Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | #include <openssl/opensslconf.h> | - |
60 | | - |
61 | #include <openssl/err.h> | - |
62 | #include <openssl/obj_mac.h> | - |
63 | #include <openssl/bn.h> | - |
64 | | - |
65 | #include "bn_lcl.h" | - |
66 | #include "ecs_locl.h" | - |
67 | | - |
68 | static int ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, | - |
69 | BIGNUM *order, BIGNUM *ret); | - |
70 | static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, | - |
71 | const BIGNUM *, const BIGNUM *, EC_KEY *eckey); | - |
72 | static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, | - |
73 | BIGNUM **rp); | - |
74 | static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, | - |
75 | const ECDSA_SIG *sig, EC_KEY *eckey); | - |
76 | | - |
77 | static ECDSA_METHOD openssl_ecdsa_meth = { | - |
78 | .name = "OpenSSL ECDSA method", | - |
79 | .ecdsa_do_sign = ecdsa_do_sign, | - |
80 | .ecdsa_sign_setup = ecdsa_sign_setup, | - |
81 | .ecdsa_do_verify = ecdsa_do_verify | - |
82 | }; | - |
83 | | - |
84 | const ECDSA_METHOD * | - |
85 | ECDSA_OpenSSL(void) | - |
86 | { | - |
87 | return &openssl_ecdsa_meth;executed 1 time by 1 test: return &openssl_ecdsa_meth; | 1 |
88 | } | - |
89 | | - |
90 | static int | - |
91 | ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, BIGNUM *order, | - |
92 | BIGNUM *ret) | - |
93 | { | - |
94 | int dgst_bits, order_bits; | - |
95 | | - |
96 | if (!BN_bin2bn(dgst, dgst_len, ret)) {TRUE | never evaluated | FALSE | evaluated 455 times by 1 test |
| 0-455 |
97 | ECDSAerror(ERR_R_BN_LIB); | - |
98 | return 0; never executed: return 0; | 0 |
99 | } | - |
100 | | - |
101 | | - |
102 | dgst_bits = 8 * dgst_len; | - |
103 | order_bits = BN_num_bits(order); | - |
104 | if (dgst_bits > order_bits) {TRUE | never evaluated | FALSE | evaluated 455 times by 1 test |
| 0-455 |
105 | if (!BN_rshift(ret, ret, dgst_bits - order_bits)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
106 | ECDSAerror(ERR_R_BN_LIB); | - |
107 | return 0; never executed: return 0; | 0 |
108 | } | - |
109 | } never executed: end of block | 0 |
110 | | - |
111 | return 1;executed 455 times by 1 test: return 1; | 455 |
112 | } | - |
113 | | - |
114 | static int | - |
115 | ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | - |
116 | { | - |
117 | BN_CTX *ctx = ctx_in; | - |
118 | BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; | - |
119 | EC_POINT *point = NULL; | - |
120 | const EC_GROUP *group; | - |
121 | int order_bits, ret = 0; | - |
122 | | - |
123 | if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
124 | ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); | - |
125 | return 0; never executed: return 0; | 0 |
126 | } | - |
127 | | - |
128 | if (ctx == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
129 | if ((ctx = BN_CTX_new()) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
130 | ECDSAerror(ERR_R_MALLOC_FAILURE); | - |
131 | return 0; never executed: return 0; | 0 |
132 | } | - |
133 | } never executed: end of block | 0 |
134 | | - |
135 | if ((k = BN_new()) == NULL || (r = BN_new()) == NULL ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
136 | (order = BN_new()) == NULL || (X = BN_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
137 | ECDSAerror(ERR_R_MALLOC_FAILURE); | - |
138 | goto err; never executed: goto err; | 0 |
139 | } | - |
140 | if ((point = EC_POINT_new(group)) == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
141 | ECDSAerror(ERR_R_EC_LIB); | - |
142 | goto err; never executed: goto err; | 0 |
143 | } | - |
144 | if (!EC_GROUP_get_order(group, order, ctx)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
145 | ECDSAerror(ERR_R_EC_LIB); | - |
