summaryrefslogtreecommitdiffstats
path: root/src/crypto/ecdsa/ecdsa.c
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2015-09-25 00:44:37 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-09-25 00:44:37 +0000
commite246de8f184e644debf965ecdca552f006b56881 (patch)
treedc62c249d595198e0d99e43890019d21e901fbec /src/crypto/ecdsa/ecdsa.c
parentc737bc23bc868fff21e5c1b95940813f709ea550 (diff)
parent00bc53f6f4436972b7a8dcf2c1e5fd0ad7515872 (diff)
downloadexternal_boringssl-e246de8f184e644debf965ecdca552f006b56881.zip
external_boringssl-e246de8f184e644debf965ecdca552f006b56881.tar.gz
external_boringssl-e246de8f184e644debf965ecdca552f006b56881.tar.bz2
am 00bc53f6: am a04d78d3: Revert "external/boringssl: sync with upstream."
* commit '00bc53f6f4436972b7a8dcf2c1e5fd0ad7515872': Revert "external/boringssl: sync with upstream."
Diffstat (limited to 'src/crypto/ecdsa/ecdsa.c')
-rw-r--r--src/crypto/ecdsa/ecdsa.c119
1 files changed, 50 insertions, 69 deletions
diff --git a/src/crypto/ecdsa/ecdsa.c b/src/crypto/ecdsa/ecdsa.c
index 8403d60..b71799e 100644
--- a/src/crypto/ecdsa/ecdsa.c
+++ b/src/crypto/ecdsa/ecdsa.c
@@ -52,11 +52,9 @@
#include <openssl/ecdsa.h>
-#include <assert.h>
#include <string.h>
#include <openssl/bn.h>
-#include <openssl/bytestring.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -83,18 +81,16 @@ int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len,
return eckey->ecdsa_meth->verify(digest, digest_len, sig, sig_len, eckey);
}
- /* Decode the ECDSA signature. */
- s = ECDSA_SIG_from_bytes(sig, sig_len);
- if (s == NULL) {
+ s = ECDSA_SIG_new();
+ const uint8_t *sigp = sig;
+ if (s == NULL || d2i_ECDSA_SIG(&s, &sigp, sig_len) == NULL ||
+ sigp != sig + sig_len) {
goto err;
}
- /* Defend against potential laxness in the DER parser. */
- size_t der_len;
- if (!ECDSA_SIG_to_bytes(&der, &der_len, s) ||
- der_len != sig_len || memcmp(sig, der, sig_len) != 0) {
- /* This should never happen. crypto/bytestring is strictly DER. */
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR);
+ /* Ensure that the signature uses DER and doesn't have trailing garbage. */
+ const int der_len = i2d_ECDSA_SIG(s, &der);
+ if (der_len < 0 || (size_t) der_len != sig_len || memcmp(sig, der, sig_len)) {
goto err;
}
@@ -120,14 +116,14 @@ static int digest_to_bn(BIGNUM *out, const uint8_t *digest, size_t digest_len,
digest_len = (num_bits + 7) / 8;
}
if (!BN_bin2bn(digest, digest_len, out)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, digest_to_bn, ERR_R_BN_LIB);
return 0;
}
/* If still too long truncate remaining bits with a shift */
if ((8 * digest_len > num_bits) &&
!BN_rshift(out, out, 8 - (num_bits & 0x7))) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, digest_to_bn, ERR_R_BN_LIB);
return 0;
}
@@ -149,7 +145,7 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
const EC_POINT *pub_key;
if (eckey->ecdsa_meth && eckey->ecdsa_meth->verify) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_NOT_IMPLEMENTED);
return 0;
}
@@ -157,13 +153,13 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
if ((group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL ||
sig == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_MISSING_PARAMETERS);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_MISSING_PARAMETERS);
return 0;
}
ctx = BN_CTX_new();
if (!ctx) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_MALLOC_FAILURE);
return 0;
}
BN_CTX_start(ctx);
@@ -172,26 +168,26 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
u2 = BN_CTX_get(ctx);
m = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
- if (order == NULL || u1 == NULL || u2 == NULL || m == NULL || X == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ if (!X) {
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB);
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_BAD_SIGNATURE);
ret = 0; /* signature is invalid */
goto err;
}
/* calculate tmp1 = inv(S) mod order */
if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB);
goto err;
}
if (!digest_to_bn(m, digest, digest_len, order)) {
@@ -199,30 +195,30 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
}
/* u1 = m * tmp mod order */
if (!BN_mod_mul(u1, m, u2, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB);
