From dad3267aefbeab3a8910c1c59b2e5f7e9c12b048 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 19 Jan 2019 01:12:48 +0000 Subject: Partial port of EC_KEY_METHOD from OpenSSL 1.1. This commit adds missing API for ECDH/ECDSA_verify. from markus --- src/lib/libcrypto/ecdsa/ecdsa.h | 13 +++++++++++- src/lib/libcrypto/ecdsa/ecs_ossl.c | 42 +++++++++++++++++++++++++++++++++++++- src/lib/libcrypto/ecdsa/ecs_vrf.c | 39 ++++++++++------------------------- 3 files changed, 64 insertions(+), 30 deletions(-) (limited to 'src/lib/libcrypto/ecdsa') diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h index 12d6677ce3..71b8825436 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.h +++ b/src/lib/libcrypto/ecdsa/ecdsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: ecdsa.h,v 1.7 2019/01/19 01:12:48 tb Exp $ */ /** * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions * \author Written by Nils Larsch for the OpenSSL project @@ -279,6 +279,11 @@ void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)); +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, int (**psign)(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, @@ -288,6 +293,12 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)); +void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 4e05cb9aac..791a5c48e1 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -56,6 +56,8 @@ * */ +#include + #include #include @@ -421,6 +423,32 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey); } +int +ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) +{ + ECDSA_SIG *s; + unsigned char *der = NULL; + const unsigned char *p = sigbuf; + int derlen = -1; + int ret = -1; + + if ((s = ECDSA_SIG_new()) == NULL) + return (ret); + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) + goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; + ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); + + err: + freezero(der, derlen); + ECDSA_SIG_free(s); + return (ret); +} + static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) @@ -524,3 +552,15 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_POINT_free(point); return ret; } + +/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */ +int +ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) +{ + ECDSA_DATA *ecdsa; + + if ((ecdsa = ecdsa_check(eckey)) == NULL) + return 0; + return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); +} diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c index 270af94c0d..4c1bc85e06 100644 --- a/src/lib/libcrypto/ecdsa/ecs_vrf.c +++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_vrf.c,v 1.6 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: ecs_vrf.c,v 1.7 2019/01/19 01:12:48 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -56,10 +56,10 @@ * */ -#include #include #include "ecs_locl.h" +#include "ec_lcl.h" #ifndef OPENSSL_NO_ENGINE #include #endif @@ -73,11 +73,10 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { - ECDSA_DATA *ecdsa = ecdsa_check(eckey); - - if (ecdsa == NULL) - return 0; - return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); + if (eckey->meth->verify_sig != NULL) + return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); + ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); + return 0; } /* returns @@ -89,25 +88,9 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { - ECDSA_SIG *s; - unsigned char *der = NULL; - const unsigned char *p = sigbuf; - int derlen = -1; - int ret = -1; - - s = ECDSA_SIG_new(); - if (s == NULL) - return (ret); - if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) - goto err; - /* Ensure signature uses DER and doesn't have trailing garbage */ - derlen = i2d_ECDSA_SIG(s, &der); - if (derlen != sig_len || memcmp(sigbuf, der, derlen)) - goto err; - ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); - -err: - freezero(der, derlen); - ECDSA_SIG_free(s); - return (ret); + if (eckey->meth->verify != NULL) + return eckey->meth->verify(type, dgst, dgst_len, + sigbuf, sig_len, eckey); + ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); + return 0; } -- cgit v1.2.3-55-g6feb