@@ -225,7 +225,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp, const uint8_t *digest,
size_t digest_len) {
BN_CTX *ctx = NULL;
BIGNUM *k = NULL, *r = NULL, *X = NULL;
BIGNUM *k = NULL, *r = NULL, *tmp = NULL;
EC_POINT *tmp_point = NULL;
const EC_GROUP *group;
int ret = 0;
@@ -246,8 +246,8 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
k = BN_new(); /* this value is later returned in *kinvp */
r = BN_new(); /* this value is later returned in *rp */
X = BN_new();
if (k == NULL || r == NULL || X == NULL) {
tmp = BN_new();
if (k == NULL || r == NULL || tmp == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -296,33 +296,25 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) {
if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, tmp, NULL,
ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!BN_nnmod(r, X , order, ctx)) {
if (!BN_nnmod(r, tmp , order, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
} while (BN_is_zero(r));
/* compute the inverse of k */
if (ec_group_get_mont_data(group) != NULL) {
/* We want inverse in constant time, therefore we use that the order must
* be prime and thus we can use Fermat's Little Theorem. */
if (!BN_set_word(X, 2) ||
!BN_sub(X, order, X)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
BN_set_flags(X, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont_consttime(k, k, X, order, ctx,
ec_group_get_mont_data(group))) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
} else if (!BN_mod_inverse(k, k, order, ctx)) {
/* Compute the inverse of k. The order is a prime, so use Fermat's Little
* Theorem. */
if (!BN_set_word(tmp, 2) ||
!BN_sub(tmp, order, tmp) ||
/* Note |ec_group_get_mont_data| may return NULL but |BN_mod_exp_mont|
* allows it to be. */
!BN_mod_exp_mont(k, k, tmp, order, ctx, ec_group_get_mont_data(group))) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
@@ -344,7 +336,7 @@ err:
BN_CTX_free(ctx);
}
EC_POINT_free(tmp_point);
BN_clear_free(X );
BN_clear_free(tmp );
return ret;
}