diff options
author | simon <simon@FreeBSD.org> | 2009-06-14 19:45:16 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2009-06-14 19:45:16 +0000 |
commit | 5fb395764b4b691c877e526b4e65bbedb5cb67c7 (patch) | |
tree | 90cf0e59374e08e88c1514f35c4b2aab0cccd66d /crypto/openssl/crypto/ecdsa | |
parent | 07b720e0fe4141d966e129428ee8eb96f394787f (diff) | |
parent | d5528ae65fadeed6bcb5c766bf12ed4b275a9271 (diff) | |
download | FreeBSD-src-5fb395764b4b691c877e526b4e65bbedb5cb67c7.zip FreeBSD-src-5fb395764b4b691c877e526b4e65bbedb5cb67c7.tar.gz |
Merge OpenSSL 0.9.8k into head.
Approved by: re
Diffstat (limited to 'crypto/openssl/crypto/ecdsa')
-rw-r--r-- | crypto/openssl/crypto/ecdsa/Makefile | 49 | ||||
-rw-r--r-- | crypto/openssl/crypto/ecdsa/ecdsatest.c | 22 | ||||
-rw-r--r-- | crypto/openssl/crypto/ecdsa/ecs_ossl.c | 25 |
3 files changed, 68 insertions, 28 deletions
diff --git a/crypto/openssl/crypto/ecdsa/Makefile b/crypto/openssl/crypto/ecdsa/Makefile index 16a93cd..4865f3c 100644 --- a/crypto/openssl/crypto/ecdsa/Makefile +++ b/crypto/openssl/crypto/ecdsa/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -92,13 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_err.o: ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_lib.o: ecs_lib.c ecs_locl.h ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h @@ -110,16 +115,28 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_sign.o: ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h -ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_vrf.o: ecs_locl.h ecs_vrf.c diff --git a/crypto/openssl/crypto/ecdsa/ecdsatest.c b/crypto/openssl/crypto/ecdsa/ecdsatest.c index 59be39b..b07e312 100644 --- a/crypto/openssl/crypto/ecdsa/ecdsatest.c +++ b/crypto/openssl/crypto/ecdsa/ecdsatest.c @@ -203,13 +203,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) if (!EC_KEY_generate_key(key)) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* create the signature */ signature = ECDSA_do_sign(digest, 20, key); if (signature == NULL) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* compare the created signature with the expected signature */ if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) goto x962_int_err; @@ -219,12 +219,12 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s)) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* verify the signature */ if (ECDSA_do_verify(digest, 20, signature, key) != 1) goto x962_int_err; BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); BIO_printf(out, " ok\n"); ret = 1; @@ -369,7 +369,7 @@ int test_builtin(BIO *out) } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* check key */ if (!EC_KEY_check_key(eckey)) { @@ -377,7 +377,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* create signature */ sig_len = ECDSA_size(eckey); if ((signature = OPENSSL_malloc(sig_len)) == NULL) @@ -388,7 +388,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* verify signature */ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { @@ -396,7 +396,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* verify signature with the wrong key */ if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) @@ -405,7 +405,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* wrong digest */ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) @@ -414,7 +414,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); /* modify a single byte of the signature */ offset = signature[10] % sig_len; dirt = signature[11]; @@ -425,7 +425,7 @@ int test_builtin(BIO *out) goto builtin_err; } BIO_printf(out, "."); - BIO_flush(out); + (void)BIO_flush(out); BIO_printf(out, " ok\n"); /* cleanup */ diff --git a/crypto/openssl/crypto/ecdsa/ecs_ossl.c b/crypto/openssl/crypto/ecdsa/ecs_ossl.c index 32d66a9..3ead1af9 100644 --- a/crypto/openssl/crypto/ecdsa/ecs_ossl.c +++ b/crypto/openssl/crypto/ecdsa/ecs_ossl.c @@ -251,8 +251,16 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } - if (dgst_len > BN_num_bytes(order)) + if (8 * dgst_len > BN_num_bits(order)) { + /* XXX + * + * Should provide for optional hash truncation: + * Keep the BN_num_bits(order) leftmost bits of dgst + * (see March 2006 FIPS 186-3 draft, which has a few + * confusing errors in this part though) + */ + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; @@ -376,6 +384,21 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } + if (8 * dgst_len > BN_num_bits(order)) + { + /* XXX + * + * Should provide for optional hash truncation: + * Keep the BN_num_bits(order) leftmost bits of dgst + * (see March 2006 FIPS 186-3 draft, which has a few + * confusing errors in this part though) + */ + + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, + ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + ret = 0; + goto err; + } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || |