forked from pool/openssl-1_1
Pedro Monreal Gonzalez
32ced036f1
- Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
534 lines
23 KiB
Diff
534 lines
23 KiB
Diff
From 9bf682f62bd819d2fbceb95eeabd61dd4532240f Mon Sep 17 00:00:00 2001
|
|
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
Date: Thu, 11 Jul 2019 10:23:49 +0200
|
|
Subject: [PATCH 09205/10000] Enable curve-spefific ECDSA implementations via
|
|
EC_METHOD
|
|
|
|
which are already enabled for ECDH.
|
|
|
|
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/9348)
|
|
---
|
|
crypto/ec/ec2_smpl.c | 3 +
|
|
crypto/ec/ec_local.h | 15 +++++
|
|
crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------
|
|
crypto/ec/ecp_mont.c | 3 +
|
|
crypto/ec/ecp_nist.c | 3 +
|
|
crypto/ec/ecp_nistp224.c | 3 +
|
|
crypto/ec/ecp_nistp256.c | 3 +
|
|
crypto/ec/ecp_nistp521.c | 3 +
|
|
crypto/ec/ecp_nistz256.c | 3 +
|
|
crypto/ec/ecp_s390x_nistp.c | 3 +
|
|
crypto/ec/ecp_smpl.c | 3 +
|
|
crypto/err/openssl.txt | 5 ++
|
|
include/openssl/ecerr.h | 1 +
|
|
13 files changed, 119 insertions(+), 36 deletions(-)
|
|
|
|
Index: openssl-1.1.1e/crypto/ec/ec2_smpl.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ec2_smpl.c 2020-03-20 13:03:13.823258089 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ec2_smpl.c 2020-03-20 13:03:17.247276054 +0100
|
|
@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(v
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
ec_GF2m_simple_ladder_pre,
|
|
Index: openssl-1.1.1e/crypto/ec/ec_local.h
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ec_local.h 2020-03-20 13:03:13.823258089 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ec_local.h 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -179,6 +179,14 @@ struct ec_method_st {
|
|
/* custom ECDH operation */
|
|
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
|
|
const EC_POINT *pub_key, const EC_KEY *ecdh);
|
|
+ /* custom ECDSA */
|
|
+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp,
|
|
+ BIGNUM **rp);
|
|
+ ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen,
|
|
+ const BIGNUM *kinv, const BIGNUM *r,
|
|
+ EC_KEY *eckey);
|
|
+ int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
|
/* Inverse modulo order */
|
|
int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
|
|
const BIGNUM *x, BN_CTX *);
|
|
@@ -656,6 +664,13 @@ int ossl_ecdsa_verify(int type, const un
|
|
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
|
|
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
const ECDSA_SIG *sig, EC_KEY *eckey);
|
|
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
+ BIGNUM **rp);
|
|
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
+ EC_KEY *eckey);
|
|
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
|
|
|
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
|
|
const uint8_t public_key[32], const uint8_t private_key[32]);
|
|
Index: openssl-1.1.1e/crypto/ec/ecdsa_ossl.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:13.823258089 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:54.463471314 +0100
|
|
@@ -14,6 +14,41 @@
|
|
#include "crypto/bn.h"
|
|
#include "ec_local.h"
|
|
|
|
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
+ BIGNUM **rp)
|
|
+{
|
|
+ if (eckey->group->meth->ecdsa_sign_setup == NULL) {
|
|
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
|
|
+}
|
|
+
|
|
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
+ EC_KEY *eckey)
|
|
+{
|
|
+ if (eckey->group->meth->ecdsa_sign_sig == NULL) {
|
|
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len,
|
|
+ in_kinv, in_r, eckey);
|
|
+}
|
|
+
|
|
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
|
+{
|
|
+ if (eckey->group->meth->ecdsa_verify_sig == NULL) {
|
|
+ ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey);
|
|
+}
|
|
+
|
|
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
|
unsigned char *sig, unsigned int *siglen,
|
|
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
|
|
@@ -145,15 +180,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
|
return ret;
|
|
}
|
|
|
|
-int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
- BIGNUM **rp)
|
|
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
+ BIGNUM **rp)
|
|
{
|
|
return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
|
|
}
|
|
|
|
-ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
- const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
- EC_KEY *eckey)
|
|
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
+ EC_KEY *eckey)
|
|
{
|
|
int ok = 0, i;
|
|
BIGNUM *kinv = NULL, *s, *m = NULL;
|
|
@@ -167,35 +202,35 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
priv_key = EC_KEY_get0_private_key(eckey);
|
|
|
|
if (group == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
|
return NULL;
|
|
}
|
|
if (priv_key == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
|
return NULL;
|
|
}
|
|
|
|
if (!EC_KEY_can_sign(eckey)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
return NULL;
|
|
}
|
|
|
|
ret = ECDSA_SIG_new();
|
|
if (ret == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
return NULL;
|
|
}
|
|
ret->r = BN_new();
|
|
ret->s = BN_new();
|
|
if (ret->r == NULL || ret->s == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
s = ret->s;
|
|
|
|
if ((ctx = BN_CTX_new()) == NULL
|
|
|| (m = BN_new()) == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
|
|
@@ -207,25 +242,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
if (8 * dgst_len > i)
|
|
dgst_len = (i + 7) / 8;
|
|
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* If still too long, truncate remaining bits with a shift */
|
|
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
do {
|
|
if (in_kinv == NULL || in_r == NULL) {
|
|
if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_ECDSA_LIB);
|
|
goto err;
|
|
}
|
|
ckinv = kinv;
|
|
} else {
|
|
ckinv = in_kinv;
|
|
if (BN_copy(ret->r, in_r) == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
}
|
|
@@ -239,11 +274,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
*/
|
|
if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
|
|
|| !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
if (!bn_mod_add_fixed_top(s, s, m, order)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/*
|
|
@@ -252,7 +287,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
*/
|
|
if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
|
|
|| !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
|
|
@@ -262,7 +297,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
* generate new kinv and r values
|
|
*/
|
|
if (in_kinv != NULL && in_r != NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
|
goto err;
|
|
}
|
|
} else {
|
|
@@ -314,8 +349,8 @@ int ossl_ecdsa_verify(int type, const un
|
|
return ret;
|
|
}
|
|
|
|
-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
- const ECDSA_SIG *sig, EC_KEY *eckey)
|
|
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
|
{
|
|
int ret = -1, i;
|
|
BN_CTX *ctx;
|
|
@@ -328,18 +363,18 @@ int ossl_ecdsa_verify_sig(const unsigned
|
|
/* check input values */
|
|
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
|
|
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
|
return -1;
|
|
}
|
|
|
|
if (!EC_KEY_can_sign(eckey)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
return -1;
|
|
}
|
|
|
|
ctx = BN_CTX_new();
|
|
if (ctx == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
return -1;
|
|
}
|
|
BN_CTX_start(ctx);
|
|
@@ -348,26 +383,26 @@ int ossl_ecdsa_verify_sig(const unsigned
|
|
m = BN_CTX_get(ctx);
|
|
X = BN_CTX_get(ctx);
|
|
if (X == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
|
|
order = EC_GROUP_get0_order(group);
|
|
if (order == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
|
|
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
|
|
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
|
ret = 0; /* signature is invalid */
|
|
goto err;
|
|
}
|
|
/* calculate tmp1 = inv(S) mod order */
|
|
if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* digest -> m */
|
|
@@ -378,41 +413,41 @@ int ossl_ecdsa_verify_sig(const unsigned
|
|
if (8 * dgst_len > i)
|
|
dgst_len = (i + 7) / 8;
|
|
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* If still too long truncate remaining bits with a shift */
|
|
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* u1 = m * tmp mod order */
|
|
if (!BN_mod_mul(u1, m, u2, order, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* u2 = r * w mod q */
|
|
if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if ((point = EC_POINT_new(group)) == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if (!BN_nnmod(u1, X, order, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* if the signature is correct u1 is equal to sig->r */
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_mont.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_mont.c 2020-03-20 13:03:13.823258089 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_mont.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
ec_GFp_simple_blind_coordinates,
|
|
ec_GFp_simple_ladder_pre,
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_nist.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_nist.c 2020-03-20 13:03:13.827258110 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_nist.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
ec_GFp_simple_blind_coordinates,
|
|
ec_GFp_simple_ladder_pre,
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_nistp224.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:13.827258110 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -291,6 +291,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
|
ec_key_simple_generate_public_key,
