--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * RSA_DSA_utils.cpp
+ */
+
+#include "RSA_DSA_utils.h"
+#include "RSA_DSA_keys.h"
+#include <opensslUtils/opensslAsn1.h>
+#include <opensslUtils/opensslUtils.h>
+#include <security_utilities/logging.h>
+#include <security_utilities/debugging.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <security_utilities/simpleprefs.h>
+#include <security_utilities/threading.h>
+#include <security_utilities/globalizer.h>
+#include <CoreFoundation/CFNumber.h>
+
+#define rsaMiscDebug(args...) secdebug("rsaMisc", ## args)
+
+/*
+ * Obtain and cache max key sizes. System preferences only consulted
+ * at most once per process.
+ */
+
+/*
+ * Do dictionary lookup, convert possible CFNumber to uint32.
+ * Does not alter val if valid number is not found.
+ */
+static void rsaLookupVal(
+ Dictionary &prefs,
+ CFStringRef key,
+ uint32 &val)
+{
+ CFNumberRef cfVal = (CFNumberRef)prefs.getValue(key);
+ if(cfVal == NULL) {
+ return;
+ }
+ if(CFGetTypeID(cfVal) != CFNumberGetTypeID()) {
+ return;
+ }
+
+ /* ensure the number is positive, not relying on gcc 64-bit arithmetic */
+ SInt32 s32 = 0;
+ CFNumberRef cfLimit = CFNumberCreate(NULL, kCFNumberSInt32Type, &s32);
+ CFComparisonResult result = CFNumberCompare(cfVal, cfLimit, NULL);
+ CFRelease(cfLimit);
+ if(result == kCFCompareLessThan) {
+ /* negative value in preference */
+ return;
+ }
+
+ /* ensure the number fits in 31 bits (the useful size of a SInt32 for us) */
+ s32 = 0x7fffffff;
+ cfLimit = CFNumberCreate(NULL, kCFNumberSInt32Type, &s32);
+ result = CFNumberCompare(cfVal, cfLimit, NULL);
+ CFRelease(cfLimit);
+ if(result == kCFCompareGreaterThan) {
+ /* too large; discard it */
+ return;
+ }
+ SInt64 s64;
+ if(!CFNumberGetValue(cfVal, kCFNumberSInt64Type, &s64)) {
+ /* impossible, right? We already range checked */
+ return;
+ }
+ val = (uint32)s64;
+}
+
+struct RSAKeySizes {
+ uint32 maxKeySize;
+ uint32 maxPubExponentSize;
+ RSAKeySizes();
+};
+
+/* one-time only prefs lookup */
+RSAKeySizes::RSAKeySizes()
+{
+ /* set defaults, these might get overridden */
+ maxKeySize = RSA_MAX_KEY_SIZE;
+ maxPubExponentSize = RSA_MAX_PUB_EXPONENT_SIZE;
+
+ /* now see if there are prefs set for either of these */
+ Dictionary* d = Dictionary::CreateDictionary(kRSAKeySizePrefsDomain, Dictionary::US_System, true);
+ if (!d)
+ {
+ return;
+ }
+
+ if (d->dict())
+ {
+ auto_ptr<Dictionary>apd(d);
+ rsaLookupVal(*apd, kRSAMaxKeySizePref, maxKeySize);
+ rsaLookupVal(*apd, kRSAMaxPublicExponentPref, maxPubExponentSize);
+ }
+ else
+ {
+ delete d;
+ }
+}
+
+static ModuleNexus<RSAKeySizes> rsaKeySizes;
+
+/*
+ * Public functions to obtain the currently configured max sizes of
+ * RSA key and public exponent.
