diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/ecdsa')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 6 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 60 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 257 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 719 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 62 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 64 |
6 files changed, 567 insertions, 601 deletions
diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c index b2954894..508b079f 100644 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,8 +58,8 @@ #include <openssl/asn1t.h> ASN1_SEQUENCE(ECDSA_SIG) = { - ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), - ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) + ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), + ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) } ASN1_SEQUENCE_END(ECDSA_SIG) DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c index d2a53730..80d91aff 100644 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,8 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -65,40 +66,39 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) -static ERR_STRING_DATA ECDSA_str_functs[]= - { -{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, -{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, -{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, -{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, -{0,NULL} - }; +static ERR_STRING_DATA ECDSA_str_functs[] = { + {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, + {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, + {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, + {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, + {0, NULL} +}; -static ERR_STRING_DATA ECDSA_str_reasons[]= - { -{ERR_REASON(ECDSA_R_BAD_SIGNATURE) ,"bad signature"}, -{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, -{ERR_REASON(ECDSA_R_ERR_EC_LIB) ,"err ec lib"}, -{ERR_REASON(ECDSA_R_MISSING_PARAMETERS) ,"missing parameters"}, -{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"}, -{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"}, -{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"}, -{0,NULL} - }; +static ERR_STRING_DATA ECDSA_str_reasons[] = { + {ERR_REASON(ECDSA_R_BAD_SIGNATURE), "bad signature"}, + {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), + "data too large for key size"}, + {ERR_REASON(ECDSA_R_ERR_EC_LIB), "err ec lib"}, + {ERR_REASON(ECDSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, + {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), + "random number generation failed"}, + {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"}, + {0, NULL} +}; #endif void ERR_load_ECDSA_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) - { - ERR_load_strings(0,ECDSA_str_functs); - ERR_load_strings(0,ECDSA_str_reasons); - } + if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) { + ERR_load_strings(0, ECDSA_str_functs); + ERR_load_strings(0, ECDSA_str_reasons); + } #endif - } +} diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c index 81082c97..dfcb6dbc 100644 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,211 +56,204 @@ #include <string.h> #include "ecs_locl.h" #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif #include <openssl/err.h> #include <openssl/bn.h> -const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT; +const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT; static const ECDSA_METHOD *default_ECDSA_method = NULL; static void *ecdsa_data_new(void); static void *ecdsa_data_dup(void *); -static void ecdsa_data_free(void *); +static void ecdsa_data_free(void *); void ECDSA_set_default_method(const ECDSA_METHOD *meth) { - default_ECDSA_method = meth; + default_ECDSA_method = meth; } const ECDSA_METHOD *ECDSA_get_default_method(void) { - if(!default_ECDSA_method) - default_ECDSA_method = ECDSA_OpenSSL(); - return default_ECDSA_method; + if (!default_ECDSA_method) + default_ECDSA_method = ECDSA_OpenSSL(); + return default_ECDSA_method; } int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) { - ECDSA_DATA *ecdsa; + ECDSA_DATA *ecdsa; - ecdsa = ecdsa_check(eckey); + ecdsa = ecdsa_check(eckey); - if (ecdsa == NULL) - return 0; + if (ecdsa == NULL) + return 0; #ifndef OPENSSL_NO_ENGINE - if (ecdsa->engine) - { - ENGINE_finish(ecdsa->engine); - ecdsa->engine = NULL; - } + if (ecdsa->engine) { + ENGINE_finish(ecdsa->engine); + ecdsa->engine = NULL; + } #endif - ecdsa->meth = meth; + ecdsa->meth = meth; - return 1; + return 1; } static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) { - ECDSA_DATA *ret; + ECDSA_DATA *ret; - ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); - if (ret == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return(NULL); - } + ret = (ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); + if (ret == NULL) { + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return (NULL); + } - ret->init = NULL; + ret->init = NULL; - ret->meth = ECDSA_get_default_method(); - ret->engine = engine; + ret->meth = ECDSA_get_default_method(); + ret->engine = engine; #ifndef OPENSSL_NO_ENGINE - if (!ret->engine) - ret->engine = ENGINE_get_default_ECDSA(); - if (ret->engine) - { - ret->meth = ENGINE_get_ECDSA(ret->engine); - if (!ret->meth) - { - ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDSA(); + if (ret->engine) { + ret->meth = ENGINE_get_ECDSA(ret->engine); + if (!ret->meth) { + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } #endif - ret->flags = ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); #if 0 - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } -#endif - return(ret); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); + OPENSSL_free(ret); + ret = NULL; + } +#endif + return (ret); } static void *ecdsa_data_new(void) { - return (void *)ECDSA_DATA_new_method(NULL); + return (void *)ECDSA_DATA_new_method(NULL); } static void *ecdsa_data_dup(void *data) { - ECDSA_DATA *r = (ECDSA_DATA *)data; + ECDSA_DATA *r = (ECDSA_DATA *)data; - /* XXX: dummy operation */ - if (r == NULL) - return NULL; + /* XXX: dummy operation */ + if (r == NULL) + return NULL; - return ecdsa_data_new(); + return ecdsa_data_new(); } static void ecdsa_data_free(void *data) { - ECDSA_DATA *r = (ECDSA_DATA *)data; + ECDSA_DATA *r = (ECDSA_DATA *)data; #ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); + if (r->engine) + ENGINE_finish(r->engine); #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); + OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); - OPENSSL_free(r); + OPENSSL_free(r); } ECDSA_DATA *ecdsa_check(EC_KEY *key) { - ECDSA_DATA *ecdsa_data; - - void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, - ecdsa_data_free, ecdsa_data_free); - if (data == NULL) - { - ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); - if (ecdsa_data == NULL) - return NULL; - data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, - ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); - if (data != NULL) - { - /* Another thread raced us to install the key_method - * data and won. */ - ecdsa_data_free(ecdsa_data); - ecdsa_data = (ECDSA_DATA *)data; - } - } - else - ecdsa_data = (ECDSA_DATA *)data; - - - return ecdsa_data; + ECDSA_DATA *ecdsa_data; + + void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, + ecdsa_data_free, ecdsa_data_free); + if (data == NULL) { + ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); + if (ecdsa_data == NULL) + return NULL; + data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, + ecdsa_data_dup, ecdsa_data_free, + ecdsa_data_free); + if (data != NULL) { + /* + * Another thread raced us to install the key_method data and + * won. + */ + ecdsa_data_free(ecdsa_data); + ecdsa_data = (ECDSA_DATA *)data; + } + } else + ecdsa_data = (ECDSA_DATA *)data; + + return ecdsa_data; } int ECDSA_size(const EC_KEY *r) { - int ret,i; - ASN1_INTEGER bs; - BIGNUM *order=NULL; - unsigned char buf[4]; - const EC_GROUP *group; - - if (r == NULL) - return 0; - group = EC_KEY_get0_group(r); - if (group == NULL) - return 0; - - if ((order = BN_new()) == NULL) return 0; - if (!EC_GROUP_get_order(group,order,NULL)) - { - BN_clear_free(order); - return 0; - } - i=BN_num_bits(order); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; - - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - BN_clear_free(order); - return(ret); + int ret, i; + ASN1_INTEGER bs; + BIGNUM *order = NULL; + unsigned char buf[4]; + const EC_GROUP *group; + + if (r == NULL) + return 0; + group = EC_KEY_get0_group(r); + if (group == NULL) + return 0; + + if ((order = BN_new()) == NULL) + return 0; + if (!EC_GROUP_get_order(group, order, NULL)) { + BN_clear_free(order); + return 0; + } + i = BN_num_bits(order); + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0] = 0xff; + + i = i2d_ASN1_INTEGER(&bs, NULL); + i += i; /* r and s */ + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + BN_clear_free(order); + return (ret); } - int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, - new_func, dup_func, free_func); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, + new_func, dup_func, free_func); } int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) { - ECDSA_DATA *ecdsa; - ecdsa = ecdsa_check(d); - if (ecdsa == NULL) - return 0; - return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return 0; + return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg)); } void *ECDSA_get_ex_data(EC_KEY *d, int idx) { - ECDSA_DATA *ecdsa; - ecdsa = ecdsa_check(d); - if (ecdsa == NULL) - return NULL; - return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return NULL; + return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx)); } diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c index 1bbf328d..8b29b242 100644 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,420 +61,377 @@ #include <openssl/obj_mac.h> #include <openssl/bn.h> -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, - const BIGNUM *, const BIGNUM *, EC_KEY *eckey); -static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); +static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, + const BIGNUM *, const BIGNUM *, + EC_KEY *eckey); +static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); +static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); static ECDSA_METHOD openssl_ecdsa_meth = { - "OpenSSL ECDSA method", - ecdsa_do_sign, - ecdsa_sign_setup, - ecdsa_do_verify, + "OpenSSL ECDSA method", + ecdsa_do_sign, + ecdsa_sign_setup, + ecdsa_do_verify, #if 0 - NULL, /* init */ - NULL, /* finish */ + NULL, /* init */ + NULL, /* finish */ #endif - 0, /* flags */ - NULL /* app_data */ + 0, /* flags */ + NULL /* app_data */ }; const ECDSA_METHOD *ECDSA_OpenSSL(void) { - return &openssl_ecdsa_meth; + return &openssl_ecdsa_meth; } static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) + BIGNUM **rp) { - BN_CTX *ctx = NULL; - BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; - EC_POINT *tmp_point=NULL; - const EC_GROUP *group; - int ret = 0; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; + EC_POINT *tmp_point = NULL; + const EC_GROUP *group; + int ret = 0; - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } - if (ctx_in == NULL) - { - if ((ctx = BN_CTX_new()) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE); - return 0; - } - } - else - ctx = ctx_in; + if (ctx_in == NULL) { + if ((ctx = BN_CTX_new()) == NULL) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + return 0; + } + } else + ctx = ctx_in; - k = BN_new(); /* this value is later returned in *kinvp */ - r = BN_new(); /* this value is later returned in *rp */ - order = BN_new(); - X = BN_new(); - if (!k || !r || !order || !X) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((tmp_point = EC_POINT_new(group)) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } - if (!EC_GROUP_get_order(group, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } - - do - { - /* get random k */ - do - if (!BN_rand_range(k, order)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, - ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); - goto err; - } - while (BN_is_zero(k)); + k = BN_new(); /* this value is later returned in *kinvp */ + r = BN_new(); /* this value is later returned in *rp */ + order = BN_new(); + X = BN_new(); + if (!k || !r || !order || !X) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + goto err; + } + if ((tmp_point = EC_POINT_new(group)) == NULL) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + if (!EC_GROUP_get_order(group, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } - /* We do not want timing information to leak the length of k, - * so we compute G*k using an equivalent scalar of fixed - * bit-length. */ + do { + /* get random k */ + do + if (!BN_rand_range(k, order)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, + ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); + goto err; + } + while (BN_is_zero(k)) ; - if (!BN_add(k, k, order)) goto err; - if (BN_num_bits(k) <= BN_num_bits(order)) - if (!BN_add(k, k, order)) goto err; + /* + * We do not want timing information to leak the length of k, so we + * compute G*k using an equivalent scalar of fixed bit-length. + */ - /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) - { - if (!EC_POINT_get_affine_coordinates_GFp(group, - tmp_point, X, NULL, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); - goto err; - } - } - else /* NID_X9_62_characteristic_two_field */ - { - if (!EC_POINT_get_affine_coordinates_GF2m(group, - tmp_point, X, NULL, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); - goto err; - } - } - if (!BN_nnmod(r, X, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - } - while (BN_is_zero(r)); + if (!BN_add(k, k, order)) + goto err; + if (BN_num_bits(k) <= BN_num_bits(order)) + if (!BN_add(k, k, order)) + goto err; - /* compute