diff options
| author | djm <> | 2010-10-01 22:54:21 +0000 |
|---|---|---|
| committer | djm <> | 2010-10-01 22:54:21 +0000 |
| commit | 76262f7bf9262f965142b1b2b2105cb279c5c696 (patch) | |
| tree | bb3923b81f2ce34b1ad62684afdf1a94d904c185 /src/lib/libcrypto/ecdsa/ecs_ossl.c | |
| parent | 5bf424abe3e333358a0476841d2085fb5870dde9 (diff) | |
| parent | 829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (diff) | |
| download | openbsd-76262f7bf9262f965142b1b2b2105cb279c5c696.tar.gz openbsd-76262f7bf9262f965142b1b2b2105cb279c5c696.tar.bz2 openbsd-76262f7bf9262f965142b1b2b2105cb279c5c696.zip | |
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecs_ossl.c')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecs_ossl.c | 54 |
1 files changed, 24 insertions, 30 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 3ead1af94e..551cf5068f 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c | |||
| @@ -212,7 +212,7 @@ err: | |||
| 212 | static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, | 212 | static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, |
| 213 | const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) | 213 | const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) |
| 214 | { | 214 | { |
| 215 | int ok = 0; | 215 | int ok = 0, i; |
| 216 | BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; | 216 | BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; |
| 217 | const BIGNUM *ckinv; | 217 | const BIGNUM *ckinv; |
| 218 | BN_CTX *ctx = NULL; | 218 | BN_CTX *ctx = NULL; |
| @@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, | |||
| 251 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | 251 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); |
| 252 | goto err; | 252 | goto err; |
| 253 | } | 253 | } |
| 254 | if (8 * dgst_len > BN_num_bits(order)) | 254 | i = BN_num_bits(order); |
| 255 | /* Need to truncate digest if it is too long: first truncate whole | ||
| 256 | * bytes. | ||
| 257 | */ | ||
| 258 | if (8 * dgst_len > i) | ||
| 259 | dgst_len = (i + 7)/8; | ||
| 260 | if (!BN_bin2bn(dgst, dgst_len, m)) | ||
| 255 | { | 261 | { |
| 256 | /* XXX | 262 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); |
| 257 | * | ||
| 258 | * Should provide for optional hash truncation: | ||
| 259 | * Keep the BN_num_bits(order) leftmost bits of dgst | ||
| 260 | * (see March 2006 FIPS 186-3 draft, which has a few | ||
| 261 | * confusing errors in this part though) | ||
| 262 | */ | ||
| 263 | |||
| 264 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, | ||
| 265 | ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
| 266 | goto err; | 263 | goto err; |
| 267 | } | 264 | } |
| 268 | 265 | /* If still too long truncate remaining bits with a shift */ | |
| 269 | if (!BN_bin2bn(dgst, dgst_len, m)) | 266 | if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) |
| 270 | { | 267 | { |
| 271 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | 268 | ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); |
| 272 | goto err; | 269 | goto err; |
| @@ -346,7 +343,7 @@ err: | |||
| 346 | static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, | 343 | static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, |
| 347 | const ECDSA_SIG *sig, EC_KEY *eckey) | 344 | const ECDSA_SIG *sig, EC_KEY *eckey) |
| 348 | { | 345 | { |
| 349 | int ret = -1; | 346 | int ret = -1, i; |
| 350 | BN_CTX *ctx; | 347 | BN_CTX *ctx; |
| 351 | BIGNUM *order, *u1, *u2, *m, *X; | 348 | BIGNUM *order, *u1, *u2, *m, *X; |
| 352 | EC_POINT *point = NULL; | 349 | EC_POINT *point = NULL; |
| @@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, | |||
| 384 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | 381 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); |
| 385 | goto err; | 382 | goto err; |
| 386 | } | 383 | } |
| 387 | if (8 * dgst_len > BN_num_bits(order)) | ||
| 388 | { | ||
| 389 | /* XXX | ||
| 390 | * | ||
| 391 | * Should provide for optional hash truncation: | ||
| 392 | * Keep the BN_num_bits(order) leftmost bits of dgst | ||
| 393 | * (see March 2006 FIPS 186-3 draft, which has a few | ||
| 394 | * confusing errors in this part though) | ||
| 395 | */ | ||
| 396 | |||
| 397 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, | ||
| 398 | ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
| 399 | ret = 0; | ||
| 400 | goto err; | ||
| 401 | } | ||
| 402 | 384 | ||
| 403 | if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || | 385 | if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || |
| 404 | BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || | 386 | BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || |
| @@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, | |||
| 415 | goto err; | 397 | goto err; |
| 416 | } | 398 | } |
| 417 | /* digest -> m */ | 399 | /* digest -> m */ |
| 400 | i = BN_num_bits(order); | ||
| 401 | /* Need to truncate digest if it is too long: first truncate whole | ||
| 402 | * bytes. | ||
| 403 | */ | ||
| 404 | if (8 * dgst_len > i) | ||
| 405 | dgst_len = (i + 7)/8; | ||
| 418 | if (!BN_bin2bn(dgst, dgst_len, m)) | 406 | if (!BN_bin2bn(dgst, dgst_len, m)) |
| 419 | { | 407 | { |
| 420 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | 408 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); |
| 421 | goto err; | 409 | goto err; |
| 422 | } | 410 | } |
| 411 | /* If still too long truncate remaining bits with a shift */ | ||
| 412 | if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) | ||
| 413 | { | ||
| 414 | ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
| 415 | goto err; | ||
| 416 | } | ||
| 423 | /* u1 = m * tmp mod order */ | 417 | /* u1 = m * tmp mod order */ |
| 424 | if (!BN_mod_mul(u1, m, u2, order, ctx)) | 418 | if (!BN_mod_mul(u1, m, u2, order, ctx)) |
| 425 | { | 419 | { |