+ */
+uint32 rsaMaxKeySize()
+{
+ return rsaKeySizes().maxKeySize;
+}
+
+uint32 rsaMaxPubExponentSize()
+{
+ return rsaKeySizes().maxPubExponentSize;
+}
+
+/*
+ * Given a Context:
+ * -- obtain CSSM key (there must only be one)
+ * -- validate keyClass
+ * -- validate keyUsage
+ * -- convert to RSA *, allocating the RSA key if necessary
+ */
+RSA *contextToRsaKey(
+ const Context &context,
+ AppleCSPSession &session,
+ CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY
+ CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
+ bool &mallocdKey, // RETURNED
+ CSSM_DATA &label) // mallocd and RETURNED for OAEP
+{
+ CssmKey &cssmKey =
+ context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
+ const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader;
+ if(hdr.AlgorithmId != CSSM_ALGID_RSA) {
+ CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
+ }
+ if(hdr.KeyClass != keyClass) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+ cspValidateIntendedKeyUsage(&hdr, usage);
+ cspVerifyKeyTimes(hdr);
+ return cssmKeyToRsa(cssmKey, session, mallocdKey, label);
+}
+/*
+ * Convert a CssmKey to an RSA * key. May result in the creation of a new
+ * RSA (when cssmKey is a raw key); allocdKey is true in that case
+ * in which case the caller generally has to free the allocd key).
+ */
+RSA *cssmKeyToRsa(
+ const CssmKey &cssmKey,
+ AppleCSPSession &session,
+ bool &allocdKey, // RETURNED
+ CSSM_DATA &label) // mallocd and RETURNED for OAEP
+{
+ RSA *rsaKey = NULL;
+ allocdKey = false;
+
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+ if(hdr->AlgorithmId != CSSM_ALGID_RSA) {
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ switch(hdr->BlobType) {
+ case CSSM_KEYBLOB_RAW:
+ rsaKey = rawCssmKeyToRsa(cssmKey, label);
+ allocdKey = true;
+ break;
+ case CSSM_KEYBLOB_REFERENCE:
+ {
+ BinaryKey &binKey = session.lookupRefKey(cssmKey);
+ RSABinaryKey *rsaBinKey = dynamic_cast<RSABinaryKey *>(&binKey);
+ /* this cast failing means that this is some other
+ * kind of binary key */
+ if(rsaBinKey == NULL) {
+ rsaMiscDebug("cssmKeyToRsa: wrong BinaryKey subclass\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
+ }
+ assert(rsaBinKey->mRsaKey != NULL);
+ rsaKey = rsaBinKey->mRsaKey;
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
+ }
+ return rsaKey;
+}
+
+/*
+ * Convert a raw CssmKey to a newly alloc'd RSA key.
+ */
+RSA *rawCssmKeyToRsa(
+ const CssmKey &cssmKey,
+ CSSM_DATA &label) // mallocd and RETURNED for OAEP keys
+{
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+ bool isPub;
+ bool isOaep = false;
+
+ assert(hdr->BlobType == CSSM_KEYBLOB_RAW);
+
+ switch(hdr->AlgorithmId) {
+ case CSSM_ALGID_RSA:
+ break;
+ case CSSM_ALGMODE_PKCS1_EME_OAEP:
+ isOaep = true;
+ break;
+ default:
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+
+ /* validate and figure out what we're dealing with */
+ switch(hdr->KeyClass) {
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ switch(hdr->Format) {
+ case CSSM_KEYBLOB_RAW_FORMAT_PKCS1:
+ case CSSM_KEYBLOB_RAW_FORMAT_X509:
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2:
+ break;
+ default:
+ CssmError::throwMe(
+ CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
+ }
+ if(isOaep && (hdr->Format != CSSM_KEYBLOB_RAW_FORMAT_X509)) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
+ }
+ isPub = true;
+ break;
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ switch(hdr->Format) {
+ case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: // default
+ case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: // openssl style
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
+ break;
+ default:
+ CssmError::throwMe(
+ CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
+ }
