summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2023-07-28 08:54:41 +0000
committertb <>2023-07-28 08:54:41 +0000
commit1b556e1d9c04f68f2dc52b8ddb2b6fb329bf2875 (patch)
treee6b5f50af10df6f53032b26a0414135e7e565946
parent27bf20b08f028e09b36afd8b49d1fbaa87746bb6 (diff)
downloadopenbsd-1b556e1d9c04f68f2dc52b8ddb2b6fb329bf2875.tar.gz
openbsd-1b556e1d9c04f68f2dc52b8ddb2b6fb329bf2875.tar.bz2
openbsd-1b556e1d9c04f68f2dc52b8ddb2b6fb329bf2875.zip
Remove ECDSA_{do_,}sign_ex()
There is no reason to keep these. It is cleaner to keep ECDSA_sign_setup() but remove the logic for passed-in kinv and r. Refuse to cooperate as far as possible. Someone could still implement their own versions of ECDSA_{do_,}_sign_ex() and ECDSA_sign_setup() by leveraging EC_KEY_METHOD_get_sign() and building their own wrappers. We can't make such an implementation of ECDSA_sign_setup() fail, but we make the actual signing fail since we no longer "do the right thing". ok jsing
Diffstat
-rw-r--r--src/lib/libcrypto/ecdsa/ecdsa.c77
1 files changed, 20 insertions, 57 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c
index 17f968f0cc..fea0564946 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.c
+++ b/src/lib/libcrypto/ecdsa/ecdsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecdsa.c,v 1.13 2023/07/28 08:49:43 tb Exp $ */ 1/* $OpenBSD: ecdsa.c,v 1.14 2023/07/28 08:54:41 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -71,11 +71,6 @@
71#include "ec_local.h" 71#include "ec_local.h"
72#include "ecdsa_local.h" 72#include "ecdsa_local.h"
73 73
74static ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
75 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
76static int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
77 unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
78 const BIGNUM *rp, EC_KEY *eckey);
79static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, 74static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
80 BIGNUM **out_r); 75 BIGNUM **out_r);
81 76
@@ -233,11 +228,16 @@ ecdsa_sign(int type, const unsigned char *digest, int digest_len,
233 unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, 228 unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
234 const BIGNUM *r, EC_KEY *key) 229 const BIGNUM *r, EC_KEY *key)
235{ 230{
236 ECDSA_SIG *sig; 231 ECDSA_SIG *sig = NULL;
237 int out_len = 0; 232 int out_len = 0;
238 int ret = 0; 233 int ret = 0;
239 234
240 if ((sig = ECDSA_do_sign_ex(digest, digest_len, kinv, r, key)) == NULL) 235 if (kinv != NULL || r != NULL) {
236 ECerror(EC_R_NOT_IMPLEMENTED);
237 goto err;
238 }
239
240 if ((sig = ECDSA_do_sign(digest, digest_len, key)) == NULL)
241 goto err; 241 goto err;
242 242
243 if ((out_len = i2d_ECDSA_SIG(sig, &signature)) < 0) { 243 if ((out_len = i2d_ECDSA_SIG(sig, &signature)) < 0) {
@@ -527,10 +527,14 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len,
527 BN_CTX *ctx = NULL; 527 BN_CTX *ctx = NULL;
528 BIGNUM *kinv = NULL, *r = NULL, *s = NULL; 528 BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
529 BIGNUM *e; 529 BIGNUM *e;
530 int caller_supplied_values = 0;
531 int attempts = 0; 530 int attempts = 0;
532 ECDSA_SIG *sig = NULL; 531 ECDSA_SIG *sig = NULL;
533 532
533 if (in_kinv != NULL || in_r != NULL) {
534 ECerror(EC_R_NOT_IMPLEMENTED);
535 goto err;
536 }
537
534 if ((ctx = BN_CTX_new()) == NULL) { 538 if ((ctx = BN_CTX_new()) == NULL) {
535 ECerror(ERR_R_MALLOC_FAILURE); 539 ECerror(ERR_R_MALLOC_FAILURE);
536 goto err; 540 goto err;
@@ -545,31 +549,11 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len,
545 if (!ecdsa_prepare_digest(digest, digest_len, key, e)) 549 if (!ecdsa_prepare_digest(digest, digest_len, key, e))
546 goto err; 550 goto err;
547 551
548 if (in_kinv != NULL && in_r != NULL) {
549 /*
550 * Use the caller's kinv and r. Don't call ECDSA_sign_setup().
