X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/9c6214334f866ab91173df992180e168c17f904d..7f266ffb0159bb122309f788a5cbcf6b2a3a4342:/sshdss.c

diff --git a/sshdss.c b/sshdss.c
index 1bdaed5d..15b97ba1 100644
--- a/sshdss.c
+++ b/sshdss.c
@@ -16,7 +16,6 @@
     (cp)[3] = (unsigned char)(value); }
 
 #if 0
-#define DEBUG_DSS
 /*
  * Condition this section in for debugging of DSS.
  */
@@ -34,6 +33,7 @@ static void diagbn(char *prefix, Bignum md) {
 
     if (prefix) putchar('\n');
 }
+#define DEBUG_DSS
 #else
 #define diagbn(x,y)
 #endif
@@ -188,9 +188,9 @@ static char *dss_fingerprint(void) {
 
 static int dss_verifysig(char *sig, int siglen, char *data, int datalen) {
     char *p;
-    int i, slen;
+    int slen;
     char hash[20];
-    Bignum qm2, r, s, w, i1, i2, i3, u1, u2, sha, v;
+    Bignum r, s, w, gu1p, yu2p, gu1yu2p, u1, u2, sha, v;
     int ret;
 
     if (!dss_p)
@@ -237,46 +237,34 @@ static int dss_verifysig(char *sig, int siglen, char *data, int datalen) {
     /*
      * Step 1. w <- s^-1 mod q.
      */
-    w = newbn(dss_q[0]);
-    qm2 = copybn(dss_q);
-    decbn(qm2); decbn(qm2);
-    diagbn("qm2=", qm2);
-    /* Now qm2 is q-2, and by Fermat's Little Theorem, s^qm2 == s^-1 (mod q).
-     * This is a silly way to do it; may fix it later. */
-    modpow(s, qm2, dss_q, w);
+    w = modinv(s, dss_q);
     diagbn("w=", w);
 
     /*
      * Step 2. u1 <- SHA(message) * w mod q.
      */
-    u1 = newbn(dss_q[0]);
     SHA_Simple(data, datalen, hash);
     p = hash; slen = 20; sha = get160(&p, &slen);
     diagbn("sha=", sha);
-    modmul(sha, w, dss_q, u1);
+    u1 = modmul(sha, w, dss_q);
     diagbn("u1=", u1);
 
     /*
      * Step 3. u2 <- r * w mod q.
      */
-    u2 = newbn(dss_q[0]);
-    modmul(r, w, dss_q, u2);
+    u2 = modmul(r, w, dss_q);
     diagbn("u2=", u2);
 
     /*
      * Step 4. v <- (g^u1 * y^u2 mod p) mod q.
      */
-    i1 = newbn(dss_p[0]);
-    i2 = newbn(dss_p[0]);
-    i3 = newbn(dss_p[0]);
-    v = newbn(dss_q[0]);
-    modpow(dss_g, u1, dss_p, i1);
-    diagbn("gu1p=", i1);
-    modpow(dss_y, u2, dss_p, i2);
-    diagbn("yu2p=", i2);
-    modmul(i1, i2, dss_p, i3);
-    diagbn("gu1yu2p=", i3);
-    modmul(i3, One, dss_q, v);
+    gu1p = modpow(dss_g, u1, dss_p);
+    diagbn("gu1p=", gu1p);
+    yu2p = modpow(dss_y, u2, dss_p);
+    diagbn("yu2p=", yu2p);
+    gu1yu2p = modmul(gu1p, yu2p, dss_p);
+    diagbn("gu1yu2p=", gu1yu2p);
+    v = modmul(gu1yu2p, One, dss_q);
     diagbn("gu1yu2q=v=", v);
     diagbn("r=", r);
 
@@ -284,20 +272,13 @@ static int dss_verifysig(char *sig, int siglen, char *data, int datalen) {
      * Step 5. v should now be equal to r.
      */
 
-    ret = 1;
-    for (i = 1; i <= v[0] || i <= r[0]; i++) {
-        if ((i > v[0] && r[i] != 0) ||
-            (i > r[0] && v[i] != 0) ||
-            (i <= v[0] && i <= r[0] && r[i] != v[i]))
-            ret = 0;
-    }
+    ret = !bignum_cmp(v, r);
 
     freebn(w);
-    freebn(qm2);
     freebn(sha);
-    freebn(i1);
-    freebn(i2);
-    freebn(i3);
+    freebn(gu1p);
+    freebn(yu2p);
+    freebn(gu1yu2p);
     freebn(v);
     freebn(r);
     freebn(s);