From 27bf20b08f028e09b36afd8b49d1fbaa87746bb6 Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 28 Jul 2023 08:49:43 +0000 Subject: Make extended ECDSA signing routines internal ECDSA_sign_setup() permits precomputing the values of the inverse of the random k and the corresponding r. These can then be fed into the signing routines ECDSA_{do_,}sign_ex() multiple times if needed. This is not a great idea and the interface adds a lot of unwanted complexity. Not to mention that nothing ever used this correctly - if s works out to 0, a special error code is thrown requesting that the caller provide new kinv and r values. Unsurprisingly, nobody ever checked for that special error code. ok jsing This commit marks the start of a libcrypto major bump. Do not build the tree until I bumped the shlib_version and synced file sets (in about 35 commits). --- src/lib/libcrypto/Symbols.list | 3 --- src/lib/libcrypto/Symbols.namespace | 3 --- src/lib/libcrypto/ecdsa/ecdsa.c | 19 ++++++++++++------- src/lib/libcrypto/ecdsa/ecdsa.h | 9 +-------- src/lib/libcrypto/hidden/openssl/ecdsa.h | 5 +---- 5 files changed, 14 insertions(+), 25 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list index 626cd78b3b..00d9cfa65e 100644 --- a/src/lib/libcrypto/Symbols.list +++ b/src/lib/libcrypto/Symbols.list @@ -1028,7 +1028,6 @@ ECDSA_SIG_it ECDSA_SIG_new ECDSA_SIG_set0 ECDSA_do_sign -ECDSA_do_sign_ex ECDSA_do_verify ECDSA_get_default_method ECDSA_get_ex_data @@ -1037,8 +1036,6 @@ ECDSA_set_default_method ECDSA_set_ex_data ECDSA_set_method ECDSA_sign -ECDSA_sign_ex -ECDSA_sign_setup ECDSA_size ECDSA_verify ECPARAMETERS_free diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace index 60d6195fac..186e065ba2 100644 --- a/src/lib/libcrypto/Symbols.namespace +++ b/src/lib/libcrypto/Symbols.namespace @@ -1429,16 +1429,13 @@ _libre_ECDSA_SIG_get0_r _libre_ECDSA_SIG_get0_s _libre_ECDSA_SIG_set0 _libre_ECDSA_do_sign -_libre_ECDSA_do_sign_ex _libre_ECDSA_do_verify _libre_ECDSA_OpenSSL _libre_ECDSA_set_default_method _libre_ECDSA_get_default_method _libre_ECDSA_set_method _libre_ECDSA_size -_libre_ECDSA_sign_setup _libre_ECDSA_sign -_libre_ECDSA_sign_ex _libre_ECDSA_verify _libre_ECDSA_get_ex_new_index _libre_ECDSA_set_ex_data diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c index e47ec21281..17f968f0cc 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.c +++ b/src/lib/libcrypto/ecdsa/ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.c,v 1.12 2023/07/10 19:10:51 tb Exp $ */ +/* $OpenBSD: ecdsa.c,v 1.13 2023/07/28 08:49:43 tb Exp $ */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -71,6 +71,14 @@ #include "ec_local.h" #include "ecdsa_local.h" +static ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +static int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); +static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, + BIGNUM **out_r); + static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { { .flags = 0, @@ -762,7 +770,7 @@ ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) } LCRYPTO_ALIAS(ECDSA_do_sign); -ECDSA_SIG * +static ECDSA_SIG * ECDSA_do_sign_ex(const unsigned char *digest, int digest_len, const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key) { @@ -772,7 +780,6 @@ ECDSA_do_sign_ex(const unsigned char *digest, int digest_len, } return key->meth->sign_sig(digest, digest_len, kinv, out_r, key); } -LCRYPTO_ALIAS(ECDSA_do_sign_ex); int ECDSA_sign(int type, const unsigned char *digest, int digest_len, @@ -783,7 +790,7 @@ ECDSA_sign(int type, const unsigned char *digest, int digest_len, } LCRYPTO_ALIAS(ECDSA_sign); -int +static int ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len, unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *key) @@ -795,9 +802,8 @@ ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len, return key->meth->sign(type, digest, digest_len, signature, signature_len, kinv, r, key); } -LCRYPTO_ALIAS(ECDSA_sign_ex); -int +static int ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r) { @@ -807,7 +813,6 @@ ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, } return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); } -LCRYPTO_ALIAS(ECDSA_sign_setup); int ECDSA_do_verify(const unsigned char *digest, int digest_len, diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h index 2e6b672627..9960a4b1ea 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.h +++ b/src/lib/libcrypto/ecdsa/ecdsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.h,v 1.16 2023/06/19 09:12:41 tb Exp $ */ +/* $OpenBSD: ecdsa.h,v 1.17 2023/07/28 08:49:43 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -108,8 +108,6 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *eckey); -ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY* eckey); @@ -119,13 +117,8 @@ const ECDSA_METHOD *ECDSA_get_default_method(void); int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); int ECDSA_size(const EC_KEY *eckey); -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, - BIGNUM **rp); int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *rp, EC_KEY *eckey); int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); diff --git a/src/lib/libcrypto/hidden/openssl/ecdsa.h b/src/lib/libcrypto/hidden/openssl/ecdsa.h index ef8a789939..b2563ed37d 100644 --- a/src/lib/libcrypto/hidden/openssl/ecdsa.h +++ b/src/lib/libcrypto/hidden/openssl/ecdsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: ecdsa.h,v 1.3 2023/07/28 08:49:43 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -34,16 +34,13 @@ LCRYPTO_USED(ECDSA_SIG_get0_r); LCRYPTO_USED(ECDSA_SIG_get0_s); LCRYPTO_USED(ECDSA_SIG_set0); LCRYPTO_USED(ECDSA_do_sign); -LCRYPTO_USED(ECDSA_do_sign_ex); LCRYPTO_USED(ECDSA_do_verify); LCRYPTO_USED(ECDSA_OpenSSL); LCRYPTO_USED(ECDSA_set_default_method); LCRYPTO_USED(ECDSA_get_default_method); LCRYPTO_USED(ECDSA_set_method); LCRYPTO_USED(ECDSA_size); -LCRYPTO_USED(ECDSA_sign_setup); LCRYPTO_USED(ECDSA_sign); -LCRYPTO_USED(ECDSA_sign_ex); LCRYPTO_USED(ECDSA_verify); LCRYPTO_USED(ECDSA_get_ex_new_index); LCRYPTO_USED(ECDSA_set_ex_data); -- cgit v1.2.3-55-g6feb