Switch sign_sig() and sign_setup() to using BN_CTX

Both these functions use a BN_CTX internally to deal with the EC API that usually requires one. However, they don't actually make use of it. Get the BIGNUMs from the BN_CTX instead, which simplifies the cleanup. Also defer allocation of the ECDSA_SIG to the very end. Instead of using its internal r and s, use two local r and s variables and transfer those to the ECDSA_SIG on success. ok beck jsing
author: tb <> 2023-07-02 13:37:09 +0000
committer: tb <> 2023-07-02 13:37:09 +0000
commit: 81cf7f5a0e83ddd6884c89e7deb313c814fb1794 (patch)
tree: 4a45788c1a81131fd17dbb375d331a34e94f4b78 /src
parent: ba8395f5f34f1d7f095fcbdb24b6427010056a97 (diff)
download: openbsd-81cf7f5a0e83ddd6884c89e7deb313c814fb1794.tar.gz
openbsd-81cf7f5a0e83ddd6884c89e7deb313c814fb1794.tar.bz2
openbsd-81cf7f5a0e83ddd6884c89e7deb313c814fb1794.zip
1 files changed, 73 insertions, 47 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 728c07d8bb..adbabb609b 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.44 2023/07/02 13:26:36 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.45 2023/07/02 13:37:09 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project
 */
@@ -124,11 +124,13 @@ int
 ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
    BIGNUM **out_r)
 {
-        BN_CTX *ctx = in_ctx;
-        BIGNUM *k = NULL, *r = NULL, *order = NULL, *x = NULL;
-        EC_POINT *point = NULL;
        const EC_GROUP *group;
-        int order_bits, ret = 0;
+        EC_POINT *point = NULL;
+        BN_CTX *ctx = NULL;
+        BIGNUM *k = NULL, *r = NULL;
+        BIGNUM *order, *x;
+        int order_bits;
+        int ret = 0;
        BN_free(*out_kinv);
        *out_kinv = NULL;
@@ -138,21 +140,28 @@ ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
        if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
                ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
+                goto err;
        }
-        if (ctx == NULL) {
+        if ((k = BN_new()) == NULL)
-                if ((ctx = BN_CTX_new()) == NULL) {
+                goto err;
-                        ECDSAerror(ERR_R_MALLOC_FAILURE);
+        if ((r = BN_new()) == NULL)
-                        return 0;
+                goto err;
-                }
-        }
-        if ((k = BN_new()) == NULL || (r = BN_new()) == NULL ||
+        if ((ctx = in_ctx) == NULL)
-            (order = BN_new()) == NULL || (x = BN_new()) == NULL) {
+                ctx = BN_CTX_new();
+        if (ctx == NULL) {
                ECDSAerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
+        BN_CTX_start(ctx);
+        if ((order = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
        if ((point = EC_POINT_new(group)) == NULL) {
                ECDSAerror(ERR_R_EC_LIB);
                goto err;
@@ -236,14 +245,14 @@ ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
        ret = 1;
 err:
-        if (in_ctx == NULL)
+        BN_CTX_end(ctx);
+        if (ctx != in_ctx)
                BN_CTX_free(ctx);
-        BN_free(order);
        BN_free(k);
        BN_free(r);
        EC_POINT_free(point);
-        BN_free(x);
-        return (ret);
+        return ret;
 }
 /*
@@ -257,37 +266,51 @@ ECDSA_SIG *
 ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
    const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
 {
-        BIGNUM *b = NULL, *binv = NULL, *bm = NULL, *bxr = NULL;
-        BIGNUM *kinv = NULL, *m = NULL, *order = NULL, *s;
-        const BIGNUM *ckinv, *priv_key;
-        BN_CTX *ctx = NULL;
        const EC_GROUP *group;
-        ECDSA_SIG  *ret;
+        BN_CTX *ctx = NULL;
+        BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+        BIGNUM *b, *binv, *bm, *bxr, *m, *order;
+        const BIGNUM *ckinv, *priv_key;
        int attempts = 0;
-        int ok = 0;
+        ECDSA_SIG *sig = NULL;
        group = EC_KEY_get0_group(eckey);
        priv_key = EC_KEY_get0_private_key(eckey);
        if (group == NULL || priv_key == NULL) {
                ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
-                return NULL;
+                goto err;
        }
-        if ((ret = ECDSA_SIG_new()) == NULL) {
+        if ((r = BN_new()) == NULL) {
                ECDSAerror(ERR_R_MALLOC_FAILURE);
-                return NULL;
+                goto err;
+        }
+        if ((s = BN_new()) == NULL) {
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
+                goto err;
        }
-        s = ret->s;
-        if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
+        if ((ctx = BN_CTX_new()) == NULL) {
-            (b = BN_new()) == NULL ||
-            (binv = BN_new()) == NULL || (bm = BN_new()) == NULL ||
-            (bxr = BN_new()) == NULL || (m = BN_new()) == NULL) {
                ECDSAerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
+        BN_CTX_start(ctx);
+        if ((order = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((b = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((binv = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((bm = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((bxr = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((m = BN_CTX_get(ctx)) == NULL)
+                goto err;
        if (!EC_GROUP_get_order(group, order, ctx)) {
                ECDSAerror(ERR_R_EC_LIB);
                goto err;
@@ -298,14 +321,14 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
        do {
                if (in_kinv == NULL || in_r == NULL) {
-                        if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
+                        if (!ECDSA_sign_setup(eckey, ctx, &kinv, &r)) {
                                ECDSAerror(ERR_R_ECDSA_LIB);
                                goto err;
                        }
                        ckinv = kinv;
                } else {
                        ckinv = in_kinv;
-                        if (!bn_copy(ret->r, in_r)) {
+                        if (!bn_copy(r, in_r)) {
                                ECDSAerror(ERR_R_MALLOC_FAILURE);
                                goto err;
                        }
@@ -338,7 +361,7 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
                        ECDSAerror(ERR_R_BN_LIB);
                        goto err;
                }
-                if (!BN_mod_mul(bxr, bxr, ret->r, order, ctx)) { /* bxr */
+                if (!BN_mod_mul(bxr, bxr, r, order, ctx)) { /* bxr */
                        ECDSAerror(ERR_R_BN_LIB);
                        goto err;
                }
@@ -378,22 +401,25 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
                        break;
        } while (1);
-        ok = 1;
+        if ((sig = ECDSA_SIG_new()) == NULL) {
+                ECDSAerror(ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!ECDSA_SIG_set0(sig, r, s)) {
+                ECDSA_SIG_free(sig);
+                goto err;
+        }
+        r = NULL;
+        s = NULL;
 err:
-        if (ok == 0) {
+        BN_CTX_end(ctx);
-                ECDSA_SIG_free(ret);
-                ret = NULL;
-        }
        BN_CTX_free(ctx);
-        BN_free(b);
-        BN_free(binv);
-        BN_free(bm);
-        BN_free(bxr);
        BN_free(kinv);
-        BN_free(m);
+        BN_free(r);
-        BN_free(order);
+        BN_free(s);
-        return ret;
+        return sig;
 }
 int
author	tb <>	2023-07-02 13:37:09 +0000
committer	tb <>	2023-07-02 13:37:09 +0000
