1 /*- 2 * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 #include "config.h" 26 27 #include <sys/types.h> 28 #include <sys/syslog.h> 29 30 #ifdef _KERNEL 31 # include <sys/kmem.h> 32 #else 33 # include <stdio.h> 34 # include <stdlib.h> 35 # include <string.h> 36 # include <unistd.h> 37 #endif 38 39 #include "misc.h" 40 #include "digest.h" 41 #include "rsa.h" 42 43 #ifndef USE_ARG 44 #define USE_ARG(x) /*LINTED*/(void)&(x) 45 #endif 46 47 #define RSA_MAX_MODULUS_BITS 16384 48 #define RSA_SMALL_MODULUS_BITS 3072 49 #define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ 50 51 static int 52 rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num) 53 { 54 USE_ARG(num); 55 if (flen > tlen) { 56 printf("r too large\n"); 57 return -1; 58 } 59 (void) memset(to, 0x0, tlen - flen); 60 (void) memcpy(to + tlen - flen, from, flen); 61 return tlen; 62 } 63 64 static int 65 lowlevel_rsa_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa) 66 { 67 BIGNUM *decbn; 68 BIGNUM *signedbn; 69 uint8_t *decbuf; 70 int nbytes; 71 int signc; 72 int signedbytes; 73 int r; 74 75 decbuf = NULL; 76 r = -1; 77 decbn = BN_new(); 78 signedbn = BN_new(); 79 nbytes = BN_num_bytes(rsa->n); 80 decbuf = netpgp_allocate(1, nbytes); 81 /* add no padding */ 82 memcpy(decbuf, plain, plainc); 83 BN_bin2bn(decbuf, nbytes, decbn); 84 if (BN_cmp(decbn, rsa->n) >= 0) { 85 printf("decbn too big\n"); 86 goto err; 87 } 88 if (!BN_mod_exp(signedbn, decbn, rsa->d, rsa->n, NULL)) { 89 printf("bad mod_exp\n"); 90 goto err; 91 } 92 signedbytes = BN_num_bytes(signedbn); 93 signc = BN_bn2bin(signedbn, &encbuf[nbytes - signedbytes]); 94 memset(encbuf, 0x0, nbytes - signc); 95 r = nbytes; 96 err: 97 netpgp_deallocate(decbuf, nbytes); 98 BN_clear_free(decbn); 99 BN_clear_free(signedbn); 100 return r; 101 } 102 103 static int 104 lowlevel_rsa_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa) 105 { 106 BIGNUM *decbn; 107 BIGNUM *encbn; 108 uint8_t *decbuf; 109 int nbytes; 110 int encc; 111 int r; 112 int i; 113 114 r = -1; 115 decbn = BN_new(); 116 encbn = BN_new(); 117 nbytes = BN_num_bytes(rsa->n); 118 decbuf = netpgp_allocate(1, nbytes); 119 (void) memcpy(decbuf, plain, plainc); 120 if (BN_bin2bn(decbuf, nbytes, decbn) == NULL) { 121 printf("bin2bn failed\n"); 122 goto err; 123 } 124 if (BN_cmp(decbn, rsa->n) >= 0) { 125 printf("BN_cmp failed\n"); 126 goto err; 127 } 128 if (!BN_mod_exp(encbn, decbn, rsa->e, rsa->n, NULL)) { 129 printf("BN_mod_exp failed\n"); 130 goto err; 131 } 132 encc = BN_num_bytes(encbn); 133 i = BN_bn2bin(encbn, &encbuf[nbytes - encc]); 134 (void) memset(encbuf, 0x0, nbytes - i); 135 r = nbytes; 136 err: 137 if (decbuf) { 138 memset(decbuf, 0x0, nbytes); 139 netpgp_deallocate(decbuf, nbytes); 140 } 141 BN_clear_free(decbn); 142 BN_clear_free(encbn); 143 return r; 144 } 145 146 static int 147 lowlevel_rsa_private_decrypt(int enclen, const unsigned char *encbuf, unsigned char *to, RSA *rsa) 148 { 149 BIGNUM *encbn; 150 BIGNUM *decbn; 151 uint8_t *buf; 152 int nbytes; 153 int j; 154 int r; 155 156 r = -1; 157 decbn = encbn = NULL; 158 buf = NULL; 159 if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { 160 return -1; 161 } 162 if (BN_cmp(rsa->n, rsa->e) <= 0) { 163 return -1; 164 } 165 encbn = BN_new(); 166 decbn = BN_new(); 167 nbytes = BN_num_bytes(rsa->n); 168 buf = netpgp_allocate(1, nbytes); 169 if (enclen > nbytes) { 170 printf("bad enclen\n"); 171 goto err; 172 } 173 BN_bin2bn(encbuf, enclen, encbn); 174 if (BN_cmp(encbn, rsa->n) >= 0) { 175 printf("bad encbn\n"); 176 goto err; 177 } 178 BN_mod_exp(decbn, encbn, rsa->d, rsa->n, NULL); 179 j = BN_bn2bin(decbn, buf); 180 r = rsa_padding_check_none(to, nbytes, buf, j, nbytes); 181 err: 182 BN_clear_free(encbn); 183 BN_clear_free(decbn); 184 netpgp_deallocate(buf, nbytes); 185 return r; 186 } 187 188 static int 189 lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa) 190 { 191 uint8_t *decbuf; 192 BIGNUM *decbn; 193 BIGNUM *encbn; 194 int decbytes; 195 int nbytes; 196 int r; 197 198 nbytes = 0; 199 r = -1; 200 decbuf = NULL; 201 decbn = encbn = NULL; 202 if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { 203 printf("rsa r modulus too large\n"); 204 goto err; 205 } 206 if (BN_cmp(rsa->n, rsa->e) <= 0) { 207 printf("rsa r bad n value\n"); 208 goto err; 209 } 210 if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS && 211 BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) { 212 printf("rsa r bad exponent limit\n"); 213 goto err; 214 } 215 if ((encbn = BN_new()) == NULL || 216 (decbn = BN_new()) == NULL || 217 (decbuf = netpgp_allocate(1, nbytes = BN_num_bytes(rsa->n))) == NULL) { 218 printf("allocation failure\n"); 219 goto err; 220 } 221 if (enclen > nbytes) { 222 printf("rsa r > mod len\n"); 223 goto err; 224 } 225 if (BN_bin2bn(encbuf, enclen, encbn) == NULL) { 226 printf("null encrypted BN\n"); 227 goto err; 228 } 229 if (BN_cmp(encbn, rsa->n) >= 0) { 230 printf("rsa r data too large for modulus\n"); 231 goto err; 232 } 233 if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) { 234 printf("BN_mod_exp < 0\n"); 235 goto err; 236 } 237 decbytes = BN_num_bytes(decbn); 238 (void) BN_bn2bin(decbn, decbuf); 239 if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) { 240 printf("rsa r padding check failed\n"); 241 } 242 err: 243 BN_free(encbn); 244 BN_free(decbn); 245 if (decbuf != NULL) { 246 (void) memset(decbuf, 0x0, nbytes); 247 netpgp_deallocate(decbuf, nbytes); 248 } 249 return r; 250 } 251 252 #if 0 253 /** 254 @file rsa_make_key.c 255 RSA key generation, Tom St Denis 256 */ 257 258 /** 259 Create an RSA key 260 @param prng An active PRNG state 261 @param wprng The index of the PRNG desired 262 @param size The size of the modulus (key size) desired (octets) 263 @param e The "e" value (public key). e==65537 is a good choice 264 @param key [out] Destination of a newly created private key pair 265 @return CRYPT_OK if successful, upon error all allocated ram is freed 266 */ 267 static int 268 rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) 269 { 270 void *p, *q, *tmp1, *tmp2, *tmp3; 271 int err; 272 273 LTC_ARGCHK(ltc_mp.name != NULL); 274 LTC_ARGCHK(key != NULL); 275 276 if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { 277 return CRYPT_INVALID_KEYSIZE; 278 } 279 280 if ((e < 3) || ((e & 1) == 0)) { 281 return CRYPT_INVALID_ARG; 282 } 283 284 if ((err = prng_is_valid(wprng)) != CRYPT_OK) { 285 return err; 286 } 287 288 if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { 289 return err; 290 } 291 292 /* make primes p and q (optimization provided by Wayne Scott) */ 293 /* tmp3 = e */ 294 if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) { 295 goto errkey; 296 } 297 298 /* make prime "p" */ 299 do { 300 if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { 301 goto errkey; 302 } 303 /* tmp1 = p-1 */ 304 if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { 305 goto errkey; 306 } 307 /* tmp2 = gcd(p-1, e) */ 308 if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { 309 goto errkey; 310 } 311 } while (mp_cmp_d( tmp2, 1) != 0); 312 /* while e divides p-1 */ 313 314 /* make prime "q" */ 315 do { 316 if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { 317 goto errkey; 318 } 319 /* tmp1 = q-1 */ 320 if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { 321 goto errkey; 322 } 323 /* tmp2 = gcd(q-1, e) */ 324 if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { 325 goto errkey; 326 } 327 } while (mp_cmp_d( tmp2, 1) != 0); 328 /* while e divides q-1 */ 329 330 /* tmp1 = lcm(p-1, q-1) */ 331 /* tmp2 = p-1 */ 332 if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { 333 goto errkey; 334 } 335 /* tmp1 = q-1 (previous do/while loop) */ 336 /* tmp1 = lcm(p-1, q-1) */ 337 if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { 338 goto errkey; 339 } 340 341 /* make key */ 342 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { 343 goto errkey; 344 } 345 346 /* key->e = e */ 347 if ((err = mp_set_int( key->e, e)) != CRYPT_OK) { 348 goto errkey; 349 } 350 /* key->d = 1/e mod lcm(p-1,q-1) */ 351 if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { 352 goto errkey; 353 } 354 /* key->N = pq */ 355 if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { 356 goto errkey; 357 } 358 359 /* optimize for CRT now */ 360 /* find d mod q-1 and d mod p-1 */ 361 /* tmp1 = q-1 */ 362 if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { 363 goto errkey; 364 } 365 /* tmp2 = p-1 */ 366 if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { 367 goto errkey; 368 } 369 /* dP = d mod p-1 */ 370 if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { 371 goto errkey; 372 } 373 /* dQ = d mod q-1 */ 374 if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { 375 goto errkey; 376 } 377 /* qP = 1/q mod p */ 378 if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { 379 got oerrkey; 380 } 381 382 if ((err = mp_copy( p, key->p)) != CRYPT_OK) { 383 goto errkey; 384 } 385 if ((err = mp_copy( q, key->q)) != CRYPT_OK) { 386 goto errkey; 387 } 388 389 /* set key type (in this case it's CRT optimized) */ 390 key->type = PK_PRIVATE; 391 392 /* return ok and free temps */ 393 err = CRYPT_OK; 394 goto cleanup; 395 errkey: 396 mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); 397 cleanup: 398 mp_clear_multi(tmp3, tmp2, tmp1, p, q, NULL); 399 return err; 400 } 401 #endif 402 403 #define HASHBUF_LEN 512 404 405 #define DSA_MAX_MODULUS_BITS 10000 406 407 static int 408 dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig, mpi_dsa_t *dsa) 409 { 410 BIGNUM *M; 