the inverse of k */ - if (!BN_mod_inverse(k, k, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - /* clear old values if necessary */ - if (*rp != NULL) - BN_clear_free(*rp); - if (*kinvp != NULL) - BN_clear_free(*kinvp); - /* save the pre-computed values */ - *rp = r; - *kinvp = k; - ret = 1; -err: - if (!ret) - { - if (k != NULL) BN_clear_free(k); - if (r != NULL) BN_clear_free(r); - } - if (ctx_in == NULL) - BN_CTX_free(ctx); - if (order != NULL) - BN_free(order); - if (tmp_point != NULL) - EC_POINT_free(tmp_point); - if (X) - BN_clear_free(X); - return(ret); -} + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp + (group, tmp_point, X, NULL, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + } else { /* NID_X9_62_characteristic_two_field */ + if (!EC_POINT_get_affine_coordinates_GF2m(group, + tmp_point, X, NULL, + ctx)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + } + if (!BN_nnmod(r, X, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + } + while (BN_is_zero(r)); + + /* compute the inverse of k */ + if (!BN_mod_inverse(k, k, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + /* clear old values if necessary */ + if (*rp != NULL) + BN_clear_free(*rp); + if (*kinvp != NULL) + BN_clear_free(*kinvp); + /* save the pre-computed values */ + *rp = r; + *kinvp = k; + ret = 1; + err: + if (!ret) { + if (k != NULL) + BN_clear_free(k); + if (r != NULL) + BN_clear_free(r); + } + if (ctx_in == NULL) + BN_CTX_free(ctx); + if (order != NULL) + BN_free(order); + if (tmp_point != NULL) + EC_POINT_free(tmp_point); + if (X) + BN_clear_free(X); + return (ret); +} -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey) { - int ok = 0, i; - BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; - const BIGNUM *ckinv; - BN_CTX *ctx = NULL; - const EC_GROUP *group; - ECDSA_SIG *ret; - ECDSA_DATA *ecdsa; - const BIGNUM *priv_key; + int ok = 0, i; + BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; + const BIGNUM *ckinv; + BN_CTX *ctx = NULL; + const EC_GROUP *group; + ECDSA_SIG *ret; + ECDSA_DATA *ecdsa; + const BIGNUM *priv_key; - ecdsa = ecdsa_check(eckey); - group = EC_KEY_get0_group(eckey); - priv_key = EC_KEY_get0_private_key(eckey); - - if (group == NULL || priv_key == NULL || ecdsa == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } + ecdsa = ecdsa_check(eckey); + group = EC_KEY_get0_group(eckey); + priv_key = EC_KEY_get0_private_key(eckey); - ret = ECDSA_SIG_new(); - if (!ret) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - return NULL; - } - s = ret->s; + if (group == NULL || priv_key == NULL || ecdsa == NULL) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } - if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } + ret = ECDSA_SIG_new(); + if (!ret) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + return NULL; + } + s = ret->s; - if (!EC_GROUP_get_order(group, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); - goto err; - } - i = BN_num_bits(order); - /* Need to truncate digest if it is too long: first truncate whole - * bytes. - */ - if (8 * dgst_len > i) - dgst_len = (i + 7)/8; - if (!BN_bin2bn(dgst, dgst_len, m)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); - goto err; - } - /* If still too long truncate remaining bits with a shift */ - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); - goto err; - } - do - { - if (in_kinv == NULL || in_r == NULL) - { - if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB); - goto err; - } - ckinv = kinv; - } - else - { - ckinv = in_kinv; - if (BN_copy(ret->r, in_r) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - } + if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || + (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); - goto err; - } - if (!BN_mod_add_quick(s, tmp, m, order)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); - goto err; - } - if (!BN_mod_mul(s, s, ckinv, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); - goto err; - } - if (BN_is_zero(s)) - { - /* if kinv and r have been supplied by the caller - * don't to generate new kinv and r values */ - if (in_kinv != NULL && in_r != NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES); - goto err; - } - } - else - /* s != 0 => we have a valid signature */ - break; - } - while (1); + if (!EC_GROUP_get_order(group, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); + goto err; + } + i = BN_num_bits(order); + /* + * Need to truncate digest if it is too long: first truncate whole bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7) / 8; + if (!BN_bin2bn(dgst, dgst_len, m)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + do { + if (in_kinv == NULL || in_r == NULL) { + if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB); + goto err; + } + ckinv = kinv; + } else { + ckinv = in_kinv; + if (BN_copy(ret->r, in_r) == NULL) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + } - ok = 1; -err: - if (!ok) - { - ECDSA_SIG_free(ret); - ret = NULL; - } - if (ctx) - BN_CTX_free(ctx); - if (m) - BN_clear_free(m); - if (tmp) - BN_clear_free(tmp); - if (order) - BN_free(order); - if (kinv) - BN_clear_free(kinv); - return ret; + if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_add_quick(s, tmp, m, order)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (BN_is_zero(s)) { + /* + * if kinv and r have been supplied by the caller don't to + * generate new kinv and r values + */ + if (in_kinv != NULL && in_r != NULL) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, + ECDSA_R_NEED_NEW_SETUP_VALUES); + goto err; + } + } else + /* s != 0 => we have a valid signature */ + break; + } + while (1); + + ok = 1; + err: + if (!ok) { + ECDSA_SIG_free(ret); + ret = NULL; + } + if (ctx) + BN_CTX_free(ctx); + if (m) + BN_clear_free(m); + if (tmp) + BN_clear_free(tmp); + if (order) + BN_free(order); + if (kinv) + BN_clear_free(kinv); + return ret; } static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) + const ECDSA_SIG *sig, EC_KEY *eckey) { - int ret = -1, i; - BN_CTX *ctx; - BIGNUM *order, *u1, *u2, *m, *X; - EC_POINT *point = NULL; - const EC_GROUP *group; - const EC_POINT *pub_key; + int ret = -1, i; + BN_CTX *ctx; + BIGNUM *order, *u1, *u2, *m, *X; + EC_POINT *point = NULL; + const EC_GROUP *group; + const EC_POINT *pub_key; + + /* check input values */ + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || + (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); + return -1; + } + + ctx = BN_CTX_new(); + if (!ctx) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + return -1; + } + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + u1 = BN_CTX_get(ctx); + u2 = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + if (!X) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + + if (!EC_GROUP_get_order(group, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } - /* check input values */ - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || - (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); - return -1; - } + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || + BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); + ret = 0; /* signature is invalid */ + goto err; + } + /* calculate tmp1 = inv(S) mod order */ + if (!BN_mod_inverse(u2, sig->s, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* digest -> m */ + i = BN_num_bits(order); + /* + * Need to truncate digest if it is too long: first truncate whole bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7) / 8; + if (!BN_bin2bn(dgst, dgst_len, m)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* u1 = m * tmp mod order */ + if (!BN_mod_mul(u1, m, u2, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* u2 = r * w mod q */ + if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } - ctx = BN_CTX_new(); - if (!ctx) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - return -1; - } - BN_CTX_start(ctx); - order = BN_CTX_get(ctx); - u1 = BN_CTX_get(ctx); - u2 = BN_CTX_get(ctx); - m = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - if (!X) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); - goto err; - } - - if (!EC_GROUP_get_order(group, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); - goto err; - } + if ((point = EC_POINT_new(group)) == NULL) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + } else { /* NID_X9_62_characteristic_two_field */ - if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || - BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); - ret = 0; /* signature is invalid */ - goto err; - } - /* calculate tmp1 = inv(S) mod order */ - if (!BN_mod_inverse(u2, sig->s, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); - goto err; - } - /* digest -> m */ - i = BN_num_bits(order); - /* Need to truncate digest if it is too long: first truncate whole - * bytes. - */ - if (8 * dgst_len > i) - dgst_len = (i + 7)/8; - if (!BN_bin2bn(dgst, dgst_len, m)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); - goto err; - } - /* If still too long truncate remaining bits with a shift */ - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); - goto err; - } - /* u1 = m * tmp mod order */ - if (!BN_mod_mul(u1, m, u2, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); - goto err; - } - /* u2 = r * w mod q */ - if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); - goto err; - } + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + } - if ((point = EC_POINT_new(group)) == NULL) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); - goto err; - } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) - { - if (!EC_POINT_get_affine_coordinates_GFp(group, - point, X, NULL, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); - goto err; - } - } - else /* NID_X9_62_characteristic_two_field */ - { - if (!EC_POINT_get_affine_coordinates_GF2m(group, - point, X, NULL, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); - goto err; - } - } - - if (!BN_nnmod(u1, X, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); - goto err; - } - /* if the signature is correct u1 is equal to sig->r */ - ret = (BN_ucmp(u1, sig->r) == 0); -err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - if (point) - EC_POINT_free(point); - return ret; + if (!BN_nnmod(u1, X, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } + /* if the signature is correct u1 is equal to sig->r */ + ret = (BN_ucmp(u1, sig->r) == 0); + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + if (point) + EC_POINT_free(point); + return ret; } diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c index 353d5af5..28652d45 100644 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,52 +55,52 @@ #include "ecs_locl.h" #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif #include <openssl/rand.h> ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { - return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); + return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); } ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey) { - ECDSA_DATA *ecdsa = ecdsa_check(eckey); - if (ecdsa == NULL) - return NULL; - return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return NULL; + return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); } -int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char - *sig, unsigned int *siglen, EC_KEY *eckey) +int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char + *sig, unsigned int *siglen, EC_KEY *eckey) { - return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); + return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); } -int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char - *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey) +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char + *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *r, EC_KEY *eckey) { - ECDSA_SIG *s; - RAND_seed(dgst, dlen); - s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); - if (s == NULL) - { - *siglen=0; - return 0; - } - *siglen = i2d_ECDSA_SIG(s, &sig); - ECDSA_SIG_free(s); - return 1; + ECDSA_SIG *s; + RAND_seed(dgst, dlen); + s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); + if (s == NULL) { + *siglen = 0; + return 0; + } + *siglen = i2d_ECDSA_SIG(s, &sig); + ECDSA_SIG_free(s); + return 1; } -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp) { - ECDSA_DATA *ecdsa = ecdsa_check(eckey); - if (ecdsa == NULL) - return 0; - return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); } diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c index ef9acf7b..e909aeb4 100644 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,40 +57,56 @@ */ #include "ecs_locl.h" +#include <string.h> #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif -/* returns +/*- + * returns * 1: correct signature * 0: incorrect signature * -1: error */ -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) - { - ECDSA_DATA *ecdsa = ecdsa_check(eckey); - if (ecdsa == NULL) - return 0; - return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); - } +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) +{ + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); +} -/* returns +/*- + * returns * 1: correct signature * 0: incorrect signature * -1: error */ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) - { - ECDSA_SIG *s; - int ret=-1; + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) +{ + ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; + int ret = -1; - s = ECDSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; - ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); -err: - ECDSA_SIG_free(s); - return(ret); - } + s = ECDSA_SIG_new(); + if (s == NULL) + return (ret); + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) + goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; + ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); + err: + if (derlen > 0) { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } + ECDSA_SIG_free(s); + return (ret); +} |