[openssl] openssl-3.0 update
tomas at openssl.org
tomas at openssl.org
Tue Nov 2 11:12:43 UTC 2021
The branch openssl-3.0 has been updated
via 47d82af0827ec46876e8cc859cd76b256d81c3c4 (commit)
from a6de1029f4dc4185a1e84e6cc933325e9fce6cdc (commit)
- Log -----------------------------------------------------------------
commit 47d82af0827ec46876e8cc859cd76b256d81c3c4
Author: Mingjun.Yang <yangmingjun at uniontech.com>
Date: Thu Oct 28 10:14:55 2021 +0800
Add missing check according to SM2 Digital Signature generation algorithm
The process should be conforming to clause 6.1 and 6.2 of GMT 0003.2-2012.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16931)
(cherry picked from commit e81c81c9af8a5d22658110d2dc753582eb87a58e)
-----------------------------------------------------------------------
Summary of changes:
crypto/sm2/sm2_sign.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index 72be1c00b4..5861f420fb 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -239,6 +239,15 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
goto done;
}
+ /*
+ * A3: Generate a random number k in [1,n-1] using random number generators;
+ * A4: Compute (x1,y1)=[k]G, and convert the type of data x1 to be integer
+ * as specified in clause 4.2.8 of GM/T 0003.1-2012;
+ * A5: Compute r=(e+x1) mod n. If r=0 or r+k=n, then go to A3;
+ * A6: Compute s=(1/(1+dA)*(k-r*dA)) mod n. If s=0, then go to A3;
+ * A7: Convert the type of data (r,s) to be bit strings according to the details
+ * in clause 4.2.2 of GM/T 0003.1-2012. Then the signature of message M is (r,s).
+ */
for (;;) {
if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
@@ -274,6 +283,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
goto done;
}
+ /* try again if s == 0 */
+ if (BN_is_zero(s))
+ continue;
+
sig = ECDSA_SIG_new();
if (sig == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);
More information about the openssl-commits
mailing list