551 * If we're unable to compute a valid signature, the caller
552 * must provide new values.
553 */
554 caller_supplied_values = 1;
555
556 if ((kinv = BN_dup(in_kinv)) == NULL) {
557 ECerror(ERR_R_MALLOC_FAILURE);
558 goto err;
559 }
560 if ((r = BN_dup(in_r)) == NULL) {
561 ECerror(ERR_R_MALLOC_FAILURE);
562 goto err;
563 }
564 }
565
566 do { 552 do {
567 /* Steps 3-8: calculate kinv and r. */ 553 /* Steps 3-8: calculate kinv and r. */
568 if (!caller_supplied_values) { 554 if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) {
569 if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) { 555 ECerror(ERR_R_EC_LIB);
570 ECerror(ERR_R_EC_LIB); 556 goto err;
571 goto err;
572 }
573 } 557 }
574 558
575 /* 559 /*
@@ -580,11 +564,6 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len,
580 if (s != NULL) 564 if (s != NULL)
581 break; 565 break;
582 566
583 if (caller_supplied_values) {
584 ECerror(EC_R_NEED_NEW_SETUP_VALUES);
585 goto err;
586 }
587
588 if (++attempts > ECDSA_MAX_SIGN_ITERATIONS) { 567 if (++attempts > ECDSA_MAX_SIGN_ITERATIONS) {
589 ECerror(EC_R_WRONG_CURVE_PARAMETERS); 568 ECerror(EC_R_WRONG_CURVE_PARAMETERS);
590 goto err; 569 goto err;
@@ -766,42 +745,26 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len,
766ECDSA_SIG * 745ECDSA_SIG *
767ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) 746ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key)
768{ 747{
769 return ECDSA_do_sign_ex(digest, digest_len, NULL, NULL, key);
770}
771LCRYPTO_ALIAS(ECDSA_do_sign);
772
773static ECDSA_SIG *
774ECDSA_do_sign_ex(const unsigned char *digest, int digest_len,
775 const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key)
776{
777 if (key->meth->sign_sig == NULL) { 748 if (key->meth->sign_sig == NULL) {
778 ECerror(EC_R_NOT_IMPLEMENTED); 749 ECerror(EC_R_NOT_IMPLEMENTED);
779 return 0; 750 return 0;
780 } 751 }
781 return key->meth->sign_sig(digest, digest_len, kinv, out_r, key); 752 return key->meth->sign_sig(digest, digest_len, NULL, NULL, key);
782} 753}
754LCRYPTO_ALIAS(ECDSA_do_sign);
783 755
784int 756int
785ECDSA_sign(int type, const unsigned char *digest, int digest_len, 757ECDSA_sign(int type, const unsigned char *digest, int digest_len,
786 unsigned char *signature, unsigned int *signature_len, EC_KEY *key) 758 unsigned char *signature, unsigned int *signature_len, EC_KEY *key)
787{ 759{
788 return ECDSA_sign_ex(type, digest, digest_len, signature, signature_len,
789 NULL, NULL, key);
790}
791LCRYPTO_ALIAS(ECDSA_sign);
792
793static int
794ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len,
795 unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
796 const BIGNUM *r, EC_KEY *key)
797{
798 if (key->meth->sign == NULL) { 760 if (key->meth->sign == NULL) {
799 ECerror(EC_R_NOT_IMPLEMENTED); 761 ECerror(EC_R_NOT_IMPLEMENTED);
800 return 0; 762 return 0;
801 } 763 }
802 return key->meth->sign(type, digest, digest_len, signature, 764 return key->meth->sign(type, digest, digest_len, signature,
803 signature_len, kinv, r, key); 765 signature_len, NULL, NULL, key);
804} 766}
767LCRYPTO_ALIAS(ECDSA_sign);
805 768
806static int 769static int
807ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, 770ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:41:07 +0000