diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecdsa.c | 77 |
1 files changed, 20 insertions, 57 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c index 17f968f0cc..fea0564946 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.c +++ b/src/lib/libcrypto/ecdsa/ecdsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecdsa.c,v 1.13 2023/07/28 08:49:43 tb Exp $ */ | 1 | /* $OpenBSD: ecdsa.c,v 1.14 2023/07/28 08:54:41 tb Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -71,11 +71,6 @@ | |||
| 71 | #include "ec_local.h" | 71 | #include "ec_local.h" |
| 72 | #include "ecdsa_local.h" | 72 | #include "ecdsa_local.h" |
| 73 | 73 | ||
| 74 | static ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, | ||
| 75 | const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); | ||
| 76 | static int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, | ||
| 77 | unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, | ||
| 78 | const BIGNUM *rp, EC_KEY *eckey); | ||
| 79 | static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, | 74 | static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, |
| 80 | BIGNUM **out_r); | 75 | BIGNUM **out_r); |
| 81 | 76 | ||
| @@ -233,11 +228,16 @@ ecdsa_sign(int type, const unsigned char *digest, int digest_len, | |||
| 233 | unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, | 228 | unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, |
| 234 | const BIGNUM *r, EC_KEY *key) | 229 | const BIGNUM *r, EC_KEY *key) |
| 235 | { | 230 | { |
| 236 | ECDSA_SIG *sig; | 231 | ECDSA_SIG *sig = NULL; |
| 237 | int out_len = 0; | 232 | int out_len = 0; |
| 238 | int ret = 0; | 233 | int ret = 0; |
| 239 | 234 | ||
| 240 | if ((sig = ECDSA_do_sign_ex(digest, digest_len, kinv, r, key)) == NULL) | 235 | if (kinv != NULL || r != NULL) { |
| 236 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 237 | goto err; | ||
| 238 | } | ||
| 239 | |||
| 240 | if ((sig = ECDSA_do_sign(digest, digest_len, key)) == NULL) | ||
| 241 | goto err; | 241 | goto err; |
| 242 | 242 | ||
| 243 | if ((out_len = i2d_ECDSA_SIG(sig, &signature)) < 0) { | 243 | if ((out_len = i2d_ECDSA_SIG(sig, &signature)) < 0) { |
| @@ -527,10 +527,14 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len, | |||
| 527 | BN_CTX *ctx = NULL; | 527 | BN_CTX *ctx = NULL; |
| 528 | BIGNUM *kinv = NULL, *r = NULL, *s = NULL; | 528 | BIGNUM *kinv = NULL, *r = NULL, *s = NULL; |
| 529 | BIGNUM *e; | 529 | BIGNUM *e; |
| 530 | int caller_supplied_values = 0; | ||
| 531 | int attempts = 0; | 530 | int attempts = 0; |
| 532 | ECDSA_SIG *sig = NULL; | 531 | ECDSA_SIG *sig = NULL; |
| 533 | 532 | ||
| 533 | if (in_kinv != NULL || in_r != NULL) { | ||
| 534 | ECerror(EC_R_NOT_IMPLEMENTED); | ||
| 535 | goto err; | ||
| 536 | } | ||
| 537 | |||
| 534 | if ((ctx = BN_CTX_new()) == NULL) { | 538 | if ((ctx = BN_CTX_new()) == NULL) { |
| 535 | ECerror(ERR_R_MALLOC_FAILURE); | 539 | ECerror(ERR_R_MALLOC_FAILURE); |
| 536 | goto err; | 540 | goto err; |
| @@ -545,31 +549,11 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len, | |||
| 545 | if (!ecdsa_prepare_digest(digest, digest_len, key, e)) | 549 | if (!ecdsa_prepare_digest(digest, digest_len, key, e)) |
| 546 | goto err; | 550 | goto err; |
| 547 | 551 | ||
| 548 | if (in_kinv != NULL && in_r != NULL) { | ||
| 549 | /* | ||
| 550 | * Use the caller's kinv and r. Don't call ECDSA_sign_setup(). | ||
| 551 | * If we're unable to compute a valid signature, the caller | ||
| 552 | * must provide new values. | ||
| 553 | */ | ||
| 554 | caller_supplied_values = 1; | ||
| 555 | |||
| 556 | if ((kinv = BN_dup(in_kinv)) == NULL) { | ||
| 557 | ECerror(ERR_R_MALLOC_FAILURE); | ||
| 558 | goto err; | ||
| 559 | } | ||
