Commit 6a571a18 authored by TJ Saunders's avatar TJ Saunders Committed by Rich Salz
Browse files

Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values. 



SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client.  Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.

Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
parent d356dc56

crypto/dsa/dsa_asn1.c

+9 −0
Original line number Diff line number Diff line
@@ -32,6 +32,15 @@ void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig) 
    *ps = sig->s;

}



int DSA_SIG_set0(BIGNUM *r, BIGNUM *s, DSA_SIG *sig)

{

    BN_clear_free(sig->r);

    BN_clear_free(sig->s);

    sig->r = r;

    sig->s = s;

    return 1;

}



/* Override the default free and new methods */

static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

                  void *exarg)

crypto/ec/ec_asn1.c

+9 −0
Original line number Diff line number Diff line
@@ -1180,6 +1180,15 @@ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig) 
        *ps = sig->s;

}



int ECDSA_SIG_set0(BIGNUM *r, BIGNUM *s, ECDSA_SIG *sig)

{

    BN_clear_free(sig->r);

    BN_clear_free(sig->s);

    sig->r = r;

    sig->s = s;

    return 1;

}



int ECDSA_size(const EC_KEY *r)

{

    int ret, i;

doc/crypto/DSA_SIG_new.pod

+9 −0
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects 
 DSA_SIG *DSA_SIG_new(void);

 void DSA_SIG_free(DSA_SIG *a);

 void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig);

 int DSA_SIG_set0(BIGNUM *r, BIGNUM *s, DSA_SIG *sig);



=head1 DESCRIPTION
@@ -22,6 +23,12 @@ values are erased before the memory is returned to the system. 
DSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained

in B<sig>. The values can then be examined or initialised.



The B<r> and B<s> values can be set by calling DSA_SIG_set0() and passing the

new values for B<r> and B<s> as parameters to the function. Calling this

function transfers the memory management of the values to the DSA_SIG object,

and therefore the values that have been passed in should not be freed directly

after this function has been called.



=head1 RETURN VALUES



If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
@@ -31,6 +38,8 @@ to the newly allocated structure. 


DSA_SIG_free() returns no value.



DSA_SIG_set0() returns 1 on success or 0 on failure.



=head1 SEE ALSO



L<dsa(3)>, L<ERR_get_error(3)>,

doc/crypto/ECDSA_SIG_new.pod

+9 −0
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@ algorithm (ECDSA) functions 
 ECDSA_SIG *ECDSA_SIG_new(void);

 void ECDSA_SIG_free(ECDSA_SIG *sig);

 void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig);

 int ECDSA_SIG_set0(BIGNUM *r, BIGNUM *s, ECDSA_SIG *sig);

 int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);

 ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);

 int ECDSA_size(const EC_KEY *eckey);
@@ -53,6 +54,12 @@ ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>. 
ECDSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained

in B<sig>. The values can then be examined or initialised.



The B<r> and B<s> values can be set by calling ECDSA_SIG_set0() and passing the

new values for B<r> and B<s> as parameters to the function. Calling this

function transfers the memory management of the values to the ECDSA_SIG object,

and therefore the values that have been passed in should not be freed directly

after this function has been called.



i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature B<sig> and

writes the encoded signature to B<*pp> (note: if B<pp> is NULL i2d_ECDSA_SIG()

returns the expected length in bytes of the DER encoded signature).
@@ -106,6 +113,8 @@ returned as a newly allocated B<ECDSA_SIG> structure (or NULL on error). 


=head1 RETURN VALUES



ECDSA_SIG_set0() returns 1 on success or 0 on failure.



ECDSA_size() returns the maximum length signature or 0 on error.



ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful

include/openssl/dsa.h

+1 −0
Original line number Diff line number Diff line
@@ -82,6 +82,7 @@ void DSA_SIG_free(DSA_SIG *a); 
int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);

DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);

void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig);

int DSA_SIG_set0(BIGNUM *r, BIGNUM *s, DSA_SIG *sig);



DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);

int DSA_do_verify(const unsigned char *dgst, int dgst_len,