146 | goto err; never executed: goto err; | 0 |
147 | } | - |
148 | | - |
149 | | - |
150 | order_bits = BN_num_bits(order); | - |
151 | if (!BN_set_bit(k, order_bits) ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
152 | !BN_set_bit(r, order_bits) ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
153 | !BN_set_bit(X, order_bits))TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
154 | goto err; never executed: goto err; | 0 |
155 | | - |
156 | do { | - |
157 | do { | - |
158 | if (!BN_rand_range(k, order)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
159 | ECDSAerror( | - |
160 | ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); | - |
161 | goto err; never executed: goto err; | 0 |
162 | } | - |
163 | } while (BN_is_zero(k));executed 76 times by 1 test: end of block TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
164 | | - |
165 | | - |
166 | | - |
167 | | - |
168 | | - |
169 | | - |
170 | | - |
171 | | - |
172 | | - |
173 | | - |
174 | | - |
175 | | - |
176 | | - |
177 | | - |
178 | | - |
179 | if (!BN_add(r, k, order) ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
180 | !BN_add(X, r, order) ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
181 | !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
182 | goto err; never executed: goto err; | 0 |
183 | | - |
184 | BN_set_flags(k, BN_FLG_CONSTTIME); | - |
185 | | - |
186 | | - |
187 | if (!EC_POINT_mul(group, point, k, NULL, NULL, ctx)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
188 | ECDSAerror(ERR_R_EC_LIB); | - |
189 | goto err; never executed: goto err; | 0 |
190 | } | - |
191 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==TRUE | evaluated 42 times by 1 test | FALSE | evaluated 34 times by 1 test |
| 34-42 |
192 | NID_X9_62_prime_field) {TRUE | evaluated 42 times by 1 test | FALSE | evaluated 34 times by 1 test |
| 34-42 |
193 | if (!EC_POINT_get_affine_coordinates_GFp(group, point,TRUE | never evaluated | FALSE | evaluated 42 times by 1 test |
| 0-42 |
194 | X, NULL, ctx)) {TRUE | never evaluated | FALSE | evaluated 42 times by 1 test |
| 0-42 |
195 | ECDSAerror(ERR_R_EC_LIB); | - |
196 | goto err; never executed: goto err; | 0 |
197 | } | - |
198 | }executed 42 times by 1 test: end of block | 42 |
199 | #ifndef OPENSSL_NO_EC2M | - |
200 | else { | - |
201 | if (!EC_POINT_get_affine_coordinates_GF2m(group, point,TRUE | never evaluated | FALSE | evaluated 34 times by 1 test |
| 0-34 |
202 | X, NULL, ctx)) {TRUE | never evaluated | FALSE | evaluated 34 times by 1 test |
| 0-34 |
203 | ECDSAerror(ERR_R_EC_LIB); | - |
204 | goto err; never executed: goto err; | 0 |
205 | } | - |
206 | }executed 34 times by 1 test: end of block | 34 |
207 | #endif | - |
208 | if (!BN_nnmod(r, X, order, ctx)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
209 | ECDSAerror(ERR_R_BN_LIB); | - |
210 | goto err; never executed: goto err; | 0 |
211 | } | - |
212 | } while (BN_is_zero(r));executed 76 times by 1 test: end of block TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
213 | | - |
214 | if (!BN_mod_inverse_ct(k, k, order, ctx)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
215 | ECDSAerror(ERR_R_BN_LIB); | - |
216 | goto err; never executed: goto err; | 0 |
217 | } | - |
218 | BN_clear_free(*rp); | - |
219 | BN_clear_free(*kinvp); | - |
220 | *rp = r; | - |
221 | *kinvp = k; | - |
222 | ret = 1; | - |
223 | | - |
224 | err:code before this statement executed 76 times by 1 test: err: | 76 |
225 | if (ret == 0) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
226 | BN_clear_free(k); | - |
227 | BN_clear_free(r); | - |
228 | } never executed: end of block | 0 |
229 | if (ctx_in == NULL)TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
