自学教程：C++ DSA_SIG_new函数代码示例

/* * data has already been hashed (probably with SHA or SHA-1). * returns *      1: correct signature *      0: incorrect signature *     -1: error */intDSA_verify(int type, const unsigned char *dgst, int dgst_len,    const unsigned char *sigbuf, int siglen, DSA *dsa){	DSA_SIG *s;	unsigned char *der = NULL;	const unsigned char *p = sigbuf;	int derlen = -1;	int ret = -1;	s = DSA_SIG_new();	if (s == NULL)		return ret;	if (d2i_DSA_SIG(&s, &p, siglen) == NULL)		goto err;	/* Ensure signature uses DER and doesn't have trailing garbage */	derlen = i2d_DSA_SIG(s, &der);	if (derlen != siglen || memcmp(sigbuf, der, derlen))		goto err;	ret = DSA_do_verify(dgst, dgst_len, s, dsa);err:	freezero(der, derlen);	DSA_SIG_free(s);	return ret;}

int DSA_check_signature(int *out_valid, const uint8_t *digest,                        size_t digest_len, const uint8_t *sig, size_t sig_len,                        const DSA *dsa) {    DSA_SIG *s = NULL;    int ret = 0;    uint8_t *der = NULL;    s = DSA_SIG_new();    if (s == NULL) {        goto err;    }    const uint8_t *sigp = sig;    if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) {        goto err;    }    /* Ensure that the signature uses DER and doesn't have trailing garbage. */    int der_len = i2d_DSA_SIG(s, &der);    if (der_len < 0 || (size_t)der_len != sig_len || memcmp(sig, der, sig_len)) {        goto err;    }    ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);err:    OPENSSL_free(der);    DSA_SIG_free(s);    return ret;}

static int constructDSASignature(struct pgpDigSigDSA_s *sig){    int rc;    if (sig->dsa_sig) {        /* We've already constructed it, so just reuse it */        return 1;    }    /* Create the DSA signature */    DSA_SIG *dsa_sig = DSA_SIG_new();    if (!dsa_sig) return 0;    if (!DSA_SIG_set0(dsa_sig, sig->r, sig->s)) {        rc = 0;        goto done;    }    sig->dsa_sig = dsa_sig;    rc = 1;done:    if (rc == 0) {        DSA_SIG_free(sig->dsa_sig);    }    return rc;}

static isc_result_topenssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {	isc_sha1_t *sha1ctx = dctx->opaque;	dst_key_t *key = dctx->key;	DSA *dsa = key->opaque;	DSA_SIG *dsasig;	int status = 0;	unsigned char digest[ISC_SHA1_DIGESTLENGTH];	unsigned char *cp = sig->base;	isc_sha1_final(sha1ctx, digest);	if (sig->length < 2 * ISC_SHA1_DIGESTLENGTH + 1)		return (DST_R_VERIFYFAILURE);	cp++;	/*%< Skip T */	dsasig = DSA_SIG_new();	dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);	cp += ISC_SHA1_DIGESTLENGTH;	dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);	cp += ISC_SHA1_DIGESTLENGTH;	status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);	DSA_SIG_free(dsasig);	if (status <= 0)		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));	return (ISC_R_SUCCESS);}

int_libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,                         const unsigned char *sig,                         const unsigned char *m, unsigned long m_len){    unsigned char hash[SHA_DIGEST_LENGTH];    DSA_SIG * dsasig;    BIGNUM * r;    BIGNUM * s;    int ret = -1;    r = BN_new();    BN_bin2bn(sig, 20, r);    s = BN_new();    BN_bin2bn(sig + 20, 20, s);    dsasig = DSA_SIG_new();#ifdef HAVE_OPAQUE_STRUCTS    DSA_SIG_set0(dsasig, r, s);#else    dsasig->r = r;    dsasig->s = s;#endif    if(!_libssh2_sha1(m, m_len, hash))        /* _libssh2_sha1() succeeded */        ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx);    DSA_SIG_free(dsasig);    return (ret == 1) ? 0 : -1;}

