SM2_F_PKEY_SM2_KEYGEN:276:pkey_sm2_keygen
SM2_F_PKEY_SM2_PARAMGEN:277:pkey_sm2_paramgen
SM2_F_PKEY_SM2_SIGN:278:pkey_sm2_sign
+SM2_F_SM2_COMPUTE_MSG_HASH:284:SM2_compute_msg_hash
+SM2_F_SM2_DECRYPT:279:SM2_decrypt
+SM2_F_SM2_ENCRYPT:280:SM2_encrypt
+SM2_F_SM2_SIGN:281:SM2_sign
+SM2_F_SM2_SIG_GEN:285:SM2_sig_gen
+SM2_F_SM2_SIG_VERIFY:282:SM2_sig_verify
+SM2_F_SM2_VERIFY:283:SM2_verify
SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
SSL_F_ADD_KEY_SHARE:512:add_key_share
SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
#ifndef HEADER_SM2ERR_H
# define HEADER_SM2ERR_H
-# ifdef __cplusplus
-extern "C" {
-# endif
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+# ifdef __cplusplus
+extern "C"
+# endif
int ERR_load_SM2_strings(void);
-# ifdef __cplusplus
-}
-# endif
/*
* SM2 function codes.
*/
-# define SM2_F_PKEY_SM2_CTRL 274
-# define SM2_F_PKEY_SM2_CTRL_STR 275
-# define SM2_F_PKEY_SM2_KEYGEN 276
-# define SM2_F_PKEY_SM2_PARAMGEN 277
-# define SM2_F_PKEY_SM2_SIGN 278
+# define SM2_F_PKEY_SM2_CTRL 274
+# define SM2_F_PKEY_SM2_CTRL_STR 275
+# define SM2_F_PKEY_SM2_KEYGEN 276
+# define SM2_F_PKEY_SM2_PARAMGEN 277
+# define SM2_F_PKEY_SM2_SIGN 278
+# define SM2_F_SM2_COMPUTE_MSG_HASH 284
+# define SM2_F_SM2_DECRYPT 279
+# define SM2_F_SM2_ENCRYPT 280
+# define SM2_F_SM2_SIGN 281
+# define SM2_F_SM2_SIG_GEN 285
+# define SM2_F_SM2_SIG_VERIFY 282
+# define SM2_F_SM2_VERIFY 283
/*
* SM2 reason codes.
*/
-# define SM2_R_ASN1_ERROR 115
-# define SM2_R_ASN5_ERROR 1150
-# define SM2_R_BAD_SIGNATURE 156
-# define SM2_R_BIGNUM_OUT_OF_RANGE 144
-# define SM2_R_BUFFER_TOO_SMALL 100
-# define SM2_R_COORDINATES_OUT_OF_RANGE 146
-# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
-# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
-# define SM2_R_D2I_ECPKPARAMETERS_FAILURE 117
-# define SM2_R_DECODE_ERROR 142
-# define SM2_R_DISCRIMINANT_IS_ZERO 118
-# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
-# define SM2_R_FIELD_TOO_LARGE 143
-# define SM2_R_GF2M_NOT_SUPPORTED 147
-# define SM2_R_GROUP2PKPARAMETERS_FAILURE 120
-# define SM2_R_I2D_ECPKPARAMETERS_FAILURE 121
-# define SM2_R_INCOMPATIBLE_OBJECTS 101
-# define SM2_R_INVALID_ARGUMENT 112
-# define SM2_R_INVALID_COMPRESSED_POINT 110
-# define SM2_R_INVALID_COMPRESSION_BIT 109
-# define SM2_R_INVALID_CURVE 141
-# define SM2_R_INVALID_DIGEST 151
-# define SM2_R_INVALID_DIGEST_TYPE 138
-# define SM2_R_INVALID_ENCODING 102
-# define SM2_R_INVALID_FIELD 103
-# define SM2_R_INVALID_FORM 104
-# define SM2_R_INVALID_GROUP_ORDER 122
-# define SM2_R_INVALID_KEY 116
-# define SM2_R_INVALID_OUTPUT_LENGTH 161
-# define SM2_R_INVALID_PEER_KEY 133
-# define SM2_R_INVALID_PENTANOMIAL_BASIS 132
-# define SM2_R_INVALID_PRIVATE_KEY 123
-# define SM2_R_INVALID_TRINOMIAL_BASIS 137
-# define SM2_R_KDF_PARAMETER_ERROR 148
-# define SM2_R_KEYS_NOT_SET 140
-# define SM2_R_MISSING_PARAMETERS 124
-# define SM2_R_MISSING_PRIVATE_KEY 125
-# define SM2_R_NEED_NEW_SETUP_VALUES 157
-# define SM2_R_NOT_A_NIST_PRIME 135
-# define SM2_R_NOT_IMPLEMENTED 126
-# define SM2_R_NOT_INITIALIZED 111
-# define SM2_R_NO_PARAMETERS_SET 139
-# define SM2_R_NO_PRIVATE_VALUE 154
-# define SM2_R_OPERATION_NOT_SUPPORTED 152
-# define SM2_R_PASSED_NULL_PARAMETER 134