230 | BN_CTX_free(ctx); never executed: BN_CTX_free(ctx); | 0 |
231 | BN_free(order); | - |
232 | EC_POINT_free(point); | - |
233 | BN_clear_free(X); | - |
234 | return (ret);executed 76 times by 1 test: return (ret); | 76 |
235 | } | - |
236 | | - |
237 | | - |
238 | static ECDSA_SIG * | - |
239 | ecdsa_do_sign(const unsigned char *dgst, int dgst_len, | - |
240 | const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) | - |
241 | { | - |
242 | BIGNUM *b = NULL, *binv = NULL, *bm = NULL, *bxr = NULL; | - |
243 | BIGNUM *kinv = NULL, *m = NULL, *order = NULL, *range = NULL, *s; | - |
244 | const BIGNUM *ckinv, *priv_key; | - |
245 | BN_CTX *ctx = NULL; | - |
246 | const EC_GROUP *group; | - |
247 | ECDSA_SIG *ret; | - |
248 | ECDSA_DATA *ecdsa; | - |
249 | int ok = 0; | - |
250 | | - |
251 | ecdsa = ecdsa_check(eckey); | - |
252 | group = EC_KEY_get0_group(eckey); | - |
253 | priv_key = EC_KEY_get0_private_key(eckey); | - |
254 | | - |
255 | if (group == NULL || priv_key == NULL || ecdsa == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
256 | ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); | - |
257 | return NULL; never executed: return ((void *)0) ; | 0 |
258 | } | - |
259 | | - |
260 | if ((ret = ECDSA_SIG_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
261 | ECDSAerror(ERR_R_MALLOC_FAILURE); | - |
262 | return NULL; never executed: return ((void *)0) ; | 0 |
263 | } | - |
264 | s = ret->s; | - |
265 | | - |
266 | if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
267 | (range = BN_new()) == NULL || (b = BN_new()) == NULL ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
268 | (binv = BN_new()) == NULL || (bm = BN_new()) == NULL ||TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
269 | (bxr = BN_new()) == NULL || (m = BN_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
270 | ECDSAerror(ERR_R_MALLOC_FAILURE); | - |
271 | goto err; never executed: goto err; | 0 |
272 | } | - |
273 | | - |
274 | if (!EC_GROUP_get_order(group, order, ctx)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
275 | ECDSAerror(ERR_R_EC_LIB); | - |
276 | goto err; never executed: goto err; | 0 |
277 | } | - |
278 | | - |
279 | if (!ecdsa_prepare_digest(dgst, dgst_len, order, m))TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
280 | goto err; never executed: goto err; | 0 |
281 | | - |
282 | do { | - |
283 | if (in_kinv == NULL || in_r == NULL) {TRUE | evaluated 76 times by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0-76 |
284 | if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
285 | ECDSAerror(ERR_R_ECDSA_LIB); | - |
286 | goto err; never executed: goto err; | 0 |
287 | } | - |
288 | ckinv = kinv; | - |
289 | } else {executed 76 times by 1 test: end of block | 76 |
290 | ckinv = in_kinv; | - |
291 | if (BN_copy(ret->r, in_r) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
292 | ECDSAerror(ERR_R_MALLOC_FAILURE); | - |
293 | goto err; never executed: goto err; | 0 |
294 | } | - |
295 | } never executed: end of block | 0 |
296 | | - |
297 | | - |
298 | | - |
299 | | - |
300 | | - |
301 | | - |
302 | | - |
303 | | - |
304 | | - |
305 | | - |
306 | | - |
307 | | - |
308 | | - |
309 | | - |
310 | | - |
311 | if (!BN_sub(range, order, BN_value_one())) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
312 | ECDSAerror(ERR_R_BN_LIB); | - |
313 | goto err; never executed: goto err; | 0 |
314 | } | - |
315 | if (!BN_rand_range(b, range)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
316 | ECDSAerror(ERR_R_BN_LIB); | - |
317 | goto err; never executed: goto err; | 0 |
318 | } | - |
319 | if (!BN_add(b, b, BN_value_one())) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
320 | ECDSAerror(ERR_R_BN_LIB); | - |
321 | goto err; never executed: goto err; | 0 |
322 | } | - |
323 | | - |
324 | if (BN_mod_inverse_ct(binv, b, order, ctx) == NULL) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
325 | ECDSAerror(ERR_R_BN_LIB); | - |
326 | goto err; never executed: goto err; | 0 |
327 | } | - |
328 | | - |
329 | if (!BN_mod_mul(bxr, b, priv_key, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
330 | ECDSAerror(ERR_R_BN_LIB); | - |
331 | goto err; never executed: goto err; | 0 |
332 | } | - |
333 | if (!BN_mod_mul(bxr, bxr, ret->r, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
334 | ECDSAerror(ERR_R_BN_LIB); | - |
335 | goto err; never executed: goto err; | 0 |
336 | } | - |
337 | if (!BN_mod_mul(bm, b, m, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
338 | ECDSAerror(ERR_R_BN_LIB); | - |
339 | goto err; never executed: goto err; | 0 |
340 | } | - |
341 | if (!BN_mod_add(s, bm, bxr, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
342 | ECDSAerror(ERR_R_BN_LIB); | - |
343 | goto err; never executed: goto err; | 0 |
344 | } | - |
345 | if (!BN_mod_mul(s, s, binv, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
346 | ECDSAerror(ERR_R_BN_LIB); | - |
347 | goto err; never executed: goto err; | 0 |
348 | } | - |
349 | if (!BN_mod_mul(s, s, ckinv, order, ctx)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
350 | ECDSAerror(ERR_R_BN_LIB); | - |
351 | goto err; never executed: goto err; | 0 |
352 | } | - |
353 | | - |
354 | if (BN_is_zero(s)) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
355 | | - |
356 | | - |
357 | | - |
358 | | - |
359 | if (in_kinv != NULL && in_r != NULL) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
360 | ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES); | - |
361 | goto err; never executed: goto err; | 0 |
362 | } | - |
363 | } else never executed: end of block | 0 |
364 | | - |
365 | break;executed 76 times by 1 test: break; | 76 |
366 | } while (1); | - |
367 | | - |
368 | ok = 1; | - |
369 | | - |
370 | err:code before this statement executed 76 times by 1 test: err: | 76 |
371 | if (ok == 0) {TRUE | never evaluated | FALSE | evaluated 76 times by 1 test |
| 0-76 |
372 | ECDSA_SIG_free(ret); | - |
373 | ret = NULL; | - |
374 | } never executed: end of block | 0 |
375 | BN_CTX_free(ctx); | - |
376 | BN_clear_free(b); | - |
377 | BN_clear_free(binv); | - |
378 | BN_clear_free(bm); | - |
379 | BN_clear_free(bxr); | - |
380 | BN_clear_free(kinv); | - |
381 | BN_clear_free(m); | - |
382 | BN_free(order); | - |
383 | BN_free(range); | - |
384 | return ret;executed 76 times by 1 test: return ret; | 76 |
385 | } | - |
386 | | - |
387 | static int | - |
388 | ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, | - |
389 | EC_KEY *eckey) | - |
390 | { | - |
391 | BN_CTX *ctx; | - |
392 | BIGNUM *order, *u1, *u2, *m, *X; | - |
393 | EC_POINT *point = NULL; | - |
394 | const EC_GROUP *group; | - |
395 | const EC_POINT *pub_key; | - |
396 | int ret = -1; | - |
397 | | - |
398 | if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
| 0-380 |
399 | (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
| 0-380 |
400 | ECDSAerror(ECDSA_R_MISSING_PARAMETERS); | - |
401 | return -1; never executed: return -1; | 0 |
402 | } | - |
403 | | - |
404 | if ((ctx = BN_CTX_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
| 0-380 |
405 | ECDSAerror(ERR_R_MALLOC_FAILURE); | - |
406 | return -1; never executed: return -1; | 0 |
407 | } | - |
408 | BN_CTX_start(ctx); | - |
409 | order = BN_CTX_get(ctx); | - |
410 | u1 = BN_CTX_get(ctx); | - |
411 | u2 = BN_CTX_get(ctx); | - |
412 | m = BN_CTX_get(ctx); | - |
413 | X = BN_CTX_get(ctx); | - |
414 | if (X == NULL) {TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
