diff options
| author | Bodo Möller <bodo@openssl.org> | 2002-08-07 10:49:54 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2002-08-07 10:49:54 +0000 |
| commit | 14a7cfb32a0347a4bc620ae1b552b21c4c1e270b (patch) | |
| tree | 13c4bcc3d58ba7db5e598cd668670873b51e8ce3 /crypto/ecdsa | |
| parent | 7a8645d1716d7f84435b0f3d8d2fd122d6f75113 (diff) | |
| download | openssl-14a7cfb32a0347a4bc620ae1b552b21c4c1e270b.tar.gz | |
use a generic EC_KEY structure (EC keys are not ECDSA specific)
Submitted by: Nils Larsch
Diffstat (limited to 'crypto/ecdsa')
| -rw-r--r-- | crypto/ecdsa/Makefile.ssl | 15 | ||||
| -rw-r--r-- | crypto/ecdsa/ecdsa.h | 215 | ||||
| -rw-r--r-- | crypto/ecdsa/ecdsatest.c | 134 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_asn1.c | 321 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_err.c | 56 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_gen.c | 83 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_key.c | 140 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_lib.c | 182 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_ossl.c | 320 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_sign.c | 21 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_vrf.c | 15 |
11 files changed, 454 insertions, 1048 deletions
diff --git a/crypto/ecdsa/Makefile.ssl b/crypto/ecdsa/Makefile.ssl index 5d8eff00c2..a0eb51031d 100644 --- a/crypto/ecdsa/Makefile.ssl +++ b/crypto/ecdsa/Makefile.ssl @@ -23,11 +23,9 @@ TEST=ecdsatest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= ecs_lib.c ecs_gen.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c \ - ecs_key.c ecs_err.c +LIBSRC= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c -LIBOBJ= ecs_lib.o ecs_gen.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o \ - ecs_key.o ecs_err.o +LIBOBJ= ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs_err.o SRC= $(LIBSRC) @@ -98,15 +96,6 @@ ecs_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h ecs_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_err.o: ../../include/openssl/symhacks.h ecs_err.c -ecs_gen.o: ecs_gen.c -ecs_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ecs_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ecs_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ecs_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecs_key.o: ecdsa.h ecs_key.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index 00cd71d068..d72d0b1363 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -59,9 +59,6 @@ #error ECDSA is disabled. #endif -#ifndef OPENSSL_NO_BIO -#include <openssl/bio.h> -#endif #include <openssl/bn.h> #include <openssl/ec.h> #include <openssl/ossl_typ.h> @@ -70,8 +67,6 @@ extern "C" { #endif -typedef struct ecdsa_st ECDSA; - typedef struct ECDSA_SIG_st { BIGNUM *r; @@ -81,122 +76,70 @@ typedef struct ECDSA_SIG_st typedef struct ecdsa_method { const char *name; - ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, ECDSA *ecdsa); - int (*ecdsa_sign_setup)(ECDSA *ecdsa, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r); - int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, ECDSA *ecdsa); - int (*init)(ECDSA *ecdsa); - int (*finish)(ECDSA *ecdsa); + ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **r); + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + ECDSA_SIG *sig, EC_KEY *eckey); +#if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +#endif int flags; char *app_data; } ECDSA_METHOD; -struct ecdsa_st -{ - int version; - point_conversion_form_t conversion_form; - - EC_GROUP *group; - - EC_POINT *pub_key; - BIGNUM *priv_key; - - BIGNUM *kinv; /* signing pre-calc */ - BIGNUM *r; /* signing pre-calc */ - - unsigned int enc_flag; - - int references; +typedef struct ecdsa_data_st { + /* EC_KEY_METH_DATA part */ + int (*init)(EC_KEY *); + void (*finish)(EC_KEY *); + /* method specific part */ + BIGNUM *kinv; /* signing pre-calc */ + BIGNUM *r; /* signing pre-calc */ + ENGINE *engine; int flags; - CRYPTO_EX_DATA ex_data; const ECDSA_METHOD *meth; - struct engine_st *engine; -}; - -/* some values for the encoding_flag */ -#define ECDSA_PKEY_NO_PARAMETERS 0x001 -#define ECDSA_PKEY_NO_PUBKEY 0x002 + CRYPTO_EX_DATA ex_data; +} ECDSA_DATA; +/* signature functions */ ECDSA_SIG *ECDSA_SIG_new(void); void ECDSA_SIG_free(ECDSA_SIG *a); int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long length); -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, ECDSA *ecdsa); -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, ECDSA* ecdsa); -int ECDSA_generate_key(ECDSA *ecdsa); -int ECDSA_check_key(ECDSA *ecdsa); +/* ECDSA_DATA functions */ +ECDSA_DATA *ECDSA_DATA_new(void); +ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *); +void ECDSA_DATA_free(ECDSA_DATA *); + +ECDSA_DATA *ecdsa_check(EC_KEY *); + +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *); +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG + *sig, EC_KEY* eckey); const ECDSA_METHOD *ECDSA_OpenSSL(void); void ECDSA_set_default_method(const ECDSA_METHOD *); const ECDSA_METHOD *ECDSA_get_default_method(void); -int ECDSA_set_method(ECDSA *, const ECDSA_METHOD *); - -ECDSA *ECDSA_new(void); -ECDSA *ECDSA_new_method(ENGINE *engine); -int ECDSA_size(const ECDSA *); -int ECDSA_sign_setup(ECDSA *ecdsa, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -int ECDSA_sign(int type, const unsigned char *dgst, int dgst_len, unsigned char *sig, - unsigned int *siglen, ECDSA *ecdsa); -int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sig, - int sig_len, ECDSA *ecdsa); -int ECDSA_up_ref(ECDSA *ecdsa); -void ECDSA_free(ECDSA *a); -int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int ECDSA_set_ex_data(ECDSA *d, int idx, void *arg); -void *ECDSA_get_ex_data(ECDSA *d, int idx); - -#ifndef OPENSSL_NO_BIO -int ECDSAParameters_print(BIO *bp, const ECDSA *x); -int ECDSA_print(BIO *bp, const ECDSA *x, int off); -#endif -#ifndef OPENSSL_NO_FP_API -int ECDSAParameters_print_fp(FILE *fp, const ECDSA *x); -int ECDSA_print_fp(FILE *fp, const ECDSA *x, int off); -#endif - -/* the ECDSA_{set|get}_enc_flag() specify the encoding - * of the elliptic curve private key */ -unsigned int ECDSA_get_enc_flag(const ECDSA *); -void ECDSA_set_enc_flag(ECDSA *, unsigned int); - -/* The ECDSA_{set|get}_conversion_type() functions set/get the - * conversion form for ec-points (see ec.h) in a ECDSA-structure */ -void ECDSA_set_conversion_form(ECDSA *, const point_conversion_form_t); -point_conversion_form_t ECDSA_get_conversion_form(const ECDSA *); -/* The ECDSA_{set|get}_default_conversion_form() functions set/get the - * default conversion form */ -void ECDSA_set_default_conversion_form(const point_conversion_form_t); -point_conversion_form_t ECDSA_get_default_conversion_form(void); - -/* the basic de- and encode functions ( see ecs_asn1.c ) */ -ECDSA *d2i_ECDSAParameters(ECDSA **a, const unsigned char **in, long len); -int i2d_ECDSAParameters(ECDSA *a, unsigned char **out); +int ECDSA_set_method(EC_KEY *, const ECDSA_METHOD *); -ECDSA *d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len); -int i2d_ECDSAPrivateKey(ECDSA *a, unsigned char **out); +int ECDSA_size(const EC_KEY *); +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **rp); +int ECDSA_sign(int type, const unsigned char *dgst, int dgst_len, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sig, int sig_len, EC_KEY *eckey); -/* ECDSAPublicKey_set_octet_string() sets the public key in the ECDSA-structure. - * (*a) must be a pointer to a ECDSA-structure with (*a)->group not zero - * (e.g. a ECDSA-structure with a valid EC_GROUP-structure) */ -ECDSA *ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len); -/* ECDSAPublicKey_get_octet_string() returns the length of the octet string encoding - * of the public key. If out != NULL then the function returns in *out - * a pointer to the octet string */ -int ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out); +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDSA_get_ex_data(EC_KEY *d, int idx); -#define ECDSAParameters_dup(x) (ECDSA *)ASN1_dup((int (*)())i2d_ECDSAParameters, \ - (char *(*)())d2i_ECDSAParameters,(char *)(x)) -#define d2i_ECDSAParameters_fp(fp,x) (ECDSA *)ASN1_d2i_fp((char *(*)())ECDSA_new, \ - (char *(*)())d2i_ECDSAParameters,(fp),(unsigned char **)(x)) -#define i2d_ECDSAParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECDSAParameters,(fp), \ - (unsigned char *)(x)) -#define d2i_ECDSAParameters_bio(bp,x) (ECDSA *)ASN1_d2i_bio((char *(*)())ECDSA_new, \ - (char *(*)())d2i_ECDSAParameters,(bp),(unsigned char **)(x)) -#define i2d_ECDSAParameters_bio(bp,x) ASN1_i2d_bio(i2d_ECDSAParameters,(bp), \ - (unsigned char *)(x)) /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -207,72 +150,18 @@ void ERR_load_ECDSA_strings(void); /* Error codes for the ECDSA functions. */ /* Function codes. */ -#define ECDSA_F_D2I_ECDSAPARAMETERS 100 -#define ECDSA_F_D2I_ECDSAPRIVATEKEY 101 -#define ECDSA_F_ECDSAPARAMETERS_PRINT 102 -#define ECDSA_F_ECDSAPARAMETERS_PRINT_FP 103 -#define ECDSA_F_ECDSA_DO_SIGN 104 -#define ECDSA_F_ECDSA_DO_VERIFY 105 -#define ECDSA_F_ECDSA_GENERATE_KEY 106 -#define ECDSA_F_ECDSA_GET 107 -#define ECDSA_F_ECDSA_GET_CURVE_NID 120 -#define ECDSA_F_ECDSA_GET_ECDSA 121 -#define ECDSA_F_ECDSA_GET_EC_PARAMETERS 122 -#define ECDSA_F_ECDSA_GET_X9_62_CURVE 108 -#define ECDSA_F_ECDSA_GET_X9_62_EC_PARAMETERS 109 -#define ECDSA_F_ECDSA_GET_X9_62_FIELDID 110 -#define ECDSA_F_ECDSA_NEW 111 -#define ECDSA_F_ECDSA_PRINT 112 -#define ECDSA_F_ECDSA_PRINT_FP 113 -#define ECDSA_F_ECDSA_SET_GROUP_P 114 -#define ECDSA_F_ECDSA_SET_PRIME_GROUP 123 -#define ECDSA_F_ECDSA_SIGN_SETUP 115 -#define ECDSA_F_I2D_ECDSAPARAMETERS 116 -#define ECDSA_F_I2D_ECDSAPRIVATEKEY 117 -#define ECDSA_F_I2D_ECDSAPUBLICKEY 118 -#define ECDSA_F_SIG_CB 119 +#define ECDSA_F_ECDSA_DATA_NEW 100 +#define ECDSA_F_ECDSA_DO_SIGN 101 +#define ECDSA_F_ECDSA_DO_VERIFY 102 +#define ECDSA_F_ECDSA_SIGN_SETUP 103 /* Reason codes. */ #define ECDSA_R_BAD_SIGNATURE 100 -#define ECDSA_R_CAN_NOT_GET_GENERATOR 101 -#define ECDSA_R_D2I_ECDSAPRIVATEKEY_MISSING_PRIVATE_KEY 102 -#define ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE 103 -#define ECDSA_R_D2I_EC_PARAMETERS_FAILURE 133 -#define ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE 104 -#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 105 -#define ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE 106 -#define ECDSA_R_ECDSA_F_ECDSA_NEW 107 -#define ECDSA_R_ECDSA_GET_EC_PARAMETERS_FAILURE 134 -#define ECDSA_R_ECDSA_GET_FAILURE 108 -#define ECDSA_R_ECDSA_GET_X9_62_CURVE_FAILURE 109 -#define ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE 110 -#define ECDSA_R_ECDSA_GET_X9_62_FIELDID_FAILURE 111 -#define ECDSA_R_ECDSA_NEW_FAILURE 112 -#define ECDSA_R_ECDSA_R_D2I_EC_PARAMETERS_FAILURE 135 -#define ECDSA_R_ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE 113 -#define ECDSA_R_ECPARAMETERS2ECDSA_FAILURE 138 -#define ECDSA_R_EC_GROUP_NID2CURVE_FAILURE 136 -#define ECDSA_R_ERR_EC_LIB 114 -#define ECDSA_R_I2D_ECDSA_PRIVATEKEY 115 -#define ECDSA_R_I2D_ECDSA_PUBLICKEY 116 -#define ECDSA_R_MISSING_PARAMETERS 117 -#define ECDSA_R_MISSING_PRIVATE_KEY 139 -#define ECDSA_R_NOT_SUPPORTED 118 -#define ECDSA_R_NO_CURVE_PARAMETER_A_SPECIFIED 119 -#define ECDSA_R_NO_CURVE_PARAMETER_B_SPECIFIED 120 -#define ECDSA_R_NO_CURVE_SPECIFIED 121 -#define ECDSA_R_NO_FIELD_SPECIFIED 122 -#define ECDSA_R_PRIME_MISSING 123 -#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 124 -#define ECDSA_R_SIGNATURE_MALLOC_FAILED 125 -#define ECDSA_R_UNEXPECTED_ASN1_TYPE 126 -#define ECDSA_R_UNEXPECTED_PARAMETER 127 -#define ECDSA_R_UNEXPECTED_PARAMETER_LENGTH 128 -#define ECDSA_R_UNEXPECTED_VERSION_NUMER 129 -#define ECDSA_R_UNKNOWN_PARAMETERS_TYPE 137 -#define ECDSA_R_WRONG_FIELD_IDENTIFIER 130 -#define ECDSA_R_X9_62_CURVE_NEW_FAILURE 131 -#define ECDSA_R_X9_62_EC_PARAMETERS_NEW_FAILURE 132 +#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 +#define ECDSA_R_ERR_EC_LIB 102 +#define ECDSA_R_MISSING_PARAMETERS 103 +#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 +#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 #ifdef __cplusplus } diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index cffc194928..daf6427718 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -89,7 +89,7 @@ static const char rnd_seed[] = "string to make the random number generator think ECDSA_SIG* signatures[ECDSA_NIST_TESTS]; unsigned char digest[ECDSA_NIST_TESTS][20]; -void clear_ecdsa(ECDSA *ecdsa) +void clear_ecdsa(EC_KEY *ecdsa) { if (!ecdsa) return; @@ -110,7 +110,7 @@ void clear_ecdsa(ECDSA *ecdsa) } } -int set_p192_param(ECDSA *ecdsa) +int set_p192_param(EC_KEY *ecdsa) { BN_CTX *ctx=NULL; int ret=0; @@ -143,7 +143,7 @@ err : if (ctx) BN_CTX_free(ctx); return ret; } -int set_p239_param(ECDSA *ecdsa) +int set_p239_param(EC_KEY *ecdsa) { BN_CTX *ctx=NULL; int ret=0; @@ -176,7 +176,7 @@ err : if (ctx) BN_CTX_free(ctx); return ret; } -int test_sig_vrf(ECDSA *ecdsa, const unsigned char* dgst) +int test_sig_vrf(EC_KEY *ecdsa, const unsigned char* dgst) { int ret=0,type=0; unsigned char *buffer=NULL; @@ -216,7 +216,7 @@ err: OPENSSL_free(buffer); return(ret == 1); } -int test_x962_sig_vrf(ECDSA *ecdsa, const unsigned char *dgst, +int test_x962_sig_vrf(EC_KEY *eckey, const unsigned char *dgst, const char *k_in, const char *r_in, const char *s_in) { int ret=0; @@ -225,23 +225,28 @@ int test_x962_sig_vrf(ECDSA *ecdsa, const unsigned char *dgst, BIGNUM *r=NULL,*s=NULL,*k=NULL,*x=NULL,*y=NULL,*m=NULL,*ord=NULL; BN_CTX *ctx=NULL; char *tmp_char=NULL; - - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key) + ECDSA_DATA *ecdsa = ecdsa_check(eckey);; + + if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key + || !ecdsa) return 0; - if ((point = EC_POINT_new(ecdsa->group)) == NULL) goto err; - if ((r = BN_new()) == NULL || (s = BN_new()) == NULL || (k = BN_new()) == NULL || - (x = BN_new()) == NULL || (y = BN_new()) == NULL || (m = BN_new()) == NULL || - (ord = BN_new()) == NULL) goto err; + if ((point = EC_POINT_new(eckey->group)) == NULL) goto err; + if ((r = BN_new()) == NULL || (s = BN_new()) == NULL + || (k = BN_new()) == NULL || (x = BN_new()) == NULL || + (y = BN_new()) == NULL || (m = BN_new()) == NULL || + (ord = BN_new()) == NULL) goto err; if ((ctx = BN_CTX_new()) == NULL) goto err; if (!BN_bin2bn(dgst, 20, m)) goto err; if (!BN_dec2bn(&k, k_in)) goto err; - if (!EC_POINT_mul(ecdsa->group, point, k, NULL, NULL, ctx)) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(ecdsa->group, point, x, y, ctx)) goto err; - if (!EC_GROUP_get_order(ecdsa->group, ord, ctx)) goto err; + if (!EC_POINT_mul(eckey->group, point, k, NULL, NULL, ctx)) goto err; + if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, point, x, y, + ctx)) goto err; + if (!EC_GROUP_get_order(eckey->group, ord, ctx)) goto err; if ((ecdsa->r = BN_dup(x)) == NULL) goto err; - if ((ecdsa->kinv = BN_mod_inverse(NULL, k, ord, ctx)) == NULL) goto err; + if ((ecdsa->kinv = BN_mod_inverse(NULL, k, ord, ctx)) == NULL) + goto err; - if ((sig = ECDSA_do_sign(dgst, 20, ecdsa)) == NULL) + if ((sig = ECDSA_do_sign(dgst, 20, eckey)) == NULL) { BIO_printf(bio_err,"ECDSA_do_sign() failed \n"); goto err; @@ -260,7 +265,7 @@ int test_x962_sig_vrf(ECDSA *ecdsa, const unsigned char *dgst, BIO_printf(bio_err,"sig->s = %s\n",tmp_char); goto err; } - ret = ECDSA_do_verify(dgst, 20, sig, ecdsa); + ret = ECDSA_do_verify(dgst, 20, sig, eckey); if (ret != 1) { BIO_printf(bio_err,"ECDSA_do_verify : signature verification failed \n"); @@ -282,7 +287,7 @@ err : if (r) BN_free(r); return(ret == 1); } -int ecdsa_cmp(const ECDSA *a, const ECDSA *b) +int ecdsa_cmp(const EC_KEY *a, const EC_KEY *b) { int ret=1; BN_CTX *ctx=NULL; @@ -316,7 +321,7 @@ err: if (tmp_a1) BN_free(tmp_a1); int main(void) { - ECDSA *ecdsa=NULL, *ret_ecdsa=NULL; + EC_KEY *ecdsa=NULL, *ret_ecdsa=NULL; BIGNUM *d=NULL; X509_PUBKEY *x509_pubkey=NULL; PKCS8_PRIV_KEY_INFO *pkcs8=NULL; @@ -351,41 +356,41 @@ int main(void) RAND_seed(rnd_seed, sizeof(rnd_seed)); - if ((ecdsa = ECDSA_new()) == NULL) goto err; + if ((ecdsa = EC_KEY_new()) == NULL) goto err; set_p192_param(ecdsa); - ECDSA_print(bio_err, ecdsa, 0); + EC_KEY_print(bio_err, ecdsa, 0); /* en- decode tests */ - /* i2d_ - d2i_ECDSAParameters() */ + /* i2d_ - d2i_ECParameters() */ BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAParameters \n"); - buf_len = i2d_ECDSAParameters(ecdsa, NULL); + buf_len = i2d_ECParameters(ecdsa, NULL); if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; pp = buffer; - if (!i2d_ECDSAParameters(ecdsa, &pp)) goto err; + if (!i2d_ECParameters(ecdsa, &pp)) goto err; pp = buffer; - if ((ret_ecdsa = d2i_ECDSAParameters(&ret_ecdsa, (const unsigned char **)&pp, + if ((ret_ecdsa = d2i_ECParameters(&ret_ecdsa, (const unsigned char **)&pp, buf_len)) == NULL) goto err; - ECDSAParameters_print(bio_err, ret_ecdsa); + ECParameters_print(bio_err, ret_ecdsa); if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; OPENSSL_free(buffer); buffer = NULL; - ECDSA_free(ret_ecdsa); + EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; - /* i2d_ - d2i_ECDSAPrivateKey() */ + /* i2d_ - d2i_ECPrivateKey() */ BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPrivateKey \n"); - buf_len = i2d_ECDSAPrivateKey(ecdsa, NULL); + buf_len = i2d_ECPrivateKey(ecdsa, NULL); if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err; pp = buffer; - if (!i2d_ECDSAPrivateKey(ecdsa, &pp)) goto err; + if (!i2d_ECPrivateKey(ecdsa, &pp)) goto err; pp = buffer; - if ((ret_ecdsa = d2i_ECDSAPrivateKey(&ret_ecdsa, (const unsigned char**)&pp, + if ((ret_ecdsa = d2i_ECPrivateKey(&ret_ecdsa, (const unsigned char**)&pp, buf_len)) == NULL) goto err; - ECDSA_print(bio_err, ret_ecdsa, 0); + EC_KEY_print(bio_err, ret_ecdsa, 0); if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err; - ECDSA_free(ret_ecdsa); + EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; OPENSSL_free(buffer); buffer = NULL; @@ -394,12 +399,12 @@ int main(void) BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set} : "); if ((pkey = EVP_PKEY_new()) == NULL) goto err; - EVP_PKEY_assign_ECDSA(pkey, ecdsa); + EVP_PKEY_assign_EC_KEY(pkey, ecdsa); if ((x509_pubkey = X509_PUBKEY_new()) == NULL) goto err; if (!X509_PUBKEY_set(&x509_pubkey, pkey)) goto err; if ((ret_pkey = X509_PUBKEY_get(x509_pubkey)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); + ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); EVP_PKEY_free(ret_pkey); ret_pkey = NULL; @@ -411,7 +416,7 @@ int main(void) else BIO_printf(bio_err, "TEST OK \n"); X509_PUBKEY_free(x509_pubkey); x509_pubkey = NULL; - ECDSA_free(ret_ecdsa); + EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; /* Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY */ @@ -419,7 +424,7 @@ int main(void) BIO_printf(bio_err, "PKCS8_OK : "); if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK)) == NULL) goto err; if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); + ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); if (ecdsa_cmp(ecdsa, ret_ecdsa)) { BIO_printf(bio_err, "TEST FAILED \n"); @@ -428,13 +433,13 @@ int main(void) else BIO_printf(bio_err, "TEST OK \n"); EVP_PKEY_free(ret_pkey); ret_pkey = NULL; - ECDSA_free(ret_ecdsa); + EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; PKCS8_PRIV_KEY_INFO_free(pkcs8); BIO_printf(bio_err, "PKCS8_NO_OCTET : "); if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NO_OCTET)) == NULL) goto err; if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); + ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); if (ecdsa_cmp(ecdsa, ret_ecdsa)) { BIO_printf(bio_err, "TEST FAILED \n"); @@ -443,13 +448,13 @@ int main(void) else BIO_printf(bio_err, "TEST OK \n"); EVP_PKEY_free(ret_pkey); ret_pkey = NULL; - ECDSA_free(ret_ecdsa); + EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; PKCS8_PRIV_KEY_INFO_free(pkcs8); BIO_printf(bio_err, "PKCS8_EMBEDDED_PARAM : "); if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_EMBEDDED_PARAM)) == NULL) goto err; if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); + ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); if (ecdsa_cmp(ecdsa, ret_ecdsa)) { BIO_printf(bio_err, "TEST FAILED \n"); @@ -458,13 +463,13 @@ int main(void) else BIO_printf(bio_err, "TEST OK \n"); EVP_PKEY_free(ret_pkey); ret_pkey = NULL; - ECDSA_free(ret_ecdsa); + EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; PKCS8_PRIV_KEY_INFO_free(pkcs8); BIO_printf(bio_err, "PKCS8_NS_DB : "); if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_NS_DB)) == NULL) goto err; if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err; - ret_ecdsa = EVP_PKEY_get1_ECDSA(ret_pkey); + ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey); if (ecdsa_cmp(ecdsa, ret_ecdsa)) { BIO_printf(bio_err, "TEST FAILED \n"); @@ -473,7 +478,7 @@ int main(void) else BIO_printf(bio_err, "TEST OK \n"); EVP_PKEY_free(ret_pkey); ret_pkey = NULL; - ECDSA_free(ret_ecdsa); + EC_KEY_free(ret_ecdsa); ret_ecdsa = NULL; EVP_PKEY_free(pkey); pkey = NULL; @@ -492,7 +497,7 @@ int main(void) BIO_printf(bio_err, "Performing tests based on examples H.3.1 and H.3.2 of X9.62 \n"); BIO_printf(bio_err, "PRIME_192_V1 : "); - if ((ecdsa = ECDSA_new()) == NULL) goto err; + if ((ecdsa = EC_KEY_new()) == NULL) goto err; if (!set_p192_param(ecdsa)) goto err; if (!test_x962_sig_vrf(ecdsa, dgst, "6140507067065001063065065565667405560006161556565665656654", "3342403536405981729393488334694600415596881826869351677613", @@ -510,7 +515,7 @@ int main(void) else BIO_printf(bio_err, "OK\n"); - ECDSA_free(ecdsa); + EC_KEY_free(ecdsa); ecdsa = NULL; OPENSSL_free(dgst); dgst = NULL; @@ -522,10 +527,11 @@ int main(void) if (!RAND_bytes(digest[i], 20)) goto err; BIO_printf(bio_err, "\nTesting sign & verify with NIST Prime-Curve P-192 : \n"); - ECDSA_free(ecdsa); - if ((ecdsa = ECDSA_new()) == NULL) goto err; - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; + EC_KEY_free(ecdsa); + if ((ecdsa = EC_KEY_new()) == NULL) goto err; + if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192)) + == NULL) goto err; + if (!EC_KEY_generate_key(ecdsa)) goto err; tim = clock(); for (i=0; i<ECDSA_NIST_TESTS; i++) if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; @@ -548,10 +554,10 @@ int main(void) /* EC_GROUP_NIST_PRIME_224 */ BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-224 : \n"); - ECDSA_free(ecdsa); - if ((ecdsa = ECDSA_new()) == NULL) goto err; + EC_KEY_free(ecdsa); + if ((ecdsa = EC_KEY_new()) == NULL) goto err; if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; + if (!EC_KEY_generate_key(ecdsa)) goto err; tim = clock(); for (i=0; i<ECDSA_NIST_TESTS; i++) if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; @@ -574,10 +580,10 @@ int main(void) /* EC_GROUP_NIST_PRIME_256 */ BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-256 : \n"); - ECDSA_free(ecdsa); - if ((ecdsa = ECDSA_new()) == NULL) goto err; + EC_KEY_free(ecdsa); + if ((ecdsa = EC_KEY_new()) == NULL) goto err; if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; + if (!EC_KEY_generate_key(ecdsa)) goto err; tim = clock(); for (i=0; i<ECDSA_NIST_TESTS; i++) if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; @@ -600,10 +606,10 @@ int main(void) /* EC_GROUP_NIST_PRIME_384 */ BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-384 : \n"); - ECDSA_free(ecdsa); - if ((ecdsa = ECDSA_new()) == NULL) goto err; + EC_KEY_free(ecdsa); + if ((ecdsa = EC_KEY_new()) == NULL) goto err; if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; + if (!EC_KEY_generate_key(ecdsa)) goto err; tim = clock(); for (i=0; i<ECDSA_NIST_TESTS; i++) if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; @@ -626,10 +632,10 @@ int main(void) /* EC_GROUP_NIST_PRIME_521 */ BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-521 : \n"); - ECDSA_free(ecdsa); - if ((ecdsa = ECDSA_new()) == NULL) goto err; + EC_KEY_free(ecdsa); + if ((ecdsa = EC_KEY_new()) == NULL) goto err; if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err; - if (!ECDSA_generate_key(ecdsa)) goto err; + if (!EC_KEY_generate_key(ecdsa)) goto err; tim = clock(); for (i=0; i<ECDSA_NIST_TESTS; i++) if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; @@ -644,7 +650,7 @@ int main(void) tim_d = (double)tim / CLOCKS_PER_SEC; BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); - ECDSA_free(ecdsa); + EC_KEY_free(ecdsa); ecdsa = NULL; for (i=0; i<ECDSA_NIST_TESTS; i++) { @@ -665,7 +671,7 @@ err: if (!ret) BIO_printf(bio_err, "TEST PASSED \n"); if (!ret) ERR_print_errors(bio_err); - if (ecdsa) ECDSA_free(ecdsa); + if (ecdsa) EC_KEY_free(ecdsa); if (d) BN_free(d); if (dgst) OPENSSL_free(dgst); if (md_ctx) EVP_MD_CTX_destroy(md_ctx); diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index 048fa88de9..e9e1c2b51e 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -65,324 +65,3 @@ ASN1_SEQUENCE(ECDSA_SIG) = { DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG) IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG) - -int i2d_ECDSAParameters(ECDSA *a, unsigned char **out) - { - if (a == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPARAMETERS, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return i2d_ECPKParameters(a->group, out); - } - -ECDSA *d2i_ECDSAParameters(ECDSA **a, const unsigned char **in, long len) - { - EC_GROUP *group; - ECDSA *ret; - - if (in == NULL || *in == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPARAMETERS, - ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - group = d2i_ECPKParameters(NULL, in, len); - - if (group == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPARAMETERS, - ERR_R_EC_LIB); - return NULL; - } - - if (a == NULL || *a == NULL) - { - if ((ret = ECDSA_new()) == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPARAMETERS, - ERR_R_MALLOC_FAILURE); - return NULL; - } - if (a) - *a = ret; - } - else - ret = *a; - - if (ret->group) - EC_GROUP_clear_free(ret->group); - - ret->group = group; - - return ret; - } - -ECDSA *d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len) - { - int ok=0; - ECDSA *ret=NULL; - EC_PRIVATEKEY *priv_key=NULL; - - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - EC_PRIVATEKEY_free(priv_key); - return NULL; - } - - if (a == NULL || *a == NULL) - { - if ((ret = ECDSA_new()) == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - if (a) - *a = ret; - } - else - ret = *a; - - if (priv_key->parameters) - { - if (ret->group) - EC_GROUP_clear_free(ret->group); - ret->group = EC_ASN1_pkparameters2group(priv_key->parameters); - } - - if (ret->group == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - goto err; - } - - ret->version = priv_key->version; - - if (priv_key->privateKey) - { - ret->priv_key = BN_bin2bn( - M_ASN1_STRING_data(priv_key->privateKey), - M_ASN1_STRING_length(priv_key->privateKey), - ret->priv_key); - if (ret->priv_key == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, - ERR_R_BN_LIB); - goto err; - } - } - else - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, - ECDSA_R_MISSING_PRIVATE_KEY); - goto err; - } - - if (priv_key->publicKey) - { - if (ret->pub_key) - EC_POINT_clear_free(ret->pub_key); - ret->pub_key = EC_POINT_new(ret->group); - if (ret->pub_key == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - goto err; - } - if (!EC_POINT_oct2point(ret->group, ret->pub_key, - M_ASN1_STRING_data(priv_key->publicKey), - M_ASN1_STRING_length(priv_key->publicKey), NULL)) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - goto err; - } - } - - ok = 1; -err: - if (!ok) - { - if (ret) - ECDSA_free(ret); - ret = NULL; - } - - if (priv_key) - EC_PRIVATEKEY_free(priv_key); - - return(ret); - } - -int i2d_ECDSAPrivateKey(ECDSA *a, unsigned char **out) - { - int ret=0, ok=0; - unsigned char *buffer=NULL; - size_t buf_len=0, tmp_len; - EC_PRIVATEKEY *priv_key=NULL; - - if (a == NULL || a->group == NULL || a->priv_key == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, - ERR_R_PASSED_NULL_PARAMETER); - goto err; - } - - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - priv_key->version = a->version; - - buf_len = (size_t)BN_num_bytes(a->priv_key); - buffer = OPENSSL_malloc(buf_len); - if (buffer == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BN_bn2bin(a->priv_key, buffer)) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, ERR_R_BN_LIB); - goto err; - } - - if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, ERR_R_ASN1_LIB); - goto err; - } - - if (!(ECDSA_get_enc_flag(a) & ECDSA_PKEY_NO_PARAMETERS)) - { - if ((priv_key->parameters = EC_ASN1_group2pkparameters( - a->group, priv_key->parameters)) == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - goto err; - } - } - - if (!