr,"/n");#endif		if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key));	DSA_SIG_free(s);	return ok;	}

static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,	size_t siglen, const unsigned char *tbs, size_t tbs_len)	{	int ok = 0;	EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);	DSA_SIG *s=unpack_cp_signature(sig,siglen);	if (!s) return 0;#ifdef DEBUG_SIGN		TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"R=");	BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->r);	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"/nS=");	BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->s);	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"/n");#endif		if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,(EC_KEY*)EVP_PKEY_get0(pub_key));	DSA_SIG_free(s);	return ok;	}

unsigned __ops_dsa_verify(const uint8_t *hash, size_t hash_length,	       const __ops_dsa_sig_t *sig,	       const __ops_dsa_pubkey_t *dsa){	unsigned	qlen;	DSA_SIG        *osig;	DSA            *odsa;	int             ret;	osig = DSA_SIG_new();	osig->r = sig->r;	osig->s = sig->s;	odsa = DSA_new();	odsa->p = dsa->p;	odsa->q = dsa->q;	odsa->g = dsa->g;	odsa->pub_key = dsa->y;	if (__ops_get_debug_level(__FILE__)) {		hexdump(stderr, "input hash", hash, hash_length);		(void) fprintf(stderr, "Q=%d/n", BN_num_bytes(odsa->q));	}	if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {		hash_length = qlen;	}	ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);	if (__ops_get_debug_level(__FILE__)) {		(void) fprintf(stderr, "ret=%d/n", ret);	}	if (ret < 0) {		(void) fprintf(stderr, "__ops_dsa_verify: DSA verification/n");		return 0;	}	odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;	DSA_free(odsa);	osig->r = osig->s = NULL;	DSA_SIG_free(osig);	return (unsigned)ret;}

/* OpenSSL sadly wants to ASN1 encode the resulting bignums so we use this * function to skip that. Returns > 0 on success */int HsOpenSSL_dsa_sign(DSA *dsa, const unsigned char *ddata, int dlen,                       const BIGNUM **r, const BIGNUM **s) {#if OPENSSL_VERSION_NUMBER >= 0x10100000L  DSA_SIG *const sig = DSA_do_sign(ddata, dlen, dsa);  if (!sig) return 0;  DSA_SIG_get0(sig, r, s);  *r = BN_dup(*r);  *s = BN_dup(*s);  DSA_SIG_free(sig);  return 1;#else  DSA_SIG *const sig = dsa->meth->dsa_do_sign(ddata, dlen, dsa);  if (!sig) return 0;  *r = sig->r;  *s = sig->s;  free(sig);  return 1;#endif}

/* verify */void DSASigner::verify(	const void 		*data, 	size_t 			dataLen,	const void		*sig,				size_t			sigLen){	bool 			throwSigVerify = false;	DSA_SIG 		*dsaSig = NULL;	CSSM_RETURN		crtn = CSSM_OK;	int					irtn;		if(mDsaKey == NULL) {		CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);	}	if(mDsaKey->pub_key == NULL) {		CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);	}	/* incoming sig is DER encoded....decode into internal format */	dsaSig = DSA_SIG_new();	crtn = DSASigDecode(dsaSig, sig, sigLen);	if(crtn) {		goto abort;	}	irtn = DSA_do_verify((unsigned char *)data, dataLen, dsaSig, mDsaKey);	if(irtn != 1) {		throwSigVerify = true;	}abort:	if(dsaSig != NULL) {		DSA_SIG_free(dsaSig);	}		if(throwSigVerify) {		clearOpensslErrors();		CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);	}	else if(crtn) {		CssmError::throwMe(crtn);	}}

static intxmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,                        const unsigned char *dgst, unsigned int dgst_len,                        const unsigned char *sigbuf, unsigned int siglen,                        void *dsa) {    DSA_SIG *s;    int ret = -1;    s = DSA_SIG_new();    if (s == NULL) {        return(ret);    }    if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {        xmlSecError(XMLSEC_ERRORS_HERE,                    NULL,                    NULL,                    XMLSEC_ERRORS_R_INVALID_SIZE,                    "invalid length %d (%d expected)",                    siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);        goto err;    }    s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);    s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),                       XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);    if((s->r == NULL) || (s->s == NULL)) {        xmlSecError(XMLSEC_ERRORS_HERE,                    NULL,                    "BN_bin2bn",                    XMLSEC_ERRORS_R_CRYPTO_FAILED,                    XMLSEC_ERRORS_NO_MESSAGE);        goto err;    }    ret = DSA_do_verify(dgst, dgst_len, s, dsa);err:    DSA_SIG_free(s);    return(ret);}

booldsa160_key::verify(byte_array const& digest, byte_array const& signature) const{    assert(type() != invalid);    assert(digest.size() == SHA256_DIGEST_LENGTH);    // The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits.    int digest_size = 160/8;    DSA_SIG *sig = DSA_SIG_new();    if (!sig)        return false;    byte_array_iwrap<flurry::iarchive> read(signature);    read.archive() >> sig->r >> sig->s; // @todo Check if there's more data in the signature, fail.    int rc = DSA_do_verify((const unsigned char*)digest.const_data(), digest_size, sig, dsa_);    DSA_SIG_free(sig);    return rc == 1;}

static int fips_dsa_sign(int type, const unsigned char *x, int y,	     unsigned char *sig, unsigned int *siglen, EVP_MD_SVCTX *sv)	{	DSA *dsa = sv->key;	unsigned char dig[EVP_MAX_MD_SIZE];	unsigned int dlen;	DSA_SIG *s;        EVP_DigestFinal_ex(sv->mctx, dig, &dlen);	s=dsa->meth->dsa_do_sign(dig,dlen,dsa);	OPENSSL_cleanse(dig, dlen);	if (s == NULL)		{		*siglen=0;		return 0;		}	*siglen= FIPS_dsa_sig_encode(sig, s);	DSA_SIG_free(s);	if (*siglen < 0)		return 0;	return 1;	}

static int fips_dsa_verify(int type, const unsigned char *x, int y,	     const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)	{	DSA *dsa = sv->key;	DSA_SIG *s;	int ret=-1;	unsigned char dig[EVP_MAX_MD_SIZE];	unsigned int dlen;	s = DSA_SIG_new();	if (s == NULL)		return ret;	if (!FIPS_dsa_sig_decode(s,sigbuf,siglen))		goto err;        EVP_DigestFinal_ex(sv->mctx, dig, &dlen);	ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);	OPENSSL_cleanse(dig, dlen);err:	DSA_SIG_free(s);	return ret;	}

void ssh_signature_free(ssh_signature sig){    if (sig == NULL) {        return;    }    switch(sig->type) {        case SSH_KEYTYPE_DSS:#ifdef HAVE_LIBGCRYPT            gcry_sexp_release(sig->dsa_sig);#elif defined HAVE_LIBCRYPTO            DSA_SIG_free(sig->dsa_sig);#endif            break;        case SSH_KEYTYPE_RSA:        case SSH_KEYTYPE_RSA1:#ifdef HAVE_LIBGCRYPT            gcry_sexp_release(sig->rsa_sig);#elif defined HAVE_LIBCRYPTO            SAFE_FREE(sig->rsa_sig);#endif            break;        case SSH_KEYTYPE_ECDSA:#ifdef HAVE_GCRYPT_ECC            gcry_sexp_release(sig->ecdsa_sig);#elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC)            ECDSA_SIG_free(sig->ecdsa_sig);#endif            break;        case SSH_KEYTYPE_ED25519:            SAFE_FREE(sig->ed25519_sig);            break;        case SSH_KEYTYPE_DSS_CERT01:        case SSH_KEYTYPE_RSA_CERT01:        case SSH_KEYTYPE_UNKNOWN:            break;    }    SAFE_FREE(sig);}

static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) {  DSA_SIG *dsa_sig;  const uint8_t *p;  if (!sig) {    return BIO_puts(bp, "/n") > 0;  }  p = sig->data;  dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);  if (dsa_sig == NULL) {    return X509_signature_dump(bp, sig, indent);  }  int rv = 0;  size_t buf_len = 0;  uint8_t *m = NULL;  update_buflen(dsa_sig->r, &buf_len);  update_buflen(dsa_sig->s, &buf_len);  m = OPENSSL_malloc(buf_len + 10);  if (m == NULL) {    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);    goto err;  }  if (BIO_write(bp, "/n", 1) != 1 ||      !ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent) ||      !ASN1_bn_print(bp, "s:   ", dsa_sig->s, m, indent)) {    goto err;  }  rv = 1;err:  OPENSSL_free(m);  DSA_SIG_free(dsa_sig);  return rv;}