+ if(isOaep && (hdr->Format != CSSM_KEYBLOB_RAW_FORMAT_PKCS8)) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
+ }
+ isPub = false;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+
+ RSA *rsaKey = RSA_new();
+ if(rsaKey == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ CSSM_RETURN crtn;
+ if(isOaep) {
+ if(isPub) {
+ crtn = RSAOAEPPublicKeyDecode(rsaKey,
+ cssmKey.KeyData.Data, cssmKey.KeyData.Length,
+ &label);
+ }
+ else {
+ crtn = RSAOAEPPrivateKeyDecode(rsaKey,
+ cssmKey.KeyData.Data, cssmKey.KeyData.Length,
+ &label);
+ }
+ }
+ else {
+ if(isPub) {
+ crtn = RSAPublicKeyDecode(rsaKey, hdr->Format,
+ cssmKey.KeyData.Data, cssmKey.KeyData.Length);
+ }
+ else {
+ crtn = RSAPrivateKeyDecode(rsaKey, hdr->Format,
+ cssmKey.KeyData.Data, cssmKey.KeyData.Length);
+ }
+ }
+ if(crtn) {
+ RSA_free(rsaKey);
+ CssmError::throwMe(crtn);
+ }
+
+ /* enforce max key size and max public exponent size */
+ bool badKey = false;
+ uint32 keySize = RSA_size(rsaKey) * 8;
+ if(keySize > rsaMaxKeySize()) {
+ rsaMiscDebug("rawCssmKeyToRsa: key size exceeded");
+ badKey = true;
+ }
+ else {
+ keySize = BN_num_bytes(rsaKey->e) * 8;
+ if(keySize > rsaMaxPubExponentSize()) {
+ badKey = true;
+ rsaMiscDebug("rawCssmKeyToRsa: pub exponent size exceeded");
+ }
+ }
+ if(badKey) {
+ RSA_free(rsaKey);
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);
+ }
+ return rsaKey;
+}
+
+/*
+ * Given a partially formed DSA public key (with no p, q, or g) and a
+ * CssmKey representing a supposedly fully-formed DSA key, populate
+ * the public key's p, g, and q with values from the fully formed key.
+ */
+CSSM_RETURN dsaGetParamsFromKey(
+ DSA *partialKey,
+ const CssmKey ¶mKey,
+ AppleCSPSession &session)
+{
+ bool allocdKey;
+ DSA *dsaParamKey = cssmKeyToDsa(paramKey, session, allocdKey);
+ if(dsaParamKey == NULL) {
+ errorLog0("dsaGetParamsFromKey: bad paramKey\n");
+ return CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE;
+ }
+ CSSM_RETURN crtn = CSSM_OK;
+
+ /* require fully formed other key of course... */
+ if((dsaParamKey->p == NULL) ||
+ (dsaParamKey->q == NULL) ||
+ (dsaParamKey->g == NULL)) {
+ errorLog0("dsaGetParamsFromKey: incomplete paramKey\n");
+ crtn = CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE;
+ goto abort;
+ }
+ rsaMiscDebug("dsaGetParamsFromKey: partialKey %p paramKey %p",
+ partialKey, dsaParamKey);
+
+ partialKey->q = BN_dup(dsaParamKey->q);
+ partialKey->p = BN_dup(dsaParamKey->p);
+ partialKey->g = BN_dup(dsaParamKey->g);
+
+abort:
+ if(allocdKey) {
+ DSA_free(dsaParamKey);
+ }
+ return crtn;
+}
+
+/*
+ * Given a Context:
+ * -- obtain CSSM key (there must only be one)
+ * -- validate keyClass
+ * -- validate keyUsage
+ * -- convert to DSA *, allocating the DSA key if necessary
+ */
+DSA *contextToDsaKey(
+ const Context &context,
+ AppleCSPSession &session,
+ CSSM_KEYCLASS keyClass, // CSSM_KEYCLASS_{PUBLIC,PRIVATE}_KEY
+ CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
+ bool &mallocdKey) // RETURNED
+{
+ CssmKey &cssmKey =
+ context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
+ const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader;
+ if(hdr.AlgorithmId != CSSM_ALGID_DSA) {
+ CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
+ }
+ if(hdr.KeyClass != keyClass) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+ cspValidateIntendedKeyUsage(&hdr, usage);
+ cspVerifyKeyTimes(hdr);
+ DSA *rtnDsa = cssmKeyToDsa(cssmKey, session, mallocdKey);
+ if((keyClass == CSSM_KEYCLASS_PUBLIC_KEY) &&
+ (rtnDsa->p == NULL)) {
+ /*
+ * Special case: this specific key is only partially formed;
+ * it's missing the DSA parameters p, g, and q. To proceed with this
+ * key, the caller must pass in another fully formned DSA public key
+ * in raw form in the context. If it's there we use those parameters.