-# define SM2_R_PEER_KEY_ERROR 149
-# define SM2_R_PKPARAMETERS2GROUP_FAILURE 127
-# define SM2_R_POINT_ARITHMETIC_FAILURE 155
-# define SM2_R_POINT_AT_INFINITY 106
-# define SM2_R_POINT_IS_NOT_ON_CURVE 107
-# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 158
-# define SM2_R_SHARED_INFO_ERROR 150
-# define SM2_R_SLOT_FULL 108
-# define SM2_R_UNDEFINED_GENERATOR 113
-# define SM2_R_UNDEFINED_ORDER 128
-# define SM2_R_UNKNOWN_GROUP 129
-# define SM2_R_UNKNOWN_ORDER 114
-# define SM2_R_UNSUPPORTED_FIELD 131
-# define SM2_R_WRONG_CURVE_PARAMETERS 145
-# define SM2_R_WRONG_ORDER 130
+# define SM2_R_ASN1_ERROR 115
+# define SM2_R_ASN5_ERROR 1150
+# define SM2_R_BAD_SIGNATURE 156
+# define SM2_R_BIGNUM_OUT_OF_RANGE 144
+# define SM2_R_BUFFER_TOO_SMALL 100
+# define SM2_R_COORDINATES_OUT_OF_RANGE 146
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
+# define SM2_R_D2I_ECPKPARAMETERS_FAILURE 117
+# define SM2_R_DECODE_ERROR 142
+# define SM2_R_DISCRIMINANT_IS_ZERO 118
+# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
+# define SM2_R_FIELD_TOO_LARGE 143
+# define SM2_R_GF2M_NOT_SUPPORTED 147
+# define SM2_R_GROUP2PKPARAMETERS_FAILURE 120
+# define SM2_R_I2D_ECPKPARAMETERS_FAILURE 121
+# define SM2_R_INCOMPATIBLE_OBJECTS 101
+# define SM2_R_INVALID_ARGUMENT 112
+# define SM2_R_INVALID_COMPRESSED_POINT 110
+# define SM2_R_INVALID_COMPRESSION_BIT 109
+# define SM2_R_INVALID_CURVE 141
+# define SM2_R_INVALID_DIGEST 151
+# define SM2_R_INVALID_DIGEST_TYPE 138
+# define SM2_R_INVALID_ENCODING 102
+# define SM2_R_INVALID_FIELD 103
+# define SM2_R_INVALID_FORM 104
+# define SM2_R_INVALID_GROUP_ORDER 122
+# define SM2_R_INVALID_KEY 116
+# define SM2_R_INVALID_OUTPUT_LENGTH 161
+# define SM2_R_INVALID_PEER_KEY 133
+# define SM2_R_INVALID_PENTANOMIAL_BASIS 132
+# define SM2_R_INVALID_PRIVATE_KEY 123
+# define SM2_R_INVALID_TRINOMIAL_BASIS 137
+# define SM2_R_KDF_PARAMETER_ERROR 148
+# define SM2_R_KEYS_NOT_SET 140
+# define SM2_R_MISSING_PARAMETERS 124
+# define SM2_R_MISSING_PRIVATE_KEY 125
+# define SM2_R_NEED_NEW_SETUP_VALUES 157
+# define SM2_R_NOT_A_NIST_PRIME 135
+# define SM2_R_NOT_IMPLEMENTED 126
+# define SM2_R_NOT_INITIALIZED 111
+# define SM2_R_NO_PARAMETERS_SET 139
+# define SM2_R_NO_PRIVATE_VALUE 154
+# define SM2_R_OPERATION_NOT_SUPPORTED 152
+# define SM2_R_PASSED_NULL_PARAMETER 134
+# define SM2_R_PEER_KEY_ERROR 149
+# define SM2_R_PKPARAMETERS2GROUP_FAILURE 127
+# define SM2_R_POINT_ARITHMETIC_FAILURE 155
+# define SM2_R_POINT_AT_INFINITY 106
+# define SM2_R_POINT_IS_NOT_ON_CURVE 107
+# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 158
+# define SM2_R_SHARED_INFO_ERROR 150
+# define SM2_R_SLOT_FULL 108
+# define SM2_R_UNDEFINED_GENERATOR 113
+# define SM2_R_UNDEFINED_ORDER 128
+# define SM2_R_UNKNOWN_GROUP 129
+# define SM2_R_UNKNOWN_ORDER 114
+# define SM2_R_UNSUPPORTED_FIELD 131
+# define SM2_R_WRONG_CURVE_PARAMETERS 145
+# define SM2_R_WRONG_ORDER 130
+# endif
#endif
*/
#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/asn1.h>
kG = EC_POINT_new(group);
kP = EC_POINT_new(group);
if (kG == NULL || kP == NULL)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto done;
+ }
ctx = BN_CTX_new();
if (ctx == NULL)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto done;