goto err;
}
/* u2 = r * w mod q */
if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB);
goto err;
}
point = EC_POINT_new(group);
if (point == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB);
goto err;
}
if (!BN_nnmod(u1, X, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB);
goto err;
}
/* if the signature is correct u1 is equal to sig->r */
@@ -245,13 +241,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
int ret = 0;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_PASSED_NULL_PARAMETER);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
@@ -263,16 +259,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
order = BN_new();
X = BN_new();
if (!k || !r || !order || !X) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_MALLOC_FAILURE);
goto err;
}
tmp_point = EC_POINT_new(group);
if (tmp_point == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB);
goto err;
}
@@ -290,7 +286,8 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
ok = BN_rand_range(k, order);
}
if (!ok) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup,
+ ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
} while (BN_is_zero(k));
@@ -310,23 +307,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB);
goto err;
}
if (!BN_nnmod(r, X, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB);
goto err;
}
} while (BN_is_zero(r));
/* compute the inverse of k */
if (!BN_mod_inverse(k, k, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB);
goto err;
}
/* clear old values if necessary */
@@ -368,7 +365,7 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len,
const BIGNUM *priv_key;
if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ECDSA_R_NOT_IMPLEMENTED);
return NULL;
}
@@ -376,25 +373,25 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len,
priv_key = EC_KEY_get0_private_key(eckey);
if (group == NULL || priv_key == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_PASSED_NULL_PARAMETER);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
ret = ECDSA_SIG_new();
if (!ret) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE);
return NULL;
}
s = ret->s;
if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
(tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_EC_LIB);
goto err;
}
if (!digest_to_bn(m, digest, digest_len, order)) {
@@ -403,35 +400,35 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len,
for (;;) {
if (in_kinv == NULL || in_r == NULL) {
if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, digest, digest_len)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_ECDSA_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_ECDSA_LIB);
goto err;
}
ckinv = kinv;
} else {
ckinv = in_kinv;
if (BN_copy(ret->r, in_r) == NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE);
goto err;
}
}
if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_add_quick(s, tmp, m, order)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB);
goto err;
}
if (BN_is_zero(s)) {
/* if kinv and r have been supplied by the caller
* don't to generate new kinv and r values */
if (in_kinv != NULL && in_r != NULL) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NEED_NEW_SETUP_VALUES);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ECDSA_R_NEED_NEW_SETUP_VALUES);
goto err;
}
} else {
@@ -458,36 +455,20 @@ err:
int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len,
uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv,
const BIGNUM *r, EC_KEY *eckey) {
- int ret = 0;
ECDSA_SIG *s = NULL;
if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED);
+ OPENSSL_PUT_ERROR(ECDSA, ECDSA_sign_ex, ECDSA_R_NOT_IMPLEMENTED);
*sig_len = 0;
- goto err;
+ return 0;
}
s = ECDSA_do_sign_ex(digest, digest_len, kinv, r, eckey);
if (s == NULL) {
*sig_len = 0;
- goto err;
- }
-
- CBB cbb;
- CBB_zero(&cbb);
- size_t len;
- if (!CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)) ||
- !ECDSA_SIG_marshal(&cbb, s) ||
- !CBB_finish(&cbb, NULL, &len)) {
- OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);
- CBB_cleanup(&cbb);
- *sig_len = 0;
- goto err;
+ return 0;
}
- *sig_len = (unsigned)len;
- ret = 1;
-
-err:
+ *sig_len = i2d_ECDSA_SIG(s, &sig);
ECDSA_SIG_free(s);
- return ret;
+ return 1;
}