diff options
| author | beck <> | 2017-01-29 17:49:23 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-29 17:49:23 +0000 |
| commit | d1f47bd292f36094480caa49ada36b99a69c59b0 (patch) | |
| tree | 1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/ecdsa/ecs_ossl.c | |
| parent | f8c627888330b75c2eea8a3c27d0efe947a4f9da (diff) | |
| download | openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2 openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip | |
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecs_ossl.c')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecs_ossl.c | 85 |
1 files changed, 39 insertions, 46 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 637da6535f..c7f4bcbe03 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecs_ossl.c,v 1.8 2017/01/21 11:00:47 beck Exp $ */ | 1 | /* $OpenBSD: ecs_ossl.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Nils Larsch for the OpenSSL project | 3 | * Written by Nils Larsch for the OpenSSL project |
| 4 | */ | 4 | */ |
| @@ -95,14 +95,13 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 95 | int ret = 0; | 95 | int ret = 0; |
| 96 | 96 | ||
| 97 | if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { | 97 | if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { |
| 98 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); | 98 | ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); |
| 99 | return 0; | 99 | return 0; |
| 100 | } | 100 | } |
| 101 | 101 | ||
| 102 | if (ctx_in == NULL) { | 102 | if (ctx_in == NULL) { |
| 103 | if ((ctx = BN_CTX_new()) == NULL) { | 103 | if ((ctx = BN_CTX_new()) == NULL) { |
| 104 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, | 104 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 105 | ERR_R_MALLOC_FAILURE); | ||
| 106 | return 0; | 105 | return 0; |
| 107 | } | 106 | } |
| 108 | } else | 107 | } else |
| @@ -113,15 +112,15 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 113 | order = BN_new(); | 112 | order = BN_new(); |
| 114 | X = BN_new(); | 113 | X = BN_new(); |
| 115 | if (!k || !r || !order || !X) { | 114 | if (!k || !r || !order || !X) { |
| 116 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); | 115 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 117 | goto err; | 116 | goto err; |
| 118 | } | 117 | } |
| 119 | if ((tmp_point = EC_POINT_new(group)) == NULL) { | 118 | if ((tmp_point = EC_POINT_new(group)) == NULL) { |
| 120 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); | 119 | ECDSAerror(ERR_R_EC_LIB); |
| 121 | goto err; | 120 | goto err; |
| 122 | } | 121 | } |
| 123 | if (!EC_GROUP_get_order(group, order, ctx)) { | 122 | if (!EC_GROUP_get_order(group, order, ctx)) { |
| 124 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); | 123 | ECDSAerror(ERR_R_EC_LIB); |
| 125 | goto err; | 124 | goto err; |
| 126 | } | 125 | } |
| 127 | 126 | ||
| @@ -129,8 +128,7 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 129 | /* get random k */ | 128 | /* get random k */ |
| 130 | do | 129 | do |
| 131 | if (!BN_rand_range(k, order)) { | 130 | if (!BN_rand_range(k, order)) { |
| 132 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, | 131 | ECDSAerror(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); |
| 133 | ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); | ||
| 134 | goto err; | 132 | goto err; |
| 135 | } | 133 | } |
| 136 | while (BN_is_zero(k)); | 134 | while (BN_is_zero(k)); |
| @@ -148,15 +146,14 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 148 | 146 | ||
| 149 | /* compute r the x-coordinate of generator * k */ | 147 | /* compute r the x-coordinate of generator * k */ |
| 150 | if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { | 148 | if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { |
| 151 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); | 149 | ECDSAerror(ERR_R_EC_LIB); |
| 152 | goto err; | 150 | goto err; |
| 153 | } | 151 | } |
| 154 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | 152 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == |
| 155 | NID_X9_62_prime_field) { | 153 | NID_X9_62_prime_field) { |
| 156 | if (!EC_POINT_get_affine_coordinates_GFp(group, | 154 | if (!EC_POINT_get_affine_coordinates_GFp(group, |
