OpenCoverage

ecs_ossl.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/ecdsa/ecs_ossl.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: ecs_ossl.c,v 1.16 2018/07/10 21:36:02 tb Exp $ */ -

2 /* -

3 * Written by Nils Larsch for the OpenSSL project -

4 */ -

5 /* ==================================================================== -

7 * -

8 * Redistribution and use in source and binary forms, with or without -

9 * modification, are permitted provided that the following conditions -

10 * are met: -

11 * -

12 * 1. Redistributions of source code must retain the above copyright -

13 * notice, this list of conditions and the following disclaimer. -

14 * -

15 * 2. Redistributions in binary form must reproduce the above copyright -

16 * notice, this list of conditions and the following disclaimer in -

17 * the documentation and/or other materials provided with the -

18 * distribution. -

19 * -

20 * 3. All advertising materials mentioning features or use of this -

21 * software must display the following acknowledgment: -

22 * "This product includes software developed by the OpenSSL Project -

23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -

24 * -

25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -

26 * endorse or promote products derived from this software without -

27 * prior written permission. For written permission, please contact -

28 * openssl-core@OpenSSL.org. -

29 * -

30 * 5. Products derived from this software may not be called "OpenSSL" -

31 * nor may "OpenSSL" appear in their names without prior written -

32 * permission of the OpenSSL Project. -

33 * -

34 * 6. Redistributions of any form whatsoever must retain the following -

35 * acknowledgment: -

36 * "This product includes software developed by the OpenSSL Project -

37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -

38 * -

39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -

40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -

41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -

42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -

43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -

44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -

46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -

47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -

48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -

49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -

50 * OF THE POSSIBILITY OF SUCH DAMAGE. -

51 * ==================================================================== -

52 * -

53 * This product includes cryptographic software written by Eric Young -

54 * (eay@cryptsoft.com). This product includes software written by Tim -

55 * Hudson (tjh@cryptsoft.com). -

56 * -

57 */ -

58 -

59 #include <openssl/opensslconf.h> -

60 -

61 #include <openssl/err.h> -

62 #include <openssl/obj_mac.h> -

63 #include <openssl/bn.h> -

64 -

65 #include "bn_lcl.h" -

66 #include "ecs_locl.h" -

67 -

68 static int ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, -

69 BIGNUM *order, BIGNUM *ret); -

70 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, -

71 const BIGNUM *, const BIGNUM *, EC_KEY *eckey); -

72 static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -

73 BIGNUM **rp); -

74 static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, -

75 const ECDSA_SIG *sig, EC_KEY *eckey); -

76 -

77 static ECDSA_METHOD openssl_ecdsa_meth = { -

78 .name = "OpenSSL ECDSA method", -

79 .ecdsa_do_sign = ecdsa_do_sign, -

80 .ecdsa_sign_setup = ecdsa_sign_setup, -

81 .ecdsa_do_verify = ecdsa_do_verify -

82 }; -

83 -

84 const ECDSA_METHOD * -

85 ECDSA_OpenSSL(void) -

86 { -

return &openssl_ecdsa_meth;

executed 1 time by 1 test: return &openssl_ecdsa_meth;

Executed by:

ecdsatest

88 } -

89 -

90 static int -

91 ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, BIGNUM *order, -

92 BIGNUM *ret) -

93 { -

94 int dgst_bits, order_bits; -

95 -

if (!BN_bin2bn(dgst, dgst_len, ret)) {

!BN_bin2bn(dgs...dgst_len, ret)	Description
TRUE	never evaluated
FALSE	evaluated 455 times by 1 test Evaluated by: ecdsatest

0-455

97 ECDSAerror(ERR_R_BN_LIB); -

return 0;

never executed: return 0;

99 } -

100 -

101 /* FIPS 186-3 6.4: Use order_bits leftmost bits if digest is too long */ -

102 dgst_bits = 8 * dgst_len; -

103 order_bits = BN_num_bits(order); -

104

if (dgst_bits > order_bits) {

dgst_bits > order_bits	Description
TRUE	never evaluated
FALSE	evaluated 455 times by 1 test Evaluated by: ecdsatest

