diff options
| author | TJ Saunders <tj@castaglia.org> | 2016-06-08 13:54:22 -0700 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2016-06-13 15:44:49 -0400 |
| commit | 6a571a18dd4381940d61a3c2f0d65d2b6515c693 (patch) | |
| tree | 742283b7c96076c7d443a6818278c4a63e4d413f /include | |
| parent | d356dc561925ec9cecc58a69e2280c18a49ec41a (diff) | |
| download | openssl-6a571a18dd4381940d61a3c2f0d65d2b6515c693.tar.gz | |
Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client. Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.
Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/dsa.h | 1 | ||||
| -rw-r--r-- | include/openssl/ec.h | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 48d2b56ee9..d75409a02d 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -82,6 +82,7 @@ void DSA_SIG_free(DSA_SIG *a); int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig); +int DSA_SIG_set0(BIGNUM *r, BIGNUM *s, DSA_SIG *sig); DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); int DSA_do_verify(const unsigned char *dgst, int dgst_len, diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 9c74053c0b..bc55b53c41 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1080,6 +1080,13 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); */ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig); +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG pointer + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(BIGNUM *r, BIGNUM *s, ECDSA_SIG *sig); + /** Computes the ECDSA signature of the given hash value using * the supplied private key and returns the created signature. * \param dgst pointer to the hash value |