int DSA_verify(int type, const uint8_t *digest, size_t digest_len,               const uint8_t *sig, size_t sig_len, const DSA *dsa) {  DSA_SIG *s = NULL;  int ret = -1, valid;  s = DSA_SIG_new();  if (s == NULL) {    goto err;  }  if (d2i_DSA_SIG(&s, &sig, sig_len) == NULL) {    goto err;  }  if (!DSA_do_check_signature(&valid, digest, digest_len, s, dsa)) {    goto err;  }  ret = valid;err:  if (s) {    DSA_SIG_free(s);  }  return ret;}

void sigver()    {    DSA *dsa=NULL;    char buf[1024];    int nmod=0;    unsigned char hash[20];    DSA_SIG *sig=DSA_SIG_new();    while(fgets(buf,sizeof buf,stdin) != NULL)	{	if(!strncmp(buf,"[mod = ",7))	    {	    nmod=atoi(buf+7);	    if(dsa)		DSA_free(dsa);	    dsa=DSA_new();	    }	else if(!strncmp(buf,"P = ",4))	    dsa->p=hex2bn(buf+4);	else if(!strncmp(buf,"Q = ",4))	    dsa->q=hex2bn(buf+4);	else if(!strncmp(buf,"G = ",4))	    {	    dsa->g=hex2bn(buf+4);	    printf("[mod = %d]/n/n",nmod);	    pbn("P",dsa->p);	    pbn("Q",dsa->q);	    pbn("G",dsa->g);	    putc('/n',stdout);	    }	else if(!strncmp(buf,"Msg = ",6))	    {	    unsigned char msg[1024];	    int n;	    n=hex2bin(buf+6,msg);	    pv("Msg",msg,n);	    SHA1(msg,n,hash);	    }	else if(!strncmp(buf,"Y = ",4))	    dsa->pub_key=hex2bn(buf+4);	else if(!strncmp(buf,"R = ",4))	    sig->r=hex2bn(buf+4);	else if(!strncmp(buf,"S = ",4))	    {	    sig->s=hex2bn(buf+4);		    pbn("Y",dsa->pub_key);	    pbn("R",sig->r);	    pbn("S",sig->s);	    printf("Result = %c/n",DSA_do_verify(hash,sizeof hash,sig,dsa)		   ? 'P' : 'F');	    putc('/n',stdout);	    }	}    }

/* returns *      1: correct signature *      0: incorrect signature *     -1: error */int DSA_verify(int type, const unsigned char *dgst, int dgst_len,	     const unsigned char *sigbuf, int siglen, DSA *dsa)	{	DSA_SIG *s;	/*	  rdar://problem/20168109 and others	  a binary compat issue with OpenSSL zd from zc	  this change seems to be the problem, and is not critical	  (for now).	*/#if 0	const unsigned char *p = sigbuf;	unsigned char *der = NULL;	int derlen = -1;#endif	int ret=-1;#ifdef OPENSSL_FIPS	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))		{		DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);		return 0;		}#endif	s = DSA_SIG_new();	if (s == NULL) return(ret);	/*	  rdar://problem/20168109 and others	  a binary compat issue with OpenSSL zd from zc	  this change seems to be the problem, and is not critical	  (for now).	*/#if 0	if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;	/* Ensure signature uses DER and doesn't have trailing garbage */	derlen = i2d_DSA_SIG(s, &der);	if (derlen != siglen || memcmp(sigbuf, der, derlen))		goto err;#else	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;#endif	ret=DSA_do_verify(dgst,dgst_len,s,dsa);err:	/*	  more from rdar://problem/20168109 and others	*/#if 0	if (derlen > 0)		{		OPENSSL_cleanse(der, derlen);		OPENSSL_free(der);		}#endif	DSA_SIG_free(s);	return(ret);	}

