本文整理汇总了C++中BN_nnmod函数的典型用法代码示例。如果您正苦于以下问题:C++ BN_nnmod函数的具体用法?C++ BN_nnmod怎么用?C++ BN_nnmod使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了BN_nnmod函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ec_GFp_simple_set_Jprojective_coordinates_GFp
int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
EC_POINT *point,
const BIGNUM *x,
const BIGNUM *y,
const BIGNUM *z,
BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
int ret = 0;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
if (x != NULL) {
if (!BN_nnmod(&point->X, x, &group->field, ctx))
goto err;
if (group->meth->field_encode) {
if (!group->meth->field_encode(group, &point->X, &point->X, ctx))
goto err;
}
}
if (y != NULL) {
if (!BN_nnmod(&point->Y, y, &group->field, ctx))
goto err;
if (group->meth->field_encode) {
if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx))
goto err;
}
}
if (z != NULL) {
int Z_is_one;
if (!BN_nnmod(&point->Z, z, &group->field, ctx))
goto err;
Z_is_one = BN_is_one(&point->Z);
if (group->meth->field_encode) {
if (Z_is_one && (group->meth->field_set_to_one != 0)) {
if (!group->meth->field_set_to_one(group, &point->Z, ctx))
goto err;
} else {
if (!group->
meth->field_encode(group, &point->Z, &point->Z, ctx))
goto err;
}
}
point->Z_is_one = Z_is_one;
}
ret = 1;
err:
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;
}示例2: ec_GFp_simple_group_set_curve
int ec_GFp_simple_group_set_curve(EC_GROUP *group,
const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
int ret = 0;
BN_CTX *new_ctx = NULL;
BIGNUM *tmp_a;
/* p must be a prime > 3 */
if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
return 0;
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
BN_CTX_start(ctx);
tmp_a = BN_CTX_get(ctx);
if (tmp_a == NULL)
goto err;
/* group->field */
if (!BN_copy(&group->field, p))
goto err;
BN_set_negative(&group->field, 0);
/* group->a */
if (!BN_nnmod(tmp_a, a, p, ctx))
goto err;
if (group->meth->field_encode) {
if (!group->meth->field_encode(group, &group->a, tmp_a, ctx))
goto err;
} else if (!BN_copy(&group->a, tmp_a))
goto err;
/* group->b */
if (!BN_nnmod(&group->b, b, p, ctx))
goto err;
if (group->meth->field_encode)
if (!group->meth->field_encode(group, &group->b, &group->b, ctx))
goto err;
/* group->a_is_minus3 */
if (!BN_add_word(tmp_a, 3))
goto err;
group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
ret = 1;
err:
BN_CTX_end(ctx);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;
}示例3: BN_mod_mul
/* slow but works */
int
BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
BN_CTX *ctx)
{
BIGNUM *t;
int ret = 0;
bn_check_top(a);
bn_check_top(b);
bn_check_top(m);
BN_CTX_start(ctx);
if ((t = BN_CTX_get(ctx)) == NULL)
goto err;
if (a == b) {
if (!BN_sqr(t, a, ctx))
goto err;
} else {
if (!BN_mul(t, a,b, ctx))
goto err;
}
if (!BN_nnmod(r, t,m, ctx))
goto err;
bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
return (ret);
}示例4: BN_mod_sub
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
BN_CTX *ctx)
{
if (!BN_sub(r, a, b))
return 0;
return BN_nnmod(r, r, m, ctx);
}示例5: BN_mod_lshift1
int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
{
if (!BN_lshift1(r, a))
return 0;
bn_check_top(r);
return BN_nnmod(r, r, m, ctx);
}示例6: one
/* The secret integers s0 and s1 must be in the range 0 < s < n for
some n, and must be relatively prime to that n. We know a priori
that n is of the form 2**k * p for some small integer k and prime
p. Therefore, it suffices to choose a random integer in the range
[0, n/2), multiply by two and add one (enforcing oddness), and then
reject values which are divisible by p. */
static BIGNUM *
random_s(const BIGNUM *n, const BIGNUM *p, BN_CTX *c)
{
BIGNUM h, m, *r;
BN_init(&h);
BN_init(&m);
FAILZ(r = BN_new());
FAILZ(BN_copy(&h, n));
FAILZ(BN_rshift1(&h, &h));
do {
FAILZ(BN_rand_range(r, &h));
FAILZ(BN_lshift1(r, r));
FAILZ(BN_add(r, r, BN_value_one()));
FAILZ(BN_nnmod(&m, r, p, c));
} while (BN_is_zero(&m));
BN_clear(&h);
BN_clear(&m);
return r;
fail:
BN_clear(&h);
BN_clear(&m);
if (r) BN_clear_free(r);
return 0;
}示例7: BN_CTX_new
bool CECKey::TweakSecret(unsigned char vchSecretOut[32], const unsigned char vchSecretIn[32], const unsigned char vchTweak[32])
{
bool ret = true;
BN_CTX *ctx = BN_CTX_new();
BN_CTX_start(ctx);
BIGNUM *bnSecret = BN_CTX_get(ctx);
BIGNUM *bnTweak = BN_CTX_get(ctx);
BIGNUM *bnOrder = BN_CTX_get(ctx);
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order...
