diff options
Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecdsa.c')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecdsa.c | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c index 5d6175a787..b9c7ea6381 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.c +++ b/src/lib/libcrypto/ecdsa/ecdsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecdsa.c,v 1.9 2023/07/05 14:41:18 tb Exp $ */ | 1 | /* $OpenBSD: ecdsa.c,v 1.10 2023/07/05 17:10:10 tb Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -315,10 +315,8 @@ ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r) | |||
| 315 | /* Step 11: repeat until r != 0. */ | 315 | /* Step 11: repeat until r != 0. */ |
| 316 | do { | 316 | do { |
| 317 | /* Step 3: generate random k. */ | 317 | /* Step 3: generate random k. */ |
| 318 | if (!bn_rand_interval(k, BN_value_one(), order)) { | 318 | if (!bn_rand_interval(k, BN_value_one(), order)) |
| 319 | ECDSAerror(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); | ||
| 320 | goto err; | 319 | goto err; |
| 321 | } | ||
| 322 | 320 | ||
| 323 | /* | 321 | /* |
| 324 | * We do not want timing information to leak the length of k, | 322 | * We do not want timing information to leak the length of k, |
| @@ -436,7 +434,7 @@ ecdsa_compute_s(BIGNUM **out_s, const BIGNUM *e, const BIGNUM *kinv, | |||
| 436 | * can't rely on this being the case. | 434 | * can't rely on this being the case. |
| 437 | */ | 435 | */ |
| 438 | if (BN_cmp(r, BN_value_one()) < 0 || BN_cmp(r, order) >= 0) { | 436 | if (BN_cmp(r, BN_value_one()) < 0 || BN_cmp(r, order) >= 0) { |
| 439 | ECDSAerror(ECDSA_R_BAD_SIGNATURE); | 437 | ECerror(EC_R_BAD_SIGNATURE); |
| 440 | goto err; | 438 | goto err; |
| 441 | } | 439 | } |
| 442 | 440 | ||
| @@ -552,7 +550,7 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len, | |||
| 552 | /* Steps 3-8: calculate kinv and r. */ | 550 | /* Steps 3-8: calculate kinv and r. */ |
| 553 | if (!caller_supplied_values) { | 551 | if (!caller_supplied_values) { |
| 554 | if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) { | 552 | if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) { |
| 555 | ECDSAerror(ERR_R_ECDSA_LIB); | 553 | ECerror(ERR_R_EC_LIB); |
| 556 | goto err; | 554 | goto err; |
| 557 | } | 555 | } |
| 558 | } | 556 | } |
| @@ -566,7 +564,7 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len, | |||
| 566 | break; | 564 | break; |
| 567 | 565 | ||
| 568 | if (caller_supplied_values) { | 566 | if (caller_supplied_values) { |
| 569 | ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES); | 567 | ECerror(EC_R_NEED_NEW_SETUP_VALUES); |
| 570 | goto err; | 568 | goto err; |
| 571 | } | 569 | } |
| 572 | 570 | ||
| @@ -648,15 +646,15 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len, | |||
| 648 | int ret = -1; | 646 | int ret = -1; |
| 649 | 647 | ||
| 650 | if (key == NULL || sig == NULL) { | 648 | if (key == NULL || sig == NULL) { |
| 651 | ECDSAerror(ECDSA_R_MISSING_PARAMETERS); | 649 | ECerror(EC_R_MISSING_PARAMETERS); |
| 652 | goto err; | 650 | goto err; |
| 653 | } | 651 | } |
| 654 | if ((group = EC_KEY_get0_group(key)) == NULL) { | 652 | if ((group = EC_KEY_get0_group(key)) == NULL) { |
| 655 | ECDSAerror(ECDSA_R_MISSING_PARAMETERS); | 653 | ECerror(EC_R_MISSING_PARAMETERS); |
| 656 | goto err; | 654 | goto err; |
| 657 | } | 655 | } |
| 658 | if ((pub_key = EC_KEY_get0_public_key(key)) == NULL) { | 656 | if ((pub_key = EC_KEY_get0_public_key(key)) == NULL) { |
| 659 | ECDSAerror(ECDSA_R_MISSING_PARAMETERS); | 657 | ECerror(EC_R_MISSING_PARAMETERS); |
| 660 | goto err; | 658 | goto err; |
| 661 | } | 659 | } |
| 662 | 660 | ||
| @@ -685,12 +683,12 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len, | |||
| 685 | 683 | ||
