diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecdsa.c | 99 |
1 files changed, 48 insertions, 51 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c index fea0564946..38ae415277 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.c +++ b/src/lib/libcrypto/ecdsa/ecdsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecdsa.c,v 1.14 2023/07/28 08:54:41 tb Exp $ */ | 1 | /* $OpenBSD: ecdsa.c,v 1.15 2023/07/28 08:57:46 tb Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -71,9 +71,6 @@ | |||
| 71 | #include "ec_local.h" | 71 | #include "ec_local.h" |
| 72 | #include "ecdsa_local.h" | 72 | #include "ecdsa_local.h" |
| 73 | 73 | ||
| 74 | static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, | ||
| 75 | BIGNUM **out_r); | ||
| 76 | |||
| 77 | static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { | 74 | static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { |
| 78 | { | 75 | { |
| 79 | .flags = 0, | 76 | .flags = 0, |
| @@ -254,6 +251,19 @@ ecdsa_sign(int type, const unsigned char *digest, int digest_len, | |||
| 254 | return ret; | 251 | return ret; |
| 255 | } | 252 | } |
| 256 | 253 | ||
| 254 | int | ||
| 255 | ECDSA_sign(int type, const unsigned char *digest, int digest_len, | ||
| 256 | unsigned char *signature, unsigned int *signature_len, EC_KEY *key) | ||
| 257 | { | ||
| 258 | if (key->meth->sign == NULL) { | ||
| 259 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 260 | return 0; | ||
| 261 | } | ||
| 262 | return key->meth->sign(type, digest, digest_len, signature, | ||
| 263 | signature_len, NULL, NULL, key); | ||
| 264 | } | ||
| 265 | LCRYPTO_ALIAS(ECDSA_sign); | ||
| 266 | |||
| 257 | /* | 267 | /* |
| 258 | * FIPS 186-5, section 6.4.1, steps 3-8 and 11: Generate k, calculate r and | 268 | * FIPS 186-5, section 6.4.1, steps 3-8 and 11: Generate k, calculate r and |
| 259 | * kinv. If r == 0, try again with a new random k. | 269 | * kinv. If r == 0, try again with a new random k. |
| @@ -399,6 +409,17 @@ ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r) | |||
| 399 | return ret; | 409 | return ret; |
| 400 | } | 410 | } |
| 401 | 411 | ||
| 412 | static int | ||
| 413 | ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, | ||
| 414 | BIGNUM **out_r) | ||
| 415 | { | ||
| 416 | if (key->meth->sign_setup == NULL) { | ||
| 417 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 418 | return 0; | ||
| 419 | } | ||
| 420 | return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); | ||
| 421 | } | ||
| 422 | |||
| 402 | /* | 423 | /* |
| 403 | * FIPS 186-5, section 6.4.1, step 9: compute s = inv(k)(e + xr) mod order. | 424 | * FIPS 186-5, section 6.4.1, step 9: compute s = inv(k)(e + xr) mod order. |
| 404 | * In order to reduce the possibility of a side-channel attack, the following | 425 | * In order to reduce the possibility of a side-channel attack, the following |
| @@ -592,6 +613,17 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len, | |||
| 592 | return sig; | 613 | return sig; |
| 593 | } | 614 | } |
| 594 | 615 | ||
| 616 | ECDSA_SIG * | ||
| 617 | ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) | ||
| 618 | { | ||
| 619 | if (key->meth->sign_sig == NULL) { | ||
| 620 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 621 | return 0; | ||
| 622 | } | ||
| 623 | return key->meth->sign_sig(digest, digest_len, NULL, NULL, key); | ||
| 624 | } | ||
| 625 | LCRYPTO_ALIAS(ECDSA_do_sign); | ||
| 626 | |||
| 595 | int | 627 | int |
| 596 | ecdsa_verify(int type, const unsigned char *digest, int digest_len, | 628 | ecdsa_verify(int type, const unsigned char *digest, int digest_len, |