commit	81cf7f5a0e83ddd6884c89e7deb313c814fb1794 (patch)
tree	4a45788c1a81131fd17dbb375d331a34e94f4b78 /src
parent	ba8395f5f34f1d7f095fcbdb24b6427010056a97 (diff)
download	openbsd-81cf7f5a0e83ddd6884c89e7deb313c814fb1794.tar.gz openbsd-81cf7f5a0e83ddd6884c89e7deb313c814fb1794.tar.bz2 openbsd-81cf7f5a0e83ddd6884c89e7deb313c814fb1794.zip

diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 728c07d8bb..adbabb609b 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecs_ossl.c,v 1.44 2023/07/02 13:26:36 tb Exp $ */	1	/* $OpenBSD: ecs_ossl.c,v 1.45 2023/07/02 13:37:09 tb Exp $ */
2	/*	2	/*
3	* Written by Nils Larsch for the OpenSSL project	3	* Written by Nils Larsch for the OpenSSL project
4	*/	4	*/
@@ -124,11 +124,13 @@ int
124	ossl_ecdsa_sign_setup(EC_KEY eckey, BN_CTX in_ctx, BIGNUM **out_kinv,	124	ossl_ecdsa_sign_setup(EC_KEY eckey, BN_CTX in_ctx, BIGNUM **out_kinv,
125	BIGNUM **out_r)	125	BIGNUM **out_r)
126	{	126	{
127	BN_CTX *ctx = in_ctx;
128	BIGNUM k = NULL, r = NULL, order = NULL, x = NULL;
129	EC_POINT *point = NULL;
130	const EC_GROUP *group;	127	const EC_GROUP *group;
131	int order_bits, ret = 0;	128	EC_POINT *point = NULL;
		129	BN_CTX *ctx = NULL;
		130	BIGNUM k = NULL, r = NULL;
		131	BIGNUM order, x;
		132	int order_bits;
		133	int ret = 0;
132		134
133	BN_free(*out_kinv);	135	BN_free(*out_kinv);
134	*out_kinv = NULL;	136	*out_kinv = NULL;
@@ -138,21 +140,28 @@ ossl_ecdsa_sign_setup(EC_KEY eckey, BN_CTX in_ctx, BIGNUM **out_kinv,
138		140
139	if (eckey == NULL \|\| (group = EC_KEY_get0_group(eckey)) == NULL) {	141	if (eckey == NULL \|\| (group = EC_KEY_get0_group(eckey)) == NULL) {
140	ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);	142	ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
141	return 0;	143	goto err;
142	}	144	}
143		145
144	if (ctx == NULL) {	146	if ((k = BN_new()) == NULL)
145	if ((ctx = BN_CTX_new()) == NULL) {	147	goto err;
146	ECDSAerror(ERR_R_MALLOC_FAILURE);	148	if ((r = BN_new()) == NULL)
147	return 0;	149	goto err;
148	}
149	}
150		150
151	if ((k = BN_new()) == NULL \|\| (r = BN_new()) == NULL \|\|	151	if ((ctx = in_ctx) == NULL)
152	(order = BN_new()) == NULL \|\| (x = BN_new()) == NULL) {	152	ctx = BN_CTX_new();
		153	if (ctx == NULL) {
153	ECDSAerror(ERR_R_MALLOC_FAILURE);	154	ECDSAerror(ERR_R_MALLOC_FAILURE);
154	goto err;	155	goto err;
155	}	156	}
		157
		158	BN_CTX_start(ctx);
		159
		160	if ((order = BN_CTX_get(ctx)) == NULL)
		161	goto err;
		162	if ((x = BN_CTX_get(ctx)) == NULL)
		163	goto err;
		164
156	if ((point = EC_POINT_new(group)) == NULL) {	165	if ((point = EC_POINT_new(group)) == NULL) {
157	ECDSAerror(ERR_R_EC_LIB);	166	ECDSAerror(ERR_R_EC_LIB);
158	goto err;	167	goto err;
@@ -236,14 +245,14 @@ ossl_ecdsa_sign_setup(EC_KEY eckey, BN_CTX in_ctx, BIGNUM **out_kinv,
236	ret = 1;	245	ret = 1;
237		246
238	err:	247	err:
239	if (in_ctx == NULL)	248	BN_CTX_end(ctx);
		249	if (ctx != in_ctx)
240	BN_CTX_free(ctx);	250	BN_CTX_free(ctx);
241	BN_free(order);
242	BN_free(k);	251	BN_free(k);
243	BN_free(r);	252	BN_free(r);
244	EC_POINT_free(point);	253	EC_POINT_free(point);
245	BN_free(x);	254
246	return (ret);	255	return ret;
247	}	256	}
248		257
249	/*	258	/*
@@ -257,37 +266,51 @@ ECDSA_SIG *
257	ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,	266	ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
258	const BIGNUM in_kinv, const BIGNUM in_r, EC_KEY *eckey)	267	const BIGNUM in_kinv, const BIGNUM in_r, EC_KEY *eckey)
259	{	268	{
260	BIGNUM b = NULL, binv = NULL, bm = NULL, bxr = NULL;
261	BIGNUM kinv = NULL, m = NULL, order = NULL, s;
262	const BIGNUM ckinv, priv_key;
263	BN_CTX *ctx = NULL;
264	const EC_GROUP *group;	269	const EC_GROUP *group;
265	ECDSA_SIG *ret;	270	BN_CTX *ctx = NULL;
		271	BIGNUM kinv = NULL, r = NULL, *s = NULL;