+ */
+ rsaMiscDebug("contextToDsaKey; partial DSA key %p", rtnDsa);
+ CssmKey *paramKey = context.get<CssmKey>(CSSM_ATTRIBUTE_PARAM_KEY);
+ if(paramKey == NULL) {
+ rsaMiscDebug("contextToDsaKey: missing DSA params, no pub key in "
+ "context");
+ if(mallocdKey) {
+ DSA_free(rtnDsa);
+ mallocdKey = false;
+ }
+ CssmError::throwMe(CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE);
+ }
+
+ /*
+ * If this is a ref key, we have to cook up a new DSA key to
+ * avoid modifying the existing key. If we started with a raw key,
+ * we can modify it directly since the underlying DSA key has
+ * a lifetime only as long as this context (and since the context
+ * contains the parameter-bearing key, the params are valid
+ * as long as the DSA key).
+ */
+ if(!mallocdKey) {
+ DSA *existKey = rtnDsa;
+ rtnDsa = DSA_new();
+ if(rtnDsa == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ rtnDsa->pub_key = BN_dup(existKey->pub_key);
+ rsaMiscDebug("contextToDsaKey; temp partial copy %p", rtnDsa);
+ mallocdKey = true;
+ }
+
+ /*
+ * Add params from paramKey into rtnDsa
+ */
+ CSSM_RETURN crtn = dsaGetParamsFromKey(rtnDsa, *paramKey, session);
+ if(crtn) {
+ if(mallocdKey) {
+ DSA_free(rtnDsa);
+ mallocdKey = false;
+ }
+ CssmError::throwMe(crtn);
+ }
+ }
+ return rtnDsa;
+}
+
+/*
+ * Convert a CssmKey to an DSA * key. May result in the creation of a new
+ * DSA (when cssmKey is a raw key); allocdKey is true in that case
+ * in which case the caller generally has to free the allocd key).
+ */
+DSA *cssmKeyToDsa(
+ const CssmKey &cssmKey,
+ AppleCSPSession &session,
+ bool &allocdKey) // RETURNED
+{
+ DSA *dsaKey = NULL;
+ allocdKey = false;
+
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+ if(hdr->AlgorithmId != CSSM_ALGID_DSA) {
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ switch(hdr->BlobType) {
+ case CSSM_KEYBLOB_RAW:
+ dsaKey = rawCssmKeyToDsa(cssmKey, session, NULL);
+ allocdKey = true;
+ break;
+ case CSSM_KEYBLOB_REFERENCE:
+ {
+ BinaryKey &binKey = session.lookupRefKey(cssmKey);
+ DSABinaryKey *dsaBinKey = dynamic_cast<DSABinaryKey *>(&binKey);
+ /* this cast failing means that this is some other
+ * kind of binary key */
+ if(dsaBinKey == NULL) {
+ rsaMiscDebug("cssmKeyToDsa: wrong BinaryKey subclass\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
+ }
+ assert(dsaBinKey->mDsaKey != NULL);
+ dsaKey = dsaBinKey->mDsaKey;
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
+ }
+ return dsaKey;
+}
+
+/*
+ * Convert a raw CssmKey to a newly alloc'd DSA key.