0-455

105

if (!BN_rshift(ret, ret, dgst_bits - order_bits)) {

!BN_rshift(ret... - order_bits)	Description
TRUE	never evaluated
FALSE	never evaluated

106 ECDSAerror(ERR_R_BN_LIB); -

107

return 0;

never executed: return 0;

108 } -

109

}

never executed: end of block

110 -

111

return 1;

executed 455 times by 1 test: return 1;

Executed by:

ecdsatest

455

112 } -

113 -

114 static int -

115 ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) -

116 { -

117 BN_CTX *ctx = ctx_in; -

118 BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; -

119 EC_POINT *point = NULL; -

120 const EC_GROUP *group; -

121 int order_bits, ret = 0; -

122 -

123

if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {

eckey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

(group = EC_KE...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

124 ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); -

125

return 0;

never executed: return 0;

126 } -

127 -

128

if (ctx == NULL) {

ctx == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

129

if ((ctx = BN_CTX_new()) == NULL) {

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

130 ECDSAerror(ERR_R_MALLOC_FAILURE); -

131

return 0;

never executed: return 0;

132 } -

133

}

never executed: end of block

134 -

135

if ((k = BN_new()) == NULL || (r = BN_new()) == NULL ||

(k = BN_new()) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

(r = BN_new()) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

136

(order = BN_new()) == NULL || (X = BN_new()) == NULL) {

(order = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

(X = BN_new()) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

137 ECDSAerror(ERR_R_MALLOC_FAILURE); -

138

goto err;

never executed: goto err;

139 } -

140

if ((point = EC_POINT_new(group)) == NULL) {

(point = EC_PO...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

141 ECDSAerror(ERR_R_EC_LIB); -

142

goto err;

never executed: goto err;

143 } -

144

if (!EC_GROUP_get_order(group, order, ctx)) {

!EC_GROUP_get_...p, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

145 ECDSAerror(ERR_R_EC_LIB); -

146

goto err;

never executed: goto err;

147 } -

148 -

149 /* Preallocate space. */ -

150 order_bits = BN_num_bits(order); -

151

if (!BN_set_bit(k, order_bits) ||

!BN_set_bit(k, order_bits)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

152

!BN_set_bit(r, order_bits) ||

!BN_set_bit(r, order_bits)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

153

!BN_set_bit(X, order_bits))

!BN_set_bit(X, order_bits)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

154

goto err;

never executed: goto err;

155 -

156 do { -

157 do { -

158

if (!BN_rand_range(k, order)) {

!BN_rand_range(k, order)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

159 ECDSAerror( -

160 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); -

161

goto err;

never executed: goto err;

162 } -

163

} while (BN_is_zero(k));

executed 76 times by 1 test: end of block

Executed by:

ecdsatest

((k)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

164 -

165 /* -

166 * We do not want timing information to leak the length of k, -

167 * so we compute G * k using an equivalent scalar of fixed -

168 * bit-length. -

169 * -

170 * We unconditionally perform both of these additions to prevent -

171 * a small timing information leakage. We then choose the sum -

172 * that is one bit longer than the order. This guarantees the -

173 * code path used in the constant time implementations -

174 * elsewhere. -

175 * -

176 * TODO: revisit the BN_copy aiming for a memory access agnostic -

177 * conditional copy. -

178 */ -

179

if (!BN_add(r, k, order) ||

!BN_add(r, k, order)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

180

!BN_add(X, r, order) ||

!BN_add(X, r, order)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

181

!BN_copy(k, BN_num_bits(r) > order_bits ? r : X))

!BN_copy(k, BN..._bits ? r : X)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

182

goto err;

never executed: goto err;

183 -

184 BN_set_flags(k, BN_FLG_CONSTTIME); -

185 -

186 /* Compute r, the x-coordinate of G * k. */ -

187

if (!EC_POINT_mul(group, point, k, NULL, NULL, ctx)) {

!EC_POINT_mul(...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

188 ECDSAerror(ERR_R_EC_LIB); -

189

goto err;

never executed: goto err;