(ECDSA_get_enc_flag(a) & ECDSA_PKEY_NO_PUBKEY)) - { - priv_key->publicKey = M_ASN1_BIT_STRING_new(); - if (priv_key->publicKey == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - tmp_len = EC_POINT_point2oct(a->group, a->pub_key, - ECDSA_get_conversion_form(a), NULL, 0, NULL); - - if (tmp_len > buf_len) - buffer = OPENSSL_realloc(buffer, tmp_len); - if (buffer == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - buf_len = tmp_len; - - if (!EC_POINT_point2oct(a->group, a->pub_key, - ECDSA_get_conversion_form(a), buffer, buf_len, NULL)) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - goto err; - } - - if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, - buf_len)) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, ERR_R_ASN1_LIB); - goto err; - } - } - - if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - goto err; - } - ok=1; -err: - if (buffer) - OPENSSL_free(buffer); - if (priv_key) - EC_PRIVATEKEY_free(priv_key); - return(ok?ret:0); - } - - -ECDSA *ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len) -{ - ECDSA *ret=NULL; - - if (a == NULL || (*a) == NULL || (*a)->group == NULL) - { - /* sorry, but a EC_GROUP-structur is necessary - * to set the public key */ - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ECDSA_R_MISSING_PARAMETERS); - return 0; - } - ret = *a; - if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) - { - ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB); - return 0; - } - ECDSA_set_conversion_form(ret, (point_conversion_form_t)(*in[0] & ~0x01)); - return ret; -} - -int ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out) -{ - size_t buf_len=0; - - if (a == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ECDSA_R_MISSING_PARAMETERS); - return 0; - } - buf_len = EC_POINT_point2oct(a->group, a->pub_key, - ECDSA_get_conversion_form(a), NULL, 0, NULL); - if (out == NULL || buf_len == 0) - /* out == NULL => just return the length of the octet string */ - return buf_len; - if (*out == NULL) - if ((*out = OPENSSL_malloc(buf_len)) == NULL) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!EC_POINT_point2oct(a->group, a->pub_key, ECDSA_get_conversion_form(a), - *out, buf_len, NULL)) - { - ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_EC_LIB); - OPENSSL_free(*out); - *out = NULL; - return 0; - } - return buf_len; -} diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c index b8a9edd759..75c789448c 100644 --- a/crypto/ecdsa/ecs_err.c +++ b/crypto/ecdsa/ecs_err.c @@ -66,75 +66,21 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA ECDSA_str_functs[]= { -{ERR_PACK(0,ECDSA_F_D2I_ECDSAPARAMETERS,0), "d2i_ECDSAParameters"}, -{ERR_PACK(0,ECDSA_F_D2I_ECDSAPRIVATEKEY,0), "d2i_ECDSAPrivateKey"}, -{ERR_PACK(0,ECDSA_F_ECDSAPARAMETERS_PRINT,0), "ECDSAParameters_print"}, -{ERR_PACK(0,ECDSA_F_ECDSAPARAMETERS_PRINT_FP,0), "ECDSAParameters_print_fp"}, +{ERR_PACK(0,ECDSA_F_ECDSA_DATA_NEW,0), "ECDSA_DATA_new"}, {ERR_PACK(0,ECDSA_F_ECDSA_DO_SIGN,0), "ECDSA_do_sign"}, {ERR_PACK(0,ECDSA_F_ECDSA_DO_VERIFY,0), "ECDSA_do_verify"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GENERATE_KEY,0), "ECDSA_generate_key"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GET,0), "ECDSA_GET"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GET_CURVE_NID,0), "ECDSA_GET_CURVE_NID"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GET_ECDSA,0), "ECDSA_GET_ECDSA"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GET_EC_PARAMETERS,0), "ECDSA_GET_EC_PARAMETERS"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GET_X9_62_CURVE,0), "ECDSA_GET_X9_62_CURVE"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GET_X9_62_EC_PARAMETERS,0), "ECDSA_GET_X9_62_EC_PARAMETERS"}, -{ERR_PACK(0,ECDSA_F_ECDSA_GET_X9_62_FIELDID,0), "ECDSA_GET_X9_62_FIELDID"}, -{ERR_PACK(0,ECDSA_F_ECDSA_NEW,0), "ECDSA_new"}, -{ERR_PACK(0,ECDSA_F_ECDSA_PRINT,0), "ECDSA_print"}, -{ERR_PACK(0,ECDSA_F_ECDSA_PRINT_FP,0), "ECDSA_print_fp"}, -{ERR_PACK(0,ECDSA_F_ECDSA_SET_GROUP_P,0), "ECDSA_SET_GROUP_P"}, -{ERR_PACK(0,ECDSA_F_ECDSA_SET_PRIME_GROUP,0), "ECDSA_SET_PRIME_GROUP"}, {ERR_PACK(0,ECDSA_F_ECDSA_SIGN_SETUP,0), "ECDSA_sign_setup"}, -{ERR_PACK(0,ECDSA_F_I2D_ECDSAPARAMETERS,0), "i2d_ECDSAParameters"}, -{ERR_PACK(0,ECDSA_F_I2D_ECDSAPRIVATEKEY,0), "i2d_ECDSAPrivateKey"}, -{ERR_PACK(0,ECDSA_F_I2D_ECDSAPUBLICKEY,0), "I2D_ECDSAPUBLICKEY"}, -{ERR_PACK(0,ECDSA_F_SIG_CB,0), "SIG_CB"}, {0,NULL} }; static ERR_STRING_DATA ECDSA_str_reasons[]= { {ECDSA_R_BAD_SIGNATURE ,"bad signature"}, -{ECDSA_R_CAN_NOT_GET_GENERATOR ,"can not get generator"}, -{ECDSA_R_D2I_ECDSAPRIVATEKEY_MISSING_PRIVATE_KEY,"d2i ecdsaprivatekey missing private key"}, -{ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE ,"d2i ecdsa privatekey failure"}, -{ECDSA_R_D2I_EC_PARAMETERS_FAILURE ,"d2i ec parameters failure"}, -{ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE ,"d2i x9 62 ec parameters failure"}, {ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE ,"ecdsaprivatekey new failure"}, -{ECDSA_R_ECDSA_F_ECDSA_NEW ,"ecdsa f ecdsa new"}, -{ECDSA_R_ECDSA_GET_EC_PARAMETERS_FAILURE ,"ecdsa get ec parameters failure"}, -{ECDSA_R_ECDSA_GET_FAILURE ,"ecdsa get failure"}, -{ECDSA_R_ECDSA_GET_X9_62_CURVE_FAILURE ,"ecdsa get x9 62 curve failure"}, -{ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE,"ecdsa get x9 62 ec parameters failure"}, -{ECDSA_R_ECDSA_GET_X9_62_FIELDID_FAILURE ,"ecdsa get x9 62 fieldid failure"}, -{ECDSA_R_ECDSA_NEW_FAILURE ,"ecdsa new failure"}, -{ECDSA_R_ECDSA_R_D2I_EC_PARAMETERS_FAILURE,"ecdsa r d2i ec parameters failure"}, -{ECDSA_R_ECDSA_R_D2I_X9_62_EC_PARAMETERS_FAILURE,"ecdsa r d2i x9 62 ec parameters failure"}, -{ECDSA_R_ECPARAMETERS2ECDSA_FAILURE ,"ecparameters2ecdsa failure"}, -{ECDSA_R_EC_GROUP_NID2CURVE_FAILURE ,"ec group nid2curve failure"}, {ECDSA_R_ERR_EC_LIB ,"err ec lib"}, -{ECDSA_R_I2D_ECDSA_PRIVATEKEY ,"i2d ecdsa privatekey"}, -{ECDSA_R_I2D_ECDSA_PUBLICKEY ,"i2d ecdsa publickey"}, {ECDSA_R_MISSING_PARAMETERS ,"missing parameters"}, -{ECDSA_R_MISSING_PRIVATE_KEY ,"missing private key"}, -{ECDSA_R_NOT_SUPPORTED ,"not supported"}, -{ECDSA_R_NO_CURVE_PARAMETER_A_SPECIFIED ,"no curve parameter a specified"}, -{ECDSA_R_NO_CURVE_PARAMETER_B_SPECIFIED ,"no curve parameter b specified"}, -{ECDSA_R_NO_CURVE_SPECIFIED ,"no curve specified"}, -{ECDSA_R_NO_FIELD_SPECIFIED ,"no field specified"}, -{ECDSA_R_PRIME_MISSING ,"prime missing"}, {ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED ,"random number generation failed"}, {ECDSA_R_SIGNATURE_MALLOC_FAILED ,"signature malloc failed"}, -{ECDSA_R_UNEXPECTED_ASN1_TYPE ,"unexpected asn1 type"}, -{ECDSA_R_UNEXPECTED_PARAMETER ,"unexpected parameter"}, -{ECDSA_R_UNEXPECTED_PARAMETER_LENGTH ,"unexpected parameter length"}, -{ECDSA_R_UNEXPECTED_VERSION_NUMER ,"unexpected version numer"}, -{ECDSA_R_UNKNOWN_PARAMETERS_TYPE ,"unknown parameters type"}, -{ECDSA_R_WRONG_FIELD_IDENTIFIER ,"wrong field identifier"}, -{ECDSA_R_X9_62_CURVE_NEW_FAILURE ,"x9 62 curve new failure"}, -{ECDSA_R_X9_62_EC_PARAMETERS_NEW_FAILURE ,"x9 62 ec parameters new failure"}, {0,NULL} }; diff --git a/crypto/ecdsa/ecs_gen.c b/crypto/ecdsa/ecs_gen.c deleted file mode 100644 index e82b9b6e2f..0000000000 --- a/crypto/ecdsa/ecs_gen.c +++ /dev/null @@ -1,83 +0,0 @@ -/* crypto/ecdsa/ecs_gen.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* TODO: implementation of ecdsa parameter generation - */ -#if 0 -#include <stdio.h> -#include <time.h> -#include "cryptlib.h" -#include <openssl/evp.h> -#include <openssl/bn.h> -#include <openssl/ecdsa.h> -#include <openssl/rand.h> -#include <openssl/sha.h> - -#ifdef __cplusplus -extern "C" { -#endif -ECDSA *ECDSA_generate_parameters(int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) - { - return NULL; - } -#ifdef __cplusplus -} -#endif -#else -static void *dummy=&dummy; -#endif diff --git a/crypto/ecdsa/ecs_key.c b/crypto/ecdsa/ecs_key.c deleted file mode 100644 index a186f3aa88..0000000000 --- a/crypto/ecdsa/ecs_key.c +++ /dev/null @@ -1,140 +0,0 @@ -/* crypto/ecdsa/ecs_key.