411 BIGNUM *W; 412 BIGNUM *t1; 413 int ret = -1; 414 int qbits; 415 416 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { 417 return 0; 418 } 419 M = W = t1 = NULL; 420 qbits = BN_num_bits(dsa->q); 421 switch(qbits) { 422 case 160: 423 case 224: 424 case 256: 425 /* openssl sources say these are the valid values */ 426 /* according to FIPS 186-3 */ 427 break; 428 default: 429 printf("dsa: bad # of Q bits\n"); 430 return 0; 431 } 432 if (BN_num_bits(dsa->p) > DSA_MAX_MODULUS_BITS) { 433 printf("dsa: p too large\n"); 434 return 0; 435 } 436 /* no love for SHA512? */ 437 if (dgst_len > SHA256_DIGEST_LENGTH) { 438 printf("dsa: digest too long\n"); 439 return 0; 440 } 441 ret = 0; 442 if ((M = BN_new()) == NULL || 443 (W = BN_new()) == NULL || 444 (t1 = BN_new()) == NULL) { 445 goto err; 446 } 447 if (BN_is_zero(sig->r) || 448 BN_is_negative(sig->r) || 449 BN_cmp(sig->r, dsa->q) >= 0) { 450 goto err; 451 } 452 if (BN_is_zero(sig->s) || 453 BN_is_negative(sig->s) || 454 BN_cmp(sig->s, dsa->q) >= 0) { 455 goto err; 456 } 457 if (BN_mod_inverse(W, sig->s, dsa->q, NULL) != MP_OKAY) { 458 goto err; 459 } 460 if (dgst_len > qbits / 8) { 461 dgst_len = qbits / 8; 462 } 463 if (BN_bin2bn(calculated, dgst_len, M) == NULL) { 464 goto err; 465 } 466 if (!BN_mod_mul(M, M, W, dsa->q, NULL)) { 467 goto err; 468 } 469 if (!BN_mod_mul(W, sig->r, W, dsa->q, NULL)) { 470 goto err; 471 } 472 if (!BN_mod_exp(dsa->p, t1, dsa->g, M, NULL)) { 473 goto err; 474 } 475 if (!BN_div(NULL, M, t1, dsa->q, NULL)) { 476 goto err; 477 } 478 ret = (BN_cmp(M, sig->r) == 0); 479 err: 480 if (M) { 481 BN_free(M); 482 } 483 if (W) { 484 BN_free(W); 485 } 486 if (t1) { 487 BN_free(t1); 488 } 489 return ret; 490 } 491 492 /*************************************************************************/ 493 494 int 495 RSA_size(const RSA *rsa) 496 { 497 return (rsa == NULL) ? 0 : BN_num_bits(rsa->n); 498 } 499 500 int 501 DSA_size(const DSA *dsa) 502 { 503 return (dsa == NULL) ? 0 : BN_num_bits(dsa->p); 504 } 505 506 unsigned 507 dsa_verify(const signature_t *signature, const dsa_pubkey_t *pubdsa, const uint8_t *calculated, size_t hash_length) 508 { 509 mpi_dsa_t odsa; 510 dsasig_t osig; 511 unsigned qlen; 512 int ret; 513 514 if (signature == NULL || pubdsa == NULL || calculated == NULL) { 515 return -1; 516 } 517 (void) memset(&osig, 0x0, sizeof(osig)); 518 (void) memset(&odsa, 0x0, sizeof(odsa)); 519 BN_copy(osig.r, signature->dsa.r); 520 BN_copy(osig.s, signature->dsa.s); 521 odsa.p = pubdsa->p; 522 odsa.q = pubdsa->q; 523 odsa.g = pubdsa->g; 524 odsa.pub_key = pubdsa->y; 525 if ((qlen = BN_num_bytes(odsa.q)) < hash_length) { 526 hash_length = qlen; 527 } 528 ret = dsa_do_verify(calculated, (int)hash_length, &signature->dsa, &odsa); 529 if (ret < 0) { 530 return 0; 531 } 532 BN_free(odsa.p); 533 BN_free(odsa.q); 534 BN_free(odsa.g); 535 BN_free(odsa.pub_key); 536 odsa.p = odsa.q = odsa.g = odsa.pub_key = NULL; 537 BN_free(osig.r); 538 BN_free(osig.s); 539 osig.r = osig.s = NULL; 540 return (unsigned)ret; 541 } 542 543 RSA * 544 RSA_new(void) 545 { 546 return netpgp_allocate(1, sizeof(RSA)); 547 } 548 549 void 550 RSA_free(RSA *rsa) 551 { 552 if (rsa) { 553 