From: TJ Saunders Date: Wed, 8 Jun 2016 20:54:22 +0000 (-0700) Subject: Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values. X-Git-Tag: OpenSSL_1_1_0-pre6~469 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6a571a18dd4381940d61a3c2f0d65d2b6515c693;p=oweals%2Fopenssl.git Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values. SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given the R and S values, and the data to be signed, by the client. Thus in order to validate these signatures, SSH2 implementations will digest and sign the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects. Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting those R and S values in these objects, which makes using OpenSSL for such SSH2 implementations much more difficult. Reviewed-by: Richard Levitte Reviewed-by: Emilia Käsper Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1193) --- diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 93ce85f09e..b19bfaff50 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -32,6 +32,15 @@ void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig) *ps = sig->s; } +int DSA_SIG_set0(BIGNUM *r, BIGNUM *s, DSA_SIG *sig) +{ + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + /* Override the default free and new methods */ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 9272e1f1ba..89cc67d8aa 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1180,6 +1180,15 @@ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig) *ps = sig->s; } +int ECDSA_SIG_set0(BIGNUM *r, BIGNUM *s, ECDSA_SIG *sig) +{ + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + int ECDSA_size(const EC_KEY *r) { int ret, i; diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod index d12b08812e..68694f078a 100644 --- a/doc/crypto/DSA_SIG_new.pod +++ b/doc/crypto/DSA_SIG_new.pod @@ -11,6 +11,7 @@ DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects DSA_SIG *DSA_SIG_new(void); void DSA_SIG_free(DSA_SIG *a); void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig); + int DSA_SIG_set0(BIGNUM *r, BIGNUM *s, DSA_SIG *sig); =head1 DESCRIPTION @@ -22,6 +23,12 @@ values are erased before the memory is returned to the system. DSA_SIG_get0() returns internal pointers the B and B values contained in B. The values can then be examined or initialised. +The B and B values can be set by calling DSA_SIG_set0() and passing the +new values for B and B as parameters to the function. Calling this +function transfers the memory management of the values to the DSA_SIG object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. + =head1 RETURN VALUES If the allocation fails, DSA_SIG_new() returns B and sets an @@ -31,6 +38,8 @@ to the newly allocated structure. DSA_SIG_free() returns no value. +DSA_SIG_set0() returns 1 on success or 0 on failure. + =head1 SEE ALSO L, L, diff --git a/doc/crypto/ECDSA_SIG_new.pod b/doc/crypto/ECDSA_SIG_new.pod index 691989074d..fbcf6ee235 100644 --- a/doc/crypto/ECDSA_SIG_new.pod +++ b/doc/crypto/ECDSA_SIG_new.pod @@ -14,6 +14,7 @@ algorithm (ECDSA) functions ECDSA_SIG *ECDSA_SIG_new(void); void ECDSA_SIG_free(ECDSA_SIG *sig); void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig); + int ECDSA_SIG_set0(BIGNUM *r, BIGNUM *s, ECDSA_SIG *sig); int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); int ECDSA_size(const EC_KEY *eckey); @@ -53,6 +54,12 @@ ECDSA_SIG_free() frees the B structure B. ECDSA_SIG_get0() returns internal pointers the B and B values contained in B. The values can then be examined or initialised. +The B and B values can be set by calling ECDSA_SIG_set0() and passing the +new values for B and B as parameters to the function. Calling this +function transfers the memory management of the values to the ECDSA_SIG object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. + i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature B and writes the encoded signature to B<*pp> (note: if B is NULL i2d_ECDSA_SIG() returns the expected length in bytes of the DER encoded signature). @@ -106,6 +113,8 @@ returned as a newly allocated B structure (or NULL on error). =head1 RETURN VALUES +ECDSA_SIG_set0() returns 1 on success or 0 on failure. + ECDSA_size() returns the maximum length signature or 0 on error. ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 48d2b56ee9..d75409a02d 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -82,6 +82,7 @@ void DSA_SIG_free(DSA_SIG *a); int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig); +int DSA_SIG_set0(BIGNUM *r, BIGNUM *s, DSA_SIG *sig); DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); int DSA_do_verify(const unsigned char *dgst, int dgst_len, diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 9c74053c0b..bc55b53c41 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1080,6 +1080,13 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); */ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig); +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG pointer + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(BIGNUM *r, BIGNUM *s, ECDSA_SIG *sig); + /** Computes the ECDSA signature of the given hash value using * the supplied private key and returns the created signature. * \param dgst pointer to the hash value