190 } -

191

if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==

EC_METHOD_get_...group)) == 406	Description
TRUE	evaluated 42 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 34 times by 1 test Evaluated by: ecdsatest

34-42

192

NID_X9_62_prime_field) {

EC_METHOD_get_...group)) == 406	Description
TRUE	evaluated 42 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 34 times by 1 test Evaluated by: ecdsatest

34-42

193

if (!EC_POINT_get_affine_coordinates_GFp(group, point,

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: ecdsatest

0-42

194

X, NULL, ctx)) {

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 42 times by 1 test Evaluated by: ecdsatest

0-42

195 ECDSAerror(ERR_R_EC_LIB); -

196

goto err;

never executed: goto err;

197 } -

198

}

executed 42 times by 1 test: end of block

Executed by:

ecdsatest

199 #ifndef OPENSSL_NO_EC2M -

200 else { /* NID_X9_62_characteristic_two_field */ -

201

if (!EC_POINT_get_affine_coordinates_GF2m(group, point,

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: ecdsatest

0-34

202

X, NULL, ctx)) {

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 34 times by 1 test Evaluated by: ecdsatest

0-34

203 ECDSAerror(ERR_R_EC_LIB); -

204

goto err;

never executed: goto err;

205 } -

206

}

executed 34 times by 1 test: end of block

Executed by:

ecdsatest

207 #endif -

208

if (!BN_nnmod(r, X, order, ctx)) {

!BN_nnmod(r, X, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

209 ECDSAerror(ERR_R_BN_LIB); -

210

goto err;

never executed: goto err;

211 } -

212

} while (BN_is_zero(r));

executed 76 times by 1 test: end of block

Executed by:

ecdsatest

((r)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

213 -

214

if (!BN_mod_inverse_ct(k, k, order, ctx)) {

!BN_mod_invers...k, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

215 ECDSAerror(ERR_R_BN_LIB); -

216

goto err;

never executed: goto err;

217 } -

218 BN_clear_free(*rp); -

219 BN_clear_free(*kinvp); -

220 *rp = r; -

221 *kinvp = k; -

222 ret = 1; -

223 -

224

err:

code before this statement executed 76 times by 1 test: err:

Executed by:

ecdsatest

225

if (ret == 0) {

ret == 0	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

226 BN_clear_free(k); -

227 BN_clear_free(r); -

228

}

never executed: end of block

229

if (ctx_in == NULL)

ctx_in == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

230

BN_CTX_free(ctx);

never executed: BN_CTX_free(ctx);

231 BN_free(order); -

232 EC_POINT_free(point); -

233 BN_clear_free(X); -

234

return (ret);

executed 76 times by 1 test: return (ret);

Executed by:

ecdsatest

235 } -

236 -

237 -

238 static ECDSA_SIG * -

239 ecdsa_do_sign(const unsigned char *dgst, int dgst_len, -

240 const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) -

241 { -

242 BIGNUM *b = NULL, *binv = NULL, *bm = NULL, *bxr = NULL; -

243 BIGNUM *kinv = NULL, *m = NULL, *order = NULL, *range = NULL, *s; -

244 const BIGNUM *ckinv, *priv_key; -

245 BN_CTX *ctx = NULL; -

246 const EC_GROUP *group; -

247 ECDSA_SIG *ret; -

248 ECDSA_DATA *ecdsa; -

249 int ok = 0; -

250 -

251 ecdsa = ecdsa_check(eckey); -

252 group = EC_KEY_get0_group(eckey); -

253 priv_key = EC_KEY_get0_private_key(eckey); -

254 -

255

if (group == NULL || priv_key == NULL || ecdsa == NULL) {

group == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

priv_key == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

ecdsa == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

256 ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); -

257

return NULL;

never executed: return ((void *)0) ;

258 } -

259 -

260

if ((ret = ECDSA_SIG_new()) == NULL) {

(ret = ECDSA_S...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

261 ECDSAerror(ERR_R_MALLOC_FAILURE); -

262

return NULL;

never executed: return ((void *)0) ;