// Signing functionsbool OSSLDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,		   ByteString& signature, const AsymMech::Type mechanism,		   const void* param /* = NULL */, const size_t paramLen /* = 0 */){	if (mechanism == AsymMech::DSA)	{		// Separate implementation for DSA signing without hash computation		// Check if the private key is the right type		if (!privateKey->isOfType(OSSLDSAPrivateKey::type))		{			ERROR_MSG("Invalid key type supplied");			return false;		}		OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) privateKey;		DSA* dsa = pk->getOSSLKey();		// Perform the signature operation		unsigned int sigLen = pk->getOutputLength();		signature.resize(sigLen);		memset(&signature[0], 0, sigLen);		int dLen = dataToSign.size();		DSA_SIG* sig = DSA_do_sign(dataToSign.const_byte_str(), dLen, dsa);		if (sig == NULL)			return false;		// Store the 2 values with padding		BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);		BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);		DSA_SIG_free(sig);		return true;	}	else	{		// Call default implementation		return AsymmetricAlgorithm::sign(privateKey, dataToSign, signature, mechanism, param, paramLen);	}}

int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,	     unsigned int *siglen, DSA *dsa)	{	DSA_SIG *s;#ifdef OPENSSL_FIPS	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))		{		DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);		return 0;		}#endif	RAND_seed(dgst, dlen);	s=DSA_do_sign(dgst,dlen,dsa);	if (s == NULL)		{		*siglen=0;		return(0);		}	*siglen=i2d_DSA_SIG(s,&sig);	DSA_SIG_free(s);	return(1);	}

int DSA_check_signature(int *out_valid, const uint8_t *digest,                        size_t digest_len, const uint8_t *sig, size_t sig_len,                        const DSA *dsa) {  DSA_SIG *s = NULL;  int ret = 0;  s = DSA_SIG_new();  if (s == NULL) {    goto err;  }  if (d2i_DSA_SIG(&s, &sig, sig_len) == NULL) {    goto err;  }  ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);err:  if (s) {    DSA_SIG_free(s);  }  return ret;}

bool OSSLDSA::signFinal(ByteString& signature){	// Save necessary state before calling super class signFinal	OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) currentPrivateKey;	if (!AsymmetricAlgorithm::signFinal(signature))	{		return false;	}	ByteString hash;	bool bFirstResult = pCurrentHash->hashFinal(hash);	delete pCurrentHash;	pCurrentHash = NULL;	if (!bFirstResult)	{		return false;	}	DSA* dsa = pk->getOSSLKey();	// Perform the signature operation	unsigned int sigLen = pk->getOutputLength();	signature.resize(sigLen);	memset(&signature[0], 0, sigLen);	DSA_SIG* sig = DSA_do_sign(&hash[0], hash.size(), dsa);	if (sig == NULL)		return false;	// Store the 2 values with padding	BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);	BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);	DSA_SIG_free(sig);	return true;}

void signature_free(SIGNATURE *sign){    if(!sign)        return;    switch(sign->type){        case TYPE_DSS:#ifdef HAVE_LIBGCRYPT            gcry_sexp_release(sign->dsa_sign);#elif defined HAVE_LIBCRYPTO            DSA_SIG_free(sign->dsa_sign);#endif            break;        case TYPE_RSA:        case TYPE_RSA1:#ifdef HAVE_LIBGCRYPT            gcry_sexp_release(sign->rsa_sign);#elif defined HAVE_LIBCRYPTO            free(sign->rsa_sign);#endif            break;        default:            ssh_log(NULL,SSH_LOG_RARE,"freeing a signature with no type !/n");    }    free(sign);}

static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx){    DSA_SIG *dsa_sig;    const unsigned char *p;    if (!sig) {        if (BIO_puts(bp, "/n") <= 0)            return 0;        else            return 1;    }    p = sig->data;    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);    if (dsa_sig) {        int rv = 0;        const BIGNUM *r, *s;        DSA_SIG_get0(dsa_sig, &r, &s);        if (BIO_write(bp, "/n", 1) != 1)            goto err;        if (!ASN1_bn_print(bp, "r:   ", r, NULL, indent))            goto err;        if (!ASN1_bn_print(bp, "s:   ", s, NULL, indent))            goto err;        rv = 1; err:        DSA_SIG_free(dsa_sig);        return rv;    }    if (BIO_puts(bp, "/n") <= 0)        return 0;    return X509_signature_dump(bp, sig, indent);}