netpgp_deallocate(rsa, sizeof(*rsa)); 554 } 555 } 556 557 int 558 RSA_check_key(RSA *rsa) 559 { 560 BIGNUM *calcn; 561 int ret; 562 563 ret = 0; 564 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->n == NULL) { 565 return -1; 566 } 567 /* check that p and q are coprime, and that n = p*q. */ 568 if (!BN_is_prime(rsa->p, 1, NULL, NULL, NULL) || 569 !BN_is_prime(rsa->q, 1, NULL, NULL, NULL)) { 570 return 0; 571 } 572 calcn = BN_new(); 573 BN_mul(calcn, rsa->p, rsa->q, NULL); 574 if (BN_cmp(calcn, rsa->n) != 0) { 575 goto errout; 576 } 577 /* XXX - check that d*e = 1 mod (p-1*q-1) */ 578 ret = 1; 579 errout: 580 BN_clear_free(calcn); 581 return ret; 582 } 583 584 RSA * 585 RSA_generate_key(int num, unsigned long e, void (*callback)(int,int,void *), void *cb_arg) 586 { 587 /* STUBBED */ 588 USE_ARG(num); 589 USE_ARG(e); 590 USE_ARG(callback); 591 USE_ARG(cb_arg); 592 printf("RSA_generate_key stubbed\n"); 593 return RSA_new(); 594 } 595 596 /* encrypt */ 597 int 598 RSA_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding) 599 { 600 USE_ARG(padding); 601 if (plain == NULL || encbuf == NULL || rsa == NULL) { 602 return -1; 603 } 604 return lowlevel_rsa_public_encrypt(plainc, plain, encbuf, rsa); 605 } 606 607 /* decrypt */ 608 int 609 RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) 610 { 611 USE_ARG(padding); 612 if (from == NULL || to == NULL || rsa == NULL) { 613 return -1; 614 } 615 return lowlevel_rsa_private_decrypt(flen, from, to, rsa); 616 } 617 618 /* sign */ 619 int 620 RSA_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding) 621 { 622 USE_ARG(padding); 623 if (plain == NULL || encbuf == NULL || rsa == NULL) { 624 return -1; 625 } 626 return lowlevel_rsa_private_encrypt(plainc, plain, encbuf, rsa); 627 } 628 629 /* verify */ 630 int 631 RSA_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding) 632 { 633 rsa_pubkey_t pub; 634 int ret; 635 636 if (enc == NULL || dec == NULL || rsa == NULL) { 637 return 0; 638 } 639 USE_ARG(padding); 640 (void) memset(&pub, 0x0, sizeof(pub)); 641 pub.n = BN_dup(rsa->n); 642 pub.e = BN_dup(rsa->e); 643 ret = lowlevel_rsa_public_decrypt(enc, enclen, dec, &pub); 644 BN_free(pub.n); 645 BN_free(pub.e); 646 return ret; 647 } 648 649 /***********************************************************************/ 650 651 DSA * 652 DSA_new(void) 653 { 654 return netpgp_allocate(1, sizeof(DSA)); 655 } 656 657 void 658 DSA_free(DSA *dsa) 659 { 660 if (dsa) { 661 netpgp_deallocate(dsa, sizeof(*dsa)); 662 } 663 } 664 665 DSA_SIG * 666 DSA_SIG_new(void) 667 { 668 return netpgp_allocate(1, sizeof(DSA_SIG)); 669 } 670 671 void 672 DSA_SIG_free(DSA_SIG *sig) 673 { 674 if (sig) { 675 netpgp_deallocate(sig, sizeof(*sig)); 676 } 677 } 678 679 DSA_SIG * 680 DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 681 { 682 /* STUBBED */ 683 USE_ARG(dgst); 684 USE_ARG(dlen); 685 USE_ARG(dsa); 686 printf("DSA_do_sign stubbed\n"); 687 return DSA_SIG_new(); 688 } 689 690 int 691 DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) 692 { 693 if (dgst == NULL || dgst_len == 0 || sig == NULL || dsa == NULL) { 694 return -1; 695 } 696 return dsa_do_verify(dgst, dgst_len, sig, dsa); 697 } 698