forked from pool/openssl-1_1
c29de1fbdc
Add million FIPS and s390 patches - Temporarily ignore broken OPENSSL_INIT_NO_ATEXIT due to our layered FIPS initialization * openssl-fips-ignore_broken_atexit_test.patch - Import FIPS patches from SLE-15 * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_mode.patch * openssl-ship_fips_standalone_hmac.patch * openssl-fips-clearerror.patch * openssl-fips-selftests_in_nonfips_mode.patch - Don't run FIPS power-up self-tests when the checksum files aren't installed (bsc#1042392) * add openssl-fips-run_selftests_only_when_module_is_complete.patch - Import FIPS patches from Fedora (bsc#1157702, jsc#SLE-9553) * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-ssh-kdf.patch replaces openssl-jsc-SLE-8789-backport_KDF.patch - Support for CPACF enhancements - part 1 (crypto) [bsc#1152695, jsc#SLE-7861] - Add patches: * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch * openssl-s390xcpuid.pl-fix-comment.patch OBS-URL: https://build.opensuse.org/request/show/766865 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=51
534 lines
22 KiB
Diff
534 lines
22 KiB
Diff
From 9bf682f62bd819d2fbceb95eeabd61dd4532240f Mon Sep 17 00:00:00 2001
|
|
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
Date: Thu, 11 Jul 2019 10:23:49 +0200
|
|
Subject: [PATCH 09205/10000] Enable curve-spefific ECDSA implementations via
|
|
EC_METHOD
|
|
|
|
which are already enabled for ECDH.
|
|
|
|
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/9348)
|
|
---
|
|
crypto/ec/ec2_smpl.c | 3 +
|
|
crypto/ec/ec_lcl.h | 15 +++++
|
|
crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------
|
|
crypto/ec/ecp_mont.c | 3 +
|
|
crypto/ec/ecp_nist.c | 3 +
|
|
crypto/ec/ecp_nistp224.c | 3 +
|
|
crypto/ec/ecp_nistp256.c | 3 +
|
|
crypto/ec/ecp_nistp521.c | 3 +
|
|
crypto/ec/ecp_nistz256.c | 3 +
|
|
crypto/ec/ecp_s390x_nistp.c | 3 +
|
|
crypto/ec/ecp_smpl.c | 3 +
|
|
crypto/err/openssl.txt | 5 ++
|
|
include/openssl/ecerr.h | 1 +
|
|
13 files changed, 119 insertions(+), 36 deletions(-)
|
|
|
|
Index: openssl-1.1.1d/crypto/ec/ec2_smpl.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ec2_smpl.c
|
|
+++ openssl-1.1.1d/crypto/ec/ec2_smpl.c
|
|
@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(v
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
ec_GF2m_simple_ladder_pre,
|
|
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
|
|
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
|
|
@@ -179,6 +179,14 @@ struct ec_method_st {
|
|
/* custom ECDH operation */
|
|
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
|
|
const EC_POINT *pub_key, const EC_KEY *ecdh);
|
|
+ /* custom ECDSA */
|
|
+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp,
|
|
+ BIGNUM **rp);
|
|
+ ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen,
|
|
+ const BIGNUM *kinv, const BIGNUM *r,
|
|
+ EC_KEY *eckey);
|
|
+ int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
|
/* Inverse modulo order */
|
|
int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
|
|
const BIGNUM *x, BN_CTX *);
|
|
@@ -656,6 +664,13 @@ int ossl_ecdsa_verify(int type, const un
|
|
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
|
|
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
const ECDSA_SIG *sig, EC_KEY *eckey);
|
|
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
+ BIGNUM **rp);
|
|
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
+ EC_KEY *eckey);
|
|
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
|
|
|
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
|
|
const uint8_t public_key[32], const uint8_t private_key[32]);
|
|
Index: openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecdsa_ossl.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
|
|
@@ -14,6 +14,41 @@
|
|
#include "internal/bn_int.h"
|
|
#include "ec_lcl.h"
|
|
|
|
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
+ BIGNUM **rp)
|
|
+{
|
|
+ if (eckey->group->meth->ecdsa_sign_setup == NULL) {
|
|
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
|
|
+}
|
|
+
|
|
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
+ EC_KEY *eckey)
|
|
+{
|
|
+ if (eckey->group->meth->ecdsa_sign_sig == NULL) {
|
|
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len,
|
|
+ in_kinv, in_r, eckey);
|
|
+}
|
|
+
|
|
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
|
+{
|
|
+ if (eckey->group->meth->ecdsa_verify_sig == NULL) {
|
|
+ ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey);
|
|
+}
|
|
+
|
|
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
|
unsigned char *sig, unsigned int *siglen,
|
|
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
|
|
@@ -145,15 +180,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
|
return ret;
|
|
}
|
|
|
|
-int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
- BIGNUM **rp)
|
|
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
+ BIGNUM **rp)
|
|
{
|
|
return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
|
|
}
|
|
|
|
-ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
- const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
- EC_KEY *eckey)
|
|
