summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2015-02-08 13:35:07 +0000
committerjsing <>2015-02-08 13:35:07 +0000
commit726b51738f080413928933335c86b6b01cf96864 (patch)
tree5a291cb11bb8d4fde0d4d335440fe8cad504b4c4
parentf5656e5948afd96eceeae5f83939965ba96edc28 (diff)
downloadopenbsd-726b51738f080413928933335c86b6b01cf96864.tar.gz
openbsd-726b51738f080413928933335c86b6b01cf96864.tar.bz2
openbsd-726b51738f080413928933335c86b6b01cf96864.zip
Lob a KNF grenade into the ecdsa code.
Diffstat
-rw-r--r--src/lib/libcrypto/ecdsa/ecdsa.h69
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_asn1.c4
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_err.c61
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_lib.c124
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_locl.h4
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_ossl.c265
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_sign.c37
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_vrf.c36
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecdsa.h69
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecs_asn1.c4
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecs_err.c61
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecs_lib.c124
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecs_locl.h4
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c265
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecs_sign.c37
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecs_vrf.c36
16 files changed, 576 insertions, 624 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index ad716c24a5..530ab265bb 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecdsa.h,v 1.3 2014/11/17 20:25:50 miod Exp $ */ 1/* $OpenBSD: ecdsa.h,v 1.4 2015/02/08 13:35:06 jsing Exp $ */
2/** 2/**
3 * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions 3 * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
4 * \author Written by Nils Larsch for the OpenSSL project 4 * \author Written by Nils Larsch for the OpenSSL project
@@ -11,7 +11,7 @@
11 * are met: 11 * are met:
12 * 12 *
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
15 * 15 *
16 * 2. Redistributions in binary form must reproduce the above copyright 16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in 17 * notice, this list of conditions and the following disclaimer in
@@ -79,11 +79,11 @@ typedef struct ECDSA_SIG_st ECDSA_SIG;
79 79
80struct ecdsa_method { 80struct ecdsa_method {
81 const char *name; 81 const char *name;
82 ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 82 ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
83 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); 83 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
84 int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 84 int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
85 BIGNUM **r); 85 BIGNUM **r);
86 int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 86 int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
87 const ECDSA_SIG *sig, EC_KEY *eckey); 87 const ECDSA_SIG *sig, EC_KEY *eckey);
88#if 0 88#if 0
89 int (*init)(EC_KEY *eckey); 89 int (*init)(EC_KEY *eckey);
@@ -114,18 +114,18 @@ ECDSA_SIG *ECDSA_SIG_new(void);
114/** frees a ECDSA_SIG structure 114/** frees a ECDSA_SIG structure
115 * \param sig pointer to the ECDSA_SIG structure 115 * \param sig pointer to the ECDSA_SIG structure
116 */ 116 */
117void ECDSA_SIG_free(ECDSA_SIG *sig); 117void ECDSA_SIG_free(ECDSA_SIG *sig);
118 118
119/** DER encode content of ECDSA_SIG object (note: this function modifies *pp 119/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
120 * (*pp += length of the DER encoded signature)). 120 * (*pp += length of the DER encoded signature)).
121 * \param sig pointer to the ECDSA_SIG object 121 * \param sig pointer to the ECDSA_SIG object
122 * \param pp pointer to a unsigned char pointer for the output or NULL 122 * \param pp pointer to a unsigned char pointer for the output or NULL
123 * \return the length of the DER encoded ECDSA_SIG object or 0 123 * \return the length of the DER encoded ECDSA_SIG object or 0
124 */ 124 */
125int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); 125int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
126 126
127/** Decodes a DER encoded ECDSA signature (note: this function changes *pp 127/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
128 * (*pp += len)). 128 * (*pp += len)).
129 * \param sig pointer to ECDSA_SIG pointer (may be NULL) 129 * \param sig pointer to ECDSA_SIG pointer (may be NULL)
130 * \param pp memory buffer with the DER encoded signature 130 * \param pp memory buffer with the DER encoded signature
131 * \param len length of the buffer 131 * \param len length of the buffer
@@ -140,20 +140,21 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
140 * \param eckey EC_KEY object containing a private EC key 140 * \param eckey EC_KEY object containing a private EC key
141 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred 141 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
142 */ 142 */
143ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); 143ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
144 EC_KEY *eckey);
144 145
145/** Computes ECDSA signature of a given hash value using the supplied 146/** Computes ECDSA signature of a given hash value using the supplied
146 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). 147 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
147 * \param dgst pointer to the hash value to sign 148 * \param dgst pointer to the hash value to sign
148 * \param dgstlen length of the hash value 149 * \param dgstlen length of the hash value
149 * \param kinv BIGNUM with a pre-computed inverse k (optional) 150 * \param kinv BIGNUM with a pre-computed inverse k (optional)
150 * \param rp BIGNUM with a pre-computed rp value (optioanl), 151 * \param rp BIGNUM with a pre-computed rp value (optioanl),
151 * see ECDSA_sign_setup 152 * see ECDSA_sign_setup
152 * \param eckey EC_KEY object containing a private EC key 153 * \param eckey EC_KEY object containing a private EC key
153 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred 154 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
154 */ 155 */
155ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 156ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
156 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); 157 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
157 158
158/** Verifies that the supplied signature is a valid ECDSA 159/** Verifies that the supplied signature is a valid ECDSA
159 * signature of the supplied hash value using the supplied public key. 160 * signature of the supplied hash value using the supplied public key.
@@ -164,15 +165,15 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
164 * \return 1 if the signature is valid, 0 if the signature is invalid 165 * \return 1 if the signature is valid, 0 if the signature is invalid
165 * and -1 on error 166 * and -1 on error
166 */ 167 */
167int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 168int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
168 const ECDSA_SIG *sig, EC_KEY* eckey); 169 const ECDSA_SIG *sig, EC_KEY* eckey);
169 170
170const ECDSA_METHOD *ECDSA_OpenSSL(void); 171const ECDSA_METHOD *ECDSA_OpenSSL(void);
171 172
172/** Sets the default ECDSA method 173/** Sets the default ECDSA method
173 * \param meth new default ECDSA_METHOD 174 * \param meth new default ECDSA_METHOD
174 */ 175 */
175void ECDSA_set_default_method(const ECDSA_METHOD *meth); 176void ECDSA_set_default_method(const ECDSA_METHOD *meth);
176 177
177/** Returns the default ECDSA method 178/** Returns the default ECDSA method
178 * \return pointer to ECDSA_METHOD structure containing the default method 179 * \return pointer to ECDSA_METHOD structure containing the default method
@@ -182,15 +183,15 @@ const ECDSA_METHOD *ECDSA_get_default_method(void);
182/** Sets method to be used for the ECDSA operations 183/** Sets method to be used for the ECDSA operations
183 * \param eckey EC_KEY object 184 * \param eckey EC_KEY object
184 * \param meth new method 185 * \param meth new method
185 * \return 1 on success and 0 otherwise 186 * \return 1 on success and 0 otherwise
186 */ 187 */
187int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); 188int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
188 189
189/** Returns the maximum length of the DER encoded signature 190/** Returns the maximum length of the DER encoded signature
190 * \param eckey EC_KEY object 191 * \param eckey EC_KEY object
191 * \return numbers of bytes required for the DER encoded signature 192 * \return numbers of bytes required for the DER encoded signature
192 */ 193 */
193int ECDSA_size(const EC_KEY *eckey); 194int ECDSA_size(const EC_KEY *eckey);
194 195
195/** Precompute parts of the signing operation 196/** Precompute parts of the signing operation
196 * \param eckey EC_KEY object containing a private EC key 197 * \param eckey EC_KEY object containing a private EC key
@@ -199,8 +200,8 @@ int ECDSA_size(const EC_KEY *eckey);
199 * \param rp BIGNUM pointer for x coordinate of k * generator 200 * \param rp BIGNUM pointer for x coordinate of k * generator
200 * \return 1 on success and 0 otherwise 201 * \return 1 on success and 0 otherwise
201 */ 202 */
202int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 203int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
203 BIGNUM **rp); 204 BIGNUM **rp);
204 205
205/** Computes ECDSA signature of a given hash value using the supplied 206/** Computes ECDSA signature of a given hash value using the supplied
206 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). 207 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -212,8 +213,8 @@ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
212 * \param eckey EC_KEY object containing a private EC key 213 * \param eckey EC_KEY object containing a private EC key
213 * \return 1 on success and 0 otherwise 214 * \return 1 on success and 0 otherwise
214 */ 215 */
215int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 216int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
216 unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); 217 unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
217 218
218 219
219/** Computes ECDSA signature of a given hash value using the supplied 220/** Computes ECDSA signature of a given hash value using the supplied
@@ -224,19 +225,19 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
224 * \param sig buffer to hold the DER encoded signature 225 * \param sig buffer to hold the DER encoded signature
225 * \param siglen pointer to the length of the returned signature 226 * \param siglen pointer to the length of the returned signature
226 * \param kinv BIGNUM with a pre-computed inverse k (optional) 227 * \param kinv BIGNUM with a pre-computed inverse k (optional)
227 * \param rp BIGNUM with a pre-computed rp value (optioanl), 228 * \param rp BIGNUM with a pre-computed rp value (optioanl),
228 * see ECDSA_sign_setup 229 * see ECDSA_sign_setup
229 * \param eckey EC_KEY object containing a private EC key 230 * \param eckey EC_KEY object containing a private EC key
230 * \return 1 on success and 0 otherwise 231 * \return 1 on success and 0 otherwise
231 */ 232 */
232int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 233int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
233 unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, 234 unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
234 const BIGNUM *rp, EC_KEY *eckey); 235 const BIGNUM *rp, EC_KEY *eckey);
235 236
236/** Verifies that the given signature is valid ECDSA signature 237/** Verifies that the given signature is valid ECDSA signature
237 * of the supplied hash value using the specified public key. 238 * of the supplied hash value using the specified public key.
238 * \param type this parameter is ignored 239 * \param type this parameter is ignored
239 * \param dgst pointer to the hash value 240 * \param dgst pointer to the hash value
240 * \param dgstlen length of the hash value 241 * \param dgstlen length of the hash value
241 * \param sig pointer to the DER encoded signature 242 * \param sig pointer to the DER encoded signature
242 * \param siglen length of the DER encoded signature 243 * \param siglen length of the DER encoded signature
@@ -244,14 +245,14 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
244 * \return 1 if the signature is valid, 0 if the signature is invalid 245 * \return 1 if the signature is valid, 0 if the signature is invalid
245 * and -1 on error 246 * and -1 on error
246 */ 247 */
247int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 248int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
248 const unsigned char *sig, int siglen, EC_KEY *eckey); 249 const unsigned char *sig, int siglen, EC_KEY *eckey);
249 250
250/* the standard ex_data functions */ 251/* the standard ex_data functions */
251int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 252int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
252 *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 253 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
253int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); 254int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
254void *ECDSA_get_ex_data(EC_KEY *d, int idx); 255void *ECDSA_get_ex_data(EC_KEY *d, int idx);
255 256
256 257
257/* BEGIN ERROR CODES */ 258/* BEGIN ERROR CODES */
diff --git a/src/lib/libcrypto/ecdsa/ecs_asn1.c b/src/lib/libcrypto/ecdsa/ecs_asn1.c
index 351c1e9ba5..f62df3a817 100644
--- a/src/lib/libcrypto/ecdsa/ecs_asn1.c
+++ b/src/lib/libcrypto/ecdsa/ecs_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_asn1.c,v 1.2 2014/06/12 15:49:29 deraadt Exp $ */ 1/* $OpenBSD: ecs_asn1.c,v 1.3 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libcrypto/ecdsa/ecs_err.c b/src/lib/libcrypto/ecdsa/ecs_err.c
index 721b53c3f4..26efc135e3 100644
--- a/src/lib/libcrypto/ecdsa/ecs_err.c
+++ b/src/lib/libcrypto/ecdsa/ecs_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_err.c,v 1.3 2014/07/10 22:45:57 jsing Exp $ */ 1/* $OpenBSD: ecs_err.c,v 1.4 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -71,39 +71,36 @@
71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) 71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) 72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
73 73
74static ERR_STRING_DATA ECDSA_str_functs[]= 74static ERR_STRING_DATA ECDSA_str_functs[]= {
75 { 75 {ERR_FUNC(ECDSA_F_ECDSA_CHECK), "ECDSA_CHECK"},
76{ERR_FUNC(ECDSA_F_ECDSA_CHECK), "ECDSA_CHECK"}, 76 {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
77{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, 77 {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
78{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, 78 {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
79{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, 79 {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
80{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, 80 {0, NULL}
81{0,NULL} 81};
82 };
83 82
84static ERR_STRING_DATA ECDSA_str_reasons[]= 83static ERR_STRING_DATA ECDSA_str_reasons[]= {
85 { 84 {ERR_REASON(ECDSA_R_BAD_SIGNATURE) , "bad signature"},
86{ERR_REASON(ECDSA_R_BAD_SIGNATURE) ,"bad signature"}, 85 {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
87{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, 86 {ERR_REASON(ECDSA_R_ERR_EC_LIB) , "err ec lib"},
88{ERR_REASON(ECDSA_R_ERR_EC_LIB) ,"err ec lib"}, 87 {ERR_REASON(ECDSA_R_MISSING_PARAMETERS) , "missing parameters"},
89{ERR_REASON(ECDSA_R_MISSING_PARAMETERS) ,"missing parameters"}, 88 {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
90{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"}, 89 {ERR_REASON(ECDSA_R_NON_FIPS_METHOD) , "non fips method"},
91{ERR_REASON(ECDSA_R_NON_FIPS_METHOD) ,"non fips method"}, 90 {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), "random number generation failed"},
92{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"}, 91 {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"},
93{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"}, 92 {0, NULL}
94{0,NULL} 93};
95 };
96 94
97#endif 95#endif
98 96
99void ERR_load_ECDSA_strings(void) 97void
100 { 98ERR_load_ECDSA_strings(void)
99{
101#ifndef OPENSSL_NO_ERR 100#ifndef OPENSSL_NO_ERR
102 101 if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) {
103 if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) 102 ERR_load_strings(0, ECDSA_str_functs);
104 { 103 ERR_load_strings(0, ECDSA_str_reasons);
105 ERR_load_strings(0,ECDSA_str_functs);
106 ERR_load_strings(0,ECDSA_str_reasons);
107 }
108#endif
109 } 104 }
105#endif
106}
diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c
index 6cdf4c124b..dba888cb48 100644
--- a/src/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_lib.c,v 1.8 2015/02/07 13:19:15 doug Exp $ */ 1/* $OpenBSD: ecs_lib.c,v 1.9 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -70,21 +70,23 @@ static void *ecdsa_data_new(void);
70static void *ecdsa_data_dup(void *); 70static void *ecdsa_data_dup(void *);
71static void ecdsa_data_free(void *); 71static void ecdsa_data_free(void *);
72 72
73void ECDSA_set_default_method(const ECDSA_METHOD *meth) 73void
74ECDSA_set_default_method(const ECDSA_METHOD *meth)
74{ 75{
75 default_ECDSA_method = meth; 76 default_ECDSA_method = meth;
76} 77}
77 78
78const ECDSA_METHOD *ECDSA_get_default_method(void) 79const ECDSA_METHOD *
80ECDSA_get_default_method(void)
79{ 81{
80 if(!default_ECDSA_method) 82 if (!default_ECDSA_method) {
81 {
82 default_ECDSA_method = ECDSA_OpenSSL(); 83 default_ECDSA_method = ECDSA_OpenSSL();
83 } 84 }
84 return default_ECDSA_method; 85 return default_ECDSA_method;
85} 86}
86 87
87int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) 88int
89ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
88{ 90{
89 ECDSA_DATA *ecdsa; 91 ECDSA_DATA *ecdsa;
90 92
@@ -94,26 +96,25 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
94 return 0; 96 return 0;
95 97
96#ifndef OPENSSL_NO_ENGINE 98#ifndef OPENSSL_NO_ENGINE
97 if (ecdsa->engine) 99 if (ecdsa->engine) {
98 {
99 ENGINE_finish(ecdsa->engine); 100 ENGINE_finish(ecdsa->engine);
100 ecdsa->engine = NULL; 101 ecdsa->engine = NULL;
101 } 102 }
102#endif 103#endif
103 ecdsa->meth = meth; 104 ecdsa->meth = meth;
104 105
105 return 1; 106 return 1;
106} 107}
107 108
108static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) 109static ECDSA_DATA *
110ECDSA_DATA_new_method(ENGINE *engine)
109{ 111{
110 ECDSA_DATA *ret; 112 ECDSA_DATA *ret;
111 113
112 ret = malloc(sizeof(ECDSA_DATA)); 114 ret = malloc(sizeof(ECDSA_DATA));
113 if (ret == NULL) 115 if (ret == NULL) {
114 {
115 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); 116 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
116 return(NULL); 117 return (NULL);
117 } 118 }
118 119
119 ret->init = NULL; 120 ret->init = NULL;
@@ -123,12 +124,11 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
123#ifndef OPENSSL_NO_ENGINE 124#ifndef OPENSSL_NO_ENGINE
124 if (!ret->engine) 125 if (!ret->engine)
125 ret->engine = ENGINE_get_default_ECDSA(); 126 ret->engine = ENGINE_get_default_ECDSA();
126 if (ret->engine) 127 if (ret->engine) {
127 {
128 ret->meth = ENGINE_get_ECDSA(ret->engine); 128 ret->meth = ENGINE_get_ECDSA(ret->engine);
129 if (!ret->meth) 129 if (!ret->meth) {
130 { 130 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD,
131 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); 131 ERR_R_ENGINE_LIB);
132 ENGINE_finish(ret->engine); 132 ENGINE_finish(ret->engine);
133 free(ret); 133 free(ret);
134 return NULL; 134 return NULL;
@@ -138,15 +138,17 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
138 138
139 ret->flags = ret->meth->flags; 139 ret->flags = ret->meth->flags;
140 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); 140 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
141 return(ret); 141 return (ret);
142} 142}
143 143
144static void *ecdsa_data_new(void) 144static void *
145ecdsa_data_new(void)
145{ 146{
146 return (void *)ECDSA_DATA_new_method(NULL); 147 return (void *)ECDSA_DATA_new_method(NULL);
147} 148}
148 149
149static void *ecdsa_data_dup(void *data) 150static void *
151ecdsa_data_dup(void *data)
150{ 152{
151 ECDSA_DATA *r = (ECDSA_DATA *)data; 153 ECDSA_DATA *r = (ECDSA_DATA *)data;
152 154
@@ -157,7 +159,8 @@ static void *ecdsa_data_dup(void *data)
157 return ecdsa_data_new(); 159 return ecdsa_data_new();
158} 160}
159 161
160static void ecdsa_data_free(void *data) 162static void
163ecdsa_data_free(void *data)
161{ 164{
162 ECDSA_DATA *r = (ECDSA_DATA *)data; 165 ECDSA_DATA *r = (ECDSA_DATA *)data;
163 166
@@ -172,38 +175,37 @@ static void ecdsa_data_free(void *data)
172 free(r); 175 free(r);
173} 176}
174 177
175ECDSA_DATA *ecdsa_check(EC_KEY *key) 178ECDSA_DATA *
179ecdsa_check(EC_KEY *key)
176{ 180{
177 ECDSA_DATA *ecdsa_data; 181 ECDSA_DATA *ecdsa_data;
178 182
179 void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, 183 void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
180 ecdsa_data_free, ecdsa_data_free); 184 ecdsa_data_free, ecdsa_data_free);
181 if (data == NULL) 185 if (data == NULL) {
182 {
183 ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); 186 ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
184 if (ecdsa_data == NULL) 187 if (ecdsa_data == NULL)
185 return NULL; 188 return NULL;
186 data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, 189 data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
187 ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); 190 ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
188 if (data != NULL) 191 if (data != NULL) {
189 {
190 /* Another thread raced us to install the key_method 192 /* Another thread raced us to install the key_method
191 * data and won. */ 193 * data and won. */
192 ecdsa_data_free(ecdsa_data); 194 ecdsa_data_free(ecdsa_data);
193 ecdsa_data = (ECDSA_DATA *)data; 195 ecdsa_data = (ECDSA_DATA *)data;
194 } 196 }
195 } 197 } else
196 else
197 ecdsa_data = (ECDSA_DATA *)data; 198 ecdsa_data = (ECDSA_DATA *)data;
198 199
199 return ecdsa_data; 200 return ecdsa_data;
200} 201}
201 202
202int ECDSA_size(const EC_KEY *r) 203int
204ECDSA_size(const EC_KEY *r)
203{ 205{
204 int ret,i; 206 int ret, i;
205 ASN1_INTEGER bs; 207 ASN1_INTEGER bs;
206 BIGNUM *order=NULL; 208 BIGNUM *order = NULL;
207 unsigned char buf[4]; 209 unsigned char buf[4];
208 const EC_GROUP *group; 210 const EC_GROUP *group;
209 211
@@ -213,48 +215,50 @@ int ECDSA_size(const EC_KEY *r)
213 if (group == NULL) 215 if (group == NULL)
214 return 0; 216 return 0;
215 217
216 if ((order = BN_new()) == NULL) return 0; 218 if ((order = BN_new()) == NULL)
217 if (!EC_GROUP_get_order(group,order,NULL)) 219 return 0;
218 { 220 if (!EC_GROUP_get_order(group, order, NULL)) {
219 BN_clear_free(order); 221 BN_clear_free(order);
220 return 0; 222 return 0;
221 } 223 }
222 i=BN_num_bits(order); 224 i = BN_num_bits(order);
223 bs.length=(i+7)/8; 225 bs.length = (i + 7) / 8;
224 bs.data=buf; 226 bs.data = buf;
225 bs.type=V_ASN1_INTEGER; 227 bs.type = V_ASN1_INTEGER;
226 /* If the top bit is set the asn1 encoding is 1 larger. */ 228 /* If the top bit is set the asn1 encoding is 1 larger. */
227 buf[0]=0xff; 229 buf[0] = 0xff;
228 230
229 i=i2d_ASN1_INTEGER(&bs,NULL); 231 i = i2d_ASN1_INTEGER(&bs, NULL);
230 i+=i; /* r and s */ 232 i += i; /* r and s */
231 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 233 ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
232 BN_clear_free(order); 234 BN_clear_free(order);
233 return(ret); 235 return (ret);
234} 236}
235 237
236 238int
237int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 239ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
238 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 240 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
239{ 241{
240 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, 242 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
241 new_func, dup_func, free_func); 243 new_func, dup_func, free_func);
242} 244}
243 245
244int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) 246int
247ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
245{ 248{
246 ECDSA_DATA *ecdsa; 249 ECDSA_DATA *ecdsa;
247 ecdsa = ecdsa_check(d); 250 ecdsa = ecdsa_check(d);
248 if (ecdsa == NULL) 251 if (ecdsa == NULL)
249 return 0; 252 return 0;
250 return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); 253 return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg));
251} 254}
252 255
253void *ECDSA_get_ex_data(EC_KEY *d, int idx) 256void *
257ECDSA_get_ex_data(EC_KEY *d, int idx)
254{ 258{
255 ECDSA_DATA *ecdsa; 259 ECDSA_DATA *ecdsa;
256 ecdsa = ecdsa_check(d); 260 ecdsa = ecdsa_check(d);
257 if (ecdsa == NULL) 261 if (ecdsa == NULL)
258 return NULL; 262 return NULL;
259 return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); 263 return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx));
260} 264}
diff --git a/src/lib/libcrypto/ecdsa/ecs_locl.h b/src/lib/libcrypto/ecdsa/ecs_locl.h
index e47f6794ac..24d866ae64 100644
--- a/src/lib/libcrypto/ecdsa/ecs_locl.h
+++ b/src/lib/libcrypto/ecdsa/ecs_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_locl.h,v 1.3 2014/11/17 20:25:50 miod Exp $ */ 1/* $OpenBSD: ecs_locl.h,v 1.4 2015/02/08 13:35:07 jsing Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 0dde5386ff..31102138c0 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_ossl.c,v 1.5 2014/07/12 16:03:37 miod Exp $ */ 1/* $OpenBSD: ecs_ossl.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -63,12 +63,12 @@
63#include <openssl/obj_mac.h> 63#include <openssl/obj_mac.h>
64#include <openssl/bn.h> 64#include <openssl/bn.h>
65 65
66static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 66static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
67 const BIGNUM *, const BIGNUM *, EC_KEY *eckey); 67 const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
68static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 68static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
69 BIGNUM **rp); 69 BIGNUM **rp);
70static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 70static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
71 const ECDSA_SIG *sig, EC_KEY *eckey); 71 const ECDSA_SIG *sig, EC_KEY *eckey);
72 72
73static ECDSA_METHOD openssl_ecdsa_meth = { 73static ECDSA_METHOD openssl_ecdsa_meth = {
74 .name = "OpenSSL ECDSA method", 74 .name = "OpenSSL ECDSA method",
@@ -77,65 +77,58 @@ static ECDSA_METHOD openssl_ecdsa_meth = {
77 .ecdsa_do_verify = ecdsa_do_verify 77 .ecdsa_do_verify = ecdsa_do_verify
78}; 78};
79 79
80const ECDSA_METHOD *ECDSA_OpenSSL(void) 80const ECDSA_METHOD *
81ECDSA_OpenSSL(void)
81{ 82{
82 return &openssl_ecdsa_meth; 83 return &openssl_ecdsa_meth;
83} 84}
84 85
85static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 86static int
86 BIGNUM **rp) 87ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
87{ 88{
88 BN_CTX *ctx = NULL; 89 BN_CTX *ctx = NULL;
89 BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; 90 BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
90 EC_POINT *tmp_point=NULL; 91 EC_POINT *tmp_point = NULL;
91 const EC_GROUP *group; 92 const EC_GROUP *group;
92 int ret = 0; 93 int ret = 0;
93 94
94 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) 95 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
95 {
96 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); 96 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
97 return 0; 97 return 0;
98 } 98 }
99 99
100 if (ctx_in == NULL) 100 if (ctx_in == NULL) {
101 { 101 if ((ctx = BN_CTX_new()) == NULL) {
102 if ((ctx = BN_CTX_new()) == NULL) 102 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
103 { 103 ERR_R_MALLOC_FAILURE);
104 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
105 return 0; 104 return 0;
106 } 105 }
107 } 106 } else
108 else
109 ctx = ctx_in; 107 ctx = ctx_in;
110 108
111 k = BN_new(); /* this value is later returned in *kinvp */ 109 k = BN_new(); /* this value is later returned in *kinvp */
112 r = BN_new(); /* this value is later returned in *rp */ 110 r = BN_new(); /* this value is later returned in *rp */
113 order = BN_new(); 111 order = BN_new();
114 X = BN_new(); 112 X = BN_new();
115 if (!k || !r || !order || !X) 113 if (!k || !r || !order || !X) {
116 {
117 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); 114 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
118 goto err; 115 goto err;
119 } 116 }
120 if ((tmp_point = EC_POINT_new(group)) == NULL) 117 if ((tmp_point = EC_POINT_new(group)) == NULL) {
121 {
122 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); 118 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
123 goto err; 119 goto err;
124 } 120 }
125 if (!EC_GROUP_get_order(group, order, ctx)) 121 if (!EC_GROUP_get_order(group, order, ctx)) {
126 {
127 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); 122 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
128 goto err; 123 goto err;
129 } 124 }
130 125
131 do 126 do {
132 { 127 /* get random k */
133 /* get random k */
134 do 128 do
135 if (!BN_rand_range(k, order)) 129 if (!BN_rand_range(k, order)) {
136 {
137 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, 130 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
138 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); 131 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
139 goto err; 132 goto err;
140 } 133 }
141 while (BN_is_zero(k)); 134 while (BN_is_zero(k));
@@ -143,23 +136,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
143 /* We do not want timing information to leak the length of k, 136 /* We do not want timing information to leak the length of k,
144 * so we compute G*k using an equivalent scalar of fixed 137 * so we compute G*k using an equivalent scalar of fixed
145 * bit-length. */ 138 * bit-length. */
146 139 if (!BN_add(k, k, order))
147 if (!BN_add(k, k, order)) goto err; 140 goto err;
148 if (BN_num_bits(k) <= BN_num_bits(order)) 141 if (BN_num_bits(k) <= BN_num_bits(order))
149 if (!BN_add(k, k, order)) goto err; 142 if (!BN_add(k, k, order))
143 goto err;
150 144
151 /* compute r the x-coordinate of generator * k */ 145 /* compute r the x-coordinate of generator * k */
152 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) 146 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
153 {
154 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); 147 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
155 goto err; 148 goto err;
156 } 149 }
157 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 150 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
158 { 151 NID_X9_62_prime_field) {
159 if (!EC_POINT_get_affine_coordinates_GFp(group, 152 if (!EC_POINT_get_affine_coordinates_GFp(group,
160 tmp_point, X, NULL, ctx)) 153 tmp_point, X, NULL, ctx)) {
161 { 154 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
162 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); 155 ERR_R_EC_LIB);
163 goto err; 156 goto err;
164 } 157 }
165 } 158 }
@@ -167,53 +160,52 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
167 else /* NID_X9_62_characteristic_two_field */ 160 else /* NID_X9_62_characteristic_two_field */
168 { 161 {
169 if (!EC_POINT_get_affine_coordinates_GF2m(group, 162 if (!EC_POINT_get_affine_coordinates_GF2m(group,
170 tmp_point, X, NULL, ctx)) 163 tmp_point, X, NULL, ctx)) {
171 { 164 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
172 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); 165 ERR_R_EC_LIB);
173 goto err; 166 goto err;
174 } 167 }
175 } 168 }
176#endif 169#endif
177 if (!BN_nnmod(r, X, order, ctx)) 170 if (!BN_nnmod(r, X, order, ctx)) {
178 {
179 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); 171 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
180 goto err; 172 goto err;
181 } 173 }
182 } 174 } while (BN_is_zero(r));
183 while (BN_is_zero(r));
184 175
185 /* compute the inverse of k */ 176 /* compute the inverse of k */
186 if (!BN_mod_inverse(k, k, order, ctx)) 177 if (!BN_mod_inverse(k, k, order, ctx)) {
187 {
188 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); 178 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
189 goto err; 179 goto err;
190 } 180 }
191 /* clear old values if necessary */ 181 /* clear old values if necessary */
192 BN_clear_free(*rp); 182 BN_clear_free(*rp);
193 BN_clear_free(*kinvp); 183 BN_clear_free(*kinvp);
194 /* save the pre-computed values */ 184 /* save the pre-computed values */
195 *rp = r; 185 *rp = r;
196 *kinvp = k; 186 *kinvp = k;
197 ret = 1; 187 ret = 1;
188
198err: 189err:
199 if (!ret) { 190 if (!ret) {
200 BN_clear_free(k); 191 BN_clear_free(k);
201 BN_clear_free(r); 192 BN_clear_free(r);
202 } 193 }
203 if (ctx_in == NULL) 194 if (ctx_in == NULL)
204 BN_CTX_free(ctx); 195 BN_CTX_free(ctx);
205 BN_free(order); 196 BN_free(order);
206 EC_POINT_free(tmp_point); 197 EC_POINT_free(tmp_point);
207 BN_clear_free(X); 198 BN_clear_free(X);
208 return(ret); 199 return (ret);
209} 200}
210 201
211 202
212static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 203static ECDSA_SIG *
213 const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) 204ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
205 const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
214{ 206{
215 int ok = 0, i; 207 int ok = 0, i;
216 BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; 208 BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
217 const BIGNUM *ckinv; 209 const BIGNUM *ckinv;
218 BN_CTX *ctx = NULL; 210 BN_CTX *ctx = NULL;
219 const EC_GROUP *group; 211 const EC_GROUP *group;
@@ -221,33 +213,29 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
221 ECDSA_DATA *ecdsa; 213 ECDSA_DATA *ecdsa;
222 const BIGNUM *priv_key; 214 const BIGNUM *priv_key;
223 215
224 ecdsa = ecdsa_check(eckey); 216 ecdsa = ecdsa_check(eckey);
225 group = EC_KEY_get0_group(eckey); 217 group = EC_KEY_get0_group(eckey);
226 priv_key = EC_KEY_get0_private_key(eckey); 218 priv_key = EC_KEY_get0_private_key(eckey);
227 219
228 if (group == NULL || priv_key == NULL || ecdsa == NULL) 220 if (group == NULL || priv_key == NULL || ecdsa == NULL) {
229 {
230 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); 221 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
231 return NULL; 222 return NULL;
232 } 223 }
233 224
234 ret = ECDSA_SIG_new(); 225 ret = ECDSA_SIG_new();
235 if (!ret) 226 if (!ret) {
236 {
237 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); 227 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
238 return NULL; 228 return NULL;
239 } 229 }
240 s = ret->s; 230 s = ret->s;
241 231
242 if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || 232 if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
243 (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) 233 (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
244 {
245 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); 234 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
246 goto err; 235 goto err;
247 } 236 }
248 237
249 if (!EC_GROUP_get_order(group, order, ctx)) 238 if (!EC_GROUP_get_order(group, order, ctx)) {
250 {
251 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); 239 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
252 goto err; 240 goto err;
253 } 241 }
@@ -257,73 +245,61 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
257 */ 245 */
258 if (8 * dgst_len > i) 246 if (8 * dgst_len > i)
259 dgst_len = (i + 7)/8; 247 dgst_len = (i + 7)/8;
260 if (!BN_bin2bn(dgst, dgst_len, m)) 248 if (!BN_bin2bn(dgst, dgst_len, m)) {
261 {
262 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 249 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
263 goto err; 250 goto err;
264 } 251 }
265 /* If still too long truncate remaining bits with a shift */ 252 /* If still too long truncate remaining bits with a shift */
266 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) 253 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
267 {
268 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 254 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
269 goto err; 255 goto err;
270 } 256 }
271 do 257 do {
272 { 258 if (in_kinv == NULL || in_r == NULL) {
273 if (in_kinv == NULL || in_r == NULL) 259 if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
274 { 260 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
275 if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) 261 ERR_R_ECDSA_LIB);
276 {
277 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
278 goto err; 262 goto err;
279 } 263 }
280 ckinv = kinv; 264 ckinv = kinv;
281 } 265 } else {
282 else 266 ckinv = in_kinv;
283 { 267 if (BN_copy(ret->r, in_r) == NULL) {
284 ckinv = in_kinv; 268 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
285 if (BN_copy(ret->r, in_r) == NULL) 269 ERR_R_MALLOC_FAILURE);
286 {
287 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
288 goto err; 270 goto err;
289 } 271 }
290 } 272 }
291 273
292 if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) 274 if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
293 {
294 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 275 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
295 goto err; 276 goto err;
296 } 277 }
297 if (!BN_mod_add_quick(s, tmp, m, order)) 278 if (!BN_mod_add_quick(s, tmp, m, order)) {
298 {
299 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 279 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
300 goto err; 280 goto err;
301 } 281 }
302 if (!BN_mod_mul(s, s, ckinv, order, ctx)) 282 if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
303 {
304 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 283 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
305 goto err; 284 goto err;
306 } 285 }
307 if (BN_is_zero(s)) 286 if (BN_is_zero(s)) {
308 {
309 /* if kinv and r have been supplied by the caller 287 /* if kinv and r have been supplied by the caller
310 * don't to generate new kinv and r values */ 288 * don't to generate new kinv and r values */
311 if (in_kinv != NULL && in_r != NULL) 289 if (in_kinv != NULL && in_r != NULL) {
312 { 290 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
313 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES); 291 ECDSA_R_NEED_NEW_SETUP_VALUES);
314 goto err; 292 goto err;
315 } 293 }
316 } 294 } else
317 else
318 /* s != 0 => we have a valid signature */ 295 /* s != 0 => we have a valid signature */
319 break; 296 break;
320 } 297 } while (1);
321 while (1);
322 298
323 ok = 1; 299 ok = 1;
300
324err: 301err:
325 if (!ok) 302 if (!ok) {
326 {
327 ECDSA_SIG_free(ret); 303 ECDSA_SIG_free(ret);
328 ret = NULL; 304 ret = NULL;
329 } 305 }
@@ -335,8 +311,9 @@ err:
335 return ret; 311 return ret;
336} 312}
337 313
338static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 314static int
339 const ECDSA_SIG *sig, EC_KEY *eckey) 315ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
316 EC_KEY *eckey)
340{ 317{
341 int ret = -1, i; 318 int ret = -1, i;
342 BN_CTX *ctx; 319 BN_CTX *ctx;
@@ -347,47 +324,41 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
347 324
348 /* check input values */ 325 /* check input values */
349 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || 326 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
350 (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) 327 (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
351 {
352 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); 328 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
353 return -1; 329 return -1;
354 } 330 }
355 331
356 ctx = BN_CTX_new(); 332 ctx = BN_CTX_new();
357 if (!ctx) 333 if (!ctx) {
358 {
359 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); 334 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
360 return -1; 335 return -1;
361 } 336 }
362 BN_CTX_start(ctx); 337 BN_CTX_start(ctx);
363 order = BN_CTX_get(ctx); 338 order = BN_CTX_get(ctx);
364 u1 = BN_CTX_get(ctx); 339 u1 = BN_CTX_get(ctx);
365 u2 = BN_CTX_get(ctx); 340 u2 = BN_CTX_get(ctx);
366 m = BN_CTX_get(ctx); 341 m = BN_CTX_get(ctx);
367 X = BN_CTX_get(ctx); 342 X = BN_CTX_get(ctx);
368 if (!X) 343 if (!X) {
369 {
370 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 344 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
371 goto err; 345 goto err;
372 } 346 }
373 347
374 if (!EC_GROUP_get_order(group, order, ctx)) 348 if (!EC_GROUP_get_order(group, order, ctx)) {
375 {
376 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 349 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
377 goto err; 350 goto err;
378 } 351 }
379 352
380 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || 353 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
381 BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || 354 BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
382 BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) 355 BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
383 {
384 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); 356 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
385 ret = 0; /* signature is invalid */ 357 ret = 0; /* signature is invalid */
386 goto err; 358 goto err;
387 } 359 }
388 /* calculate tmp1 = inv(S) mod order */ 360 /* calculate tmp1 = inv(S) mod order */
389 if (!BN_mod_inverse(u2, sig->s, order, ctx)) 361 if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
390 {
391 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 362 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
392 goto err; 363 goto err;
393 } 364 }
@@ -398,45 +369,38 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
398 */ 369 */
399 if (8 * dgst_len > i) 370 if (8 * dgst_len > i)
400 dgst_len = (i + 7)/8; 371 dgst_len = (i + 7)/8;
401 if (!BN_bin2bn(dgst, dgst_len, m)) 372 if (!BN_bin2bn(dgst, dgst_len, m)) {
402 {
403 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 373 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
404 goto err; 374 goto err;
405 } 375 }
406 /* If still too long truncate remaining bits with a shift */ 376 /* If still too long truncate remaining bits with a shift */
407 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) 377 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
408 {
409 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 378 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
410 goto err; 379 goto err;
411 } 380 }
412 /* u1 = m * tmp mod order */ 381 /* u1 = m * tmp mod order */
413 if (!BN_mod_mul(u1, m, u2, order, ctx)) 382 if (!BN_mod_mul(u1, m, u2, order, ctx)) {
414 {
415 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 383 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
416 goto err; 384 goto err;
417 } 385 }
418 /* u2 = r * w mod q */ 386 /* u2 = r * w mod q */
419 if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) 387 if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
420 {
421 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 388 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
422 goto err; 389 goto err;
423 } 390 }
424 391
425 if ((point = EC_POINT_new(group)) == NULL) 392 if ((point = EC_POINT_new(group)) == NULL) {
426 {
427 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); 393 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
428 goto err; 394 goto err;
429 } 395 }
430 if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) 396 if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
431 {
432 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 397 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
433 goto err; 398 goto err;
434 } 399 }
435 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 400 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
436 { 401 NID_X9_62_prime_field) {
437 if (!EC_POINT_get_affine_coordinates_GFp(group, 402 if (!EC_POINT_get_affine_coordinates_GFp(group,
438 point, X, NULL, ctx)) 403 point, X, NULL, ctx)) {
439 {
440 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 404 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
441 goto err; 405 goto err;
442 } 406 }
@@ -445,20 +409,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
445 else /* NID_X9_62_characteristic_two_field */ 409 else /* NID_X9_62_characteristic_two_field */
446 { 410 {
447 if (!EC_POINT_get_affine_coordinates_GF2m(group, 411 if (!EC_POINT_get_affine_coordinates_GF2m(group,
448 point, X, NULL, ctx)) 412 point, X, NULL, ctx)) {
449 {
450 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 413 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
451 goto err; 414 goto err;
452 } 415 }
453 } 416 }
454#endif 417#endif
455 if (!BN_nnmod(u1, X, order, ctx)) 418 if (!BN_nnmod(u1, X, order, ctx)) {
456 {
457 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 419 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
458 goto err; 420 goto err;
459 } 421 }
460 /* if the signature is correct u1 is equal to sig->r */ 422 /* if the signature is correct u1 is equal to sig->r */
461 ret = (BN_ucmp(u1, sig->r) == 0); 423 ret = (BN_ucmp(u1, sig->r) == 0);
424
462err: 425err:
463 BN_CTX_end(ctx); 426 BN_CTX_end(ctx);
464 BN_CTX_free(ctx); 427 BN_CTX_free(ctx);
diff --git a/src/lib/libcrypto/ecdsa/ecs_sign.c b/src/lib/libcrypto/ecdsa/ecs_sign.c
index 55bb02d57f..029a0cb562 100644
--- a/src/lib/libcrypto/ecdsa/ecs_sign.c
+++ b/src/lib/libcrypto/ecdsa/ecs_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_sign.c,v 1.5 2014/10/18 17:20:40 jsing Exp $ */ 1/* $OpenBSD: ecs_sign.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -60,35 +60,39 @@
60#include <openssl/engine.h> 60#include <openssl/engine.h>
61#endif 61#endif
62 62
63ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) 63ECDSA_SIG *
64ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
64{ 65{
65 return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); 66 return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
66} 67}
67 68
68ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, 69ECDSA_SIG *
69 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) 70ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, const BIGNUM *kinv,
71 const BIGNUM *rp, EC_KEY *eckey)
70{ 72{
71 ECDSA_DATA *ecdsa = ecdsa_check(eckey); 73 ECDSA_DATA *ecdsa = ecdsa_check(eckey);
74
72 if (ecdsa == NULL) 75 if (ecdsa == NULL)
73 return NULL; 76 return NULL;
74 return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); 77 return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
75} 78}
76 79
77int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char 80int
78 *sig, unsigned int *siglen, EC_KEY *eckey) 81ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
82 unsigned int *siglen, EC_KEY *eckey)
79{ 83{
80 return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); 84 return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
81} 85}
82 86
83int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char 87int
84 *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, 88ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
85 EC_KEY *eckey) 89 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
86{ 90{
87 ECDSA_SIG *s; 91 ECDSA_SIG *s;
92
88 s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); 93 s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
89 if (s == NULL) 94 if (s == NULL) {
90 { 95 *siglen = 0;
91 *siglen=0;
92 return 0; 96 return 0;
93 } 97 }
94 *siglen = i2d_ECDSA_SIG(s, &sig); 98 *siglen = i2d_ECDSA_SIG(s, &sig);
@@ -96,11 +100,12 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
96 return 1; 100 return 1;
97} 101}
98 102
99int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 103int
100 BIGNUM **rp) 104ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
101{ 105{
102 ECDSA_DATA *ecdsa = ecdsa_check(eckey); 106 ECDSA_DATA *ecdsa = ecdsa_check(eckey);
107
103 if (ecdsa == NULL) 108 if (ecdsa == NULL)
104 return 0; 109 return 0;
105 return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); 110 return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
106} 111}
diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c
index b1e66af80a..a4b627ace6 100644
--- a/src/lib/libcrypto/ecdsa/ecs_vrf.c
+++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_vrf.c,v 1.4 2015/01/28 04:14:31 beck Exp $ */ 1/* $OpenBSD: ecs_vrf.c,v 1.5 2015/02/08 13:35:07 jsing Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -69,42 +69,48 @@
69 * 0: incorrect signature 69 * 0: incorrect signature
70 * -1: error 70 * -1: error
71 */ 71 */
72int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 72int
73 const ECDSA_SIG *sig, EC_KEY *eckey) 73ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
74 { 74 EC_KEY *eckey)
75{
75 ECDSA_DATA *ecdsa = ecdsa_check(eckey); 76 ECDSA_DATA *ecdsa = ecdsa_check(eckey);
77
76 if (ecdsa == NULL) 78 if (ecdsa == NULL)
77 return 0; 79 return 0;
78 return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); 80 return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
79 } 81}
80 82
81/* returns 83/* returns
82 * 1: correct signature 84 * 1: correct signature
83 * 0: incorrect signature 85 * 0: incorrect signature
84 * -1: error 86 * -1: error
85 */ 87 */
86int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, 88int
87 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) 89ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
88 { 90 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
91{
89 ECDSA_SIG *s; 92 ECDSA_SIG *s;
90 unsigned char *der = NULL; 93 unsigned char *der = NULL;
91 const unsigned char *p = sigbuf; 94 const unsigned char *p = sigbuf;
92 int derlen = -1; 95 int derlen = -1;
93 int ret=-1; 96 int ret = -1;
94 97
95 s = ECDSA_SIG_new(); 98 s = ECDSA_SIG_new();
96 if (s == NULL) return(ret); 99 if (s == NULL)
97 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; 100 return (ret);
101 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
102 goto err;
98 /* Ensure signature uses DER and doesn't have trailing garbage */ 103 /* Ensure signature uses DER and doesn't have trailing garbage */
99 derlen = i2d_ECDSA_SIG(s, &der); 104 derlen = i2d_ECDSA_SIG(s, &der);
100 if (derlen != sig_len || memcmp(sigbuf, der, derlen)) 105 if (derlen != sig_len || memcmp(sigbuf, der, derlen))
101 goto err; 106 goto err;
102 ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); 107 ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
108
103err: 109err:
104 if (derlen > 0) { 110 if (derlen > 0) {
105 explicit_bzero(der, derlen); 111 explicit_bzero(der, derlen);
106 free(der); 112 free(der);
107 } 113 }
108 ECDSA_SIG_free(s); 114 ECDSA_SIG_free(s);
109 return(ret); 115 return (ret);
110 } 116}
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecdsa.h b/src/lib/libssl/src/crypto/ecdsa/ecdsa.h
index ad716c24a5..530ab265bb 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecdsa.h
+++ b/src/lib/libssl/src/crypto/ecdsa/ecdsa.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecdsa.h,v 1.3 2014/11/17 20:25:50 miod Exp $ */ 1/* $OpenBSD: ecdsa.h,v 1.4 2015/02/08 13:35:06 jsing Exp $ */
2/** 2/**
3 * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions 3 * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
4 * \author Written by Nils Larsch for the OpenSSL project 4 * \author Written by Nils Larsch for the OpenSSL project
@@ -11,7 +11,7 @@
11 * are met: 11 * are met:
12 * 12 *
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
15 * 15 *
16 * 2. Redistributions in binary form must reproduce the above copyright 16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in 17 * notice, this list of conditions and the following disclaimer in
@@ -79,11 +79,11 @@ typedef struct ECDSA_SIG_st ECDSA_SIG;
79 79
80struct ecdsa_method { 80struct ecdsa_method {
81 const char *name; 81 const char *name;
82 ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 82 ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
83 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); 83 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
84 int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 84 int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
85 BIGNUM **r); 85 BIGNUM **r);
86 int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 86 int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
87 const ECDSA_SIG *sig, EC_KEY *eckey); 87 const ECDSA_SIG *sig, EC_KEY *eckey);
88#if 0 88#if 0
89 int (*init)(EC_KEY *eckey); 89 int (*init)(EC_KEY *eckey);
@@ -114,18 +114,18 @@ ECDSA_SIG *ECDSA_SIG_new(void);
114/** frees a ECDSA_SIG structure 114/** frees a ECDSA_SIG structure
115 * \param sig pointer to the ECDSA_SIG structure 115 * \param sig pointer to the ECDSA_SIG structure
116 */ 116 */
117void ECDSA_SIG_free(ECDSA_SIG *sig); 117void ECDSA_SIG_free(ECDSA_SIG *sig);
118 118
119/** DER encode content of ECDSA_SIG object (note: this function modifies *pp 119/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
120 * (*pp += length of the DER encoded signature)). 120 * (*pp += length of the DER encoded signature)).
121 * \param sig pointer to the ECDSA_SIG object 121 * \param sig pointer to the ECDSA_SIG object
122 * \param pp pointer to a unsigned char pointer for the output or NULL 122 * \param pp pointer to a unsigned char pointer for the output or NULL
123 * \return the length of the DER encoded ECDSA_SIG object or 0 123 * \return the length of the DER encoded ECDSA_SIG object or 0
124 */ 124 */
125int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); 125int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
126 126
127/** Decodes a DER encoded ECDSA signature (note: this function changes *pp 127/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
128 * (*pp += len)). 128 * (*pp += len)).
129 * \param sig pointer to ECDSA_SIG pointer (may be NULL) 129 * \param sig pointer to ECDSA_SIG pointer (may be NULL)
130 * \param pp memory buffer with the DER encoded signature 130 * \param pp memory buffer with the DER encoded signature
131 * \param len length of the buffer 131 * \param len length of the buffer
@@ -140,20 +140,21 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
140 * \param eckey EC_KEY object containing a private EC key 140 * \param eckey EC_KEY object containing a private EC key
141 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred 141 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
142 */ 142 */
143ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); 143ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
144 EC_KEY *eckey);
144 145
145/** Computes ECDSA signature of a given hash value using the supplied 146/** Computes ECDSA signature of a given hash value using the supplied
146 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). 147 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
147 * \param dgst pointer to the hash value to sign 148 * \param dgst pointer to the hash value to sign
148 * \param dgstlen length of the hash value 149 * \param dgstlen length of the hash value
149 * \param kinv BIGNUM with a pre-computed inverse k (optional) 150 * \param kinv BIGNUM with a pre-computed inverse k (optional)
150 * \param rp BIGNUM with a pre-computed rp value (optioanl), 151 * \param rp BIGNUM with a pre-computed rp value (optioanl),
151 * see ECDSA_sign_setup 152 * see ECDSA_sign_setup
152 * \param eckey EC_KEY object containing a private EC key 153 * \param eckey EC_KEY object containing a private EC key
153 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred 154 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
154 */ 155 */
155ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 156ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
156 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); 157 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
157 158
158/** Verifies that the supplied signature is a valid ECDSA 159/** Verifies that the supplied signature is a valid ECDSA
159 * signature of the supplied hash value using the supplied public key. 160 * signature of the supplied hash value using the supplied public key.
@@ -164,15 +165,15 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
164 * \return 1 if the signature is valid, 0 if the signature is invalid 165 * \return 1 if the signature is valid, 0 if the signature is invalid
165 * and -1 on error 166 * and -1 on error
166 */ 167 */
167int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 168int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
168 const ECDSA_SIG *sig, EC_KEY* eckey); 169 const ECDSA_SIG *sig, EC_KEY* eckey);
169 170
170const ECDSA_METHOD *ECDSA_OpenSSL(void); 171const ECDSA_METHOD *ECDSA_OpenSSL(void);
171 172
172/** Sets the default ECDSA method 173/** Sets the default ECDSA method
173 * \param meth new default ECDSA_METHOD 174 * \param meth new default ECDSA_METHOD
174 */ 175 */
175void ECDSA_set_default_method(const ECDSA_METHOD *meth); 176void ECDSA_set_default_method(const ECDSA_METHOD *meth);
176 177
177/** Returns the default ECDSA method 178/** Returns the default ECDSA method
178 * \return pointer to ECDSA_METHOD structure containing the default method 179 * \return pointer to ECDSA_METHOD structure containing the default method
@@ -182,15 +183,15 @@ const ECDSA_METHOD *ECDSA_get_default_method(void);
182/** Sets method to be used for the ECDSA operations 183/** Sets method to be used for the ECDSA operations
183 * \param eckey EC_KEY object 184 * \param eckey EC_KEY object
184 * \param meth new method 185 * \param meth new method
185 * \return 1 on success and 0 otherwise 186 * \return 1 on success and 0 otherwise
186 */ 187 */
187int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); 188int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
188 189
189/** Returns the maximum length of the DER encoded signature 190/** Returns the maximum length of the DER encoded signature
190 * \param eckey EC_KEY object 191 * \param eckey EC_KEY object
191 * \return numbers of bytes required for the DER encoded signature 192 * \return numbers of bytes required for the DER encoded signature
192 */ 193 */
193int ECDSA_size(const EC_KEY *eckey); 194int ECDSA_size(const EC_KEY *eckey);
194 195
195/** Precompute parts of the signing operation 196/** Precompute parts of the signing operation
196 * \param eckey EC_KEY object containing a private EC key 197 * \param eckey EC_KEY object containing a private EC key
@@ -199,8 +200,8 @@ int ECDSA_size(const EC_KEY *eckey);
199 * \param rp BIGNUM pointer for x coordinate of k * generator 200 * \param rp BIGNUM pointer for x coordinate of k * generator
200 * \return 1 on success and 0 otherwise 201 * \return 1 on success and 0 otherwise
201 */ 202 */
202int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 203int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
203 BIGNUM **rp); 204 BIGNUM **rp);
204 205
205/** Computes ECDSA signature of a given hash value using the supplied 206/** Computes ECDSA signature of a given hash value using the supplied
206 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). 207 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -212,8 +213,8 @@ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
212 * \param eckey EC_KEY object containing a private EC key 213 * \param eckey EC_KEY object containing a private EC key
213 * \return 1 on success and 0 otherwise 214 * \return 1 on success and 0 otherwise
214 */ 215 */
215int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 216int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
216 unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); 217 unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
217 218
218 219
219/** Computes ECDSA signature of a given hash value using the supplied 220/** Computes ECDSA signature of a given hash value using the supplied
@@ -224,19 +225,19 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
224 * \param sig buffer to hold the DER encoded signature 225 * \param sig buffer to hold the DER encoded signature
225 * \param siglen pointer to the length of the returned signature 226 * \param siglen pointer to the length of the returned signature
226 * \param kinv BIGNUM with a pre-computed inverse k (optional) 227 * \param kinv BIGNUM with a pre-computed inverse k (optional)
227 * \param rp BIGNUM with a pre-computed rp value (optioanl), 228 * \param rp BIGNUM with a pre-computed rp value (optioanl),
228 * see ECDSA_sign_setup 229 * see ECDSA_sign_setup
229 * \param eckey EC_KEY object containing a private EC key 230 * \param eckey EC_KEY object containing a private EC key
230 * \return 1 on success and 0 otherwise 231 * \return 1 on success and 0 otherwise
231 */ 232 */
232int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 233int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
233 unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, 234 unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
234 const BIGNUM *rp, EC_KEY *eckey); 235 const BIGNUM *rp, EC_KEY *eckey);
235 236
236/** Verifies that the given signature is valid ECDSA signature 237/** Verifies that the given signature is valid ECDSA signature
237 * of the supplied hash value using the specified public key. 238 * of the supplied hash value using the specified public key.
238 * \param type this parameter is ignored 239 * \param type this parameter is ignored
239 * \param dgst pointer to the hash value 240 * \param dgst pointer to the hash value
240 * \param dgstlen length of the hash value 241 * \param dgstlen length of the hash value
241 * \param sig pointer to the DER encoded signature 242 * \param sig pointer to the DER encoded signature
242 * \param siglen length of the DER encoded signature 243 * \param siglen length of the DER encoded signature
@@ -244,14 +245,14 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
244 * \return 1 if the signature is valid, 0 if the signature is invalid 245 * \return 1 if the signature is valid, 0 if the signature is invalid
245 * and -1 on error 246 * and -1 on error
246 */ 247 */
247int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 248int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
248 const unsigned char *sig, int siglen, EC_KEY *eckey); 249 const unsigned char *sig, int siglen, EC_KEY *eckey);
249 250
250/* the standard ex_data functions */ 251/* the standard ex_data functions */
251int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 252int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
252 *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 253 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
253int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); 254int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
254void *ECDSA_get_ex_data(EC_KEY *d, int idx); 255void *ECDSA_get_ex_data(EC_KEY *d, int idx);
255 256
256 257
257/* BEGIN ERROR CODES */ 258/* BEGIN ERROR CODES */
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_asn1.c b/src/lib/libssl/src/crypto/ecdsa/ecs_asn1.c
index 351c1e9ba5..f62df3a817 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_asn1.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_asn1.c,v 1.2 2014/06/12 15:49:29 deraadt Exp $ */ 1/* $OpenBSD: ecs_asn1.c,v 1.3 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_err.c b/src/lib/libssl/src/crypto/ecdsa/ecs_err.c
index 721b53c3f4..26efc135e3 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_err.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_err.c,v 1.3 2014/07/10 22:45:57 jsing Exp $ */ 1/* $OpenBSD: ecs_err.c,v 1.4 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -71,39 +71,36 @@
71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) 71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) 72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
73 73
74static ERR_STRING_DATA ECDSA_str_functs[]= 74static ERR_STRING_DATA ECDSA_str_functs[]= {
75 { 75 {ERR_FUNC(ECDSA_F_ECDSA_CHECK), "ECDSA_CHECK"},
76{ERR_FUNC(ECDSA_F_ECDSA_CHECK), "ECDSA_CHECK"}, 76 {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
77{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, 77 {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
78{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, 78 {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
79{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, 79 {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
80{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, 80 {0, NULL}
81{0,NULL} 81};
82 };
83 82
84static ERR_STRING_DATA ECDSA_str_reasons[]= 83static ERR_STRING_DATA ECDSA_str_reasons[]= {
85 { 84 {ERR_REASON(ECDSA_R_BAD_SIGNATURE) , "bad signature"},
86{ERR_REASON(ECDSA_R_BAD_SIGNATURE) ,"bad signature"}, 85 {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
87{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, 86 {ERR_REASON(ECDSA_R_ERR_EC_LIB) , "err ec lib"},
88{ERR_REASON(ECDSA_R_ERR_EC_LIB) ,"err ec lib"}, 87 {ERR_REASON(ECDSA_R_MISSING_PARAMETERS) , "missing parameters"},
89{ERR_REASON(ECDSA_R_MISSING_PARAMETERS) ,"missing parameters"}, 88 {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
90{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"}, 89 {ERR_REASON(ECDSA_R_NON_FIPS_METHOD) , "non fips method"},
91{ERR_REASON(ECDSA_R_NON_FIPS_METHOD) ,"non fips method"}, 90 {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), "random number generation failed"},
92{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"}, 91 {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"},
93{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"}, 92 {0, NULL}
94{0,NULL} 93};
95 };
96 94
97#endif 95#endif
98 96
99void ERR_load_ECDSA_strings(void) 97void
100 { 98ERR_load_ECDSA_strings(void)
99{
101#ifndef OPENSSL_NO_ERR 100#ifndef OPENSSL_NO_ERR
102 101 if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) {
103 if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) 102 ERR_load_strings(0, ECDSA_str_functs);
104 { 103 ERR_load_strings(0, ECDSA_str_reasons);
105 ERR_load_strings(0,ECDSA_str_functs);
106 ERR_load_strings(0,ECDSA_str_reasons);
107 }
108#endif
109 } 104 }
105#endif
106}
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
index 6cdf4c124b..dba888cb48 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_lib.c,v 1.8 2015/02/07 13:19:15 doug Exp $ */ 1/* $OpenBSD: ecs_lib.c,v 1.9 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -70,21 +70,23 @@ static void *ecdsa_data_new(void);
70static void *ecdsa_data_dup(void *); 70static void *ecdsa_data_dup(void *);
71static void ecdsa_data_free(void *); 71static void ecdsa_data_free(void *);
72 72
73void ECDSA_set_default_method(const ECDSA_METHOD *meth) 73void
74ECDSA_set_default_method(const ECDSA_METHOD *meth)
74{ 75{
75 default_ECDSA_method = meth; 76 default_ECDSA_method = meth;
76} 77}
77 78
78const ECDSA_METHOD *ECDSA_get_default_method(void) 79const ECDSA_METHOD *
80ECDSA_get_default_method(void)
79{ 81{
80 if(!default_ECDSA_method) 82 if (!default_ECDSA_method) {
81 {
82 default_ECDSA_method = ECDSA_OpenSSL(); 83 default_ECDSA_method = ECDSA_OpenSSL();
83 } 84 }
84 return default_ECDSA_method; 85 return default_ECDSA_method;
85} 86}
86 87
87int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) 88int
89ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
88{ 90{
89 ECDSA_DATA *ecdsa; 91 ECDSA_DATA *ecdsa;
90 92
@@ -94,26 +96,25 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
94 return 0; 96 return 0;
95 97
96#ifndef OPENSSL_NO_ENGINE 98#ifndef OPENSSL_NO_ENGINE
97 if (ecdsa->engine) 99 if (ecdsa->engine) {
98 {
99 ENGINE_finish(ecdsa->engine); 100 ENGINE_finish(ecdsa->engine);
100 ecdsa->engine = NULL; 101 ecdsa->engine = NULL;
101 } 102 }
102#endif 103#endif
103 ecdsa->meth = meth; 104 ecdsa->meth = meth;
104 105
105 return 1; 106 return 1;
106} 107}
107 108
108static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) 109static ECDSA_DATA *
110ECDSA_DATA_new_method(ENGINE *engine)
109{ 111{
110 ECDSA_DATA *ret; 112 ECDSA_DATA *ret;
111 113
112 ret = malloc(sizeof(ECDSA_DATA)); 114 ret = malloc(sizeof(ECDSA_DATA));
113 if (ret == NULL) 115 if (ret == NULL) {
114 {
115 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); 116 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
116 return(NULL); 117 return (NULL);
117 } 118 }
118 119
119 ret->init = NULL; 120 ret->init = NULL;
@@ -123,12 +124,11 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
123#ifndef OPENSSL_NO_ENGINE 124#ifndef OPENSSL_NO_ENGINE
124 if (!ret->engine) 125 if (!ret->engine)
125 ret->engine = ENGINE_get_default_ECDSA(); 126 ret->engine = ENGINE_get_default_ECDSA();
126 if (ret->engine) 127 if (ret->engine) {
127 {
128 ret->meth = ENGINE_get_ECDSA(ret->engine); 128 ret->meth = ENGINE_get_ECDSA(ret->engine);
129 if (!ret->meth) 129 if (!ret->meth) {
130 { 130 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD,
131 ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); 131 ERR_R_ENGINE_LIB);
132 ENGINE_finish(ret->engine); 132 ENGINE_finish(ret->engine);
133 free(ret); 133 free(ret);
134 return NULL; 134 return NULL;
@@ -138,15 +138,17 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
138 138
139 ret->flags = ret->meth->flags; 139 ret->flags = ret->meth->flags;
140 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); 140 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
141 return(ret); 141 return (ret);
142} 142}
143 143
144static void *ecdsa_data_new(void) 144static void *
145ecdsa_data_new(void)
145{ 146{
146 return (void *)ECDSA_DATA_new_method(NULL); 147 return (void *)ECDSA_DATA_new_method(NULL);
147} 148}
148 149
149static void *ecdsa_data_dup(void *data) 150static void *
151ecdsa_data_dup(void *data)
150{ 152{
151 ECDSA_DATA *r = (ECDSA_DATA *)data; 153 ECDSA_DATA *r = (ECDSA_DATA *)data;
152 154
@@ -157,7 +159,8 @@ static void *ecdsa_data_dup(void *data)
157 return ecdsa_data_new(); 159 return ecdsa_data_new();
158} 160}
159 161
160static void ecdsa_data_free(void *data) 162static void
163ecdsa_data_free(void *data)
161{ 164{
162 ECDSA_DATA *r = (ECDSA_DATA *)data; 165 ECDSA_DATA *r = (ECDSA_DATA *)data;
163 166
@@ -172,38 +175,37 @@ static void ecdsa_data_free(void *data)
172 free(r); 175 free(r);
173} 176}
174 177
175ECDSA_DATA *ecdsa_check(EC_KEY *key) 178ECDSA_DATA *
179ecdsa_check(EC_KEY *key)
176{ 180{
177 ECDSA_DATA *ecdsa_data; 181 ECDSA_DATA *ecdsa_data;
178 182
179 void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, 183 void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
180 ecdsa_data_free, ecdsa_data_free); 184 ecdsa_data_free, ecdsa_data_free);
181 if (data == NULL) 185 if (data == NULL) {
182 {
183 ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); 186 ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
184 if (ecdsa_data == NULL) 187 if (ecdsa_data == NULL)
185 return NULL; 188 return NULL;
186 data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, 189 data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
187 ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); 190 ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
188 if (data != NULL) 191 if (data != NULL) {
189 {
190 /* Another thread raced us to install the key_method 192 /* Another thread raced us to install the key_method
191 * data and won. */ 193 * data and won. */
192 ecdsa_data_free(ecdsa_data); 194 ecdsa_data_free(ecdsa_data);
193 ecdsa_data = (ECDSA_DATA *)data; 195 ecdsa_data = (ECDSA_DATA *)data;
194 } 196 }
195 } 197 } else
196 else
197 ecdsa_data = (ECDSA_DATA *)data; 198 ecdsa_data = (ECDSA_DATA *)data;
198 199
199 return ecdsa_data; 200 return ecdsa_data;
200} 201}
201 202
202int ECDSA_size(const EC_KEY *r) 203int
204ECDSA_size(const EC_KEY *r)
203{ 205{
204 int ret,i; 206 int ret, i;
205 ASN1_INTEGER bs; 207 ASN1_INTEGER bs;
206 BIGNUM *order=NULL; 208 BIGNUM *order = NULL;
207 unsigned char buf[4]; 209 unsigned char buf[4];
208 const EC_GROUP *group; 210 const EC_GROUP *group;
209 211
@@ -213,48 +215,50 @@ int ECDSA_size(const EC_KEY *r)
213 if (group == NULL) 215 if (group == NULL)
214 return 0; 216 return 0;
215 217
216 if ((order = BN_new()) == NULL) return 0; 218 if ((order = BN_new()) == NULL)
217 if (!EC_GROUP_get_order(group,order,NULL)) 219 return 0;
218 { 220 if (!EC_GROUP_get_order(group, order, NULL)) {
219 BN_clear_free(order); 221 BN_clear_free(order);
220 return 0; 222 return 0;
221 } 223 }
222 i=BN_num_bits(order); 224 i = BN_num_bits(order);
223 bs.length=(i+7)/8; 225 bs.length = (i + 7) / 8;
224 bs.data=buf; 226 bs.data = buf;
225 bs.type=V_ASN1_INTEGER; 227 bs.type = V_ASN1_INTEGER;
226 /* If the top bit is set the asn1 encoding is 1 larger. */ 228 /* If the top bit is set the asn1 encoding is 1 larger. */
227 buf[0]=0xff; 229 buf[0] = 0xff;
228 230
229 i=i2d_ASN1_INTEGER(&bs,NULL); 231 i = i2d_ASN1_INTEGER(&bs, NULL);
230 i+=i; /* r and s */ 232 i += i; /* r and s */
231 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 233 ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
232 BN_clear_free(order); 234 BN_clear_free(order);
233 return(ret); 235 return (ret);
234} 236}
235 237
236 238int
237int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 239ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
238 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 240 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
239{ 241{
240 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, 242 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
241 new_func, dup_func, free_func); 243 new_func, dup_func, free_func);
242} 244}
243 245
244int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) 246int
247ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
245{ 248{
246 ECDSA_DATA *ecdsa; 249 ECDSA_DATA *ecdsa;
247 ecdsa = ecdsa_check(d); 250 ecdsa = ecdsa_check(d);
248 if (ecdsa == NULL) 251 if (ecdsa == NULL)
249 return 0; 252 return 0;
250 return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); 253 return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg));
251} 254}
252 255
253void *ECDSA_get_ex_data(EC_KEY *d, int idx) 256void *
257ECDSA_get_ex_data(EC_KEY *d, int idx)
254{ 258{
255 ECDSA_DATA *ecdsa; 259 ECDSA_DATA *ecdsa;
256 ecdsa = ecdsa_check(d); 260 ecdsa = ecdsa_check(d);
257 if (ecdsa == NULL) 261 if (ecdsa == NULL)
258 return NULL; 262 return NULL;
259 return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); 263 return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx));
260} 264}
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_locl.h b/src/lib/libssl/src/crypto/ecdsa/ecs_locl.h
index e47f6794ac..24d866ae64 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_locl.h
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_locl.h,v 1.3 2014/11/17 20:25:50 miod Exp $ */ 1/* $OpenBSD: ecs_locl.h,v 1.4 2015/02/08 13:35:07 jsing Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c b/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c
index 0dde5386ff..31102138c0 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_ossl.c,v 1.5 2014/07/12 16:03:37 miod Exp $ */ 1/* $OpenBSD: ecs_ossl.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -63,12 +63,12 @@
63#include <openssl/obj_mac.h> 63#include <openssl/obj_mac.h>
64#include <openssl/bn.h> 64#include <openssl/bn.h>
65 65
66static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 66static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
67 const BIGNUM *, const BIGNUM *, EC_KEY *eckey); 67 const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
68static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 68static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
69 BIGNUM **rp); 69 BIGNUM **rp);
70static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 70static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
71 const ECDSA_SIG *sig, EC_KEY *eckey); 71 const ECDSA_SIG *sig, EC_KEY *eckey);
72 72
73static ECDSA_METHOD openssl_ecdsa_meth = { 73static ECDSA_METHOD openssl_ecdsa_meth = {
74 .name = "OpenSSL ECDSA method", 74 .name = "OpenSSL ECDSA method",
@@ -77,65 +77,58 @@ static ECDSA_METHOD openssl_ecdsa_meth = {
77 .ecdsa_do_verify = ecdsa_do_verify 77 .ecdsa_do_verify = ecdsa_do_verify
78}; 78};
79 79
80const ECDSA_METHOD *ECDSA_OpenSSL(void) 80const ECDSA_METHOD *
81ECDSA_OpenSSL(void)
81{ 82{
82 return &openssl_ecdsa_meth; 83 return &openssl_ecdsa_meth;
83} 84}
84 85
85static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 86static int
86 BIGNUM **rp) 87ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
87{ 88{
88 BN_CTX *ctx = NULL; 89 BN_CTX *ctx = NULL;
89 BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; 90 BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
90 EC_POINT *tmp_point=NULL; 91 EC_POINT *tmp_point = NULL;
91 const EC_GROUP *group; 92 const EC_GROUP *group;
92 int ret = 0; 93 int ret = 0;
93 94
94 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) 95 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
95 {
96 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); 96 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
97 return 0; 97 return 0;
98 } 98 }
99 99
100 if (ctx_in == NULL) 100 if (ctx_in == NULL) {
101 { 101 if ((ctx = BN_CTX_new()) == NULL) {
102 if ((ctx = BN_CTX_new()) == NULL) 102 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
103 { 103 ERR_R_MALLOC_FAILURE);
104 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
105 return 0; 104 return 0;
106 } 105 }
107 } 106 } else
108 else
109 ctx = ctx_in; 107 ctx = ctx_in;
110 108
111 k = BN_new(); /* this value is later returned in *kinvp */ 109 k = BN_new(); /* this value is later returned in *kinvp */
112 r = BN_new(); /* this value is later returned in *rp */ 110 r = BN_new(); /* this value is later returned in *rp */
113 order = BN_new(); 111 order = BN_new();
114 X = BN_new(); 112 X = BN_new();
115 if (!k || !r || !order || !X) 113 if (!k || !r || !order || !X) {
116 {
117 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); 114 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
118 goto err; 115 goto err;
119 } 116 }
120 if ((tmp_point = EC_POINT_new(group)) == NULL) 117 if ((tmp_point = EC_POINT_new(group)) == NULL) {
121 {
122 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); 118 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
123 goto err; 119 goto err;
124 } 120 }
125 if (!EC_GROUP_get_order(group, order, ctx)) 121 if (!EC_GROUP_get_order(group, order, ctx)) {
126 {
127 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); 122 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
128 goto err; 123 goto err;
129 } 124 }
130 125
131 do 126 do {
132 { 127 /* get random k */
133 /* get random k */
134 do 128 do
135 if (!BN_rand_range(k, order)) 129 if (!BN_rand_range(k, order)) {
136 {
137 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, 130 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
138 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); 131 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
139 goto err; 132 goto err;
140 } 133 }
141 while (BN_is_zero(k)); 134 while (BN_is_zero(k));
@@ -143,23 +136,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
143 /* We do not want timing information to leak the length of k, 136 /* We do not want timing information to leak the length of k,
144 * so we compute G*k using an equivalent scalar of fixed 137 * so we compute G*k using an equivalent scalar of fixed
145 * bit-length. */ 138 * bit-length. */
146 139 if (!BN_add(k, k, order))
147 if (!BN_add(k, k, order)) goto err; 140 goto err;
148 if (BN_num_bits(k) <= BN_num_bits(order)) 141 if (BN_num_bits(k) <= BN_num_bits(order))
149 if (!BN_add(k, k, order)) goto err; 142 if (!BN_add(k, k, order))
143 goto err;
150 144
151 /* compute r the x-coordinate of generator * k */ 145 /* compute r the x-coordinate of generator * k */
152 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) 146 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
153 {
154 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); 147 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
155 goto err; 148 goto err;
156 } 149 }
157 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 150 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
158 { 151 NID_X9_62_prime_field) {
159 if (!EC_POINT_get_affine_coordinates_GFp(group, 152 if (!EC_POINT_get_affine_coordinates_GFp(group,
160 tmp_point, X, NULL, ctx)) 153 tmp_point, X, NULL, ctx)) {
161 { 154 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
162 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); 155 ERR_R_EC_LIB);
163 goto err; 156 goto err;
164 } 157 }
165 } 158 }
@@ -167,53 +160,52 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
167 else /* NID_X9_62_characteristic_two_field */ 160 else /* NID_X9_62_characteristic_two_field */
168 { 161 {
169 if (!EC_POINT_get_affine_coordinates_GF2m(group, 162 if (!EC_POINT_get_affine_coordinates_GF2m(group,
170 tmp_point, X, NULL, ctx)) 163 tmp_point, X, NULL, ctx)) {
171 { 164 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
172 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); 165 ERR_R_EC_LIB);
173 goto err; 166 goto err;
174 } 167 }
175 } 168 }
176#endif 169#endif
177 if (!BN_nnmod(r, X, order, ctx)) 170 if (!BN_nnmod(r, X, order, ctx)) {
178 {
179 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); 171 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
180 goto err; 172 goto err;
181 } 173 }
182 } 174 } while (BN_is_zero(r));
183 while (BN_is_zero(r));
184 175
185 /* compute the inverse of k */ 176 /* compute the inverse of k */
186 if (!BN_mod_inverse(k, k, order, ctx)) 177 if (!BN_mod_inverse(k, k, order, ctx)) {
187 {
188 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); 178 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
189 goto err; 179 goto err;
190 } 180 }
191 /* clear old values if necessary */ 181 /* clear old values if necessary */
192 BN_clear_free(*rp); 182 BN_clear_free(*rp);
193 BN_clear_free(*kinvp); 183 BN_clear_free(*kinvp);
194 /* save the pre-computed values */ 184 /* save the pre-computed values */
195 *rp = r; 185 *rp = r;
196 *kinvp = k; 186 *kinvp = k;
197 ret = 1; 187 ret = 1;
188
198err: 189err:
199 if (!ret) { 190 if (!ret) {
200 BN_clear_free(k); 191 BN_clear_free(k);
201 BN_clear_free(r); 192 BN_clear_free(r);
202 } 193 }
203 if (ctx_in == NULL) 194 if (ctx_in == NULL)
204 BN_CTX_free(ctx); 195 BN_CTX_free(ctx);
205 BN_free(order); 196 BN_free(order);
206 EC_POINT_free(tmp_point); 197 EC_POINT_free(tmp_point);
207 BN_clear_free(X); 198 BN_clear_free(X);
208 return(ret); 199 return (ret);
209} 200}
210 201
211 202
212static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 203static ECDSA_SIG *
213 const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) 204ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
205 const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
214{ 206{
215 int ok = 0, i; 207 int ok = 0, i;
216 BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; 208 BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
217 const BIGNUM *ckinv; 209 const BIGNUM *ckinv;
218 BN_CTX *ctx = NULL; 210 BN_CTX *ctx = NULL;
219 const EC_GROUP *group; 211 const EC_GROUP *group;
@@ -221,33 +213,29 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
221 ECDSA_DATA *ecdsa; 213 ECDSA_DATA *ecdsa;
222 const BIGNUM *priv_key; 214 const BIGNUM *priv_key;
223 215
224 ecdsa = ecdsa_check(eckey); 216 ecdsa = ecdsa_check(eckey);
225 group = EC_KEY_get0_group(eckey); 217 group = EC_KEY_get0_group(eckey);
226 priv_key = EC_KEY_get0_private_key(eckey); 218 priv_key = EC_KEY_get0_private_key(eckey);
227 219
228 if (group == NULL || priv_key == NULL || ecdsa == NULL) 220 if (group == NULL || priv_key == NULL || ecdsa == NULL) {
229 {
230 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); 221 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
231 return NULL; 222 return NULL;
232 } 223 }
233 224
234 ret = ECDSA_SIG_new(); 225 ret = ECDSA_SIG_new();
235 if (!ret) 226 if (!ret) {
236 {
237 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); 227 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
238 return NULL; 228 return NULL;
239 } 229 }
240 s = ret->s; 230 s = ret->s;
241 231
242 if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || 232 if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
243 (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) 233 (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
244 {
245 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); 234 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
246 goto err; 235 goto err;
247 } 236 }
248 237
249 if (!EC_GROUP_get_order(group, order, ctx)) 238 if (!EC_GROUP_get_order(group, order, ctx)) {
250 {
251 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); 239 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
252 goto err; 240 goto err;
253 } 241 }
@@ -257,73 +245,61 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
257 */ 245 */
258 if (8 * dgst_len > i) 246 if (8 * dgst_len > i)
259 dgst_len = (i + 7)/8; 247 dgst_len = (i + 7)/8;
260 if (!BN_bin2bn(dgst, dgst_len, m)) 248 if (!BN_bin2bn(dgst, dgst_len, m)) {
261 {
262 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 249 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
263 goto err; 250 goto err;
264 } 251 }
265 /* If still too long truncate remaining bits with a shift */ 252 /* If still too long truncate remaining bits with a shift */
266 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) 253 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
267 {
268 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 254 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
269 goto err; 255 goto err;
270 } 256 }
271 do 257 do {
272 { 258 if (in_kinv == NULL || in_r == NULL) {
273 if (in_kinv == NULL || in_r == NULL) 259 if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
274 { 260 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
275 if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) 261 ERR_R_ECDSA_LIB);
276 {
277 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
278 goto err; 262 goto err;
279 } 263 }
280 ckinv = kinv; 264 ckinv = kinv;
281 } 265 } else {
282 else 266 ckinv = in_kinv;
283 { 267 if (BN_copy(ret->r, in_r) == NULL) {
284 ckinv = in_kinv; 268 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
285 if (BN_copy(ret->r, in_r) == NULL) 269 ERR_R_MALLOC_FAILURE);
286 {
287 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
288 goto err; 270 goto err;
289 } 271 }
290 } 272 }
291 273
292 if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) 274 if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
293 {
294 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 275 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
295 goto err; 276 goto err;
296 } 277 }
297 if (!BN_mod_add_quick(s, tmp, m, order)) 278 if (!BN_mod_add_quick(s, tmp, m, order)) {
298 {
299 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 279 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
300 goto err; 280 goto err;
301 } 281 }
302 if (!BN_mod_mul(s, s, ckinv, order, ctx)) 282 if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
303 {
304 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); 283 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
305 goto err; 284 goto err;
306 } 285 }
307 if (BN_is_zero(s)) 286 if (BN_is_zero(s)) {
308 {
309 /* if kinv and r have been supplied by the caller 287 /* if kinv and r have been supplied by the caller
310 * don't to generate new kinv and r values */ 288 * don't to generate new kinv and r values */
311 if (in_kinv != NULL && in_r != NULL) 289 if (in_kinv != NULL && in_r != NULL) {
312 { 290 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
313 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES); 291 ECDSA_R_NEED_NEW_SETUP_VALUES);
314 goto err; 292 goto err;
315 } 293 }
316 } 294 } else
317 else
318 /* s != 0 => we have a valid signature */ 295 /* s != 0 => we have a valid signature */
319 break; 296 break;
320 } 297 } while (1);
321 while (1);
322 298
323 ok = 1; 299 ok = 1;
300
324err: 301err:
325 if (!ok) 302 if (!ok) {
326 {
327 ECDSA_SIG_free(ret); 303 ECDSA_SIG_free(ret);
328 ret = NULL; 304 ret = NULL;
329 } 305 }
@@ -335,8 +311,9 @@ err:
335 return ret; 311 return ret;
336} 312}
337 313
338static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 314static int
339 const ECDSA_SIG *sig, EC_KEY *eckey) 315ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
316 EC_KEY *eckey)
340{ 317{
341 int ret = -1, i; 318 int ret = -1, i;
342 BN_CTX *ctx; 319 BN_CTX *ctx;
@@ -347,47 +324,41 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
347 324
348 /* check input values */ 325 /* check input values */
349 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || 326 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
350 (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) 327 (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
351 {
352 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); 328 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
353 return -1; 329 return -1;
354 } 330 }
355 331
356 ctx = BN_CTX_new(); 332 ctx = BN_CTX_new();
357 if (!ctx) 333 if (!ctx) {
358 {
359 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); 334 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
360 return -1; 335 return -1;
361 } 336 }
362 BN_CTX_start(ctx); 337 BN_CTX_start(ctx);
363 order = BN_CTX_get(ctx); 338 order = BN_CTX_get(ctx);
364 u1 = BN_CTX_get(ctx); 339 u1 = BN_CTX_get(ctx);
365 u2 = BN_CTX_get(ctx); 340 u2 = BN_CTX_get(ctx);
366 m = BN_CTX_get(ctx); 341 m = BN_CTX_get(ctx);
367 X = BN_CTX_get(ctx); 342 X = BN_CTX_get(ctx);
368 if (!X) 343 if (!X) {
369 {
370 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 344 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
371 goto err; 345 goto err;
372 } 346 }
373 347
374 if (!EC_GROUP_get_order(group, order, ctx)) 348 if (!EC_GROUP_get_order(group, order, ctx)) {
375 {
376 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 349 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
377 goto err; 350 goto err;
378 } 351 }
379 352
380 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || 353 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
381 BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || 354 BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
382 BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) 355 BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
383 {
384 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); 356 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
385 ret = 0; /* signature is invalid */ 357 ret = 0; /* signature is invalid */
386 goto err; 358 goto err;
387 } 359 }
388 /* calculate tmp1 = inv(S) mod order */ 360 /* calculate tmp1 = inv(S) mod order */
389 if (!BN_mod_inverse(u2, sig->s, order, ctx)) 361 if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
390 {
391 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 362 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
392 goto err; 363 goto err;
393 } 364 }
@@ -398,45 +369,38 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
398 */ 369 */
399 if (8 * dgst_len > i) 370 if (8 * dgst_len > i)
400 dgst_len = (i + 7)/8; 371 dgst_len = (i + 7)/8;
401 if (!BN_bin2bn(dgst, dgst_len, m)) 372 if (!BN_bin2bn(dgst, dgst_len, m)) {
402 {
403 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 373 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
404 goto err; 374 goto err;
405 } 375 }
406 /* If still too long truncate remaining bits with a shift */ 376 /* If still too long truncate remaining bits with a shift */
407 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) 377 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
408 {
409 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 378 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
410 goto err; 379 goto err;
411 } 380 }
412 /* u1 = m * tmp mod order */ 381 /* u1 = m * tmp mod order */
413 if (!BN_mod_mul(u1, m, u2, order, ctx)) 382 if (!BN_mod_mul(u1, m, u2, order, ctx)) {
414 {
415 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 383 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
416 goto err; 384 goto err;
417 } 385 }
418 /* u2 = r * w mod q */ 386 /* u2 = r * w mod q */
419 if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) 387 if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
420 {
421 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 388 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
422 goto err; 389 goto err;
423 } 390 }
424 391
425 if ((point = EC_POINT_new(group)) == NULL) 392 if ((point = EC_POINT_new(group)) == NULL) {
426 {
427 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); 393 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
428 goto err; 394 goto err;
429 } 395 }
430 if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) 396 if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
431 {
432 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 397 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
433 goto err; 398 goto err;
434 } 399 }
435 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 400 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
436 { 401 NID_X9_62_prime_field) {
437 if (!EC_POINT_get_affine_coordinates_GFp(group, 402 if (!EC_POINT_get_affine_coordinates_GFp(group,
438 point, X, NULL, ctx)) 403 point, X, NULL, ctx)) {
439 {
440 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 404 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
441 goto err; 405 goto err;
442 } 406 }
@@ -445,20 +409,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
445 else /* NID_X9_62_characteristic_two_field */ 409 else /* NID_X9_62_characteristic_two_field */
446 { 410 {
447 if (!EC_POINT_get_affine_coordinates_GF2m(group, 411 if (!EC_POINT_get_affine_coordinates_GF2m(group,
448 point, X, NULL, ctx)) 412 point, X, NULL, ctx)) {
449 {
450 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); 413 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
451 goto err; 414 goto err;
452 } 415 }
453 } 416 }
454#endif 417#endif
455 if (!BN_nnmod(u1, X, order, ctx)) 418 if (!BN_nnmod(u1, X, order, ctx)) {
456 {
457 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); 419 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
458 goto err; 420 goto err;
459 } 421 }
460 /* if the signature is correct u1 is equal to sig->r */ 422 /* if the signature is correct u1 is equal to sig->r */
461 ret = (BN_ucmp(u1, sig->r) == 0); 423 ret = (BN_ucmp(u1, sig->r) == 0);
424
462err: 425err:
463 BN_CTX_end(ctx); 426 BN_CTX_end(ctx);
464 BN_CTX_free(ctx); 427 BN_CTX_free(ctx);
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_sign.c b/src/lib/libssl/src/crypto/ecdsa/ecs_sign.c
index 55bb02d57f..029a0cb562 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_sign.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_sign.c,v 1.5 2014/10/18 17:20:40 jsing Exp $ */ 1/* $OpenBSD: ecs_sign.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -60,35 +60,39 @@
60#include <openssl/engine.h> 60#include <openssl/engine.h>
61#endif 61#endif
62 62
63ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) 63ECDSA_SIG *
64ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
64{ 65{
65 return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); 66 return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
66} 67}
67 68
68ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, 69ECDSA_SIG *
69 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) 70ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, const BIGNUM *kinv,
71 const BIGNUM *rp, EC_KEY *eckey)
70{ 72{
71 ECDSA_DATA *ecdsa = ecdsa_check(eckey); 73 ECDSA_DATA *ecdsa = ecdsa_check(eckey);
74
72 if (ecdsa == NULL) 75 if (ecdsa == NULL)
73 return NULL; 76 return NULL;
74 return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); 77 return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
75} 78}
76 79
77int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char 80int
78 *sig, unsigned int *siglen, EC_KEY *eckey) 81ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
82 unsigned int *siglen, EC_KEY *eckey)
79{ 83{
80 return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); 84 return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
81} 85}
82 86
83int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char 87int
84 *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, 88ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
85 EC_KEY *eckey) 89 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
86{ 90{
87 ECDSA_SIG *s; 91 ECDSA_SIG *s;
92
88 s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); 93 s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
89 if (s == NULL) 94 if (s == NULL) {
90 { 95 *siglen = 0;
91 *siglen=0;
92 return 0; 96 return 0;
93 } 97 }
94 *siglen = i2d_ECDSA_SIG(s, &sig); 98 *siglen = i2d_ECDSA_SIG(s, &sig);
@@ -96,11 +100,12 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
96 return 1; 100 return 1;
97} 101}
98 102
99int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 103int
100 BIGNUM **rp) 104ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
101{ 105{
102 ECDSA_DATA *ecdsa = ecdsa_check(eckey); 106 ECDSA_DATA *ecdsa = ecdsa_check(eckey);
107
103 if (ecdsa == NULL) 108 if (ecdsa == NULL)
104 return 0; 109 return 0;
105 return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); 110 return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
106} 111}
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_vrf.c b/src/lib/libssl/src/crypto/ecdsa/ecs_vrf.c
index b1e66af80a..a4b627ace6 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_vrf.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_vrf.c,v 1.4 2015/01/28 04:14:31 beck Exp $ */ 1/* $OpenBSD: ecs_vrf.c,v 1.5 2015/02/08 13:35:07 jsing Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -69,42 +69,48 @@
69 * 0: incorrect signature 69 * 0: incorrect signature
70 * -1: error 70 * -1: error
71 */ 71 */
72int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 72int
73 const ECDSA_SIG *sig, EC_KEY *eckey) 73ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
74 { 74 EC_KEY *eckey)
75{
75 ECDSA_DATA *ecdsa = ecdsa_check(eckey); 76 ECDSA_DATA *ecdsa = ecdsa_check(eckey);
77
76 if (ecdsa == NULL) 78 if (ecdsa == NULL)
77 return 0; 79 return 0;
78 return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); 80 return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
79 } 81}
80 82
81/* returns 83/* returns
82 * 1: correct signature 84 * 1: correct signature
83 * 0: incorrect signature 85 * 0: incorrect signature
84 * -1: error 86 * -1: error
85 */ 87 */
86int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, 88int
87 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) 89ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
88 { 90 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
91{
89 ECDSA_SIG *s; 92 ECDSA_SIG *s;
90 unsigned char *der = NULL; 93 unsigned char *der = NULL;
91 const unsigned char *p = sigbuf; 94 const unsigned char *p = sigbuf;
92 int derlen = -1; 95 int derlen = -1;
93 int ret=-1; 96 int ret = -1;
94 97
95 s = ECDSA_SIG_new(); 98 s = ECDSA_SIG_new();
96 if (s == NULL) return(ret); 99 if (s == NULL)
97 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; 100 return (ret);
101 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
102 goto err;
98 /* Ensure signature uses DER and doesn't have trailing garbage */ 103 /* Ensure signature uses DER and doesn't have trailing garbage */
99 derlen = i2d_ECDSA_SIG(s, &der); 104 derlen = i2d_ECDSA_SIG(s, &der);
100 if (derlen != sig_len || memcmp(sigbuf, der, derlen)) 105 if (derlen != sig_len || memcmp(sigbuf, der, derlen))
101 goto err; 106 goto err;
102 ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); 107 ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
108
103err: 109err:
104 if (derlen > 0) { 110 if (derlen > 0) {
105 explicit_bzero(der, derlen); 111 explicit_bzero(der, derlen);
106 free(der); 112 free(der);
107 } 113 }
108 ECDSA_SIG_free(s); 114 ECDSA_SIG_free(s);
109 return(ret); 115 return (ret);
110 } 116}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:00:38 +0000