| 0-380 |
415 | ECDSAerror(ERR_R_BN_LIB); | - |
416 | goto err; never executed: goto err; | 0 |
417 | } | - |
418 | | - |
419 | if (!EC_GROUP_get_order(group, order, ctx)) {TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
| 0-380 |
420 | ECDSAerror(ERR_R_EC_LIB); | - |
421 | goto err; never executed: goto err; | 0 |
422 | } | - |
423 | | - |
424 | | - |
425 | if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 380 times by 1 test |
| 0-380 |
426 | BN_ucmp(sig->r, order) >= 0 ||TRUE | evaluated 1 time by 1 test | FALSE | evaluated 379 times by 1 test |
| 1-379 |
427 | BN_is_zero(sig->s) || BN_is_negative(sig->s) ||TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
428 | BN_ucmp(sig->s, order) >= 0) {TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
429 | ECDSAerror(ECDSA_R_BAD_SIGNATURE); | - |
430 | ret = 0; | - |
431 | goto err;executed 1 time by 1 test: goto err; | 1 |
432 | } | - |
433 | | - |
434 | if (!ecdsa_prepare_digest(dgst, dgst_len, order, m))TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
435 | goto err; never executed: goto err; | 0 |
436 | | - |
437 | if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
438 | ECDSAerror(ERR_R_BN_LIB); | - |
439 | goto err; never executed: goto err; | 0 |
440 | } | - |
441 | if (!BN_mod_mul(u1, m, u2, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
442 | ECDSAerror(ERR_R_BN_LIB); | - |
443 | goto err; never executed: goto err; | 0 |
444 | } | - |
445 | if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
446 | ECDSAerror(ERR_R_BN_LIB); | - |
447 | goto err; never executed: goto err; | 0 |
448 | } | - |
449 | | - |
450 | | - |
451 | if ((point = EC_POINT_new(group)) == NULL) {TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
452 | ECDSAerror(ERR_R_MALLOC_FAILURE); | - |
453 | goto err; never executed: goto err; | 0 |
454 | } | - |
455 | if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
456 | ECDSAerror(ERR_R_EC_LIB); | - |
457 | goto err; never executed: goto err; | 0 |
458 | } | - |
459 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==TRUE | evaluated 210 times by 1 test | FALSE | evaluated 169 times by 1 test |
| 169-210 |
460 | NID_X9_62_prime_field) {TRUE | evaluated 210 times by 1 test | FALSE | evaluated 169 times by 1 test |
| 169-210 |
461 | if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL,TRUE | never evaluated | FALSE | evaluated 210 times by 1 test |
| 0-210 |
462 | ctx)) {TRUE | never evaluated | FALSE | evaluated 210 times by 1 test |
| 0-210 |
463 | ECDSAerror(ERR_R_EC_LIB); | - |
464 | goto err; never executed: goto err; | 0 |
465 | } | - |
466 | }executed 210 times by 1 test: end of block | 210 |
467 | #ifndef OPENSSL_NO_EC2M | - |
468 | else { | - |
469 | if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL,TRUE | never evaluated | FALSE | evaluated 169 times by 1 test |
| 0-169 |
470 | ctx)) {TRUE | never evaluated | FALSE | evaluated 169 times by 1 test |
| 0-169 |
471 | ECDSAerror(ERR_R_EC_LIB); | - |
472 | goto err; never executed: goto err; | 0 |
473 | } | - |
474 | }executed 169 times by 1 test: end of block | 169 |
475 | #endif | - |
476 | if (!BN_nnmod(u1, X, order, ctx)) {TRUE | never evaluated | FALSE | evaluated 379 times by 1 test |
| 0-379 |
477 | ECDSAerror(ERR_R_BN_LIB); | - |
478 | goto err; never executed: goto err; | 0 |
479 | } | - |
480 | | - |
481 | | - |
482 | ret = (BN_ucmp(u1, sig->r) == 0); | - |
483 | | - |
484 | err:code before this statement executed 379 times by 1 test: err: | 379 |
485 | BN_CTX_end(ctx); | - |
486 | BN_CTX_free(ctx); | - |
487 | EC_POINT_free(point); | - |
488 | return ret;executed 380 times by 1 test: return ret; | 380 |
489 | } | - |
| | |