263 } -

264 s = ret->s; -

265 -

266

if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

(order = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

267

(range = BN_new()) == NULL || (b = BN_new()) == NULL ||

(range = BN_ne...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

(b = BN_new()) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

268

(binv = BN_new()) == NULL || (bm = BN_new()) == NULL ||

(binv = BN_new...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

(bm = BN_new()) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

269

(bxr = BN_new()) == NULL || (m = BN_new()) == NULL) {

(bxr = BN_new(...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

(m = BN_new()) == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

270 ECDSAerror(ERR_R_MALLOC_FAILURE); -

271

goto err;

never executed: goto err;

272 } -

273 -

274

if (!EC_GROUP_get_order(group, order, ctx)) {

!EC_GROUP_get_...p, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

275 ECDSAerror(ERR_R_EC_LIB); -

276

goto err;

never executed: goto err;

277 } -

278 -

279

if (!ecdsa_prepare_digest(dgst, dgst_len, order, m))

!ecdsa_prepare...len, order, m)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

280

goto err;

never executed: goto err;

281 -

282 do { -

283

if (in_kinv == NULL || in_r == NULL) {

in_kinv == ((void *)0)	Description
TRUE	evaluated 76 times by 1 test Evaluated by: ecdsatest
FALSE	never evaluated

in_r == ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

0-76

284

if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {

!ECDSA_sign_se...kinv, &ret->r)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

285 ECDSAerror(ERR_R_ECDSA_LIB); -

286

goto err;

never executed: goto err;

287 } -

288 ckinv = kinv; -

289

} else {

executed 76 times by 1 test: end of block

Executed by:

ecdsatest

290 ckinv = in_kinv; -

291

if (BN_copy(ret->r, in_r) == NULL) {

BN_copy(ret->r...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

292 ECDSAerror(ERR_R_MALLOC_FAILURE); -

293

goto err;

never executed: goto err;

294 } -

295

}

never executed: end of block

296 -

297 /* -

298 * Compute: -

299 * -

300 * s = inv(k)(m + xr) mod order -

301 * -

302 * In order to reduce the possibility of a side-channel attack, -

303 * the following is calculated using a blinding value: -

304 * -

305 * s = inv(k)inv(b)(bm + bxr) mod order -

306 * -

307 * where b is a random value in the range [1, order-1]. -

308 */ -

309 -

310 /* Generate b in range [1, order-1]. */ -

311

if (!BN_sub(range, order, BN_value_one())) {

!BN_sub(range,...N_value_one())	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

312 ECDSAerror(ERR_R_BN_LIB); -

313

goto err;

never executed: goto err;

314 } -

315

if (!BN_rand_range(b, range)) {

!BN_rand_range(b, range)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

316 ECDSAerror(ERR_R_BN_LIB); -

317

goto err;

never executed: goto err;

318 } -

319

if (!BN_add(b, b, BN_value_one())) {

!BN_add(b, b, BN_value_one())	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

320 ECDSAerror(ERR_R_BN_LIB); -

321

goto err;

never executed: goto err;

322 } -

323 -

324

if (BN_mod_inverse_ct(binv, b, order, ctx) == NULL) {

BN_mod_inverse...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

325 ECDSAerror(ERR_R_BN_LIB); -

326

goto err;

never executed: goto err;

327 } -

328 -

329

if (!BN_mod_mul(bxr, b, priv_key, order, ctx)) { /* bx */

!BN_mod_mul(bx...y, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

330 ECDSAerror(ERR_R_BN_LIB); -

331

goto err;

never executed: goto err;

332 } -

333

if (!BN_mod_mul(bxr, bxr, ret->r, order, ctx)) { /* bxr */

!BN_mod_mul(bx...r, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

334 ECDSAerror(ERR_R_BN_LIB); -

335

goto err;

never executed: goto err;

336 } -

337

if (!BN_mod_mul(bm, b, m, order, ctx)) { /* bm */

!BN_mod_mul(bm...m, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

338 ECDSAerror(ERR_R_BN_LIB); -

339

goto err;

never executed: goto err;

340 } -

341

if (!BN_mod_add(s, bm, bxr, order, ctx)) { /* s = bm + bxr */

!BN_mod_add(s,...r, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

342 ECDSAerror(ERR_R_BN_LIB); -

343

goto err;

never executed: goto err;

