diff options
Diffstat (limited to 'freebsd/crypto/openssl/crypto/ecdsa')
-rw-r--r-- | freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c | 11 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c | 32 |
2 files changed, 32 insertions, 11 deletions
diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c b/freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c index 7ef6f3e6..13602806 100644 --- a/freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c +++ b/freebsd/crypto/openssl/crypto/ecdsa/ecdsatest.c @@ -5,7 +5,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -139,7 +139,7 @@ int restore_rand(void) return 1; } -static int fbytes_counter = 0; +static int fbytes_counter = 0, use_fake = 0; static const char *numbers[8] = { "651056770906015076056810763456358567190100156695615665659", "6140507067065001063065065565667405560006161556565665656654", @@ -160,6 +160,11 @@ int fbytes(unsigned char *buf, int num) int ret; BIGNUM *tmp = NULL; + if (use_fake == 0) + return old_rand->bytes(buf, num); + + use_fake = 0; + if (fbytes_counter >= 8) return 0; tmp = BN_new(); @@ -201,11 +206,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) /* create the key */ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) goto x962_int_err; + use_fake = 1; if (!EC_KEY_generate_key(key)) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); /* create the signature */ + use_fake = 1; signature = ECDSA_do_sign(digest, 20, key); if (signature == NULL) goto x962_int_err; diff --git a/freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c b/freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c index ccc1d30a..587ba6bd 100644 --- a/freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c +++ b/freebsd/crypto/openssl/crypto/ecdsa/ecs_ossl.c @@ -5,7 +5,7 @@ * Written by Nils Larsch for the OpenSSL project */ /* ==================================================================== - * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -62,6 +62,7 @@ #include <openssl/err.h> #include <openssl/obj_mac.h> #include <openssl/bn.h> +#include "bn_int.h" static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, const BIGNUM *, const BIGNUM *, @@ -253,13 +254,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL, *order = NULL; const BIGNUM *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; ECDSA_SIG *ret; ECDSA_DATA *ecdsa; const BIGNUM *priv_key; + BN_MONT_CTX *mont_data; ecdsa = ecdsa_check(eckey); group = EC_KEY_get0_group(eckey); @@ -278,7 +280,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, s = ret->s; if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { + (m = BN_new()) == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); goto err; } @@ -287,6 +289,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } + mont_data = EC_GROUP_get_mont_data(group); + i = BN_num_bits(order); /* * Need to truncate digest if it is too long: first truncate whole bytes. @@ -317,15 +321,27 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, } } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + /* + * With only one multiplicant being in Montgomery domain + * multiplication yields real result without post-conversion. + * Also note that all operations but last are performed with + * zero-padded vectors. Last operation, BN_mod_mul_montgomery + * below, returns user-visible value with removed zero padding. + */ + if (!bn_to_mont_fixed_top(s, ret->r, mont_data, ctx) + || !bn_mul_mont_fixed_top(s, s, priv_key, mont_data, ctx)) { goto err; } - if (!BN_mod_add_quick(s, tmp, m, order)) { + if (!bn_mod_add_fixed_top(s, s, m, order)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + /* + * |s| can still be larger than modulus, because |m| can be. In + * such case we count on Montgomery reduction to tie it up. + */ + if (!bn_to_mont_fixed_top(s, s, mont_data, ctx) + || !BN_mod_mul_montgomery(s, s, ckinv, mont_data, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } @@ -355,8 +371,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, BN_CTX_free(ctx); if (m) BN_clear_free(m); - if (tmp) - BN_clear_free(tmp); if (order) BN_free(order); if (kinv) |