diff --git a/ChangeLog b/ChangeLog index e8f63d13a..4b6d21fa5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Features * Support for DTLS 1.0 and 1.2 (RFC 6347). API Changes + * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. * Last argument of x509_crt_check_key_usage() changed from int to unsigned. * test_ca_list (from certs.h) is renamed to test_cas_pem and is only available if POLARSSL_PEM_PARSE_C is defined (it never worked without). diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index b1fd88414..57f9b4849 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -52,6 +52,8 @@ extern "C" { /** * \brief Compute ECDSA signature of a previously hashed message * + * \note The deterministic version is usually prefered. + * * \param grp ECP group * \param r First output integer * \param s Second output integer @@ -70,8 +72,8 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s, #if defined(POLARSSL_ECDSA_DETERMINISTIC) /** - * \brief Compute ECDSA signature of a previously hashed message - * (deterministic version) + * \brief Compute ECDSA signature of a previously hashed message, + * deterministic version (RFC 6979). * * \param grp ECP group * \param r First output integer diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 14ac65e0e..8fda5817b 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -377,7 +377,8 @@ int pk_verify_ext( pk_type_t type, const void *options, * \note If hash_len is 0, then the length associated with md_alg * is used instead, or an error returned if it is invalid. * - * \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0 + * \note For RSA, md_alg may be POLARSSL_MD_NONE if hash_len != 0. + * For ECDSA, md_alg may never be POLARSSL_MD_NONE. */ int pk_sign( pk_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, diff --git a/library/ecdsa.c b/library/ecdsa.c index c39c9c3e5..dfc257002 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -43,35 +43,6 @@ #include "mbedtls/hmac_drbg.h" #endif -#if defined(POLARSSL_ECDSA_DETERMINISTIC) -/* - * This a hopefully temporary compatibility function. - * - * Since we can't ensure the caller will pass a valid md_alg before the next - * interface change, try to pick up a decent md by size. - * - * Argument is the minimum size in bytes of the MD output. - */ -static const md_info_t *md_info_by_size( size_t min_size ) -{ - const md_info_t *md_cur, *md_picked = NULL; - const int *md_alg; - - for( md_alg = md_list(); *md_alg != 0; md_alg++ ) - { - if( ( md_cur = md_info_from_type( (md_type_t) *md_alg ) ) == NULL || - (size_t) md_get_size( md_cur ) < min_size || - ( md_picked != NULL && - md_get_size( md_cur ) > md_get_size( md_picked ) ) ) - continue; - - md_picked = md_cur; - } - - return( md_picked ); -} -#endif /* POLARSSL_ECDSA_DETERMINISTIC */ - /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -199,13 +170,7 @@ int ecdsa_sign_det( ecp_group *grp, mpi *r, mpi *s, const md_info_t *md_info; mpi h; - /* Temporary fallback */ - if( md_alg == POLARSSL_MD_NONE ) - md_info = md_info_by_size( blen ); - else - md_info = md_info_from_type( md_alg ); - - if( md_info == NULL ) + if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) return( POLARSSL_ERR_ECP_BAD_INPUT_DATA ); mpi_init( &h ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index bedf75cb6..d82ab2a32 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -250,7 +250,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */ void pk_sign_verify( int type, int sign_ret, int verify_ret ) { pk_context pk; @@ -265,10 +265,10 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret ) TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 ); TEST_ASSERT( pk_genkey( &pk ) == 0 ); - TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_NONE, hash, sizeof hash, + TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_SHA256, hash, sizeof hash, sig, &sig_len, rnd_std_rand, NULL ) == sign_ret ); - TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE, + TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_SHA256, hash, sizeof hash, sig, sig_len ) == verify_ret ); exit: