diff options
| author | tb <> | 2023-07-28 08:49:43 +0000 |
|---|---|---|
| committer | tb <> | 2023-07-28 08:49:43 +0000 |
| commit | a60bb43ba730ae6d2d64a6568ee5fddecaf151e3 (patch) | |
| tree | efbe0438383ae81f0c511a990e4a656ecd91e76c /src/lib/libcrypto/ecdsa/ecdsa.c | |
| parent | 9c4fb33240afcde0c06cf9e4b12424a2cfa28418 (diff) | |
| download | openbsd-a60bb43ba730ae6d2d64a6568ee5fddecaf151e3.tar.gz openbsd-a60bb43ba730ae6d2d64a6568ee5fddecaf151e3.tar.bz2 openbsd-a60bb43ba730ae6d2d64a6568ee5fddecaf151e3.zip | |
Make extended ECDSA signing routines internal
ECDSA_sign_setup() permits precomputing the values of the inverse of the
random k and the corresponding r. These can then be fed into the signing
routines ECDSA_{do_,}sign_ex() multiple times if needed. This is not a
great idea and the interface adds a lot of unwanted complexity.
Not to mention that nothing ever used this correctly - if s works out to
0, a special error code is thrown requesting that the caller provide new
kinv and r values. Unsurprisingly, nobody ever checked for that special
error code.
ok jsing
This commit marks the start of a libcrypto major bump. Do not build the
tree until I bumped the shlib_version and synced file sets (in about 35
commits).
Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecdsa.c')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecdsa.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c index e47ec21281..17f968f0cc 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.c +++ b/src/lib/libcrypto/ecdsa/ecdsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecdsa.c,v 1.12 2023/07/10 19:10:51 tb Exp $ */ | 1 | /* $OpenBSD: ecdsa.c,v 1.13 2023/07/28 08:49:43 tb Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -71,6 +71,14 @@ | |||
| 71 | #include "ec_local.h" | 71 | #include "ec_local.h" |
| 72 | #include "ecdsa_local.h" | 72 | #include "ecdsa_local.h" |
| 73 | 73 | ||
| 74 | static ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, | ||
| 75 | const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); | ||
| 76 | static int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, | ||
| 77 | unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, | ||
| 78 | const BIGNUM *rp, EC_KEY *eckey); | ||
| 79 | static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, | ||
| 80 | BIGNUM **out_r); | ||
| 81 | |||
| 74 | static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { | 82 | static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { |
| 75 | { | 83 | { |
| 76 | .flags = 0, | 84 | .flags = 0, |
| @@ -762,7 +770,7 @@ ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) | |||
| 762 | } | 770 | } |
| 763 | LCRYPTO_ALIAS(ECDSA_do_sign); | 771 | LCRYPTO_ALIAS(ECDSA_do_sign); |
| 764 | 772 | ||
| 765 | ECDSA_SIG * | 773 | static ECDSA_SIG * |
| 766 | ECDSA_do_sign_ex(const unsigned char *digest, int digest_len, | 774 | ECDSA_do_sign_ex(const unsigned char *digest, int digest_len, |
| 767 | const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key) | 775 | const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key) |
| 768 | { | 776 | { |
| @@ -772,7 +780,6 @@ ECDSA_do_sign_ex(const unsigned char *digest, int digest_len, | |||
| 772 | } | 780 | } |
| 773 | return key->meth->sign_sig(digest, digest_len, kinv, out_r, key); | 781 | return key->meth->sign_sig(digest, digest_len, kinv, out_r, key); |
| 774 | } | 782 | } |
| 775 | LCRYPTO_ALIAS(ECDSA_do_sign_ex); | ||
| 776 | 783 | ||
| 777 | int | 784 | int |
| 778 | ECDSA_sign(int type, const unsigned char *digest, int digest_len, | 785 | ECDSA_sign(int type, const unsigned char *digest, int digest_len, |
| @@ -783,7 +790,7 @@ ECDSA_sign(int type, const unsigned char *digest, int digest_len, | |||
| 783 | } | 790 | } |
| 784 | LCRYPTO_ALIAS(ECDSA_sign); | 791 | LCRYPTO_ALIAS(ECDSA_sign); |
| 785 | 792 | ||
| 786 | int | 793 | static int |
| 787 | ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len, | 794 | ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len, |
| 788 | unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, | 795 | unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, |
| 789 | const BIGNUM *r, EC_KEY *key) | 796 | const BIGNUM *r, EC_KEY *key) |
| @@ -795,9 +802,8 @@ ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len, | |||
| 795 | return key->meth->sign(type, digest, digest_len, signature, | 802 | return key->meth->sign(type, digest, digest_len, signature, |
| 796 | signature_len, kinv, r, key); | 803 | signature_len, kinv, r, key); |
| 797 | } | 804 | } |
| 798 | LCRYPTO_ALIAS(ECDSA_sign_ex); | ||
| 799 | 805 | ||
| 800 | int | 806 | static int |
| 801 | ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, | 807 | ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, |
| 802 | BIGNUM **out_r) | 808 | BIGNUM **out_r) |
| 803 | { | 809 | { |
| @@ -807,7 +813,6 @@ ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, | |||
| 807 | } | 813 | } |
| 808 | return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); | 814 | return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); |
| 809 | } | 815 | } |
| 810 | LCRYPTO_ALIAS(ECDSA_sign_setup); | ||
| 811 | 816 | ||
| 812 | int | 817 | int |
| 813 | ECDSA_do_verify(const unsigned char *digest, int digest_len, | 818 | ECDSA_do_verify(const unsigned char *digest, int digest_len, |