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ecdsa.h" -#include <openssl/err.h> - -int ECDSA_generate_key(ECDSA *ecdsa) -{ - int ok=0; - BN_CTX *ctx=NULL; - BIGNUM *priv_key=NULL,*order=NULL; - EC_POINT *pub_key=NULL; - - if (!ecdsa || !ecdsa->group) - { - ECDSAerr(ECDSA_F_ECDSA_GENERATE_KEY,ECDSA_R_MISSING_PARAMETERS); - return 0; - } - - if ((order = BN_new()) == NULL) goto err; - if ((ctx = BN_CTX_new()) == NULL) goto err; - - if (ecdsa->priv_key == NULL) - { - if ((priv_key = BN_new()) == NULL) goto err; - } - else - priv_key = ecdsa->priv_key; - - if (!EC_GROUP_get_order(ecdsa->group, order, ctx)) goto err; - do - if (!BN_rand_range(priv_key, order)) goto err; - while (BN_is_zero(priv_key)); - - if (ecdsa->pub_key == NULL) - { - if ((pub_key = EC_POINT_new(ecdsa->group)) == NULL) goto err; - } - else - pub_key = ecdsa->pub_key; - - if (!EC_POINT_mul(ecdsa->group, pub_key, priv_key, NULL, NULL, ctx)) goto err; - - ecdsa->priv_key = priv_key; - ecdsa->pub_key = pub_key; - ok=1; -err: if (order) BN_free(order); - if ((pub_key != NULL) && (ecdsa->pub_key == NULL)) EC_POINT_free(pub_key); - if ((priv_key != NULL) && (ecdsa->priv_key == NULL)) BN_free(priv_key); - if (ctx != NULL) BN_CTX_free(ctx); - return(ok); -} - -int ECDSA_check_key(ECDSA *ecdsa) -{ - int ok=0; - BN_CTX *ctx=NULL; - BIGNUM *order=NULL; - EC_POINT *point=NULL; - - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key) - return 0; - - if ((ctx = BN_CTX_new()) == NULL) goto err; - if ((order = BN_new()) == NULL) goto err; - if ((point = EC_POINT_new(ecdsa->group)) == NULL) goto err; - - /* testing whether pub_key is a valid point on the elliptic curve */ - if (!EC_POINT_is_on_curve(ecdsa->group,ecdsa->pub_key,ctx)) goto err; - /* testing whether pub_key * order is the point at infinity */ - if (!EC_GROUP_get_order(ecdsa->group,order,ctx)) goto err; - if (!EC_POINT_copy(point,ecdsa->pub_key)) goto err; - if (!EC_POINT_mul(ecdsa->group,point,order,NULL,NULL,ctx)) goto err; - if (!EC_POINT_is_at_infinity(ecdsa->group,point)) goto err; - /* in case the priv_key is present : check if generator * priv_key == pub_key */ - if (ecdsa->priv_key) - { - if (BN_cmp(ecdsa->priv_key,order) >= 0) goto err; - if (!EC_POINT_mul(ecdsa->group,point,ecdsa->priv_key,NULL,NULL,ctx)) goto err; - if (EC_POINT_cmp(ecdsa->group,point,ecdsa->pub_key,ctx) != 0) goto err; - } - ok = 1; -err: - if (ctx != NULL) BN_CTX_free(ctx); - if (order != NULL) BN_free(order); - if (point != NULL) EC_POINT_free(point); - return(ok); -} diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 88cd18386c..bd0e34cbb4 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -58,6 +58,8 @@ const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT; +static void ecdsa_finish(EC_KEY *); + static const ECDSA_METHOD *default_ECDSA_method = NULL; void ECDSA_set_default_method(const ECDSA_METHOD *meth) @@ -72,37 +74,56 @@ const ECDSA_METHOD *ECDSA_get_default_method(void) return default_ECDSA_method; } -ECDSA *ECDSA_new(void) -{ - return ECDSA_new_method(NULL); -} - -int ECDSA_set_method(ECDSA *ecdsa, const ECDSA_METHOD *meth) +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) { const ECDSA_METHOD *mtmp; + ECDSA_DATA *ecdsa; + + ecdsa = ecdsa_check(eckey); + + if (ecdsa == NULL) + return 0; + mtmp = ecdsa->meth; - if (mtmp->finish) mtmp->finish(ecdsa); +#if 0 + if (mtmp->finish) + mtmp->finish(eckey); +#endif if (ecdsa->engine) { ENGINE_finish(ecdsa->engine); ecdsa->engine = NULL; } ecdsa->meth = meth; - if (meth->init) meth->init(ecdsa); +#if 0 + if (meth->init) + meth->init(eckey); +#endif return 1; } -ECDSA *ECDSA_new_method(ENGINE *engine) +ECDSA_DATA *ECDSA_DATA_new(void) +{ + return ECDSA_DATA_new_method(NULL); +} + +ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) { - ECDSA *ret; + ECDSA_DATA *ret; - ret=(ECDSA *)OPENSSL_malloc(sizeof(ECDSA)); + ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); if (ret == NULL) { - ECDSAerr(ECDSA_F_ECDSA_NEW,ERR_R_MALLOC_FAILURE); + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW, ERR_R_MALLOC_FAILURE); return(NULL); } + ret->init = NULL; + ret->finish = ecdsa_finish; + + ret->kinv = NULL; + ret->r = NULL; + ret->meth = ECDSA_get_default_method(); ret->engine = engine; if (!ret->engine) @@ -112,73 +133,69 @@ ECDSA *ECDSA_new_method(ENGINE *engine) ret->meth = ENGINE_get_ECDSA(ret->engine); if (!ret->meth) { - ECDSAerr(ECDSA_R_ECDSA_F_ECDSA_NEW, ERR_R_ENGINE_LIB); + ECDSAerr(ECDSA_F_ECDSA_DATA_NEW, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; } } - ret->version = 1; - ret->conversion_form = ECDSA_get_default_conversion_form(); - ret->group = NULL; - - ret->pub_key = NULL; - ret->priv_key = NULL; - - ret->kinv = NULL; - ret->r = NULL; - - ret->enc_flag = 0; - - ret->references = 1; ret->flags = ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); +#if 0 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } - +#endif return(ret); } -void ECDSA_free(ECDSA *r) +void ECDSA_DATA_free(ECDSA_DATA *r) { - int i; - - if (r == NULL) return; - - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_ECDSA); -#ifdef REF_PRINT - REF_PRINT("ECDSA",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ECDSA_free, bad reference count\n"); - abort(); - } -#endif + if (r->kinv) + BN_clear_free(r->kinv); + if (r->r) + BN_clear_free(r->r); +#if 0 if (r->meth->finish) r->meth->finish(r); +#endif if (r->engine) ENGINE_finish(r->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - if (r->group != NULL) EC_GROUP_free(r->group); - if (r->pub_key != NULL) EC_POINT_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - if (r->kinv != NULL) BN_clear_free(r->kinv); - if (r->r != NULL) BN_clear_free(r->r); + memset((void *)r, 0x0, sizeof(ECDSA_DATA)); + OPENSSL_free(r); } -int ECDSA_size(const ECDSA *r) +ECDSA_DATA *ecdsa_check(EC_KEY *key) +{ + if (key->meth_data) + { + if (key->meth_data->finish != ecdsa_finish) + { + key->meth_data->finish(key); + key->meth_data = (EC_KEY_METH_DATA *)ECDSA_DATA_new(); + } + } + else + key->meth_data = (EC_KEY_METH_DATA *)ECDSA_DATA_new(); + return (ECDSA_DATA *)key->meth_data; +} + +static void ecdsa_finish(EC_KEY *key) +{ + if (key->meth_data && key->meth_data->finish == ecdsa_finish) + ECDSA_DATA_free((ECDSA_DATA *)key->meth_data); +} + +int ECDSA_size(const EC_KEY *r) { int ret,i; ASN1_INTEGER bs; @@ -207,6 +224,7 @@ int ECDSA_size(const ECDSA *r) return(ret); } + int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { @@ -214,60 +232,20 @@ int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, new_func, dup_func, free_func); } -int ECDSA_set_ex_data(ECDSA *d, int idx, void *arg) +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); -} - -void *ECDSA_get_ex_data(ECDSA *d, int idx) -{ - return(CRYPTO_get_ex_data(&d->ex_data,idx)); -} - -int ECDSA_up_ref(ECDSA *ecdsa) -{ - int i = CRYPTO_add(&ecdsa->references, 1, CRYPTO_LOCK_ECDSA); -#ifdef REF_PRINT - REF_PRINT("ECDSA",r); -#endif -#ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "ECDSA_up_ref, bad reference count\n"); - abort(); - } -#endif - return ((i > 1) ? 