BN_bin2bn(vchTweak, 32, bnTweak);
if (BN_cmp(bnTweak, bnOrder) >= 0)
ret = false; // extremely unlikely
BN_bin2bn(vchSecretIn, 32, bnSecret);
BN_add(bnSecret, bnSecret, bnTweak);
BN_nnmod(bnSecret, bnSecret, bnOrder, ctx);
if (BN_is_zero(bnSecret))
ret = false; // ridiculously unlikely
int nBits = BN_num_bits(bnSecret);
memset(vchSecretOut, 0, 32);
BN_bn2bin(bnSecret, &vchSecretOut[32-(nBits+7)/8]);
EC_GROUP_free(group);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}示例8: EC_KEY_new_by_curve_name
CSignerECDSA::CSignerECDSA(const uint8_t PrivData[32], unsigned char Signature[65])
{
order.setuint256(g_Order);
EC_KEY* pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
const EC_GROUP *group = EC_KEY_get0_group(pkey);
CBigNum privkey;
BN_bin2bn(PrivData, 32, &privkey);
EC_KEY_regenerate_key(pkey, &privkey);
EC_POINT *tmp_point = EC_POINT_new(group);
EC_POINT *test_point = EC_POINT_new(group);
CBigNum r, X, Y;
bool which = false;
do
{
// get random k
do
BN_rand_range(&kinv, &order);
while (!kinv);
/* We do not want timing information to leak the length of k,
* so we compute G*k using an equivalent scalar of fixed
* bit-length. */
kinv += order;
if (BN_num_bits(&kinv) <= 256)
kinv += order;
// compute r the x-coordinate of generator * k
EC_POINT_mul(group, tmp_point, &kinv, NULL, NULL, ctx);
EC_POINT_get_affine_coordinates_GFp(group, tmp_point, &X, &Y, ctx);
EC_POINT_set_compressed_coordinates_GFp(group, test_point, &X, 0, ctx);
which = !!EC_POINT_cmp(group, tmp_point, test_point, ctx);
BN_nnmod(&r, &X, &order, ctx);
}
while (!r);
// compute the inverse of k
BN_mod_inverse(&kinv, &kinv, &order, ctx);
BN_mod_mul(&pmr, &privkey, &r, &order, ctx);
BN_mod_mul(&prk, &pmr, &kinv, &order, ctx);
memset(Signature, 0, 65);
int nBitsR = BN_num_bits(&r);
BN_bn2bin(&r, &Signature[33-(nBitsR+7)/8]);
Signature[0] = 27 + which;
EC_POINT_free(tmp_point);
EC_POINT_free(test_point);
EC_KEY_free(pkey);
}示例9: BN_mod_lshift
int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
{
BIGNUM *abs_m = NULL;
int ret;
if (!BN_nnmod(r, a, m, ctx)) return 0;
if (m->neg)
{
abs_m = BN_dup(m);
if (abs_m == NULL) return 0;
abs_m->neg = 0;
}
ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
if (abs_m)
BN_free(abs_m);
return ret;
}示例10: SRP_Verify_B_mod_N
int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
{
BIGNUM *r;
BN_CTX *bn_ctx;
int ret = 0;
if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
return 0;
if ((r = BN_new()) == NULL)
goto err;
/* Checks if B % N == 0 */
if (!BN_nnmod(r, B, N, bn_ctx))
goto err;
ret = !BN_is_zero(r);
err:
BN_CTX_free(bn_ctx);
BN_free(r);
return ret;
}示例11: test_mont
int test_mont(BIO *bp, BN_CTX *ctx)
{
BIGNUM a,b,c,d,A,B;
BIGNUM n;
int i;
BN_MONT_CTX *mont;
BN_init(&a);
BN_init(&b);
BN_init(&c);
BN_init(&d);
BN_init(&A);
BN_init(&B);
BN_init(&n);
mont=BN_MONT_CTX_new();