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
|
+ EC_KEY *eckey)
|
|
{
|
|
int ok = 0, i;
|
|
BIGNUM *kinv = NULL, *s, *m = NULL;
|
|
@@ -167,35 +202,35 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
priv_key = EC_KEY_get0_private_key(eckey);
|
|
|
|
if (group == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
|
return NULL;
|
|
}
|
|
if (priv_key == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
|
return NULL;
|
|
}
|
|
|
|
if (!EC_KEY_can_sign(eckey)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
return NULL;
|
|
}
|
|
|
|
ret = ECDSA_SIG_new();
|
|
if (ret == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
return NULL;
|
|
}
|
|
ret->r = BN_new();
|
|
ret->s = BN_new();
|
|
if (ret->r == NULL || ret->s == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
s = ret->s;
|
|
|
|
if ((ctx = BN_CTX_new()) == NULL
|
|
|| (m = BN_new()) == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
|
|
@@ -207,25 +242,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
if (8 * dgst_len > i)
|
|
dgst_len = (i + 7) / 8;
|
|
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* If still too long, truncate remaining bits with a shift */
|
|
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
do {
|
|
if (in_kinv == NULL || in_r == NULL) {
|
|
if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_ECDSA_LIB);
|
|
goto err;
|
|
}
|
|
ckinv = kinv;
|
|
} else {
|
|
ckinv = in_kinv;
|
|
if (BN_copy(ret->r, in_r) == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
}
|
|
@@ -239,11 +274,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
*/
|
|
if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
|
|
|| !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
if (!bn_mod_add_fixed_top(s, s, m, order)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/*
|
|
@@ -252,7 +287,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
*/
|
|
if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
|
|
|| !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
|
|
@@ -262,7 +297,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
|
* generate new kinv and r values
|
|
*/
|
|
if (in_kinv != NULL && in_r != NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
|
goto err;
|
|
}
|
|
} else {
|
|
@@ -314,8 +349,8 @@ int ossl_ecdsa_verify(int type, const un
|
|
return ret;
|
|
}
|
|
|
|
-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
- const ECDSA_SIG *sig, EC_KEY *eckey)
|
|
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
|
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
|
{
|
|
int ret = -1, i;
|
|
BN_CTX *ctx;
|
|
@@ -328,18 +363,18 @@ int ossl_ecdsa_verify_sig(const unsigned
|
|
/* check input values */
|
|
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
|
|
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
|
return -1;
|
|
}
|
|
|
|
if (!EC_KEY_can_sign(eckey)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
|
return -1;
|
|
}
|
|
|
|
ctx = BN_CTX_new();
|
|
if (ctx == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
return -1;
|
|
}
|
|
BN_CTX_start(ctx);
|
|
@@ -348,26 +383,26 @@ int ossl_ecdsa_verify_sig(const unsigned
|
|
m = BN_CTX_get(ctx);
|
|
X = BN_CTX_get(ctx);
|
|
if (X == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
|
|
order = EC_GROUP_get0_order(group);
|
|
if (order == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
|
|
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
|
|
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
|
ret = 0; /* signature is invalid */
|
|
goto err;
|
|
}
|
|
/* calculate tmp1 = inv(S) mod order */
|
|
if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* digest -> m */
|
|
@@ -378,41 +413,41 @@ int ossl_ecdsa_verify_sig(const unsigned
|
|
if (8 * dgst_len > i)
|
|
dgst_len = (i + 7) / 8;
|
|
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* If still too long truncate remaining bits with a shift */
|
|
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* u1 = m * tmp mod order */
|
|
if (!BN_mod_mul(u1, m, u2, order, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* u2 = r * w mod q */
|
|
if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if ((point = EC_POINT_new(group)) == NULL) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
|
goto err;
|
|
}
|
|
|
|
if (!BN_nnmod(u1, X, order, ctx)) {
|
|
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
|
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
|
goto err;
|
|
}
|
|
/* if the signature is correct u1 is equal to sig->r */
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_mont.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_mont.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_mont.c
|
|
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
ec_GFp_simple_blind_coordinates,
|
|
ec_GFp_simple_ladder_pre,
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_nist.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_nist.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_nist.c
|
|
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
ec_GFp_simple_blind_coordinates,
|
|
ec_GFp_simple_ladder_pre,
