OpenCoverage

ecdsa_ossl.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ec/ecdsa_ossl.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include <string.h>-
11#include <openssl/err.h>-
12#include <openssl/obj_mac.h>-
13#include <openssl/rand.h>-
14#include "internal/bn_int.h"-
15#include "ec_lcl.h"-
16-
17int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,-
18 unsigned char *sig, unsigned int *siglen,-
19 const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)-
20{-
21 ECDSA_SIG *s;-
22-
23 s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);-
24 if (s == NULL) {
s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-363
25 *siglen = 0;-
26 return 0;
never executed: return 0;
0
27 }-
28 *siglen = i2d_ECDSA_SIG(s, &sig);-
29 ECDSA_SIG_free(s);-
30 return 1;
executed 363 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
363
31}-
32-
33static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,-
34 BIGNUM **kinvp, BIGNUM **rp,-
35 const unsigned char *dgst, int dlen)-
36{-
37 BN_CTX *ctx = NULL;-
38 BIGNUM *k = NULL, *r = NULL, *X = NULL;-
39 const BIGNUM *order;-
40 EC_POINT *tmp_point = NULL;-
41 const EC_GROUP *group;-
42 int ret = 0;-
43 int order_bits;-
44-
45 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
eckey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(group = EC_KE...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
46 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);-
47 return 0;
never executed: return 0;
0
48 }-
49-
50 if (!EC_KEY_can_sign(eckey)) {
!EC_KEY_can_sign(eckey)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
51 ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);-
52 return 0;
never executed: return 0;
0
53 }-
54-
55 if ((ctx = ctx_in) == NULL) {
(ctx = ctx_in) == ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
4-363
56 if ((ctx = BN_CTX_new()) == NULL) {
(ctx = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4
57 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);-
58 return 0;
never executed: return 0;
0
59 }-
60 }
executed 4 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
4
61-
62 k = BN_new(); /* this value is later returned in *kinvp */-
63 r = BN_new(); /* this value is later returned in *rp */-
64 X = BN_new();-
65 if (k == NULL || r == NULL || X == NULL) {
k == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
r == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
X == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
66 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);-
67 goto err;
never executed: goto err;
0
68 }-
69 if ((tmp_point = EC_POINT_new(group)) == NULL) {
(tmp_point = E...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
70 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);-
71 goto err;
never executed: goto err;
0
72 }-
73 order = EC_GROUP_get0_order(group);-
74-
75 /* Preallocate space */-
76 order_bits = BN_num_bits(order);-
77 if (!BN_set_bit(k, order_bits)
!BN_set_bit(k, order_bits)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
78 || !BN_set_bit(r, order_bits)
!BN_set_bit(r, order_bits)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
79 || !BN_set_bit(X, order_bits))
!BN_set_bit(X, order_bits)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
80 goto err;
never executed: goto err;
0
81-
82 do {-
83 /* get random k */-
84 do {-
85 if (dgst != NULL) {
dgst != ((void *)0)Description
TRUEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
4-363
86 if (!BN_generate_dsa_nonce(k, order,
!BN_generate_d...st, dlen, ctx)Description
TRUEnever evaluated
FALSEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-363
87 EC_KEY_get0_private_key(eckey),
!BN_generate_d...st, dlen, ctx)Description
TRUEnever evaluated
FALSEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-363
88 dgst, dlen, ctx)) {
!BN_generate_d...st, dlen, ctx)Description
TRUEnever evaluated
FALSEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-363
89 ECerr(EC_F_ECDSA_SIGN_SETUP,-
90 EC_R_RANDOM_NUMBER_GENERATION_FAILED);-
91 goto err;
never executed: goto err;
0
92 }-
93 } else {
executed 363 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
363
94 if (!BN_priv_rand_range(k, order)) {
!BN_priv_rand_range(k, order)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4
95 ECerr(EC_F_ECDSA_SIGN_SETUP,-
96 EC_R_RANDOM_NUMBER_GENERATION_FAILED);-
97 goto err;
never executed: goto err;
0
98 }-
99 }
executed 4 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
4
100 } while (BN_is_zero(k));
BN_is_zero(k)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
101-
102 /* compute r the x-coordinate of generator * k */-
103 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
!EC_POINT_mul(...id *)0) , ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
104 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);-
105 goto err;
never executed: goto err;
0
106 }-
107-
108 if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) {
!EC_POINT_get_...id *)0) , ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
109 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);-
110 goto err;
never executed: goto err;
0
111 }-
112-
113 if (!BN_nnmod(r, X, order, ctx)) {
!BN_nnmod(r, X, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
114 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);-
115 goto err;
never executed: goto err;
0
116 }-
117 } while (BN_is_zero(r));
executed 367 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
BN_is_zero(r)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
118-
119 /* compute the inverse of k */-
120 if (!ec_group_do_inverse_ord(group, k, k, ctx)) {
!ec_group_do_i...up, k, k, ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
121 ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);-
122 goto err;
never executed: goto err;
0
123 }-
124-
125 /* clear old values if necessary */-
126 BN_clear_free(*rp);-
127 BN_clear_free(*kinvp);-
128 /* save the pre-computed values */-
129 *rp = r;-
130 *kinvp = k;-
131 ret = 1;-
132 err:
code before this statement executed 367 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
367
133 if (!ret) {
!retDescription
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
134 BN_clear_free(k);-
135 BN_clear_free(r);-
136 }
never executed: end of block
0
137 if (ctx != ctx_in)
ctx != ctx_inDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
4-363
138 BN_CTX_free(ctx);
executed 4 times by 1 test: BN_CTX_free(ctx);
Executed by:
  • libcrypto.so.1.1
4
139 EC_POINT_free(tmp_point);-
140 BN_clear_free(X);-
141 return ret;
executed 367 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
367
142}-
143-
144int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,-
145 BIGNUM **rp)-
146{-
147 return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
executed 4 times by 1 test: return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, ((void *)0) , 0);
Executed by:
  • libcrypto.so.1.1
4
148}-
149-
150ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,-
151 const BIGNUM *in_kinv, const BIGNUM *in_r,-
152 EC_KEY *eckey)-
153{-
154 int ok = 0, i;-
155 BIGNUM *kinv = NULL, *s, *m = NULL;-
156 const BIGNUM *order, *ckinv;-
157 BN_CTX *ctx = NULL;-
158 const EC_GROUP *group;-
159 ECDSA_SIG *ret;-
160 const BIGNUM *priv_key;-
161-
162 group = EC_KEY_get0_group(eckey);-
163 priv_key = EC_KEY_get0_private_key(eckey);-
164-
165 if (group == NULL || priv_key == NULL) {
group == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
priv_key == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
166 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);-
167 return NULL;
never executed: return ((void *)0) ;
0
168 }-
169-
170 if (!EC_KEY_can_sign(eckey)) {
!EC_KEY_can_sign(eckey)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
171 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);-
172 return NULL;
never executed: return ((void *)0) ;
0
173 }-
174-
175 ret = ECDSA_SIG_new();-
176 if (ret == NULL) {
ret == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
177 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);-
178 return NULL;
never executed: return ((void *)0) ;
0
179 }-
180 ret->r = BN_new();-
181 ret->s = BN_new();-
182 if (ret->r == NULL || ret->s == NULL) {
ret->r == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
ret->s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
183 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);-
184 goto err;
never executed: goto err;
0
185 }-
186 s = ret->s;-
187-
188 if ((ctx = BN_CTX_new()) == NULL
(ctx = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
189 || (m = BN_new()) == NULL) {
(m = BN_new()) == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
190 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);-
191 goto err;
never executed: goto err;
0
192 }-
193-
194 order = EC_GROUP_get0_order(group);-
195 i = BN_num_bits(order);-
196 /*-
197 * Need to truncate digest if it is too long: first truncate whole bytes.-
198 */-
199 if (8 * dgst_len > i)
8 * dgst_len > iDescription
TRUEevaluated 7 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 360 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
7-360
200 dgst_len = (i + 7) / 8;
executed 7 times by 1 test: dgst_len = (i + 7) / 8;
Executed by:
  • libcrypto.so.1.1
7
201 if (!BN_bin2bn(dgst, dgst_len, m)) {
!BN_bin2bn(dgst, dgst_len, m)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
202 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);-
203 goto err;
never executed: goto err;
0
204 }-
205 /* If still too long, truncate remaining bits with a shift */-
206 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
(8 * dgst_len > i)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!BN_rshift(m, ...8 - (i & 0x7))Description
TRUEnever evaluated
FALSEnever evaluated
0-367
207 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);-
208 goto err;
never executed: goto err;
0
209 }-
210 do {-
211 if (in_kinv == NULL || in_r == NULL) {
in_kinv == ((void *)0)Description
TRUEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
in_r == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-363
212 if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
!ecdsa_sign_se...gst, dgst_len)Description
TRUEnever evaluated
FALSEevaluated 363 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-363
213 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);-
214 goto err;
never executed: goto err;
0
215 }-
216 ckinv = kinv;-
217 } else {
executed 363 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
363
218 ckinv = in_kinv;-
219 if (BN_copy(ret->r, in_r) == NULL) {
BN_copy(ret->r...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4
220 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);-
221 goto err;
never executed: goto err;
0
222 }-
223 }
executed 4 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
4
224-
225 /*-
226 * With only one multiplicant being in Montgomery domain-
227 * multiplication yields real result without post-conversion.-
228 * Also note that all operations but last are performed with-
229 * zero-padded vectors. Last operation, BN_mod_mul_montgomery-
230 * below, returns user-visible value with removed zero padding.-
231 */-
232 if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
!bn_to_mont_fi...ont_data, ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
233 || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
!bn_mul_mont_f...ont_data, ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
234 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);-
235 goto err;
never executed: goto err;
0
236 }-
237 if (!bn_mod_add_fixed_top(s, s, m, order)) {
!bn_mod_add_fi..., s, m, order)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
238 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);-
239 goto err;
never executed: goto err;
0
240 }-
241 /*-
242 * |s| can still be larger than modulus, because |m| can be. In-
243 * such case we count on Montgomery reduction to tie it up.-
244 */-
245 if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
!bn_to_mont_fi...ont_data, ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
246 || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
!BN_mod_mul_mo...ont_data, ctx)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
247 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);-
248 goto err;
never executed: goto err;
0
249 }-
250-
251 if (BN_is_zero(s)) {
BN_is_zero(s)Description
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
252 /*-
253 * if kinv and r have been supplied by the caller, don't-
254 * generate new kinv and r values-
255 */-
256 if (in_kinv != NULL && in_r != NULL) {
in_kinv != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
in_r != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
257 ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);-
258 goto err;
never executed: goto err;
0
259 }-
260 } else {
never executed: end of block
0
261 /* s != 0 => we have a valid signature */-
262 break;
executed 367 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
367
263 }-
264 } while (1);-
265-
266 ok = 1;-
267 err:
code before this statement executed 367 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
367
268 if (!ok) {
!okDescription
TRUEnever evaluated
FALSEevaluated 367 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-367
269 ECDSA_SIG_free(ret);-
270 ret = NULL;-
271 }
never executed: end of block
0
272 BN_CTX_free(ctx);-
273 BN_clear_free(m);-
274 BN_clear_free(kinv);-
275 return ret;
executed 367 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
367
276}-
277-
278/*--
279 * returns-
280 * 1: correct signature-
281 * 0: incorrect signature-
282 * -1: error-
283 */-
284int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,-
285 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)-
286{-
287 ECDSA_SIG *s;-
288 const unsigned char *p = sigbuf;-
289 unsigned char *der = NULL;-
290 int derlen = -1;-
291 int ret = -1;-
292-
293 s = ECDSA_SIG_new();-
294 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 664 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-664
295 return ret;
never executed: return ret;
0
296 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
d2i_ECDSA_SIG(...== ((void *)0)Description
TRUEevaluated 74 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
74-590
297 goto err;
executed 74 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
74
298 /* Ensure signature uses DER and doesn't have trailing garbage */-
299 derlen = i2d_ECDSA_SIG(s, &der);-
300 if (derlen != sig_len || memcmp(sigbuf, der, derlen) != 0)
derlen != sig_lenDescription
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 587 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
memcmp(sigbuf,..., derlen) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 586 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-587
301 goto err;
executed 4 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
4
302 ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);-
303 err:
code before this statement executed 586 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
586
304 OPENSSL_clear_free(der, derlen);-
305 ECDSA_SIG_free(s);-
306 return ret;
executed 664 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
664
307}-
308-
309int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,-
310 const ECDSA_SIG *sig, EC_KEY *eckey)-
311{-
312 int ret = -1, i;-
313 BN_CTX *ctx;-
314 const BIGNUM *order;-
315 BIGNUM *u1, *u2, *m, *X;-
316 EC_POINT *point = NULL;-
317 const EC_GROUP *group;-
318 const EC_POINT *pub_key;-
319-
320 /* check input values */-
321 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
eckey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(group = EC_KE...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-590
322 (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
(pub_key = EC_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
sig == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-590
323 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);-
324 return -1;
never executed: return -1;
0
325 }-
326-
327 if (!EC_KEY_can_sign(eckey)) {
!EC_KEY_can_sign(eckey)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-590
328 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);-
329 return -1;
never executed: return -1;
0
330 }-
331-
332 ctx = BN_CTX_new();-
333 if (ctx == NULL) {
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-590
334 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);-
335 return -1;
never executed: return -1;
0
336 }-
337 BN_CTX_start(ctx);-
338 u1 = BN_CTX_get(ctx);-
339 u2 = BN_CTX_get(ctx);-
340 m = BN_CTX_get(ctx);-
341 X = BN_CTX_get(ctx);-
342 if (X == NULL) {
X == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-590
343 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);-
344 goto err;
never executed: goto err;
0
345 }-
346-
347 order = EC_GROUP_get0_order(group);-
348 if (order == NULL) {
order == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 590 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-590
349 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);-
350 goto err;
never executed: goto err;
0
351 }-
352-
353 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_is_zero(sig->r)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 589 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_is_negative(sig->r)Description
TRUEnever evaluated
FALSEevaluated 589 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-589
354 BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
BN_ucmp(sig->r, order) >= 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 587 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_is_zero(sig->s)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 586 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-587
355 BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
BN_is_negative(sig->s)Description
TRUEnever evaluated
FALSEevaluated 586 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
BN_ucmp(sig->s, order) >= 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-586
356 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);-
357 ret = 0; /* signature is invalid */-
358 goto err;
executed 6 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
6
359 }-
360 /* calculate tmp1 = inv(S) mod order */-
361 if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
!ec_group_do_i..., sig->s, ctx)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
362 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);-
363 goto err;
never executed: goto err;
0
364 }-
365 /* digest -> m */-
366 i = BN_num_bits(order);-
367 /*-
368 * Need to truncate digest if it is too long: first truncate whole bytes.-
369 */-
370 if (8 * dgst_len > i)
8 * dgst_len > iDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 582 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2-582
371 dgst_len = (i + 7) / 8;
executed 2 times by 1 test: dgst_len = (i + 7) / 8;
Executed by:
  • libcrypto.so.1.1
2
372 if (!BN_bin2bn(dgst, dgst_len, m)) {
!BN_bin2bn(dgst, dgst_len, m)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
373 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);-
374 goto err;
never executed: goto err;
0
375 }-
376 /* If still too long truncate remaining bits with a shift */-
377 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
(8 * dgst_len > i)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!BN_rshift(m, ...8 - (i & 0x7))Description
TRUEnever evaluated
FALSEnever evaluated
0-584
378 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);-
379 goto err;
never executed: goto err;
0
380 }-
381 /* u1 = m * tmp mod order */-
382 if (!BN_mod_mul(u1, m, u2, order, ctx)) {
!BN_mod_mul(u1...2, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
383 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);-
384 goto err;
never executed: goto err;
0
385 }-
386 /* u2 = r * w mod q */-
387 if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
!BN_mod_mul(u2...2, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
388 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);-
389 goto err;
never executed: goto err;
0
390 }-
391-
392 if ((point = EC_POINT_new(group)) == NULL) {
(point = EC_PO...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
393 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);-
394 goto err;
never executed: goto err;
0
395 }-
396 if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
!EC_POINT_mul(..._key, u2, ctx)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
397 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);-
398 goto err;
never executed: goto err;
0
399 }-
400-
401 if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
!EC_POINT_get_...id *)0) , ctx)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
402 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);-
403 goto err;
never executed: goto err;
0
404 }-
405-
406 if (!BN_nnmod(u1, X, order, ctx)) {
!BN_nnmod(u1, X, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 584 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-584
407 ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);-
408 goto err;
never executed: goto err;
0
409 }-
410 /* if the signature is correct u1 is equal to sig->r */-
411 ret = (BN_ucmp(u1, sig->r) == 0);-
412 err:
code before this statement executed 584 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
584
413 BN_CTX_end(ctx);-
414 BN_CTX_free(ctx);-
415 EC_POINT_free(point);-
416 return ret;
executed 590 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
590
417}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2