/*! * /brief Finish the signing and write out the DSA signature. * /see any_sign_write */static int dsa_sign_write(const knot_dnssec_sign_context_t *context,                          uint8_t *signature, size_t signature_size){	assert(context);	assert(signature);	size_t output_size = dsa_sign_size(context->key);	if (output_size != signature_size) {		return KNOT_DNSSEC_EUNEXPECTED_SIGNATURE_SIZE;	}	// create raw signature	uint8_t *raw_signature = NULL;	size_t raw_size = 0;	int result = sign_alloc_and_write(context, &raw_signature, &raw_size);	if (result != KNOT_EOK) {		return result;	}	// decode signature, X.509 Dss-Sig-Value (RFC2459)	DSA_SIG *decoded = DSA_SIG_new();	if (!decoded) {		free(raw_signature);		return KNOT_ENOMEM;	}	const uint8_t *decode_scan = raw_signature;	if (!d2i_DSA_SIG(&decoded, &decode_scan, (long)raw_size)) {		DSA_SIG_free(decoded);		free(raw_signature);		return KNOT_DNSSEC_EDECODE_RAW_SIGNATURE;	}	free(raw_signature);	// convert to format defined by RFC 2536 (DSA keys and SIGs in DNS)	// T (1 byte), R (20 bytes), S (20 bytes)	uint8_t *signature_t = signature;	uint8_t *signature_r = signature + 21 - BN_num_bytes(decoded->r);	uint8_t *signature_s = signature + 41 - BN_num_bytes(decoded->s);	memset(signature, '/0', output_size);	*signature_t = 0x00; //! /todo Take from public key. Only recommended.	BN_bn2bin(decoded->r, signature_r);	BN_bn2bin(decoded->s, signature_s);	DSA_SIG_free(decoded);	return KNOT_EOK;}

/* * Computes signature and returns it as DSA_SIG structure */DSA_SIG *gost_do_sign (const unsigned char *dgst, int dlen, DSA * dsa){    BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;    DSA_SIG *newsig = DSA_SIG_new ();    BIGNUM *md = hashsum2bn (dgst);    /* check if H(M) mod q is zero */    BN_CTX *ctx = BN_CTX_new ();    BN_CTX_start (ctx);    if (!newsig)    {        GOSTerr (GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);        goto err;    }    tmp = BN_CTX_get (ctx);    k = BN_CTX_get (ctx);    tmp2 = BN_CTX_get (ctx);    BN_mod (tmp, md, dsa->q, ctx);    if (BN_is_zero (tmp))    {        BN_one (md);    }    do    {        do        {            /*Generate random number k less than q */            BN_rand_range (k, dsa->q);            /* generate r = (a^x mod p) mod q */            BN_mod_exp (tmp, dsa->g, k, dsa->p, ctx);            if (!(newsig->r))                newsig->r = BN_new ();            BN_mod (newsig->r, tmp, dsa->q, ctx);        }        while (BN_is_zero (newsig->r));        /* generate s = (xr + k(Hm)) mod q */        BN_mod_mul (tmp, dsa->priv_key, newsig->r, dsa->q, ctx);        BN_mod_mul (tmp2, k, md, dsa->q, ctx);        if (!newsig->s)            newsig->s = BN_new ();        BN_mod_add (newsig->s, tmp, tmp2, dsa->q, ctx);    }    while (BN_is_zero (newsig->s));  err:    BN_free (md);    BN_CTX_end (ctx);    BN_CTX_free (ctx);    return newsig;}

// Verification functionsbool OSSLDSA::verify(PublicKey* publicKey, const ByteString& originalData,		     const ByteString& signature, const AsymMech::Type mechanism,		     const void* param /* = NULL */, const size_t paramLen /* = 0 */){	if (mechanism == AsymMech::DSA)	{		// Separate implementation for DSA verification without hash computation		// Check if the private key is the right type		if (!publicKey->isOfType(OSSLDSAPublicKey::type))		{			ERROR_MSG("Invalid key type supplied");			return false;		}		// Perform the verify operation		OSSLDSAPublicKey* pk = (OSSLDSAPublicKey*) publicKey;		unsigned int sigLen = pk->getOutputLength();		if (signature.size() != sigLen)			return false;		DSA_SIG* sig = DSA_SIG_new();		if (sig == NULL)			return false;		const unsigned char *s = signature.const_byte_str();		sig->r = BN_bin2bn(s, sigLen / 2, NULL);		sig->s = BN_bin2bn(s + sigLen / 2, sigLen / 2, NULL);		if (sig->r == NULL || sig->s == NULL)		{			DSA_SIG_free(sig);			return false;		}		int dLen = originalData.size();		int ret = DSA_do_verify(originalData.const_byte_str(), dLen, sig, pk->getOSSLKey());		if (ret != 1)		{			if (ret < 0)				ERROR_MSG("DSA verify failed (0x%08X)", ERR_get_error());			DSA_SIG_free(sig);			return false;		}		DSA_SIG_free(sig);		return true;	}	else	{		// Call the generic function		return AsymmetricAlgorithm::verify(publicKey, originalData, signature, mechanism, param, paramLen);	}}