| 560 | if ((r = BN_dup(in_r)) == NULL) { | ||
| 561 | ECerror(ERR_R_MALLOC_FAILURE); | ||
| 562 | goto err; | ||
| 563 | } | ||
| 564 | } | ||
| 565 | |||
| 566 | do { | 552 | do { |
| 567 | /* Steps 3-8: calculate kinv and r. */ | 553 | /* Steps 3-8: calculate kinv and r. */ |
| 568 | if (!caller_supplied_values) { | 554 | if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) { |
| 569 | if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) { | 555 | ECerror(ERR_R_EC_LIB); |
| 570 | ECerror(ERR_R_EC_LIB); | 556 | goto err; |
| 571 | goto err; | ||
| 572 | } | ||
| 573 | } | 557 | } |
| 574 | 558 | ||
| 575 | /* | 559 | /* |
| @@ -580,11 +564,6 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len, | |||
| 580 | if (s != NULL) | 564 | if (s != NULL) |
| 581 | break; | 565 | break; |
| 582 | 566 | ||
| 583 | if (caller_supplied_values) { | ||
| 584 | ECerror(EC_R_NEED_NEW_SETUP_VALUES); | ||
| 585 | goto err; | ||
| 586 | } | ||
| 587 | |||
| 588 | if (++attempts > ECDSA_MAX_SIGN_ITERATIONS) { | 567 | if (++attempts > ECDSA_MAX_SIGN_ITERATIONS) { |
| 589 | ECerror(EC_R_WRONG_CURVE_PARAMETERS); | 568 | ECerror(EC_R_WRONG_CURVE_PARAMETERS); |
| 590 | goto err; | 569 | goto err; |
| @@ -766,42 +745,26 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len, | |||
| 766 | ECDSA_SIG * | 745 | ECDSA_SIG * |
| 767 | ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) | 746 | ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) |
| 768 | { | 747 | { |
| 769 | return ECDSA_do_sign_ex(digest, digest_len, NULL, NULL, key); | ||
| 770 | } | ||
| 771 | LCRYPTO_ALIAS(ECDSA_do_sign); | ||
| 772 | |||
| 773 | static ECDSA_SIG * | ||
| 774 | ECDSA_do_sign_ex(const unsigned char *digest, int digest_len, | ||
| 775 | const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key) | ||
| 776 | { | ||
| 777 | if (key->meth->sign_sig == NULL) { | 748 | if (key->meth->sign_sig == NULL) { |
| 778 | ECerror(EC_R_NOT_IMPLEMENTED); | 749 | ECerror(EC_R_NOT_IMPLEMENTED); |
| 779 | return 0; | 750 | return 0; |
| 780 | } | 751 | } |
| 781 | return key->meth->sign_sig(digest, digest_len, kinv, out_r, key); | 752 | return key->meth->sign_sig(digest, digest_len, NULL, NULL, key); |
| 782 | } | 753 | } |
| 754 | LCRYPTO_ALIAS(ECDSA_do_sign); | ||
| 783 | 755 | ||
| 784 | int | 756 | int |
| 785 | ECDSA_sign(int type, const unsigned char *digest, int digest_len, | 757 | ECDSA_sign(int type, const unsigned char *digest, int digest_len, |
| 786 | unsigned char *signature, unsigned int *signature_len, EC_KEY *key) | 758 | unsigned char *signature, unsigned int *signature_len, EC_KEY *key) |
| 787 | { | 759 | { |
| 788 | return ECDSA_sign_ex(type, digest, digest_len, signature, signature_len, | ||
| 789 | NULL, NULL, key); | ||
| 790 | } | ||
| 791 | LCRYPTO_ALIAS(ECDSA_sign); | ||
| 792 | |||
| 793 | static int | ||
| 794 | ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len, | ||
| 795 | unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, | ||
| 796 | const BIGNUM *r, EC_KEY *key) | ||
| 797 | { | ||
| 798 | if (key->meth->sign == NULL) { | 760 | if (key->meth->sign == NULL) { |
| 799 | ECerror(EC_R_NOT_IMPLEMENTED); | 761 | ECerror(EC_R_NOT_IMPLEMENTED); |
| 800 | return 0; | 762 | return 0; |
| 801 | } | 763 | } |
| 802 | return key->meth->sign(type, digest, digest_len, signature, | 764 | return key->meth->sign(type, digest, digest_len, signature, |
| 803 | signature_len, kinv, r, key); | 765 | signature_len, NULL, NULL, key); |
| 804 | } | 766 | } |
| 767 | LCRYPTO_ALIAS(ECDSA_sign); | ||
| 805 | 768 | ||
| 806 | static int | 769 | static int |
| 807 | ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, | 770 | ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, |