| 157 | tmp_point, X, NULL, ctx)) { | 155 | tmp_point, X, NULL, ctx)) { |
| 158 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, | 156 | ECDSAerror(ERR_R_EC_LIB); |
| 159 | ERR_R_EC_LIB); | ||
| 160 | goto err; | 157 | goto err; |
| 161 | } | 158 | } |
| 162 | } | 159 | } |
| @@ -165,21 +162,20 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 165 | { | 162 | { |
| 166 | if (!EC_POINT_get_affine_coordinates_GF2m(group, | 163 | if (!EC_POINT_get_affine_coordinates_GF2m(group, |
| 167 | tmp_point, X, NULL, ctx)) { | 164 | tmp_point, X, NULL, ctx)) { |
| 168 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, | 165 | ECDSAerror(ERR_R_EC_LIB); |
| 169 | ERR_R_EC_LIB); | ||
| 170 | goto err; | 166 | goto err; |
| 171 | } | 167 | } |
| 172 | } | 168 | } |
| 173 | #endif | 169 | #endif |
| 174 | if (!BN_nnmod(r, X, order, ctx)) { | 170 | if (!BN_nnmod(r, X, order, ctx)) { |
| 175 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); | 171 | ECDSAerror(ERR_R_BN_LIB); |
| 176 | goto err; | 172 | goto err; |
| 177 | } | 173 | } |
| 178 | } while (BN_is_zero(r)); | 174 | } while (BN_is_zero(r)); |
| 179 | 175 | ||
| 180 | /* compute the inverse of k */ | 176 | /* compute the inverse of k */ |
| 181 | if (!BN_mod_inverse_ct(k, k, order, ctx)) { | 177 | if (!BN_mod_inverse_ct(k, k, order, ctx)) { |
| 182 | ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); | 178 | ECDSAerror(ERR_R_BN_LIB); |
| 183 | goto err; | 179 | goto err; |
| 184 | } | 180 | } |
| 185 | /* clear old values if necessary */ | 181 | /* clear old values if necessary */ |
| @@ -222,25 +218,25 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, | |||
| 222 | priv_key = EC_KEY_get0_private_key(eckey); | 218 | priv_key = EC_KEY_get0_private_key(eckey); |
| 223 | 219 | ||
| 224 | if (group == NULL || priv_key == NULL || ecdsa == NULL) { | 220 | if (group == NULL || priv_key == NULL || ecdsa == NULL) { |
| 225 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | 221 | ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); |
| 226 | return NULL; | 222 | return NULL; |
| 227 | } | 223 | } |
| 228 | 224 | ||
| 229 | ret = ECDSA_SIG_new(); | 225 | ret = ECDSA_SIG_new(); |
| 230 | if (!ret) { | 226 | if (!ret) { |
| 231 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | 227 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 232 | return NULL; | 228 | return NULL; |
| 233 | } | 229 | } |
| 234 | s = ret->s; | 230 | s = ret->s; |
| 235 | 231 | ||
| 236 | if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || | 232 | if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || |
| 237 | (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { | 233 | (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { |
| 238 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | 234 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 239 | goto err; | 235 | goto err; |
| 240 | } | 236 | } |
| 241 | 237 | ||
| 242 | if (!EC_GROUP_get_order(group, order, ctx)) { | 238 | if (!EC_GROUP_get_order(group, order, ctx)) { |
| 243 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | 239 | ECDSAerror(ERR_R_EC_LIB); |
| 244 | goto err; | 240 | goto err; |
| 245 | } | 241 | } |
| 246 | i = BN_num_bits(order); | 242 | i = BN_num_bits(order); |
| @@ -250,49 +246,46 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, | |||
| 250 | if (8 * dgst_len > i) | 246 | if (8 * dgst_len > i) |
| 251 | dgst_len = (i + 7)/8; | 247 | dgst_len = (i + 7)/8; |
| 252 | if (!BN_bin2bn(dgst, dgst_len, m)) { | 248 | if (!BN_bin2bn(dgst, dgst_len, m)) { |
| 253 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | 249 | ECDSAerror(ERR_R_BN_LIB); |
| 254 | goto err; | 250 | goto err; |
| 255 | } | 251 | } |
| 256 | /* If still too long truncate remaining bits with a shift */ | 252 | /* If still too long truncate remaining bits with a shift */ |
| 257 | if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | 253 | if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { |
| 258 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | 254 | ECDSAerror(ERR_R_BN_LIB); |
| 259 | goto err; | 255 | goto err; |
| 260 | } | 256 | } |
| 261 | do { | 257 | do { |
| 262 | if (in_kinv == NULL || in_r == NULL) { | 258 | if (in_kinv == NULL || in_r == NULL) { |