+ }
BN_CTX_start(ctx);
k = BN_CTX_get(ctx);
y2 = BN_CTX_get(ctx);
if (y2 == NULL)
- goto done;
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_BN_LIB);
+ goto done;
+ }
x2y2 = OPENSSL_zalloc(2 * field_size);
C3 = OPENSSL_zalloc(C3_size);
if (x2y2 == NULL || C3 == NULL)
- goto done;
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
memset(ciphertext_buf, 0, *ciphertext_len);
BN_priv_rand_range(k, order);
if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
goto done;
+ }
if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
goto done;
+ }
if (EC_POINT_mul(group, kP, NULL, P, k, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
goto done;
+ }
if (EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
goto done;
+ }
BN_bn2binpad(x2, x2y2, field_size);
BN_bn2binpad(y2, x2y2 + field_size, field_size);
msg_mask = OPENSSL_zalloc(msg_len);
if (msg_mask == NULL)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto done;
+ }
/* X9.63 with no salt happens to match the KDF used in SM2 */
if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)
msg_mask[i] ^= msg[i];
if (EVP_DigestInit(hash, digest) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestFinal(hash, C3, NULL) == 0)
+ {
+ SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
+ }
ctext_struct.C1x = x1;
ctext_struct.C1y = y1;
sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
if (sm2_ctext == NULL)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, SM2_R_ASN1_ERROR);
goto done;
+ }
if (sm2_ctext->C3->length != hash_size)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_ENCODING);
goto done;
+ }
C2 = sm2_ctext->C2->data;
C3 = sm2_ctext->C3->data;
ctx = BN_CTX_new();
if (ctx == NULL)
- goto done;
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
BN_CTX_start(ctx);
x2 = BN_CTX_get(ctx);
y2 = BN_CTX_get(ctx);
if(y2 == NULL)
- goto done;
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_BN_LIB);
+ goto done;
+ }
msg_mask = OPENSSL_zalloc(msg_len);
x2y2 = OPENSSL_zalloc(2 * field_size);
computed_C3 = OPENSSL_zalloc(hash_size);
if(msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL)
- goto done;
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
C1 = EC_POINT_new(group);
if (C1 == NULL)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
goto done;
+ }
if (EC_POINT_set_affine_coordinates_GFp
(group, C1, sm2_ctext->C1x, sm2_ctext->C1y, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB);
goto done;
+ }
if (EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), ctx) ==
0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB);
goto done;
+ }
if (EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB);
goto done;
+ }
BN_bn2binpad(x2, x2y2, field_size);
BN_bn2binpad(y2, x2y2 + field_size, field_size);
hash = EVP_MD_CTX_new();
if (hash == NULL)
- goto done;
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
if (EVP_DigestInit(hash, digest) == 0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, ptext_buf, msg_len) == 0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestFinal(hash, computed_C3, NULL) == 0)
+ {
+ SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
goto done;
+ }
if (memcmp(computed_C3, C3, hash_size) != 0)
goto done;