/* Unpack signature according to cryptopro rules  */DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen){    DSA_SIG *s;    s = DSA_SIG_new();    if (s == NULL) {        GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);        return NULL;    }    s->s = BN_bin2bn(sig, siglen / 2, NULL);    s->r = BN_bin2bn(sig + siglen / 2, siglen / 2, NULL);    return s;}

/* Unpack signature according to cryptopro rules  */DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen)	{	DSA_SIG *s;	s = DSA_SIG_new();	if (s == NULL)		{		GOSTerr(GOST_F_UNPACK_CP_SIGNATURE,GOST_R_NO_MEMORY);		return NULL;		}	s->s = getbnfrombuf(sig , siglen/2);	s->r = getbnfrombuf(sig + siglen/2, siglen/2);	return s;	}

/* returns *      1: correct signature *      0: incorrect signature *     -1: error */int DSA_verify(int type, const unsigned char *dgst, int dgst_len,               const unsigned char *sigbuf, int siglen, DSA *dsa){    DSA_SIG *s;    int ret=-1;    s = DSA_SIG_new();    if (s == NULL) return(ret);    if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;    ret=DSA_do_verify(dgst,dgst_len,s,dsa);err:    DSA_SIG_free(s);    return(ret);}

/* DSA sign and verify */static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa){    int ret=0;    char *hptr=NULL;    DSA_SIG *psign=NULL;    char msg[64]="ENGINE_dsa_do_sign";    if (!p_surewarehk_Dsa_Sign)    {        SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);        goto err;    }    /* extract ref to private key */    else if (!(hptr=(char*)DSA_get_ex_data(dsa, dsaHndidx)))    {        SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);        goto err;    }    else    {        if((psign = DSA_SIG_new()) == NULL)        {            SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);            goto err;        }        psign->r=BN_new();        psign->s=BN_new();        bn_expand2(psign->r, 20/sizeof(BN_ULONG));        bn_expand2(psign->s, 20/sizeof(BN_ULONG));        if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||                !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))            goto err;        ret=p_surewarehk_Dsa_Sign(msg,flen,from,                                  (unsigned long *)psign->r->d,                                  (unsigned long *)psign->s->d,                                  hptr);        surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);    }    psign->r->top=20/sizeof(BN_ULONG);    bn_fix_top(psign->r);    psign->s->top=20/sizeof(BN_ULONG);    bn_fix_top(psign->s);err:    if (psign)    {        DSA_SIG_free(psign);        psign=NULL;    }    return psign;}

bool OSSLDSA::verifyFinal(const ByteString& signature){	// Save necessary state before calling super class verifyFinal	OSSLDSAPublicKey* pk = (OSSLDSAPublicKey*) currentPublicKey;	if (!AsymmetricAlgorithm::verifyFinal(signature))	{		return false;	}	ByteString hash;	bool bFirstResult = pCurrentHash->hashFinal(hash);	delete pCurrentHash;	pCurrentHash = NULL;	if (!bFirstResult)	{		return false;	}	// Perform the verify operation	unsigned int sigLen = pk->getOutputLength();	if (signature.size() != sigLen)		return false;	DSA_SIG* sig = DSA_SIG_new();	if (sig == NULL)		return false;	const unsigned char *s = signature.const_byte_str();	sig->r = BN_bin2bn(s, sigLen / 2, NULL);	sig->s = BN_bin2bn(s + sigLen / 2, sigLen / 2, NULL);	if (sig->r == NULL || sig->s == NULL)	{		DSA_SIG_free(sig);		return false;	}	int ret = DSA_do_verify(&hash[0], hash.size(), sig, pk->getOSSLKey());	if (ret != 1)	{		if (ret < 0)			ERROR_MSG("DSA verify failed (0x%08X)", ERR_get_error());		DSA_SIG_free(sig);		return false;	}	DSA_SIG_free(sig);	return true;}

static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,                                      DSA *dsa){    struct crypt_kop kop;    BIGNUM *r = NULL, *s = NULL;    DSA_SIG *dsaret = NULL;    if ((r = BN_new()) == NULL)        goto err;    if ((s = BN_new()) == NULL) {        BN_free(r);        goto err;    }    memset(&kop, 0, sizeof kop);    kop.crk_op = CRK_DSA_SIGN;    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */    kop.crk_param[0].crp_p = (caddr_t) dgst;    kop.crk_param[0].crp_nbits = dlen * 8;    if (bn2crparam(dsa->p, &kop.crk_param[1]))        goto err;    if (bn2crparam(dsa->q, &kop.crk_param[2]))        goto err;    if (bn2crparam(dsa->g, &kop.crk_param[3]))        goto err;    if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))        goto err;    kop.crk_iparams = 5;    if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,                       BN_num_bytes(dsa->q), s) == 0) {        dsaret = DSA_SIG_new();        if (dsaret == NULL)            goto err;        dsaret->r = r;        dsaret->s = s;        r = s = NULL;    } else {        const DSA_METHOD *meth = DSA_OpenSSL();        dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);    } err:    BN_free(r);    BN_free(s);    kop.crk_param[0].crp_p = NULL;    zapparams(&kop);    return (dsaret);}

ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,			     const ops_dsa_signature_t *sig,			     const ops_dsa_public_key_t *dsa)    {    DSA_SIG *osig;    DSA *odsa;    int ret;    osig=DSA_SIG_new();    osig->r=sig->r;    osig->s=sig->s;    odsa=DSA_new();    odsa->p=dsa->p;    odsa->q=dsa->q;    odsa->g=dsa->g;    odsa->pub_key=dsa->y;    if (debug)        {        fprintf(stderr,"hash passed in:/n");        unsigned i;        for (i=0; i<hash_length; i++)            {            fprintf(stderr,"%02x ", hash[i]);            }        fprintf(stderr,"/n");        }    //printf("hash_length=%ld/n", hash_length);    //printf("Q=%d/n", BN_num_bytes(odsa->q));    unsigned int qlen=BN_num_bytes(odsa->q);    if (qlen < hash_length)        hash_length=qlen;    //    ret=DSA_do_verify(hash,hash_length,osig,odsa);    ret=DSA_do_verify(hash,hash_length,osig,odsa);    if (debug)        {        fprintf(stderr,"ret=%d/n",ret);        }    assert(ret >= 0);    odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;    DSA_free(odsa);     osig->r=osig->s=NULL;    DSA_SIG_free(osig);    return ret != 0;    }

int HsOpenSSL_dsa_verify(DSA *dsa, const unsigned char *ddata, int dlen,                         const BIGNUM *r, const BIGNUM *s) {#if OPENSSL_VERSION_NUMBER >= 0x10100000L  DSA_SIG* sig = DSA_SIG_new();  DSA_SIG_set0(sig, BN_dup(r), BN_dup(s));  int res = DSA_do_verify(ddata, dlen, sig, dsa);  DSA_SIG_free(sig);  return res;#else  DSA_SIG sig;  sig.r = (BIGNUM *)r;  sig.s = (BIGNUM *)s;  return dsa->meth->dsa_do_verify(ddata, dlen, &sig, dsa);#endif}

/* Unpack signature according to cryptopro rules  */DSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen){    DSA_SIG *sig;    BIGNUM *r = NULL, *s = NULL;    sig = DSA_SIG_new();    if (sig == NULL) {        GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);        return NULL;    }    s = BN_bin2bn(sigbuf, siglen / 2, NULL);    r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);		DSA_SIG_set0(sig, r, s);    return sig;}

DSA_SIG *DSA_SIG_parse(CBS *cbs) {  DSA_SIG *ret = DSA_SIG_new();  if (ret == NULL) {    return NULL;  }  CBS child;  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||      !parse_integer(&child, &ret->r) ||      !parse_integer(&child, &ret->s) ||      CBS_len(&child) != 0) {    OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);    DSA_SIG_free(ret);    return NULL;  }  return ret;}