| 686 | /* Step 1: verify that r and s are in the range [1, order). */ | 684 | /* Step 1: verify that r and s are in the range [1, order). */ |
| 687 | if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_cmp(sig->r, order) >= 0) { | 685 | if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_cmp(sig->r, order) >= 0) { |
| 688 | ECDSAerror(ECDSA_R_BAD_SIGNATURE); | 686 | ECerror(EC_R_BAD_SIGNATURE); |
| 689 | ret = 0; | 687 | ret = 0; |
| 690 | goto err; | 688 | goto err; |
| 691 | } | 689 | } |
| 692 | if (BN_cmp(sig->s, BN_value_one()) < 0 || BN_cmp(sig->s, order) >= 0) { | 690 | if (BN_cmp(sig->s, BN_value_one()) < 0 || BN_cmp(sig->s, order) >= 0) { |
| 693 | ECDSAerror(ECDSA_R_BAD_SIGNATURE); | 691 | ECerror(EC_R_BAD_SIGNATURE); |
| 694 | ret = 0; | 692 | ret = 0; |
| 695 | goto err; | 693 | goto err; |
| 696 | } | 694 | } |
| @@ -759,7 +757,7 @@ ECDSA_do_sign_ex(const unsigned char *digest, int digest_len, | |||
| 759 | const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key) | 757 | const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key) |
| 760 | { | 758 | { |
| 761 | if (key->meth->sign_sig == NULL) { | 759 | if (key->meth->sign_sig == NULL) { |
| 762 | ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); | 760 | ECerror(EC_R_NOT_IMPLEMENTED); |
| 763 | return 0; | 761 | return 0; |
| 764 | } | 762 | } |
| 765 | return key->meth->sign_sig(digest, digest_len, kinv, out_r, key); | 763 | return key->meth->sign_sig(digest, digest_len, kinv, out_r, key); |
| @@ -779,7 +777,7 @@ ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len, | |||
| 779 | const BIGNUM *r, EC_KEY *key) | 777 | const BIGNUM *r, EC_KEY *key) |
| 780 | { | 778 | { |
| 781 | if (key->meth->sign == NULL) { | 779 | if (key->meth->sign == NULL) { |
| 782 | ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); | 780 | ECerror(EC_R_NOT_IMPLEMENTED); |
| 783 | return 0; | 781 | return 0; |
| 784 | } | 782 | } |
| 785 | return key->meth->sign(type, digest, digest_len, signature, | 783 | return key->meth->sign(type, digest, digest_len, signature, |
| @@ -791,7 +789,7 @@ ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, | |||
| 791 | BIGNUM **out_r) | 789 | BIGNUM **out_r) |
| 792 | { | 790 | { |
| 793 | if (key->meth->sign_setup == NULL) { | 791 | if (key->meth->sign_setup == NULL) { |
| 794 | ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); | 792 | ECerror(EC_R_NOT_IMPLEMENTED); |
| 795 | return 0; | 793 | return 0; |
| 796 | } | 794 | } |
| 797 | return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); | 795 | return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); |
| @@ -802,7 +800,7 @@ ECDSA_do_verify(const unsigned char *digest, int digest_len, | |||
| 802 | const ECDSA_SIG *sig, EC_KEY *key) | 800 | const ECDSA_SIG *sig, EC_KEY *key) |
| 803 | { | 801 | { |
| 804 | if (key->meth->verify_sig == NULL) { | 802 | if (key->meth->verify_sig == NULL) { |
| 805 | ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); | 803 | ECerror(EC_R_NOT_IMPLEMENTED); |
| 806 | return 0; | 804 | return 0; |
| 807 | } | 805 | } |
| 808 | return key->meth->verify_sig(digest, digest_len, sig, key); | 806 | return key->meth->verify_sig(digest, digest_len, sig, key); |
| @@ -813,7 +811,7 @@ ECDSA_verify(int type, const unsigned char *digest, int digest_len, | |||
| 813 | const unsigned char *sigbuf, int sig_len, EC_KEY *key) | 811 | const unsigned char *sigbuf, int sig_len, EC_KEY *key) |
| 814 | { | 812 | { |
| 815 | if (key->meth->verify == NULL) { | 813 | if (key->meth->verify == NULL) { |
| 816 | ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); | 814 | ECerror(EC_R_NOT_IMPLEMENTED); |
| 817 | return 0; | 815 | return 0; |
| 818 | } | 816 | } |
| 819 | return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key); | 817 | return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key); |