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"},
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"},
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0),
+ "SM2_compute_msg_hash"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "SM2_decrypt"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "SM2_encrypt"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "SM2_sign"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "SM2_sig_gen"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "SM2_sig_verify"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "SM2_verify"},
{0, NULL}
};
*/
#include "internal/sm2.h"
+#include "internal/sm2err.h"
+#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/err.h>
#include <openssl/bn.h>
#include <string.h>
-static BIGNUM *compute_msg_hash(const EVP_MD *digest,
- const EC_KEY *key,
- const char *user_id,
- const uint8_t *msg, size_t msg_len)
+static BIGNUM *SM2_compute_msg_hash(const EVP_MD *digest,
+ const EC_KEY *key,
+ const char *user_id,
+ const uint8_t *msg, size_t msg_len)
{
EVP_MD_CTX *hash = EVP_MD_CTX_new();
const int md_size = EVP_MD_size(digest);
BIGNUM *e = NULL;
if (za == NULL)
+ {
+ SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE);
goto done;
+ }
if (hash == NULL)
+ {
+ SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE);
goto done;
+ }
if (SM2_compute_userid_digest(za, digest, user_id, key) == 0)
goto done;
if (EVP_DigestInit(hash, digest) == 0)
+ {
+ SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, za, md_size) == 0)
+ {
+ SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
goto done;
+ }
if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
+ {
+ SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
goto done;
+ }
/* reuse za buffer to hold H(ZA || M) */
if (EVP_DigestFinal(hash, za, NULL) == 0)
+ {
+ SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
goto done;
+ }
e = BN_bin2bn(za, md_size, NULL);
kG = EC_POINT_new(group);
if (kG == NULL)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
goto done;
+ }
ctx = BN_CTX_new();
if (ctx == NULL)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
goto done;
+ }
BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
if (tmp == NULL)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
goto done;
+ }
/* These values are returned and so should not be allocated out of the context */
r = BN_new();
s = BN_new();
if (r == NULL || s == NULL)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
goto done;
+ }
for (;;) {
BN_priv_rand_range(k, order);
if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_EC_LIB);
goto done;
+ }
if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_EC_LIB);
goto done;
+ }
if (BN_mod_add(r, e, x1, order, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
goto done;
+ }
/* try again if r == 0 or r+k == n */
if (BN_is_zero(r))
if (BN_cmp(rk, order) == 0)
continue;
- BN_add(s, dA, BN_value_one());
- BN_mod_inverse(s, s, order, ctx);
-
- BN_mod_mul(tmp, dA, r, order, ctx);
- BN_sub(tmp, k, tmp);
-
- BN_mod_mul(s, s, tmp, order, ctx);
+ if(BN_add(s, dA, BN_value_one()) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+ goto done;
+ }
+
+ if(BN_mod_inverse(s, s, order, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+ goto done;