344 } -

345

if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = m + xr */

!BN_mod_mul(s,...v, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

346 ECDSAerror(ERR_R_BN_LIB); -

347

goto err;

never executed: goto err;

348 } -

349

if (!BN_mod_mul(s, s, ckinv, order, ctx)) {

!BN_mod_mul(s,...v, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

350 ECDSAerror(ERR_R_BN_LIB); -

351

goto err;

never executed: goto err;

352 } -

353 -

354

if (BN_is_zero(s)) {

((s)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

355 /* -

356 * If kinv and r have been supplied by the caller, -

357 * don't generate new kinv and r values -

358 */ -

359

if (in_kinv != NULL && in_r != NULL) {

in_kinv != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

in_r != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

360 ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES); -

361

goto err;

never executed: goto err;

362 } -

363

} else

never executed: end of block

364 /* s != 0 => we have a valid signature */ -

365

break;

executed 76 times by 1 test: break;

Executed by:

ecdsatest

366 } while (1); -

367 -

368 ok = 1; -

369 -

370

err:

code before this statement executed 76 times by 1 test: err:

Executed by:

ecdsatest

371

if (ok == 0) {

ok == 0	Description
TRUE	never evaluated
FALSE	evaluated 76 times by 1 test Evaluated by: ecdsatest

0-76

372 ECDSA_SIG_free(ret); -

373 ret = NULL; -

374

}

never executed: end of block

375 BN_CTX_free(ctx); -

376 BN_clear_free(b); -

377 BN_clear_free(binv); -

378 BN_clear_free(bm); -

379 BN_clear_free(bxr); -

380 BN_clear_free(kinv); -

381 BN_clear_free(m); -

382 BN_free(order); -

383 BN_free(range); -

384

return ret;

executed 76 times by 1 test: return ret;

Executed by:

ecdsatest

385 } -

386 -

387 static int -

388 ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, -

389 EC_KEY *eckey) -

390 { -

391 BN_CTX *ctx; -

392 BIGNUM *order, *u1, *u2, *m, *X; -

393 EC_POINT *point = NULL; -

394 const EC_GROUP *group; -

395 const EC_POINT *pub_key; -

396 int ret = -1; -

397 -

398

if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||

eckey == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

(group = EC_KE...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

0-380

399

(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {

(pub_key = EC_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

sig == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

0-380

400 ECDSAerror(ECDSA_R_MISSING_PARAMETERS); -

401

return -1;

never executed: return -1;

402 } -

403 -

404

if ((ctx = BN_CTX_new()) == NULL) {

(ctx = BN_CTX_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

0-380

405 ECDSAerror(ERR_R_MALLOC_FAILURE); -

406

return -1;

never executed: return -1;

407 } -

408 BN_CTX_start(ctx); -

409 order = BN_CTX_get(ctx); -

410 u1 = BN_CTX_get(ctx); -

411 u2 = BN_CTX_get(ctx); -

412 m = BN_CTX_get(ctx); -

413 X = BN_CTX_get(ctx); -

414

if (X == NULL) {

X == ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

0-380

415 ECDSAerror(ERR_R_BN_LIB); -

416

goto err;

never executed: goto err;

417 } -

418 -

419

if (!EC_GROUP_get_order(group, order, ctx)) {

!EC_GROUP_get_...p, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

0-380

420 ECDSAerror(ERR_R_EC_LIB); -

421

goto err;

never executed: goto err;

422 } -

423 -

424 /* Verify that r and s are in the range [1, order-1]. */ -

425

if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||

((sig->r)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

((sig->r)->neg != 0)	Description
TRUE	never evaluated
FALSE	evaluated 380 times by 1 test Evaluated by: ecdsatest

0-380

426

BN_ucmp(sig->r, order) >= 0 ||

BN_ucmp(sig->r, order) >= 0	Description
TRUE	evaluated 1 time by 1 test Evaluated by: ecdsatest
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

