diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-01-20 23:00:12 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-21 10:54:37 +1100 |
| commit | 749aef30321595435ddacef2f31d7a8f2b289309 (patch) | |
| tree | c8adb22d52f5bfa844c35db1ed2276b7a64d4921 /ssh-pkcs11.c | |
| parent | 0c50992af49b562970dd0ba3f8f151f1119e260e (diff) | |
upstream: cleanup unnecessary code in ECDSA pkcs#11 signature
work by markus@, feedback and ok djm@
OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d
Diffstat (limited to 'ssh-pkcs11.c')
| -rw-r--r-- | ssh-pkcs11.c | 41 |
1 files changed, 16 insertions, 25 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 01f968a9b..dd8d501ae 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. | 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
| @@ -411,7 +411,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
| 411 | CK_RV rv; | 411 | CK_RV rv; |
| 412 | ECDSA_SIG *ret = NULL; | 412 | ECDSA_SIG *ret = NULL; |
| 413 | u_char *sig; | 413 | u_char *sig; |
| 414 | const u_char *cp; | ||
| 415 | 414 | ||
| 416 | if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { | 415 | if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { |
| 417 | ossl_error("EC_KEY_get_key_method_data failed for ec"); | 416 | ossl_error("EC_KEY_get_key_method_data failed for ec"); |
| @@ -435,29 +434,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
| 435 | error("C_Sign failed: %lu", rv); | 434 | error("C_Sign failed: %lu", rv); |
| 436 | goto done; | 435 | goto done; |
| 437 | } | 436 | } |
| 438 | cp = sig; | 437 | if (siglen < 64 || siglen > 132 || siglen % 2) { |
| 439 | ret = d2i_ECDSA_SIG(NULL, &cp, siglen); | 438 | ossl_error("d2i_ECDSA_SIG failed"); |
| 440 | if (ret == NULL) { | 439 | goto done; |
| 441 | /* | 440 | } |
| 442 | * d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded | 441 | bnlen = siglen/2; |
| 443 | * sequence, but to the concatenation r|s. | 442 | if ((ret = ECDSA_SIG_new()) == NULL) { |
| 444 | */ | 443 | error("ECDSA_SIG_new failed"); |
| 445 | if (siglen < 64 || siglen > 132 || siglen % 2) { | 444 | goto done; |
| 446 | ossl_error("d2i_ECDSA_SIG failed"); | 445 | } |
| 447 | goto done; | 446 | if (BN_bin2bn(sig, bnlen, ret->r) == NULL || |
| 448 | } | 447 | BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { |
| 449 | bnlen = siglen/2; | 448 | ossl_error("d2i_ECDSA_SIG failed"); |
| 450 | if ((ret = ECDSA_SIG_new()) == NULL) { | 449 | ECDSA_SIG_free(ret); |
| 451 | error("ECDSA_SIG_new failed"); | 450 | ret = NULL; |
| 452 | goto done; | 451 | goto done; |
| 453 | } | ||
| 454 | if (BN_bin2bn(sig, bnlen, ret->r) == NULL || | ||
| 455 | BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { | ||
| 456 | ossl_error("d2i_ECDSA_SIG failed"); | ||
| 457 | ECDSA_SIG_free(ret); | ||
| 458 | ret = NULL; | ||
| 459 | goto done; | ||
| 460 | } | ||
| 461 | } | 452 | } |
| 462 | done: | 453 | done: |
| 463 | free(sig); | 454 | free(sig); |