| 597 | const unsigned char *sigbuf, int sig_len, EC_KEY *key) | 629 | const unsigned char *sigbuf, int sig_len, EC_KEY *key) |
| @@ -624,6 +656,18 @@ ecdsa_verify(int type, const unsigned char *digest, int digest_len, | |||
| 624 | return ret; | 656 | return ret; |
| 625 | } | 657 | } |
| 626 | 658 | ||
| 659 | int | ||
| 660 | ECDSA_verify(int type, const unsigned char *digest, int digest_len, | ||
| 661 | const unsigned char *sigbuf, int sig_len, EC_KEY *key) | ||
| 662 | { | ||
| 663 | if (key->meth->verify == NULL) { | ||
| 664 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 665 | return 0; | ||
| 666 | } | ||
| 667 | return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key); | ||
| 668 | } | ||
| 669 | LCRYPTO_ALIAS(ECDSA_verify); | ||
| 670 | |||
| 627 | /* | 671 | /* |
| 628 | * FIPS 186-5, section 6.4.2: ECDSA signature verification. | 672 | * FIPS 186-5, section 6.4.2: ECDSA signature verification. |
| 629 | * The caller provides us with the hash of the message, so has performed step 2. | 673 | * The caller provides us with the hash of the message, so has performed step 2. |
| @@ -742,41 +786,6 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len, | |||
| 742 | return ret; | 786 | return ret; |
| 743 | } | 787 | } |
| 744 | 788 | ||
| 745 | ECDSA_SIG * | ||
| 746 | ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) | ||
| 747 | { | ||
| 748 | if (key->meth->sign_sig == NULL) { | ||
| 749 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 750 | return 0; | ||
| 751 | } | ||
| 752 | return key->meth->sign_sig(digest, digest_len, NULL, NULL, key); | ||
| 753 | } | ||
| 754 | LCRYPTO_ALIAS(ECDSA_do_sign); | ||
| 755 | |||
| 756 | int | ||
| 757 | ECDSA_sign(int type, const unsigned char *digest, int digest_len, | ||
| 758 | unsigned char *signature, unsigned int *signature_len, EC_KEY *key) | ||
| 759 | { | ||
| 760 | if (key->meth->sign == NULL) { | ||
| 761 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 762 | return 0; | ||
| 763 | } | ||
| 764 | return key->meth->sign(type, digest, digest_len, signature, | ||
| 765 | signature_len, NULL, NULL, key); | ||
| 766 | } | ||
| 767 | LCRYPTO_ALIAS(ECDSA_sign); | ||
| 768 | |||
| 769 | static int | ||
| 770 | ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, | ||
| 771 | BIGNUM **out_r) | ||
| 772 | { | ||
| 773 | if (key->meth->sign_setup == NULL) { | ||
| 774 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 775 | return 0; | ||
| 776 | } | ||
| 777 | return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); | ||
| 778 | } | ||
| 779 | |||
| 780 | int | 789 | int |
| 781 | ECDSA_do_verify(const unsigned char *digest, int digest_len, | 790 | ECDSA_do_verify(const unsigned char *digest, int digest_len, |
| 782 | const ECDSA_SIG *sig, EC_KEY *key) | 791 | const ECDSA_SIG *sig, EC_KEY *key) |
| @@ -788,15 +797,3 @@ ECDSA_do_verify(const unsigned char *digest, int digest_len, | |||
| 788 | return key->meth->verify_sig(digest, digest_len, sig, key); | 797 | return key->meth->verify_sig(digest, digest_len, sig, key); |
| 789 | } | 798 | } |
| 790 | LCRYPTO_ALIAS(ECDSA_do_verify); | 799 | LCRYPTO_ALIAS(ECDSA_do_verify); |
| 791 | |||
| 792 | int | ||
| 793 | ECDSA_verify(int type, const unsigned char *digest, int digest_len, | ||
| 794 | const unsigned char *sigbuf, int sig_len, EC_KEY *key) | ||
| 795 | { | ||
| 796 | if (key->meth->verify == NULL) { | ||
| 797 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 798 | return 0; | ||
| 799 | } | ||
| 800 | return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key); | ||
| 801 | } | ||
| 802 | LCRYPTO_ALIAS(ECDSA_verify); | ||