From: Vitaly Chikunov Date: Mon, 17 Feb 2020 21:35:10 +0000 (+0300) Subject: ec: Use BN_{CTX_,}secure_new memory API for priv keys X-Git-Tag: v3.0.0~192 X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=f3e7c24d4733bb1c096e43345602d3258e994e3c;p=openssl-gost%2Fengine.git ec: Use BN_{CTX_,}secure_new memory API for priv keys OpenSSL suggests to use (and internally itself uses) `BN_{CTX_,}secure_new' primitives to work with private keys. These are using `OPENSSL_secure_malloc' et al. calls, which use special 'secure heap' memory. Along, optimize out `hashsum2bn' with `BN_lebin2bn'. --- diff --git a/gost_ameth.c b/gost_ameth.c index 7fe05c8..92cfc41 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -310,7 +310,7 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL; const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL; - pknum_masked = hashsum2bn(buf, len); + pknum_masked = BN_lebin2bn(buf, len, BN_secure_new()); if (!pknum_masked) return NULL; @@ -328,8 +328,8 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk, } for (; p != buf; p -= len) { - BIGNUM *mask = hashsum2bn(p, len); - BN_CTX *ctx = BN_CTX_new(); + BIGNUM *mask = BN_lebin2bn(p, len, BN_secure_new()); + BN_CTX *ctx = BN_CTX_secure_new(); BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx); @@ -381,7 +381,7 @@ static int priv_decode_gost(EVP_PKEY *pk, GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } - pk_num = hashsum2bn(s->data, s->length); + pk_num = BN_lebin2bn(s->data, s->length, BN_secure_new()); ASN1_STRING_free(s); } else if (V_ASN1_INTEGER == *p) { priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len); @@ -389,7 +389,7 @@ static int priv_decode_gost(EVP_PKEY *pk, GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } - pk_num = ASN1_INTEGER_to_BN(priv_key, NULL); + pk_num = ASN1_INTEGER_to_BN(priv_key, BN_secure_new()); ASN1_INTEGER_free(priv_key); } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) { MASKED_GOST_KEY *mgk = NULL; @@ -437,18 +437,18 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT); key_len = (key_len < 0) ? 0 : key_len / 8; - if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) { + if (key_len == 0 || !(buf = OPENSSL_secure_malloc(key_len))) { return 0; } if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) { - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return 0; } params = encode_gost_algor_params(pk); if (!params) { - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return 0; } @@ -467,12 +467,12 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) { ASN1_STRING_free(octet); ASN1_STRING_free(params); - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return 0; } priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf); ASN1_STRING_free(octet); - OPENSSL_free(buf); + OPENSSL_secure_free(buf); return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf, priv_len); diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 2053d0d..faa0265 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -27,7 +27,7 @@ int VKO_compute_key(unsigned char *shared_key, BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL, *cofactor = NULL; const BIGNUM *key = EC_KEY_get0_private_key(priv_key); EC_POINT *pnt = EC_POINT_new(EC_KEY_get0_group(priv_key)); - BN_CTX *ctx = BN_CTX_new(); + BN_CTX *ctx = BN_CTX_secure_new(); EVP_MD_CTX *mdctx = NULL; const EVP_MD *md = NULL; int buf_len, half_len; @@ -45,7 +45,7 @@ int VKO_compute_key(unsigned char *shared_key, goto err; } - UKM = hashsum2bn(ukm, ukm_size); + UKM = BN_lebin2bn(ukm, ukm_size, NULL); p = BN_CTX_get(ctx); order = BN_CTX_get(ctx); cofactor = BN_CTX_get(ctx); diff --git a/gost_ec_sign.c b/gost_ec_sign.c index 3db118a..df489ae 100644 --- a/gost_ec_sign.c +++ b/gost_ec_sign.c @@ -23,21 +23,6 @@ void dump_dsa_sig(const char *message, ECDSA_SIG *sig); # define dump_dsa_sig(a,b) #endif -/* Convert little-endian byte array into bignum */ -BIGNUM *hashsum2bn(const unsigned char *dgst, int len) -{ - unsigned char buf[64]; - int i; - - if (len > sizeof(buf)) - return NULL; - - for (i = 0; i < len; i++) { - buf[len - i - 1] = dgst[i]; - } - return BN_bin2bn(buf, len, NULL); -} - static R3410_ec_params *gost_nid2params(int nid) { R3410_ec_params *params; @@ -183,14 +168,14 @@ ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) OPENSSL_assert(dgst != NULL && eckey != NULL); - if (!(ctx = BN_CTX_new())) { + if (!(ctx = BN_CTX_secure_new())) { GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE); return NULL; } BN_CTX_start(ctx); OPENSSL_assert(dlen == 32 || dlen == 64); - md = hashsum2bn(dgst, dlen); + md = BN_lebin2bn(dgst, dlen, NULL); newsig = ECDSA_SIG_new(); if (!newsig || !md) { GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE); @@ -367,7 +352,7 @@ int gost_ec_verify(const unsigned char *dgst, int dgst_len, } OPENSSL_assert(dgst_len == 32 || dgst_len == 64); - md = hashsum2bn(dgst, dgst_len); + md = BN_lebin2bn(dgst, dgst_len, NULL); if (!md || !BN_mod(e, md, order, ctx)) { GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR); goto err; @@ -454,7 +439,7 @@ int gost_ec_compute_public(EC_KEY *ec) return 0; } - ctx = BN_CTX_new(); + ctx = BN_CTX_secure_new(); if (!ctx) { GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); return 0; @@ -508,7 +493,7 @@ int gost_ec_keygen(EC_KEY *ec) } order = BN_new(); - d = BN_new(); + d = BN_secure_new(); if (!order || !d) { GOSTerr(GOST_F_GOST_EC_KEYGEN, ERR_R_MALLOC_FAILURE); goto end; diff --git a/gost_lcl.h b/gost_lcl.h index b590bf5..4eba354 100644 --- a/gost_lcl.h +++ b/gost_lcl.h @@ -292,9 +292,6 @@ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen, const unsigned char *iv, const size_t ivlen, unsigned char *shared_key); /*============== miscellaneous functions============================= */ -/* from gost_sign.c */ -/* Convert GOST R 34.11 hash sum to bignum according to standard */ -BIGNUM *hashsum2bn(const unsigned char *dgst, int len); /* * Store bignum in byte array of given length, prepending by zeros if * nesseccary