From c6700d27461e213af63bec686c57bd5a57c94a91 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 22 Feb 2004 19:32:53 +0000 Subject: [PATCH] A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h Submitted by: Nils Larsch Reviewed by: Geoff Thorpe --- crypto/ecdsa/ecdsa.h | 153 +++++++++++++++++++++--- crypto/ecdsa/ecs_ossl.c | 250 +++++++++++++++++++--------------------- 2 files changed, 254 insertions(+), 149 deletions(-) diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index e82762d35d..3e6abd26f6 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -1,6 +1,10 @@ /* crypto/ecdsa/ecdsa.h */ +/** + * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions + * \author Written by Nils Larsch for the OpenSSL project + */ /* ==================================================================== - * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,7 +100,7 @@ typedef struct ecdsa_data_st { /* EC_KEY_METH_DATA part */ int (*init)(EC_KEY *); void (*finish)(EC_KEY *); - /* method specific part */ + /* method (ECDSA) specific part */ BIGNUM *kinv; /* signing pre-calc */ BIGNUM *r; /* signing pre-calc */ ENGINE *engine; @@ -105,38 +109,157 @@ typedef struct ecdsa_data_st { CRYPTO_EX_DATA ex_data; } ECDSA_DATA; -/* signature functions */ +/** ECDSA_SIG *ECDSA_SIG_new(void) + * allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ ECDSA_SIG *ECDSA_SIG_new(void); + +/** ECDSA_SIG_free + * frees a ECDSA_SIG structure + * \param a pointer to the ECDSA_SIG structure + */ void ECDSA_SIG_free(ECDSA_SIG *a); + +/** i2d_ECDSA_SIG + * DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param a pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 + */ int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long length); -/* ECDSA_DATA functions */ +/** d2i_ECDSA_SIG + * decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param v pointer to ECDSA_SIG pointer (may be NULL) + * \param pp buffer with the DER encoded signature + * \param len bufferlength + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); + +/** ECDSA_DATA_new + * creates a new ECDSA_DATA object + * \return pointer to a newly allocated (and initialized) ECDSA_DATA object + */ ECDSA_DATA *ECDSA_DATA_new(void); -ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *); -void ECDSA_DATA_free(ECDSA_DATA *); -ECDSA_DATA *ecdsa_check(EC_KEY *); +/** ECDSA_DATA_new_method + * creates a new ECDSA_DATA object using a specified ENGINE + * \param eng pointer to a ENGINE structure + * \return pointer to a newly allocated (and initialized) ECDSA_DATA object + */ +ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *eng); + +/** ECDSA_DATA_free + * frees ECDSA_DATA structure + * \param data pointer to a ECDSA_DATA structure + */ +void ECDSA_DATA_free(ECDSA_DATA *data); + +/** ecdsa_check + * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure + * and if not it removes the old meth_data and creates a ECDSA_DATA structure. + * \param eckey pointer to a EC_KEY object + * \return pointer to a ECDSA_DATA structure + */ +ECDSA_DATA *ecdsa_check(EC_KEY *eckey); + +/** ECDSA_do_sign + * computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *); +/** ECDSA_do_verify + * verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig pointer to the ECDSA_SIG structure + * \param eckey pointer to the EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error + */ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, EC_KEY* eckey); const ECDSA_METHOD *ECDSA_OpenSSL(void); -void ECDSA_set_default_method(const ECDSA_METHOD *); +/** ECDSA_set_default_method + * sets the default ECDSA method + * \param meth the new default ECDSA_METHOD + */ +void ECDSA_set_default_method(const ECDSA_METHOD *meth); + +/** ECDSA_get_default_method + * returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method + */ const ECDSA_METHOD *ECDSA_get_default_method(void); -int ECDSA_set_method(EC_KEY *, const ECDSA_METHOD *); -int ECDSA_size(const EC_KEY *); +/** ECDSA_set_method + * sets method to be used for the ECDSA operations + * \param eckey pointer to the EC_KEY object + * \param meth pointer to the new method + * \return 1 on success and 0 otherwise + */ +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); + +/** ECDSA_size + * returns the maximum length of the DER encoded signature + * \param eckey pointer to a EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/** ECDSA_sign_setup + * precompute parts of the signing operation (the computed values may be + * passed to ECDSA_DATA->kinv and ECDSA_DATA->r for a later signature + * computation). + * \param eckey pointer to the EC_KEY object containing a private EC key + * \param ctx pointer to a BN_CTX object (may be NULL) + * \param kinv pointer to a BIGNUM pointer for the inverse of k + * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -int ECDSA_sign(int type, const unsigned char *dgst, int dgst_len, + +/** ECDSA_sign + * computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sig, int sig_len, EC_KEY *eckey); +/** ECDSA_verify + * verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey pointer to the EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); +/* the standard ex_data functions */ int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index ba1c56121c..7e4b61fdef 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -1,6 +1,9 @@ /* crypto/ecdsa/ecs_ossl.c */ +/* + * Written by Nils Larsch for the OpenSSL project + */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,49 +89,43 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { BN_CTX *ctx = NULL; - BIGNUM k,*kinv=NULL,*r=NULL,*order=NULL,*X=NULL; + BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; EC_POINT *tmp_point=NULL; + EC_GROUP *group; int ret = 0; if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } - - BN_init(&k); + group = eckey->group; if (ctx_in == NULL) { - if ((ctx=BN_CTX_new()) == NULL) + if ((ctx = BN_CTX_new()) == NULL) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); - goto err; + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE); + return 0; } } else - ctx=ctx_in; + ctx = ctx_in; - if ((r = BN_new()) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - if ((order = BN_new()) == NULL) + k = BN_new(); /* this value is later returned in *kinvp */ + r = BN_new(); /* this value is later returned in *rp */ + order = BN_new(); + X = BN_new(); + if (!k || !r || !order || !X) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - if ((X = BN_new()) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + goto err; } - if ((tmp_point = EC_POINT_new(eckey->group)) == NULL) + if ((tmp_point = EC_POINT_new(group)) == NULL) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } - if (!EC_GROUP_get_order(eckey->group,order,ctx)) + if (!EC_GROUP_get_order(group, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; @@ -138,42 +135,39 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, { /* get random k */ do - if (!BN_rand_range(&k,order)) + if (!BN_rand_range(k, order)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } - while (BN_is_zero(&k)); + while (BN_is_zero(k)); /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(eckey->group, tmp_point, &k, NULL, NULL, ctx)) + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(eckey->group)) - == NID_X9_62_prime_field) + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, - ERR_R_EC_LIB); + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); goto err; } } else /* NID_X9_62_characteristic_two_field */ { - if (!EC_POINT_get_affine_coordinates_GF2m(eckey->group, + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, NULL, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, - ERR_R_EC_LIB); + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); goto err; } } - if (!BN_nnmod(r,X,order,ctx)) + if (!BN_nnmod(r, X, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; @@ -182,36 +176,34 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, while (BN_is_zero(r)); /* compute the inverse of k */ - if ((kinv = BN_mod_inverse(NULL,&k,order,ctx)) == NULL) + if (!BN_mod_inverse(k, k, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } - - if (*rp == NULL) + /* clear old values if necessary */ + if (*rp != NULL) BN_clear_free(*rp); - *rp = r; - if (*kinvp == NULL) + if (*kinvp != NULL) BN_clear_free(*kinvp); - *kinvp = kinv; - kinv = NULL; + /* save the pre-computed values */ + *rp = r; + *kinvp = k; ret = 1; err: if (!ret) { - if (kinv != NULL) BN_clear_free(kinv); + if (k != NULL) BN_clear_free(k); if (r != NULL) BN_clear_free(r); } if (ctx_in == NULL) BN_CTX_free(ctx); - if (kinv != NULL) - BN_clear_free(kinv); if (order != NULL) - BN_clear_free(order); + BN_free(order); if (tmp_point != NULL) EC_POINT_free(tmp_point); - if (X) BN_clear_free(X); - BN_clear_free(&k); + if (X) + BN_clear_free(X); return(ret); } @@ -219,32 +211,38 @@ err: static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { - BIGNUM *kinv=NULL,*r=NULL,*s=NULL,*m=NULL,*tmp=NULL,*order=NULL; - BIGNUM xr; - BN_CTX *ctx=NULL; - ECDSA_SIG *ret=NULL; + int ok = 0; + BIGNUM *kinv=NULL, *r, *s, *m=NULL,*tmp=NULL,*order=NULL; + BN_CTX *ctx = NULL; + EC_GROUP *group; + ECDSA_SIG *ret; ECDSA_DATA *ecdsa; - BN_init(&xr); - ecdsa = ecdsa_check(eckey); - if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key - || !ecdsa) + if (!eckey->group || !eckey->pub_key || !eckey->priv_key || !ecdsa) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); - goto err; + return NULL; } + group = eckey->group; + ret = ECDSA_SIG_new(); + if (!ret) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + return NULL; + } + s = ret->s; + if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL || - (s = BN_new()) == NULL ) + (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_GROUP_get_order(eckey->group,order,ctx)) + if (!EC_GROUP_get_order(group, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; @@ -256,7 +254,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, goto err; } - if (BN_bin2bn(dgst,dgst_len,m) == NULL) + if (!BN_bin2bn(dgst, dgst_len, m)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; @@ -265,34 +263,34 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, { if (ecdsa->kinv == NULL || ecdsa->r == NULL) { - if (!ECDSA_sign_setup(eckey,ctx,&kinv,&r)) + if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, - ERR_R_ECDSA_LIB); + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB); goto err; } + r = ret->r; } else { - kinv = ecdsa->kinv; + BN_free(ret->r); + kinv = ecdsa->kinv; + r = ecdsa->r; + ret->r = r; ecdsa->kinv = NULL; - r = ecdsa->r; - ecdsa->r = NULL; + ecdsa->r = NULL; } - if (!BN_mod_mul(tmp,eckey->priv_key,r,order,ctx)) + if (!BN_mod_mul(tmp, eckey->priv_key, r, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - if (!BN_add(s,tmp,m)) + if (!BN_mod_add_quick(s, tmp, m, order)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - if (BN_cmp(s,order) > 0) - BN_sub(s,s,order); - if (!BN_mod_mul(s,s,kinv,order,ctx)) + if (!BN_mod_mul(s, s, kinv, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; @@ -300,23 +298,13 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, } while (BN_is_zero(s)); - if ((ret = ECDSA_SIG_new()) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - if (BN_copy(ret->r, r) == NULL || BN_copy(ret->s, s) == NULL) + ok = 1; +err: + if (!ok) { ECDSA_SIG_free(ret); ret = NULL; - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); } - -err: - if (r) - BN_clear_free(r); - if (s) - BN_clear_free(s); if (ctx) BN_CTX_free(ctx); if (m) @@ -324,92 +312,99 @@ err: if (tmp) BN_clear_free(tmp); if (order) - BN_clear_free(order); + BN_free(order); if (kinv) BN_clear_free(kinv); - return(ret); + return ret; } static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, EC_KEY *eckey) { - BN_CTX *ctx; - BIGNUM *order=NULL,*u1=NULL,*u2=NULL,*m=NULL,*X=NULL; - EC_POINT *point=NULL; int ret = -1; + BN_CTX *ctx; + BIGNUM *order, *u1, *u2, *m, *X; + EC_POINT *point = NULL; + EC_GROUP *group; + /* check input values */ if (!eckey || !eckey->group || !eckey->pub_key || !sig) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); return -1; } - if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || - (u1 = BN_new()) == NULL || (u2 = BN_new()) == NULL || - (m = BN_new()) == NULL || (X = BN_new()) == NULL) + group = eckey->group; + + ctx = BN_CTX_new(); + if (!ctx) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; + return -1; } - if (!EC_GROUP_get_order(eckey->group, order, ctx)) + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + u1 = BN_CTX_get(ctx); + u2 = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + if (!X) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } - - if (BN_is_zero(sig->r) || BN_get_sign(sig->r) || - BN_ucmp(sig->r, order) >= 0) + + if (!EC_GROUP_get_order(group, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); - ret = 0; + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } - if (BN_is_zero(sig->s) || BN_get_sign(sig->s) || - BN_ucmp(sig->s, order) >= 0) + + if (BN_is_zero(sig->r) || BN_get_sign(sig->r) || + BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || + BN_get_sign(sig->s) || BN_ucmp(sig->s, order) >= 0) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); - ret = 0; + ret = 0; /* signature is invalid */ goto err; } - /* calculate tmp1 = inv(S) mod order */ - if ((BN_mod_inverse(u2,sig->s,order,ctx)) == NULL) + if (!BN_mod_inverse(u2, sig->s, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } /* digest -> m */ - if (BN_bin2bn(dgst,dgst_len,m) == NULL) + if (!BN_bin2bn(dgst, dgst_len, m)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } /* u1 = m * tmp mod order */ - if (!BN_mod_mul(u1,m,u2,order,ctx)) + if (!BN_mod_mul(u1, m, u2, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } /* u2 = r * w mod q */ - if (!BN_mod_mul(u2,sig->r,u2,order,ctx)) + if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } - if ((point = EC_POINT_new(eckey->group)) == NULL) + if ((point = EC_POINT_new(group)) == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_POINT_mul(eckey->group, point, u1, eckey->pub_key, u2, ctx)) + if (!EC_POINT_mul(group, point, u1, eckey->pub_key, u2, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(eckey->group)) - == NID_X9_62_prime_field) + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, + if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); @@ -418,7 +413,7 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, } else /* NID_X9_62_characteristic_two_field */ { - if (!EC_POINT_get_affine_coordinates_GF2m(eckey->group, + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); @@ -426,30 +421,17 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, } } - if (!BN_nnmod(u1,X,order,ctx)) + if (!BN_nnmod(u1, X, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } - - /* is now in u1. If the signature is correct, it will be - * equal to R. */ - ret = (BN_ucmp(u1,sig->r) == 0); - - err: - if (ctx) - BN_CTX_free(ctx); - if (u1) - BN_clear_free(u1); - if (u2) - BN_clear_free(u2); - if (m) - BN_clear_free(m); - if (X) - BN_clear_free(X); - if (order) - BN_clear_free(order); + /* if the signature is correct u1 is equal to sig->r */ + ret = (BN_ucmp(u1, sig->r) == 0); +err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); if (point) EC_POINT_free(point); - return(ret); + return ret; } -- 2.40.0