		272	BIGNUM b, binv, bm, bxr, m, order;
		273	const BIGNUM ckinv, priv_key;
266	int attempts = 0;	274	int attempts = 0;
267	int ok = 0;	275	ECDSA_SIG *sig = NULL;
268		276
269	group = EC_KEY_get0_group(eckey);	277	group = EC_KEY_get0_group(eckey);
270	priv_key = EC_KEY_get0_private_key(eckey);	278	priv_key = EC_KEY_get0_private_key(eckey);
271		279
272	if (group == NULL \|\| priv_key == NULL) {	280	if (group == NULL \|\| priv_key == NULL) {
273	ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);	281	ECDSAerror(ERR_R_PASSED_NULL_PARAMETER);
274	return NULL;	282	goto err;
275	}	283	}
276		284
277	if ((ret = ECDSA_SIG_new()) == NULL) {	285	if ((r = BN_new()) == NULL) {
278	ECDSAerror(ERR_R_MALLOC_FAILURE);	286	ECDSAerror(ERR_R_MALLOC_FAILURE);
279	return NULL;	287	goto err;
		288	}
		289	if ((s = BN_new()) == NULL) {
		290	ECDSAerror(ERR_R_MALLOC_FAILURE);
		291	goto err;
280	}	292	}
281	s = ret->s;
282		293
283	if ((ctx = BN_CTX_new()) == NULL \|\| (order = BN_new()) == NULL \|\|	294	if ((ctx = BN_CTX_new()) == NULL) {
284	(b = BN_new()) == NULL \|\|
285	(binv = BN_new()) == NULL \|\| (bm = BN_new()) == NULL \|\|
286	(bxr = BN_new()) == NULL \|\| (m = BN_new()) == NULL) {
287	ECDSAerror(ERR_R_MALLOC_FAILURE);	295	ECDSAerror(ERR_R_MALLOC_FAILURE);
288	goto err;	296	goto err;
289	}	297	}
290		298
		299	BN_CTX_start(ctx);
		300
		301	if ((order = BN_CTX_get(ctx)) == NULL)
		302	goto err;
		303	if ((b = BN_CTX_get(ctx)) == NULL)
		304	goto err;
		305	if ((binv = BN_CTX_get(ctx)) == NULL)
		306	goto err;
		307	if ((bm = BN_CTX_get(ctx)) == NULL)
		308	goto err;
		309	if ((bxr = BN_CTX_get(ctx)) == NULL)
		310	goto err;
		311	if ((m = BN_CTX_get(ctx)) == NULL)
		312	goto err;
		313
291	if (!EC_GROUP_get_order(group, order, ctx)) {	314	if (!EC_GROUP_get_order(group, order, ctx)) {
292	ECDSAerror(ERR_R_EC_LIB);	315	ECDSAerror(ERR_R_EC_LIB);
293	goto err;	316	goto err;
@@ -298,14 +321,14 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
298		321
299	do {	322	do {
300	if (in_kinv == NULL \|\| in_r == NULL) {	323	if (in_kinv == NULL \|\| in_r == NULL) {
301	if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {	324	if (!ECDSA_sign_setup(eckey, ctx, &kinv, &r)) {
302	ECDSAerror(ERR_R_ECDSA_LIB);	325	ECDSAerror(ERR_R_ECDSA_LIB);
303	goto err;	326	goto err;
304	}	327	}
305	ckinv = kinv;	328	ckinv = kinv;
306	} else {	329	} else {
307	ckinv = in_kinv;	330	ckinv = in_kinv;
308	if (!bn_copy(ret->r, in_r)) {	331	if (!bn_copy(r, in_r)) {
309	ECDSAerror(ERR_R_MALLOC_FAILURE);	332	ECDSAerror(ERR_R_MALLOC_FAILURE);
310	goto err;	333	goto err;
311	}	334	}
@@ -338,7 +361,7 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
338	ECDSAerror(ERR_R_BN_LIB);	361	ECDSAerror(ERR_R_BN_LIB);
339	goto err;	362	goto err;
340	}	363	}
341	if (!BN_mod_mul(bxr, bxr, ret->r, order, ctx)) { /* bxr */	364	if (!BN_mod_mul(bxr, bxr, r, order, ctx)) { /* bxr */
342	ECDSAerror(ERR_R_BN_LIB);	365	ECDSAerror(ERR_R_BN_LIB);
343	goto err;	366	goto err;
344	}	367	}
@@ -378,22 +401,25 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
378	break;	401	break;
379	} while (1);	402	} while (1);
380		403
381	ok = 1;	404	if ((sig = ECDSA_SIG_new()) == NULL) {
		405	ECDSAerror(ERR_R_MALLOC_FAILURE);
		406	goto err;
		407	}
		408	if (!ECDSA_SIG_set0(sig, r, s)) {
		409	ECDSA_SIG_free(sig);
		410	goto err;
		411	}
		412	r = NULL;
		413	s = NULL;
382		414
383	err:	415	err:
384	if (ok == 0) {	416	BN_CTX_end(ctx);
385	ECDSA_SIG_free(ret);
386	ret = NULL;
387	}
388	BN_CTX_free(ctx);	417	BN_CTX_free(ctx);
389	BN_free(b);
390	BN_free(binv);
391	BN_free(bm);
392	BN_free(bxr);
393	BN_free(kinv);	418	BN_free(kinv);
394	BN_free(m);	419	BN_free(r);
395	BN_free(order);	420	BN_free(s);
396	return ret;	421
		422	return sig;
397	}	423	}
398		424
399	int	425	int