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
ecdh_simple_compute_key,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_nistp256.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:13.827258110 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -1829,6 +1829,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
0, /* ladder_pre */
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_nistp521.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:13.827258110 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -1669,6 +1669,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
0, /* ladder_pre */
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_nistz256.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:13.827258110 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -1720,6 +1720,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
|
|
0, /* blind_coordinates */
|
|
0, /* ladder_pre */
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:13.827258110 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
|
NULL, /* keycopy */ \
|
|
NULL, /* keyfinish */ \
|
|
ecdh_simple_compute_key, \
|
|
+ ecdsa_simple_sign_setup, \
|
|
+ ecdsa_simple_sign_sig, \
|
|
+ ecdsa_simple_verify_sig, \
|
|
NULL, /* field_inverse_mod_ord */ \
|
|
ec_GFp_simple_blind_coordinates, \
|
|
ec_GFp_simple_ladder_pre, \
|
|
Index: openssl-1.1.1e/crypto/ec/ecp_smpl.c
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/ec/ecp_smpl.c 2020-03-20 13:03:13.827258110 +0100
|
|
+++ openssl-1.1.1e/crypto/ec/ecp_smpl.c 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
ec_GFp_simple_blind_coordinates,
|
|
ec_GFp_simple_ladder_pre,
|
|
Index: openssl-1.1.1e/crypto/err/openssl.txt
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 13:03:13.831258131 +0100
|
|
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
|
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
|
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
|
EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
|
+EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
|
+EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
|
+EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
|
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
|
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
|
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
|
@@ -657,6 +660,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_
|
|
EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
|
|
EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
|
|
EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
|
|
+EC_F_OSSL_ECDSA_SIGN_SETUP:300:ossl_ecdsa_sign_setup
|
|
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
|
|
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
|
|
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
|
|
@@ -2133,6 +2137,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
|
EC_R_CANNOT_INVERT:165:cannot invert
|
|
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
|
|
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
|
|
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa
|
|
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
|
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
|
|
EC_R_DECODE_ERROR:142:decode error
|
|
Index: openssl-1.1.1e/include/openssl/ecerr.h
|
|
===================================================================
|
|
--- openssl-1.1.1e.orig/include/openssl/ecerr.h 2020-03-20 13:03:13.831258131 +0100
|
|
+++ openssl-1.1.1e/include/openssl/ecerr.h 2020-03-20 13:03:17.251276075 +0100
|
|
@@ -41,6 +41,9 @@ int ERR_load_EC_strings(void);
|
|
# define EC_F_ECDSA_SIGN_EX 254
|
|
# define EC_F_ECDSA_SIGN_SETUP 248
|
|
# define EC_F_ECDSA_SIG_NEW 265
|
|
+# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 310
|
|
+# define EC_F_ECDSA_SIMPLE_SIGN_SIG 311
|
|
+# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 312
|
|
# define EC_F_ECDSA_VERIFY 253
|
|
# define EC_F_ECD_ITEM_VERIFY 270
|
|
# define EC_F_ECKEY_PARAM2TYPE 223
|
|
@@ -185,6 +188,7 @@ int ERR_load_EC_strings(void);
|
|
# define EC_F_O2I_ECPUBLICKEY 152
|
|
# define EC_F_OLD_EC_PRIV_DECODE 222
|
|
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
|
|
+# define EC_F_OSSL_ECDSA_SIGN_SETUP 300
|
|
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
|
|
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
|
|
# define EC_F_PKEY_ECD_CTRL 271
|
|
@@ -212,6 +216,7 @@ int ERR_load_EC_strings(void);
|
|
# define EC_R_CANNOT_INVERT 165
|
|
# define EC_R_COORDINATES_OUT_OF_RANGE 146
|
|
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
|
|
+# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170
|
|
# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
|
|
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
|
|
# define EC_R_DECODE_ERROR 142
|