+ */
+DSA *rawCssmKeyToDsa(
+ const CssmKey &cssmKey,
+ AppleCSPSession &session,
+ const CssmKey *paramKey) // optional
+{
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+ bool isPub;
+
+ assert(hdr->BlobType == CSSM_KEYBLOB_RAW);
+
+ if(hdr->AlgorithmId != CSSM_ALGID_DSA) {
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ /* validate and figure out what we're dealing with */
+ switch(hdr->KeyClass) {
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ switch(hdr->Format) {
+ case CSSM_KEYBLOB_RAW_FORMAT_FIPS186:
+ case CSSM_KEYBLOB_RAW_FORMAT_X509:
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2:
+ break;
+ default:
+ CssmError::throwMe(
+ CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT);
+ }
+ isPub = true;
+ break;
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ switch(hdr->Format) {
+ case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: // default
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL: // openssl style
+ case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: // SMIME style
+ break;
+ /* openssh real soon now */
+ case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH:
+ default:
+ CssmError::throwMe(
+ CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
+ }
+ isPub = false;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+
+ CSSM_RETURN crtn;
+ DSA *dsaKey = DSA_new();
+
+ if (dsaKey == NULL) {
+ crtn = CSSMERR_CSP_MEMORY_ERROR;
+ }
+ else {
+ if(dsaKey == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ if(isPub) {
+ crtn = DSAPublicKeyDecode(dsaKey, hdr->Format,
+ cssmKey.KeyData.Data,
+ cssmKey.KeyData.Length);
+ }
+ else {
+ crtn = DSAPrivateKeyDecode(dsaKey, hdr->Format,
+ cssmKey.KeyData.Data,
+ cssmKey.KeyData.Length);
+ }
+ }
+
+ if(crtn) {
+ if (dsaKey != NULL) {
+ DSA_free(dsaKey);
+ }
+
+ CssmError::throwMe(crtn);
+ }
+ /*
+ * Add in optional external parameters if this is not fully formed.
+ * This path is only taken from DSAKeyInfoProvider::CssmKeyToBinary,
+ * e.g., when doing a NULL unwrap of a partially formed DSA public
+ * key with the "complete the key with these params" option.
+ */
+ if(isPub && (dsaKey->p == NULL) && (paramKey != NULL)) {
+ rsaMiscDebug("rawCssmKeyToDsa; updating dsaKey %p", dsaKey);
+ crtn = dsaGetParamsFromKey(dsaKey, *paramKey, session);
+ if(crtn) {
+ DSA_free(dsaKey);
+ CssmError::throwMe(crtn);
+ }
+ }
+
+ if(dsaKey->p != NULL) {
+ /* avoid use of provided DSA key which exceeds the max size */
+ uint32 keySize = BN_num_bits(dsaKey->p);
+ if(keySize > DSA_MAX_KEY_SIZE) {
+ DSA_free(dsaKey);
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);
+ }
+ }
+ return dsaKey;
+}
+
+/*
+ * Given a DSA private key, calculate its public component if it
+ * doesn't already exist. Used for calculating the key digest of
+ * an incoming raw private key.
+ */
+void dsaKeyPrivToPub(
+ DSA *dsaKey)
+{
+ assert(dsaKey != NULL);
+ assert(dsaKey->priv_key != NULL);
+
+ if(dsaKey->pub_key != NULL) {
+ return;
+ }
+
+ /* logic copied from DSA_generate_key() */
+ dsaKey->pub_key = BN_new();
+ if(dsaKey->pub_key == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ BN_CTX *ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ int rtn = BN_mod_exp(dsaKey->pub_key,
+ dsaKey->g,
+ dsaKey->priv_key,
+ dsaKey->p,
+ ctx);
+ BN_CTX_free(ctx);
+ if(rtn == 0) {
+ CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
+ }
+}
projects / apple / security.git / blobdiff