/*! * /brief Finish the signing and write out the DSA signature. * /see rsa_sign_write */static int dsa_sign_write(const knot_dnssec_sign_context_t *context,                          uint8_t *signature){	assert(context);	assert(signature);	int result;	uint8_t *raw_signature;	size_t raw_signature_size;	result = any_sign_finish(context, &raw_signature, &raw_signature_size);	if (result != KNOT_EOK) {		return result;	}	// decode signature, X.509 Dss-Sig-Value (RFC2459)	DSA_SIG *decoded = DSA_SIG_new();	if (!decoded) {		free(raw_signature);		return KNOT_ENOMEM;	}	const uint8_t *decode_scan = raw_signature;	if (!d2i_DSA_SIG(&decoded, &decode_scan, (long)raw_signature_size)) {		DSA_SIG_free(decoded);		free(raw_signature);		return KNOT_DNSSEC_EDECODE_RAW_SIGNATURE;	}	free(raw_signature);	// convert to format defined by RFC 2536 (DSA keys and SIGs in DNS)	// T (1 byte), R (20 bytes), S (20 bytes)	uint8_t *signature_t = signature;	uint8_t *signature_r = signature + 21 - BN_num_bytes(decoded->r);	uint8_t *signature_s = signature + 41 - BN_num_bytes(decoded->s);	*signature_t = 0x00; //! /todo How to compute T? (Only recommended.)	BN_bn2bin(decoded->r, signature_r);	BN_bn2bin(decoded->s, signature_s);	DSA_SIG_free(decoded);	return KNOT_EOK;}

/*! * /brief Verify the DNSSEC signature for supplied data and DSA algorithm. * /see any_sign_verify */static int dsa_sign_verify(const knot_dnssec_sign_context_t *context,                           const uint8_t *signature, size_t signature_size){	assert(context);	assert(signature);	if (signature_size != dsa_sign_size(context->key)) {		return KNOT_EINVAL;	}	// see dsa_sign_write() for conversion details	// T (1 byte), R (20 bytes), S (20 bytes)	const uint8_t *signature_r = signature + 1;	const uint8_t *signature_s = signature + 21;	DSA_SIG *decoded = DSA_SIG_new();	if (!decoded) {		return KNOT_ENOMEM;	}	decoded->r = BN_bin2bn(signature_r, 20, decoded->r);	decoded->s = BN_bin2bn(signature_s, 20, decoded->s);	size_t max_size = EVP_PKEY_size(context->key->data->private_key);	uint8_t *raw_signature = malloc(max_size);	if (!raw_signature) {		DSA_SIG_free(decoded);		return KNOT_ENOMEM;	}	uint8_t *raw_write = raw_signature;	int raw_size = i2d_DSA_SIG(decoded, &raw_write);	if (raw_size < 0) {		free(raw_signature);		DSA_SIG_free(decoded);		return KNOT_DNSSEC_EDECODE_RAW_SIGNATURE;	}	assert(raw_write == raw_signature + raw_size);	int result = any_sign_verify(context, raw_signature, raw_size);	DSA_SIG_free(decoded);	free(raw_signature);	return result;}

static void check_license_signature(license_raw *lptr){    unsigned char message_digest[SHA_DIGEST_LENGTH];    SHA_CTX sha_ctx;    DSA *dsa = DSA_new();    SHA1_Init(&sha_ctx);    SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature));    SHA1_Final(message_digest, &sha_ctx);    dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL);    dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL);    dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL);    dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL);  // calculate the right len of the signiture  DSA_SIG *temp_sig=DSA_SIG_new();  int siglen = -1;  const unsigned char *data =lptr->dsa_signature;   if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){  	fprintf(stderr, "License signature verification failed: %s/n",	    ERR_error_string(ERR_get_error(), NULL));	  exit(EXIT_FAILURE);  }  unsigned char *tmp_buff= NULL;  siglen = i2d_DSA_SIG(temp_sig, &tmp_buff);  OPENSSL_cleanse(tmp_buff, siglen);	OPENSSL_free(tmp_buff);	DSA_SIG_free(temp_sig);    switch(DSA_verify(0, message_digest, sizeof(message_digest),        lptr->dsa_signature, siglen, dsa)) {    case 0:	fputs("License file is corrupted: invalid DSA signature./n", stderr);	exit(EXIT_FAILURE);    case 1:	break; /* valid signature */    default:	fprintf(stderr, "License signature verification failed: %s/n",	    ERR_error_string(ERR_get_error(), NULL));	exit(EXIT_FAILURE);    }    DSA_free(dsa);}

