lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder

Browse Source 
Remove deprecated functions and constants.
This commit is contained in:
Manuel Pégourié-Gonnard
2021-05-07 10:05:30 +02:00
committed by GitHub
parent 5b416e95b2 d9d035a5b5
commit dd57b2f240
26 changed files with 119 additions and 1135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
library/ecdsa.c
View File

@ -420,6 +420,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/*
* Deterministic signature wrapper
*
* note: The f_rng_blind parameter must not be NULL.
*
*/
static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
mbedtls_mpi *r, mbedtls_mpi *s,
@ -475,69 +478,9 @@ sign:
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng );
#else
if( f_rng_blind != NULL )
ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng,
f_rng_blind, p_rng_blind, rs_ctx );
else
{
mbedtls_hmac_drbg_context *p_rng_blind_det;
#if !defined(MBEDTLS_ECP_RESTARTABLE)
/*
* To avoid reusing rng_ctx and risking incorrect behavior we seed a
* second HMAC-DRBG with the same seed. We also apply a label to avoid
* reusing the bits of the ephemeral key for blinding and eliminate the
* risk that they leak this way.
*/
const char* blind_label = "BLINDING CONTEXT";
mbedtls_hmac_drbg_context rng_ctx_blind;
mbedtls_hmac_drbg_init( &rng_ctx_blind );
p_rng_blind_det = &rng_ctx_blind;
mbedtls_hmac_drbg_seed_buf( p_rng_blind_det, md_info,
data, 2 * grp_len );
ret = mbedtls_hmac_drbg_update_ret( p_rng_blind_det,
(const unsigned char*) blind_label,
strlen( blind_label ) );
if( ret != 0 )
{
mbedtls_hmac_drbg_free( &rng_ctx_blind );
goto cleanup;
}
#else
/*
* In the case of restartable computations we would either need to store
* the second RNG in the restart context too or set it up at every
* restart. The first option would penalize the correct application of
* the function and the second would defeat the purpose of the
* restartable feature.
*
* Therefore in this case we reuse the original RNG. This comes with the
* price that the resulting signature might not be a valid deterministic
* ECDSA signature with a very low probability (same magnitude as
* successfully guessing the private key). However even then it is still
* a valid ECDSA signature.
*/
p_rng_blind_det = p_rng;
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Since the output of the RNGs is always the same for the same key and
* message, this limits the efficiency of blinding and leaks information
* through side channels. After mbedtls_ecdsa_sign_det() is removed NULL
* won't be a valid value for f_rng_blind anymore. Therefore it should
* be checked by the caller and this branch and check can be removed.
*/
ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng,
mbedtls_hmac_drbg_random, p_rng_blind_det,
rs_ctx );
#if !defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_hmac_drbg_free( &rng_ctx_blind );
#endif
}
ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng,
f_rng_blind, p_rng_blind, rs_ctx );
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
cleanup:
@ -550,26 +493,8 @@ cleanup:
}
/*
* Deterministic signature wrappers
* Deterministic signature wrapper
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
mbedtls_mpi *s, const mbedtls_mpi *d,
const unsigned char *buf, size_t blen,
mbedtls_md_type_t md_alg )
{
ECDSA_VALIDATE_RET( grp != NULL );
ECDSA_VALIDATE_RET( r != NULL );
ECDSA_VALIDATE_RET( s != NULL );
ECDSA_VALIDATE_RET( d != NULL );
ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
NULL, NULL, NULL ) );
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
mbedtls_mpi *s, const mbedtls_mpi *d,
const unsigned char *buf, size_t blen,
@ -756,10 +681,13 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
ECDSA_VALIDATE_RET( ctx != NULL );
ECDSA_VALIDATE_RET( hash != NULL );
ECDSA_VALIDATE_RET( sig != NULL );
ECDSA_VALIDATE_RET( slen != NULL );
ECDSA_VALIDATE_RET( ctx != NULL );
ECDSA_VALIDATE_RET( hash != NULL );
ECDSA_VALIDATE_RET( sig != NULL );
ECDSA_VALIDATE_RET( slen != NULL );
if( f_rng == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s );
@ -811,22 +739,6 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
defined(MBEDTLS_ECDSA_DETERMINISTIC)
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
mbedtls_md_type_t md_alg )
{
ECDSA_VALIDATE_RET( ctx != NULL );
ECDSA_VALIDATE_RET( hash != NULL );
ECDSA_VALIDATE_RET( sig != NULL );
ECDSA_VALIDATE_RET( slen != NULL );
return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
NULL, NULL ) );
}
#endif
/*
* Read and check signature
*/