BN_bntest_rand(&a,100,0,0); /**/
BN_bntest_rand(&b,100,0,0); /**/
for (i=0; i<num2; i++)
{
int bits = (200*(i+1))/num2;
if (bits == 0)
continue;
BN_bntest_rand(&n,bits,0,1);
BN_MONT_CTX_set(mont,&n,ctx);
BN_nnmod(&a,&a,&n,ctx);
BN_nnmod(&b,&b,&n,ctx);
BN_to_montgomery(&A,&a,mont,ctx);
BN_to_montgomery(&B,&b,mont,ctx);
BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
BN_from_montgomery(&A,&c,mont,ctx);/**/
if (bp != NULL)
{
if (!results)
{
#ifdef undef
fprintf(stderr,"%d * %d %% %d\n",
BN_num_bits(&a),
BN_num_bits(&b),
BN_num_bits(mont->N));
#endif
BN_print(bp,&a);
BIO_puts(bp," * ");
BN_print(bp,&b);
BIO_puts(bp," % ");
BN_print(bp,&(mont->N));
BIO_puts(bp," - ");
}
BN_print(bp,&A);
BIO_puts(bp,"\n");
}
BN_mod_mul(&d,&a,&b,&n,ctx);
BN_sub(&d,&d,&A);
if(!BN_is_zero(&d))
{
fprintf(stderr,"Montgomery multiplication test failed!\n");
return 0;
}
}
BN_MONT_CTX_free(mont);
BN_free(&a);
BN_free(&b);
BN_free(&c);
BN_free(&d);
BN_free(&A);
BN_free(&B);
BN_free(&n);
return(1);
}示例12: ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
BIGNUM **kinvp, BIGNUM **rp,
const unsigned char *dgst, int dlen)
{
BN_CTX *ctx = NULL;
BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
EC_POINT *tmp_point = NULL;
const EC_GROUP *group;
int ret = 0;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
return 0;
}
} else
ctx = ctx_in;
k = BN_new(); /* this value is later returned in *kinvp */
r = BN_new(); /* this value is later returned in *rp */
order = BN_new();
X = BN_new();
if (k == NULL || r == NULL || order == NULL || X == NULL) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
goto err;
}
if ((tmp_point = EC_POINT_new(group)) == NULL) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
do {
/* get random k */
do
if (dgst != NULL) {
if (!BN_generate_dsa_nonce
(k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,
ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
} else {
if (!BN_rand_range(k, order)) {
ECerr(EC_F_ECDSA_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
}
while (BN_is_zero(k));
/*
* We do not want timing information to leak the length of k, so we
* compute G*k using an equivalent scalar of fixed bit-length.
*/
if (!BN_add(k, k, order))
goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order))
goto err;
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp
(group, tmp_point, X, NULL, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else { /* NID_X9_62_characteristic_two_field */
if (!EC_POINT_get_affine_coordinates_GF2m(group,
tmp_point, X, NULL,
ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(r, X, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
}
//.........这里部分代码省略.........
示例13: BN_kronecker
//.........这里部分代码省略.........
/*
* Kronecker symbol, imlemented according to Henri Cohen,
* "A Course in Computational Algebraic Number Theory"
* (algorithm 1.4.10).
*/
/* Cohen's step 1: */
if (BN_is_zero (B))
{
ret = BN_abs_is_word (A, 1);
goto end;
}
/* Cohen's step 2: */
if (!BN_is_odd (A) && !BN_is_odd (B))
{
ret = 0;
goto end;
}
/* now B is non-zero */
i = 0;
while (!BN_is_bit_set (B, i))
i++;
err = !BN_rshift (B, B, i);
if (err)
goto end;
if (i & 1)
{
/* i is odd */
/* (thus B was even, thus A must be odd!) */
/* set 'ret' to $(-1)^{(A^2-1)/8}$ */
ret = tab[BN_lsw (A) & 7];
}
else
{
/* i is even */
ret = 1;
}
if (B->neg)
{
B->neg = 0;
if (A->neg)
ret = -ret;
}
/* now B is positive and odd, so what remains to be done is
* to compute the Jacobi symbol (A/B) and multiply it by 'ret' */
while (1)
{
/* Cohen's step 3: */
/* B is positive and odd */
if (BN_is_zero (A))
{
ret = BN_is_one (B) ? ret : 0;
goto end;
}
/* now A is non-zero */
i = 0;
while (!BN_is_bit_set (A, i))
i++;
err = !BN_rshift (A, A, i);
if (err)
goto end;
if (i & 1)
{
/* i is odd */
/* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
ret = ret * tab[BN_lsw (B) & 7];
}
/* Cohen's step 4: */
/* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
if ((A->neg ? ~BN_lsw (A) : BN_lsw (A)) & BN_lsw (B) & 2)
ret = -ret;
/* (A, B) := (B mod |A|, |A|) */
err = !BN_nnmod (B, B, A, ctx);
if (err)
goto end;
tmp = A;
A = B;
B = tmp;
tmp->neg = 0;
}
end:
BN_CTX_end (ctx);
if (err)
return -2;
else
return ret;
}示例14: ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp)
{
BN_CTX *ctx = NULL;
BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
EC_POINT *tmp_point = NULL;
const EC_GROUP *group;
int ret = 0;
int order_bits;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
return 0;
}
} else
ctx = ctx_in;
k = BN_new(); /* this value is later returned in *kinvp */
r = BN_new(); /* this value is later returned in *rp */
order = BN_new();
X = BN_new();
if (!k || !r || !order || !X) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
goto err;
}
if ((tmp_point = EC_POINT_new(group)) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
/* Preallocate space */
order_bits = BN_num_bits(order);
if (!BN_set_bit(k, order_bits)
|| !BN_set_bit(r, order_bits)
|| !BN_set_bit(X, order_bits))
goto err;
do {
/* get random k */
do
if (!BN_rand_range(k, order)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
while (BN_is_zero(k)) ;
/*
* We do not want timing information to leak the length of k, so we
* compute G*k using an equivalent scalar of fixed bit-length.
*
* We unconditionally perform both of these additions to prevent a
* small timing information leakage. We then choose the sum that is
* one bit longer than the order. This guarantees the code
* path used in the constant time implementations elsewhere.
*
* TODO: revisit the BN_copy aiming for a memory access agnostic
* conditional copy.
*/
if (!BN_add(r, k, order)
|| !BN_add(X, r, order)
|| !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
goto err;
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp
(group, tmp_point, X, NULL, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else { /* NID_X9_62_characteristic_two_field */
if (!EC_POINT_get_affine_coordinates_GF2m(group,
tmp_point, X, NULL,
ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(r, X, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
//.........这里部分代码省略.........
示例15: ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp)
{
BN_CTX *ctx = NULL;
BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
EC_POINT *tmp_point=NULL;
const EC_GROUP *group;
int ret = 0;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ctx_in == NULL)
{
if ((ctx = BN_CTX_new()) == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
return 0;
}
}
else
ctx = ctx_in;
k = BN_new(); /* this value is later returned in *kinvp */
r = BN_new(); /* this value is later returned in *rp */
order = BN_new();
X = BN_new();
if (!k || !r || !order || !X)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
goto err;
}
if ((tmp_point = EC_POINT_new(group)) == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
#ifdef OPENSSL_FIPS
if (!fips_check_ec_prng(eckey))
goto err;
#endif
do
{
/* get random k */
do
if (!BN_rand_range(k, order))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
while (BN_is_zero(k));
#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
/* We do not want timing information to leak the length of k,
* so we compute G*k using an equivalent scalar of fixed
* bit-length. */
if (!BN_add(k, k, order)) goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order)) goto err;
#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(group,
tmp_point, X, NULL, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else /* NID_X9_62_characteristic_two_field */
{
if (!EC_POINT_get_affine_coordinates_GF2m(group,
tmp_point, X, NULL, ctx))
{
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(r, X, order, ctx))
//.........这里部分代码省略.........