+ }
+
+ if(BN_mod_mul(tmp, dA, r, order, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+ goto done;
+ }
+
+ if(BN_sub(tmp, k, tmp) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+ goto done;
+ }
+
+ if(BN_mod_mul(s, s, tmp, order, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+ goto done;
+ }
sig = ECDSA_SIG_new();
if (sig == NULL)
+ {
+ SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
goto done;
+ }
/* takes ownership of r and s */
ECDSA_SIG_set0(sig, r, s);
ctx = BN_CTX_new();
if (ctx == NULL)
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
goto done;
+ }
+
pt = EC_POINT_new(group);
if (pt == NULL)
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
goto done;
+ }
BN_CTX_start(ctx);
x1 = BN_CTX_get(ctx);
if (x1 == NULL)
- goto done;
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
/*
B1: verify whether r' in [1,n-1], verification failed if not
ECDSA_SIG_get0(sig, &r, &s);
- if (BN_cmp(r, BN_value_one()) < 0)
- goto done;
- if (BN_cmp(s, BN_value_one()) < 0)
+ if ((BN_cmp(r, BN_value_one()) < 0) || (BN_cmp(s, BN_value_one()) < 0))
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
goto done;
+ }
- if (BN_cmp(order, r) <= 0)
- goto done;
- if (BN_cmp(order, s) <= 0)
+ if ((BN_cmp(order, r) <= 0) || (BN_cmp(order, s) <= 0))
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
goto done;
+ }
if (BN_mod_add(t, r, s, order, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
goto done;
+ }
if (BN_is_zero(t) == 1)
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
goto done;
+ }
if (EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB);
goto done;
+ }
if (EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB);
goto done;
+ }
if (BN_mod_add(t, e, x1, order, ctx) == 0)
+ {
+ SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
goto done;
+ }
if (BN_cmp(r, t) == 0)
ret = 1;
BIGNUM *e = NULL;
ECDSA_SIG *sig = NULL;
- e = compute_msg_hash(digest, key, user_id, msg, msg_len);
+ e = SM2_compute_msg_hash(digest, key, user_id, msg, msg_len);
if (e == NULL)
goto done;
BIGNUM *e = NULL;
int ret = -1;
- e = compute_msg_hash(digest, key, user_id, msg, msg_len);
+ e = SM2_compute_msg_hash(digest, key, user_id, msg, msg_len);
if (e == NULL)
goto done;
ECDSA_SIG *s = NULL;
int ret = -1;
- if (type != NID_sm3)
- goto done;
-
- if (dgstlen != 32) /* expected length of SM3 hash */
- goto done;
+ if (type != NID_sm3 || dgstlen != 32)
+ {
+ SM2err(SM2_F_SM2_SIGN, SM2_R_INVALID_DIGEST_TYPE);
+ goto done;
+ }
e = BN_bin2bn(dgst, dgstlen, NULL);
int ret = -1;
if (type != NID_sm3)
- goto done;
+ {
+ SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_DIGEST_TYPE);
+ goto done;
+ }
s = ECDSA_SIG_new();
if (s == NULL)
+ {
+ SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE);
goto done;
+ }
if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+ {
+ SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
goto done;
+ }
/* Ensure signature uses DER and doesn't have trailing garbage */
derlen = i2d_ECDSA_SIG(s, &der);
if (derlen != sig_len || memcmp(sig, der, derlen) != 0)
+ {
+ SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
goto done;
+ }
e = BN_bin2bn(dgst, dgstlen, NULL);
projects / openssl.git / commitdiff