1-379

427

BN_is_zero(sig->s) || BN_is_negative(sig->s) ||

((sig->s)->top == 0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

((sig->s)->neg != 0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

428

BN_ucmp(sig->s, order) >= 0) {

BN_ucmp(sig->s, order) >= 0	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

429 ECDSAerror(ECDSA_R_BAD_SIGNATURE); -

430 ret = 0; -

431

goto err;

executed 1 time by 1 test: goto err;

Executed by:

ecdsatest

432 } -

433 -

434

if (!ecdsa_prepare_digest(dgst, dgst_len, order, m))

!ecdsa_prepare...len, order, m)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

435

goto err;

never executed: goto err;

436 -

437

if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) { /* w = inv(s) */

!BN_mod_invers...s, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

438 ECDSAerror(ERR_R_BN_LIB); -

439

goto err;

never executed: goto err;

440 } -

441

if (!BN_mod_mul(u1, m, u2, order, ctx)) { /* u1 = mw */

!BN_mod_mul(u1...2, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

442 ECDSAerror(ERR_R_BN_LIB); -

443

goto err;

never executed: goto err;

444 } -

445

if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { /* u2 = rw */

!BN_mod_mul(u2...2, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

446 ECDSAerror(ERR_R_BN_LIB); -

447

goto err;

never executed: goto err;

448 } -

449 -

450 /* Compute the x-coordinate of G * u1 + pub_key * u2. */ -

451

if ((point = EC_POINT_new(group)) == NULL) {

(point = EC_PO...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

452 ECDSAerror(ERR_R_MALLOC_FAILURE); -

453

goto err;

never executed: goto err;

454 } -

455

if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {

!EC_POINT_mul(..._key, u2, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

456 ECDSAerror(ERR_R_EC_LIB); -

457

goto err;

never executed: goto err;

458 } -

459

if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==

EC_METHOD_get_...group)) == 406	Description
TRUE	evaluated 210 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 169 times by 1 test Evaluated by: ecdsatest

169-210

460

NID_X9_62_prime_field) {

EC_METHOD_get_...group)) == 406	Description
TRUE	evaluated 210 times by 1 test Evaluated by: ecdsatest
FALSE	evaluated 169 times by 1 test Evaluated by: ecdsatest

169-210

461

if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL,

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 210 times by 1 test Evaluated by: ecdsatest

0-210

462

ctx)) {

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 210 times by 1 test Evaluated by: ecdsatest

0-210

463 ECDSAerror(ERR_R_EC_LIB); -

464

goto err;

never executed: goto err;

465 } -

466

}

executed 210 times by 1 test: end of block

Executed by:

ecdsatest

210

467 #ifndef OPENSSL_NO_EC2M -

468 else { /* NID_X9_62_characteristic_two_field */ -

469

if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL,

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 169 times by 1 test Evaluated by: ecdsatest

0-169

470

ctx)) {

!EC_POINT_get_...id *)0) , ctx)	Description
TRUE	never evaluated
FALSE	evaluated 169 times by 1 test Evaluated by: ecdsatest

0-169

471 ECDSAerror(ERR_R_EC_LIB); -

472

goto err;

never executed: goto err;

473 } -

474

}

executed 169 times by 1 test: end of block

Executed by:

ecdsatest

169

475 #endif -

476

if (!BN_nnmod(u1, X, order, ctx)) {

!BN_nnmod(u1, X, order, ctx)	Description
TRUE	never evaluated
FALSE	evaluated 379 times by 1 test Evaluated by: ecdsatest

0-379

477 ECDSAerror(ERR_R_BN_LIB); -

478

goto err;

never executed: goto err;

479 } -

480 -

481 /* If the signature is correct, the x-coordinate is equal to sig->r. */ -

482 ret = (BN_ucmp(u1, sig->r) == 0); -

483 -

484

err:

code before this statement executed 379 times by 1 test: err:

Executed by:

ecdsatest

379

485 BN_CTX_end(ctx); -

486 BN_CTX_free(ctx); -

487 EC_POINT_free(point); -

488

return ret;

executed 380 times by 1 test: return ret;

Executed by:

ecdsatest

380

489 } -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2