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
|
@@ -291,6 +291,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
|
ec_key_simple_generate_public_key,
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
ecdh_simple_compute_key,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_nistp256.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp256.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_nistp256.c
|
|
@@ -1809,6 +1809,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
0, /* ladder_pre */
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_nistp521.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp521.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_nistp521.c
|
|
@@ -1651,6 +1651,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
0, /* ladder_pre */
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_nistz256.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistz256.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_nistz256.c
|
|
@@ -1689,6 +1689,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
|
|
0, /* blind_coordinates */
|
|
0, /* ladder_pre */
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_s390x_nistp.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
|
@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
|
NULL, /* keycopy */ \
|
|
NULL, /* keyfinish */ \
|
|
ecdh_simple_compute_key, \
|
|
+ ecdsa_simple_sign_setup, \
|
|
+ ecdsa_simple_sign_sig, \
|
|
+ ecdsa_simple_verify_sig, \
|
|
NULL, /* field_inverse_mod_ord */ \
|
|
ec_GFp_simple_blind_coordinates, \
|
|
ec_GFp_simple_ladder_pre, \
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_smpl.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_smpl.c
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_smpl.c
|
|
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
ecdh_simple_compute_key,
|
|
+ ecdsa_simple_sign_setup,
|
|
+ ecdsa_simple_sign_sig,
|
|
+ ecdsa_simple_verify_sig,
|
|
0, /* field_inverse_mod_ord */
|
|
ec_GFp_simple_blind_coordinates,
|
|
ec_GFp_simple_ladder_pre,
|
|
Index: openssl-1.1.1d/crypto/err/openssl.txt
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/err/openssl.txt
|
|
+++ openssl-1.1.1d/crypto/err/openssl.txt
|
|
@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
|
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
|
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
|
EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
|
+EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
|
+EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
|
+EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
|
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
|
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
|
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
|
@@ -657,6 +660,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_
|
|
EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
|
|
EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
|
|
EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
|
|
+EC_F_OSSL_ECDSA_SIGN_SETUP:300:ossl_ecdsa_sign_setup
|
|
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
|
|
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
|
|
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
|
|
@@ -2130,6 +2134,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
|
EC_R_CANNOT_INVERT:165:cannot invert
|
|
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
|
|
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
|
|
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa
|
|
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
|
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
|
|
EC_R_DECODE_ERROR:142:decode error
|
|
Index: openssl-1.1.1d/include/openssl/ecerr.h
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
|
|
+++ openssl-1.1.1d/include/openssl/ecerr.h
|
|
@@ -41,6 +41,9 @@ int ERR_load_EC_strings(void);
|
|
# define EC_F_ECDSA_SIGN_EX 254
|
|
# define EC_F_ECDSA_SIGN_SETUP 248
|
|
# define EC_F_ECDSA_SIG_NEW 265
|
|
+# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 310
|
|
+# define EC_F_ECDSA_SIMPLE_SIGN_SIG 311
|
|
+# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 312
|
|
# define EC_F_ECDSA_VERIFY 253
|
|
# define EC_F_ECD_ITEM_VERIFY 270
|
|
# define EC_F_ECKEY_PARAM2TYPE 223
|
|
@@ -185,6 +186,7 @@ int ERR_load_EC_strings(void);
|
|
# define EC_F_O2I_ECPUBLICKEY 152
|
|
# define EC_F_OLD_EC_PRIV_DECODE 222
|
|
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
|
|
+# define EC_F_OSSL_ECDSA_SIGN_SETUP 300
|
|
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
|
|
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
|
|
# define EC_F_PKEY_ECD_CTRL 271
|
|
@@ -212,6 +214,7 @@ int ERR_load_EC_strings(void);
|
|
# define EC_R_CANNOT_INVERT 165
|
|
# define EC_R_COORDINATES_OUT_OF_RANGE 146
|
|
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
|
|
+# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170
|
|
# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
|
|
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
|
|
# define EC_R_DECODE_ERROR 142
|