| 263 | if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { | 259 | if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { |
| 264 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, | 260 | ECDSAerror(ERR_R_ECDSA_LIB); |
| 265 | ERR_R_ECDSA_LIB); | ||
| 266 | goto err; | 261 | goto err; |
| 267 | } | 262 | } |
| 268 | ckinv = kinv; | 263 | ckinv = kinv; |
| 269 | } else { | 264 | } else { |
| 270 | ckinv = in_kinv; | 265 | ckinv = in_kinv; |
| 271 | if (BN_copy(ret->r, in_r) == NULL) { | 266 | if (BN_copy(ret->r, in_r) == NULL) { |
| 272 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, | 267 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 273 | ERR_R_MALLOC_FAILURE); | ||
| 274 | goto err; | 268 | goto err; |
| 275 | } | 269 | } |
| 276 | } | 270 | } |
| 277 | 271 | ||
| 278 | if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { | 272 | if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { |
| 279 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | 273 | ECDSAerror(ERR_R_BN_LIB); |
| 280 | goto err; | 274 | goto err; |
| 281 | } | 275 | } |
| 282 | if (!BN_mod_add_quick(s, tmp, m, order)) { | 276 | if (!BN_mod_add_quick(s, tmp, m, order)) { |
| 283 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | 277 | ECDSAerror(ERR_R_BN_LIB); |
| 284 | goto err; | 278 | goto err; |
| 285 | } | 279 | } |
| 286 | if (!BN_mod_mul(s, s, ckinv, order, ctx)) { | 280 | if (!BN_mod_mul(s, s, ckinv, order, ctx)) { |
| 287 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | 281 | ECDSAerror(ERR_R_BN_LIB); |
| 288 | goto err; | 282 | goto err; |
| 289 | } | 283 | } |
| 290 | if (BN_is_zero(s)) { | 284 | if (BN_is_zero(s)) { |
| 291 | /* if kinv and r have been supplied by the caller | 285 | /* if kinv and r have been supplied by the caller |
| 292 | * don't to generate new kinv and r values */ | 286 | * don't to generate new kinv and r values */ |
| 293 | if (in_kinv != NULL && in_r != NULL) { | 287 | if (in_kinv != NULL && in_r != NULL) { |
| 294 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, | 288 | ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES); |
| 295 | ECDSA_R_NEED_NEW_SETUP_VALUES); | ||
| 296 | goto err; | 289 | goto err; |
| 297 | } | 290 | } |
| 298 | } else | 291 | } else |
| @@ -329,13 +322,13 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, | |||
| 329 | /* check input values */ | 322 | /* check input values */ |
| 330 | if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || | 323 | if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || |
| 331 | (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { | 324 | (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { |
| 332 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); | 325 | ECDSAerror(ECDSA_R_MISSING_PARAMETERS); |
| 333 | return -1; | 326 | return -1; |
| 334 | } | 327 | } |
| 335 | 328 | ||
| 336 | ctx = BN_CTX_new(); | 329 | ctx = BN_CTX_new(); |
| 337 | if (!ctx) { | 330 | if (!ctx) { |
| 338 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | 331 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 339 | return -1; | 332 | return -1; |
| 340 | } | 333 | } |
| 341 | BN_CTX_start(ctx); | 334 | BN_CTX_start(ctx); |
| @@ -345,25 +338,25 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, | |||
| 345 | m = BN_CTX_get(ctx); | 338 | m = BN_CTX_get(ctx); |
| 346 | X = BN_CTX_get(ctx); | 339 | X = BN_CTX_get(ctx); |
| 347 | if (!X) { | 340 | if (!X) { |
| 348 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 341 | ECDSAerror(ERR_R_BN_LIB); |
| 349 | goto err; | 342 | goto err; |
| 350 | } | 343 | } |
| 351 | 344 | ||
| 352 | if (!EC_GROUP_get_order(group, order, ctx)) { | 345 | if (!EC_GROUP_get_order(group, order, ctx)) { |
| 353 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | 346 | ECDSAerror(ERR_R_EC_LIB); |
| 354 | goto err; | 347 | goto err; |
| 355 | } | 348 | } |
| 356 | 349 | ||
| 357 | if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || | 350 | if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || |
| 358 | BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || | 351 | BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || |
| 359 | BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { | 352 | BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { |
| 360 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); | 353 | ECDSAerror(ECDSA_R_BAD_SIGNATURE); |
| 361 | ret = 0; /* signature is invalid */ | 354 | ret = 0; /* signature is invalid */ |
| 362 | goto err; | 355 | goto err; |
| 363 | } | 356 | } |
| 364 | /* calculate tmp1 = inv(S) mod order */ | 357 | /* calculate tmp1 = inv(S) mod order */ |
| 365 | if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) { | 358 | if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) { |
| 366 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 359 | ECDSAerror(ERR_R_BN_LIB); |
| 367 | goto err; | 360 | goto err; |
| 368 | } | 361 | } |
| 369 | /* digest -> m */ | 362 | /* digest -> m */ |
| @@ -374,38 +367,38 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, | |||
| 374 | if (8 * dgst_len > i) | 367 | if (8 * dgst_len > i) |
| 375 | dgst_len = (i + 7)/8; | 368 | dgst_len = (i + 7)/8; |
| 376 | if (!BN_bin2bn(dgst, dgst_len, m)) { | 369 | if (!BN_bin2bn(dgst, dgst_len, m)) { |
| 377 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 370 | ECDSAerror(ERR_R_BN_LIB); |
| 378 | goto err; | 371 | goto err; |
| 379 | } | 372 | } |
| 380 | /* If still too long truncate remaining bits with a shift */ | 373 | /* If still too long truncate remaining bits with a shift */ |
| 381 | if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | 374 | if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { |
| 382 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 375 | ECDSAerror(ERR_R_BN_LIB); |
| 383 | goto err; | 376 | goto err; |
| 384 | } | 377 | } |
| 385 | /* u1 = m * tmp mod order */ | 378 | /* u1 = m * tmp mod order */ |
| 386 | if (!BN_mod_mul(u1, m, u2, order, ctx)) { | 379 | if (!BN_mod_mul(u1, m, u2, order, ctx)) { |
| 387 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 380 | ECDSAerror(ERR_R_BN_LIB); |
| 388 | goto err; | 381 | goto err; |
| 389 | } | 382 | } |
| 390 | /* u2 = r * w mod q */ | 383 | /* u2 = r * w mod q */ |
| 391 | if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { | 384 | if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { |
| 392 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 385 | ECDSAerror(ERR_R_BN_LIB); |
| 393 | goto err; | 386 | goto err; |
| 394 | } | 387 | } |
| 395 | 388 | ||
| 396 | if ((point = EC_POINT_new(group)) == NULL) { | 389 | if ((point = EC_POINT_new(group)) == NULL) { |
| 397 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | 390 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 398 | goto err; | 391 | goto err; |
| 399 | } | 392 | } |
| 400 | if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { | 393 | if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { |
| 401 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | 394 | ECDSAerror(ERR_R_EC_LIB); |
| 402 | goto err; | 395 | goto err; |
| 403 | } | 396 | } |
| 404 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | 397 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == |
| 405 | NID_X9_62_prime_field) { | 398 | NID_X9_62_prime_field) { |
| 406 | if (!EC_POINT_get_affine_coordinates_GFp(group, | 399 | if (!EC_POINT_get_affine_coordinates_GFp(group, |
| 407 | point, X, NULL, ctx)) { | 400 | point, X, NULL, ctx)) { |
| 408 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | 401 | ECDSAerror(ERR_R_EC_LIB); |
| 409 | goto err; | 402 | goto err; |
| 410 | } | 403 | } |
| 411 | } | 404 | } |
| @@ -414,13 +407,13 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, | |||
| 414 | { | 407 | { |
| 415 | if (!EC_POINT_get_affine_coordinates_GF2m(group, | 408 | if (!EC_POINT_get_affine_coordinates_GF2m(group, |
| 416 | point, X, NULL, ctx)) { | 409 | point, X, NULL, ctx)) { |
| 417 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | 410 | ECDSAerror(ERR_R_EC_LIB); |
| 418 | goto err; | 411 | goto err; |
| 419 | } | 412 | } |
| 420 | } | 413 | } |
| 421 | #endif | 414 | #endif |
| 422 | if (!BN_nnmod(u1, X, order, ctx)) { | 415 | if (!BN_nnmod(u1, X, order, ctx)) { |
| 423 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 416 | ECDSAerror(ERR_R_BN_LIB); |
| 424 | goto err; | 417 | goto err; |
| 425 | } | 418 | } |
| 426 | /* if the signature is correct u1 is equal to sig->r */ | 419 | /* if the signature is correct u1 is equal to sig->r */ |