unsigned __ops_dsa_verify(const uint8_t *hash, size_t hash_length,	       const __ops_dsa_sig_t *sig,	       const __ops_dsa_pubkey_t *dsa){	unsigned	qlen;	DSA_SIG        *osig;	DSA            *odsa;	int             ret;	osig = DSA_SIG_new();	osig->r = sig->r;	osig->s = sig->s;	odsa = DSA_new();	odsa->p = dsa->p;	odsa->q = dsa->q;	odsa->g = dsa->g;	odsa->pub_key = dsa->y;	if (__ops_get_debug_level(__FILE__)) {		hexdump(stderr, "input hash", hash, hash_length);		(void) fprintf(stderr, "Q=%d/n", BN_num_bytes(odsa->q));	}	if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {		hash_length = qlen;	}	ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);	if (__ops_get_debug_level(__FILE__)) {		(void) fprintf(stderr, "ret=%d/n", ret);	}	if (ret < 0) {		(void) fprintf(stderr, "__ops_dsa_verify: DSA verification/n");		return 0;	}	odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;	DSA_free(odsa);	osig->r = osig->s = NULL;	DSA_SIG_free(osig);	return (unsigned)ret;}

/* verify */void DSASigner::verify(	const void 		*data, 	size_t 			dataLen,	const void		*sig,				size_t			sigLen){	bool 			throwSigVerify = false;	DSA_SIG 		*dsaSig = NULL;	CSSM_RETURN		crtn = CSSM_OK;	int					irtn;		if(mDsaKey == NULL) {		CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);	}	if(mDsaKey->pub_key == NULL) {		CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);	}	/* incoming sig is DER encoded....decode into internal format */	dsaSig = DSA_SIG_new();	crtn = DSASigDecode(dsaSig, sig, sigLen);	if(crtn) {		goto abort;	}	irtn = DSA_do_verify((unsigned char *)data, dataLen, dsaSig, mDsaKey);	if(irtn != 1) {		throwSigVerify = true;	}abort:	if(dsaSig != NULL) {		DSA_SIG_free(dsaSig);	}		if(throwSigVerify) {		clearOpensslErrors();		CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);	}	else if(crtn) {		CssmError::throwMe(crtn);	}}

static intxmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,                        const unsigned char *dgst, unsigned int dgst_len,                        const unsigned char *sigbuf, unsigned int siglen,                        void *dsa) {    DSA_SIG *s;    int ret = -1;    s = DSA_SIG_new();    if (s == NULL) {        return(ret);    }    if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {        xmlSecError(XMLSEC_ERRORS_HERE,                    NULL,                    NULL,                    XMLSEC_ERRORS_R_INVALID_SIZE,                    "invalid length %d (%d expected)",                    siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);        goto err;    }    s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);    s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),                       XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);    if((s->r == NULL) || (s->s == NULL)) {        xmlSecError(XMLSEC_ERRORS_HERE,                    NULL,                    "BN_bin2bn",                    XMLSEC_ERRORS_R_CRYPTO_FAILED,                    XMLSEC_ERRORS_NO_MESSAGE);        goto err;    }    ret = DSA_do_verify(dgst, dgst_len, s, dsa);err:    DSA_SIG_free(s);    return(ret);}

static int fips_dsa_verify(int type, const unsigned char *x, int y,	     const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)	{	DSA *dsa = sv->key;	DSA_SIG *s;	int ret=-1;	unsigned char dig[EVP_MAX_MD_SIZE];	unsigned int dlen;	s = DSA_SIG_new();	if (s == NULL)		return ret;	if (!FIPS_dsa_sig_decode(s,sigbuf,siglen))		goto err;        EVP_DigestFinal_ex(sv->mctx, dig, &dlen);	ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);	OPENSSL_cleanse(dig, dlen);err:	DSA_SIG_free(s);	return ret;	}

booldsa160_key::verify(byte_array const& digest, byte_array const& signature) const{    assert(type() != invalid);    assert(digest.size() == SHA256_DIGEST_LENGTH);    // The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits.    int digest_size = 160/8;    DSA_SIG *sig = DSA_SIG_new();    if (!sig)        return false;    byte_array_iwrap<flurry::iarchive> read(signature);    read.archive() >> sig->r >> sig->s; // @todo Check if there's more data in the signature, fail.    int rc = DSA_do_verify((const unsigned char*)digest.const_data(), digest_size, sig, dsa_);    DSA_SIG_free(sig);    return rc == 1;}