1 : 0); -} - -void ECDSA_set_conversion_form(ECDSA *ecdsa, const point_conversion_form_t form) -{ - if (ecdsa) ecdsa->conversion_form = form; -} - -point_conversion_form_t ECDSA_get_conversion_form(const ECDSA *ecdsa) -{ - return ecdsa ? ecdsa->conversion_form : 0; -} - -static point_conversion_form_t default_conversion_form = POINT_CONVERSION_UNCOMPRESSED; - -void ECDSA_set_default_conversion_form(const point_conversion_form_t form) -{ - default_conversion_form = form; -} - -point_conversion_form_t ECDSA_get_default_conversion_form(void) -{ - return default_conversion_form; -} - -unsigned int ECDSA_get_enc_flag(const ECDSA *ecdsa) -{ - return ecdsa->enc_flag; + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return 0; + return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); } -void ECDSA_set_enc_flag(ECDSA *ecdsa, unsigned int flag) +void *ECDSA_get_ex_data(EC_KEY *d, int idx) { - ecdsa->enc_flag = flag; + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return NULL; + return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); } diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 915ece7bf4..a9814afe0b 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -55,22 +55,26 @@ #include "ecdsa.h" #include <openssl/err.h> +#include <openssl/obj_mac.h> -/* TODO : general case */ -#define EC_POINT_get_affine_coordinates EC_POINT_get_affine_coordinates_GFp - -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, ECDSA *ecdsa); -static int ecdsa_sign_setup(ECDSA *ecdsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); -static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, - ECDSA *ecdsa); +static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, + EC_KEY *eckey); +static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); +static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, + ECDSA_SIG *sig, EC_KEY *eckey); static ECDSA_METHOD openssl_ecdsa_meth = { -"OpenSSL ECDSA method", -ecdsa_do_sign, -ecdsa_sign_setup, -ecdsa_do_verify, -0, -NULL + "OpenSSL ECDSA method", + ecdsa_do_sign, + ecdsa_sign_setup, + ecdsa_do_verify, +#if 0 + NULL, /* init */ + NULL, /* finish */ +#endif + 0, /* flags */ + NULL /* app_data */ }; const ECDSA_METHOD *ECDSA_OpenSSL(void) @@ -78,35 +82,52 @@ const ECDSA_METHOD *ECDSA_OpenSSL(void) return &openssl_ecdsa_meth; } -static int ecdsa_sign_setup(ECDSA *ecdsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp) { BN_CTX *ctx = NULL; BIGNUM k,*kinv=NULL,*r=NULL,*order=NULL,*X=NULL; EC_POINT *tmp_point=NULL; - int ret = 0,reason = ERR_R_BN_LIB; - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key) + int ret = 0; + if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key) { - reason = ECDSA_R_MISSING_PARAMETERS; + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (ctx_in == NULL) { - if ((ctx=BN_CTX_new()) == NULL) goto err; + if ((ctx=BN_CTX_new()) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + goto err; + } } else ctx=ctx_in; - if ((r = BN_new()) == NULL) goto err; - if ((order = BN_new()) == NULL) goto err; - if ((X = BN_new()) == NULL) goto err; - if ((tmp_point = EC_POINT_new(ecdsa->group)) == NULL) + if ((r = BN_new()) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + if ((order = BN_new()) == NULL) { - reason = ERR_R_EC_LIB; + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + if ((X = BN_new()) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + if ((tmp_point = EC_POINT_new(eckey->group)) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } - if (!EC_GROUP_get_order(ecdsa->group,order,ctx)) + if (!EC_GROUP_get_order(eckey->group,order,ctx)) { - reason = ERR_R_EC_LIB; + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } @@ -117,24 +138,53 @@ static int ecdsa_sign_setup(ECDSA *ecdsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM do if (!BN_rand_range(&k,order)) { - reason = ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED; + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, + ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } while (BN_is_zero(&k)); /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(ecdsa->group,tmp_point,&k,NULL,NULL,ctx) - || !EC_POINT_get_affine_coordinates(ecdsa->group,tmp_point,X,NULL,ctx)) + if (!EC_POINT_mul(eckey->group, tmp_point, &k, NULL, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(eckey->group)) + == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, + tmp_point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, + ERR_R_EC_LIB); + goto err; + } + } + else /* NID_X9_62_characteristic_two_field */ + { + if (!EC_POINT_get_affine_coordinates_GF2m(eckey->group, + tmp_point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, + ERR_R_EC_LIB); + goto err; + } + } + if (!BN_nnmod(r,X,order,ctx)) { - reason = ERR_R_EC_LIB; + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } - if (!BN_nnmod(r,X,order,ctx)) goto err; } while (BN_is_zero(r)); /* compute the inverse of k */ - if ((kinv = BN_mod_inverse(NULL,&k,order,ctx)) == NULL) goto err; + if ((kinv = BN_mod_inverse(NULL,&k,order,ctx)) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } if (*rp == NULL) BN_clear_free(*rp); @@ -147,7 +197,6 @@ static int ecdsa_sign_setup(ECDSA *ecdsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM err: if (!ret) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,reason); if (kinv != NULL) BN_clear_free(kinv); if (r != NULL) BN_clear_free(r); } @@ -165,44 +214,60 @@ err: } -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA *ecdsa) +static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey) { BIGNUM *kinv=NULL,*r=NULL,*s=NULL,*m=NULL,*tmp=NULL,*order=NULL; BIGNUM xr; BN_CTX *ctx=NULL; - int reason=ERR_R_BN_LIB; ECDSA_SIG *ret=NULL; + ECDSA_DATA *ecdsa; + + ecdsa = ecdsa_check(eckey); - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key) + if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key + || !ecdsa) { - reason = ECDSA_R_MISSING_PARAMETERS; + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); goto err; } BN_init(&xr); - if ((ctx = BN_CTX_new()) == NULL) goto err; - if ((order = BN_new()) == NULL) goto err; - if ((tmp = BN_new()) == NULL) goto err; - if ((m = BN_new()) == NULL) goto err; - if ((s = BN_new()) == NULL) goto err; + if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || + (tmp = BN_new()) == NULL || (m = BN_new()) == NULL || + (s = BN_new()) == NULL ) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } - if (!EC_GROUP_get_order(ecdsa->group,order,ctx)) + if (!EC_GROUP_get_order(eckey->group,order,ctx)) { - reason = ECDSA_R_ERR_EC_LIB; + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } if (dgst_len > BN_num_bytes(order)) { - reason = ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, + ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; } - if (BN_bin2bn(dgst,dgst_len,m) == NULL) goto err; + if (BN_bin2bn(dgst,dgst_len,m) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } do { - if ((ecdsa->kinv == NULL) || (ecdsa->r == NULL)) + if (ecdsa->kinv == NULL || ecdsa->r == NULL) { - if (!ECDSA_sign_setup(ecdsa,ctx,&kinv,&r)) goto err; + if (!ECDSA_sign_setup(eckey,ctx,&kinv,&r)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, + ERR_R_ECDSA_LIB); + goto err; + } } else { @@ -212,109 +277,174 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA * ecdsa->r = NULL; } - if (!BN_mod_mul(tmp,ecdsa->priv_key,r,order,ctx)) goto err; - if (!BN_add(s,tmp,m)) goto err; + if (!BN_mod_mul(tmp,eckey->priv_key,r,order,ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_add(s,tmp,m)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } if (BN_cmp(s,order) > 0) BN_sub(s,s,order); - if (!BN_mod_mul(s,s,kinv,order,ctx)) goto err; + if (!BN_mod_mul(s,s,kinv,order,ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } } while (BN_is_zero(s)); if ((ret = ECDSA_SIG_new()) == NULL) { - reason = ECDSA_R_SIGNATURE_MALLOC_FAILED; + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); goto err; } if (BN_copy(ret->r, r) == NULL || BN_copy(ret->s, s) == NULL) { ECDSA_SIG_free(ret); ret = NULL; - reason = ERR_R_BN_LIB; + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); } err: - if (!ret) - { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,reason); - } - if (r != NULL) BN_clear_free(r); - if (s != NULL) BN_clear_free(s); - if (ctx != NULL) BN_CTX_free(ctx); - if (m != NULL) BN_clear_free(m); - if (tmp != NULL) BN_clear_free(tmp); - if (order != NULL) BN_clear_free(order); - if (kinv != NULL) BN_clear_free(kinv); + if (r) + BN_clear_free(r); + if (s) + BN_clear_free(s); + if (ctx) + BN_CTX_free(ctx); + if (m) + BN_clear_free(m); + if (tmp) + BN_clear_free(tmp); + if (order) + BN_clear_free(order); + if (kinv) + BN_clear_free(kinv); return(ret); } -static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, - ECDSA *ecdsa) +static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, + ECDSA_SIG *sig, EC_KEY *eckey) { BN_CTX *ctx; BIGNUM *order=NULL,*u1=NULL,*u2=NULL,*m=NULL,*X=NULL; EC_POINT *point=NULL; - int ret = -1,reason = ERR_R_BN_LIB; - if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !sig) + int ret = -1; + if (!eckey || !eckey->group || !eckey->pub_key || !sig) { - reason = ECDSA_R_MISSING_PARAMETERS; + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); return -1; } - if ((ctx = BN_CTX_new()) == NULL) goto err; - if ((order = BN_new()) == NULL) goto err; - if ((u1 = BN_new()) == NULL) goto err; - if ((u2 = BN_new()) == NULL) goto err; - if ((m = BN_new()) == NULL) goto err; - if ((X = BN_new()) == NULL) goto err; - if (!EC_GROUP_get_order(ecdsa->group,order,ctx)) goto err; + if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || + (u1 = BN_new()) == NULL || (u2 = BN_new()) == NULL || + (m = BN_new()) == NULL || (X = BN_new()) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_GROUP_get_order(eckey->group, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, order) >= 0) { - reason = ECDSA_R_BAD_SIGNATURE; + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); ret = 0; goto err; } if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, order) >= 0) { - reason = ECDSA_R_BAD_SIGNATURE; + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); ret = 0; goto err; } /* calculate tmp1 = inv(S) mod order */ - if ((BN_mod_inverse(u2,sig->s,order,ctx)) == NULL) goto err; + if ((BN_mod_inverse(u2,sig->s,order,ctx)) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } /* digest -> m */ - if (BN_bin2bn(dgst,dgst_len,m) == NULL) goto err; + if (BN_bin2bn(dgst,dgst_len,m) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } /* u1 = m * tmp mod order */ - if (!BN_mod_mul(u1,m,u2,order,ctx)) goto err; + if (!BN_mod_mul(u1,m,u2,order,ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } /* u2 = r * w mod q */ - if (!BN_mod_mul(u2,sig->r,u2,order,ctx)) goto err; + if (!BN_mod_mul(u2,sig->r,u2,order,ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } - if ((point = EC_POINT_new(ecdsa->group)) == NULL) + if ((point = EC_POINT_new(eckey->group)) == NULL) { - reason = ERR_R_EC_LIB; + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_POINT_mul(ecdsa->group,point,u1,ecdsa->pub_key,u2,ctx) - || !EC_POINT_get_affine_coordinates(ecdsa->group,point,X,NULL,ctx)) + if (!EC_POINT_mul(eckey->group, point, u1, eckey->pub_key, u2, ctx)) { - reason = ERR_R_EC_LIB; + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(eckey->group)) + == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, + point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + } + else /* NID_X9_62_characteristic_two_field */ + { + if (!EC_POINT_get_affine_coordinates_GF2m(eckey->group, + point, X, NULL, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; + } + } + + if (!BN_nnmod(u1,X,order,ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } - if (!BN_nnmod(u1,X,order,ctx)) goto err; /* is now in u1. If the signature is correct, it will be * equal to R. */ ret = (BN_ucmp(u1,sig->r) == 0); err: - if (ret != 1) ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,reason); - if (ctx != NULL) BN_CTX_free(ctx); - if (u1 != NULL) BN_clear_free(u1); - if (u2 != NULL) BN_clear_free(u2); - if (m != NULL) BN_clear_free(m); - if (X != NULL) BN_clear_free(X); - if (order != NULL) BN_clear_free(order); - if (point != NULL) EC_POINT_free(point); + if (ctx) + BN_CTX_free(ctx); + if (u1) + BN_clear_free(u1); + if (u2) + BN_clear_free(u2); + if (m) + BN_clear_free(m); + if (X) + BN_clear_free(X); + if (order) + BN_clear_free(order); + if (point) + EC_POINT_free(point); return(ret); } diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c index c1d3e3bf3c..215da1211a 100644 --- a/crypto/ecdsa/ecs_sign.c +++ b/crypto/ecdsa/ecs_sign.c @@ -56,16 +56,19 @@ #include "ecdsa.h" #include <openssl/engine.h> -ECDSA_SIG * ECDSA_do_sign(const unsigned char *dgst, int dlen, ECDSA *ecdsa) +ECDSA_SIG * ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { - return ecdsa->meth->ecdsa_do_sign(dgst, dlen, ecdsa); + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return NULL; + return ecdsa->meth->ecdsa_do_sign(dgst, dlen, eckey); } -int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, ECDSA *ecdsa) +int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char + *sig, unsigned int *siglen, EC_KEY *eckey) { ECDSA_SIG *s; - s=ECDSA_do_sign(dgst,dlen,ecdsa); + s=ECDSA_do_sign(dgst,dlen,eckey); if (s == NULL) { *siglen=0; @@ -76,7 +79,11 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig return(1); } -int ECDSA_sign_setup(ECDSA *ecdsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp) { - return ecdsa->meth->ecdsa_sign_setup(ecdsa, ctx_in, kinvp, rp); + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); } diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 58c98b5593..269671bec8 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -61,9 +61,13 @@ * 0: incorrect signature * -1: error */ -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, ECDSA *ecdsa) +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + ECDSA_SIG *sig, EC_KEY *eckey) { - return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, ecdsa); + ECDSA_DATA *ecdsa = ecdsa_check(eckey); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); } /* returns @@ -71,15 +75,16 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig, ECD * 0: incorrect signature * -1: error */ -int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, ECDSA *ecdsa) +int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s,&sigbuf,sig_len) == NULL) goto err; - ret=ECDSA_do_verify(dgst,dgst_len,s,ecdsa); + if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: ECDSA_SIG_free(s); return(ret); |