libcrypto: prefix EC_KEY methods with ec_key_

We received reports that the too generic internal ecdsa_{sign,verify}() symbol names clash in some static links. The naming here is annoying because the EC_KEY_METHOD amalgamated the no longer existing ECDH and ECDSA methods which themselves had poorly chosen method names, still reflected in public API. There are various messes here. The ECDSA verify methods are declared in ec_local.h, whereas the ECDSA sign methods are in ecdsa_local.h (which is itself pretty useless and really only about EC_KEY_METHOD). I therefore merged the ECDSA method declarations into ec_local.h and deleted ecdsa_local.h since I see no real benefit to the latter. ecdsa.c needs ec_local.h anyway. Having the method declarations next to EC_KEY_METHOD seems sensible. I left the order as it was, matching ecdsa.c. The eckey_compute_pubkey() prototype should probably be moved down. With one exception I just added an ec_key_ prefix. This leads to a a repetition of 'key' in ec_key_ecdh_compute_key() which I chose to live with because it matches the public ECDH_compute_key() (mostly used by SSH implementations). The exception is ec_key_generate_key() where I expanded the gen() leading to another _key repetition but this then matches EC_KEY_generate_key(). Thanks to Rosen Penev for reporting and sending an initial diff. See also https://github.com/gsliepen/tinc/issues/478 ok jsing
author: tb <> 2026-03-18 08:02:40 +0000
committer: tb <> 2026-03-18 08:02:40 +0000
commit: e1991105df8fe12032795b7f34ed61fd9272e525 (patch)
tree: 2c5c9a04e08f3ba3f5c6e0bec7c4f26c2bab6e8e /src/lib/libcrypto/ec
parent: ec0894d4cccd2b2d88759796071c3ed1afd3a475 (diff)
download: openbsd-e1991105df8fe12032795b7f34ed61fd9272e525.tar.gz
openbsd-e1991105df8fe12032795b7f34ed61fd9272e525.tar.bz2
openbsd-e1991105df8fe12032795b7f34ed61fd9272e525.zip
2 files changed, 21 insertions, 14 deletions
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index e9777019c8..a32533ec73 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.52 2025/05/10 05:54:38 tb Exp $ */
+/* $OpenBSD: ec_key.c,v 1.53 2026/03/18 08:02:40 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@@ -69,7 +69,6 @@
 #include "bn_local.h"
 #include "ec_local.h"
-#include "ecdsa_local.h"
 #include "err_local.h"
 EC_KEY *
@@ -236,7 +235,7 @@ EC_KEY_generate_key(EC_KEY *eckey)
 LCRYPTO_ALIAS(EC_KEY_generate_key);
 static int
-ec_key_gen(EC_KEY *eckey)
+ec_key_generate_key(EC_KEY *eckey)
 {
        BIGNUM *priv_key = NULL;
        EC_POINT *pub_key = NULL;
@@ -771,15 +770,15 @@ static const EC_KEY_METHOD openssl_ec_key_method = {
        .set_private = NULL,
        .set_public = NULL,
-        .keygen = ec_key_gen,
+        .keygen = ec_key_generate_key,
-        .compute_key = ecdh_compute_key,
+        .compute_key = ec_key_ecdh_compute_key,
-        .sign = ecdsa_sign,
+        .sign = ec_key_ecdsa_sign,
-        .sign_setup = ecdsa_sign_setup,
+        .sign_setup = ec_key_ecdsa_sign_setup,
-        .sign_sig = ecdsa_sign_sig,
+        .sign_sig = ec_key_ecdsa_sign_sig,
-        .verify = ecdsa_verify,
+        .verify = ec_key_ecdsa_verify,
-        .verify_sig = ecdsa_verify_sig,
+        .verify_sig = ec_key_ecdsa_verify_sig,
 };
 const EC_KEY_METHOD *
diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h
index d84e92767c..cb7612b39f 100644
--- a/src/lib/libcrypto/ec/ec_local.h
+++ b/src/lib/libcrypto/ec/ec_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.73 2025/12/26 18:42:33 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.74 2026/03/18 08:02:40 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -256,11 +256,19 @@ struct ec_key_st {
 } /* EC_KEY */;
 int eckey_compute_pubkey(EC_KEY *eckey);
-int ecdh_compute_key(unsigned char **out, size_t *out_len,
+int ec_key_ecdh_compute_key(unsigned char **out, size_t *out_len,
    const EC_POINT *pub_key, const EC_KEY *ecdh);
-int ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+int ec_key_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
+    BIGNUM **out_r);
+int ec_key_ecdsa_sign(int type, const unsigned char *digest, int digest_len,
+    unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
+    const BIGNUM *r, EC_KEY *eckey);
+ECDSA_SIG *ec_key_ecdsa_sign_sig(const unsigned char *digest, int digest_len,
+    const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey);
+int ec_key_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
    const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
-int ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+int ec_key_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
    const ECDSA_SIG *sig, EC_KEY *eckey);
 /*
author	tb <>	2026-03-18 08:02:40 +0000
committer	tb <>	2026-03-18 08:02:40 +0000
commit	e1991105df8fe12032795b7f34ed61fd9272e525 (patch)
tree	2c5c9a04e08f3ba3f5c6e0bec7c4f26c2bab6e8e /src/lib/libcrypto/ec
parent	ec0894d4cccd2b2d88759796071c3ed1afd3a475 (diff)
download	openbsd-e1991105df8fe12032795b7f34ed61fd9272e525.tar.gz openbsd-e1991105df8fe12032795b7f34ed61fd9272e525.tar.bz2 openbsd-e1991105df8fe12032795b7f34ed61fd9272e525.zip

diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index e9777019c8..a32533ec73 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_key.c,v 1.52 2025/05/10 05:54:38 tb Exp $ */	1	/* $OpenBSD: ec_key.c,v 1.53 2026/03/18 08:02:40 tb Exp $ */
2	/*	2	/*
3	* Written by Nils Larsch for the OpenSSL project.	3	* Written by Nils Larsch for the OpenSSL project.
4	*/	4	*/
@@ -69,7 +69,6 @@
69		69
70	#include "bn_local.h"	70	#include "bn_local.h"
71	#include "ec_local.h"	71	#include "ec_local.h"
72	#include "ecdsa_local.h"
73	#include "err_local.h"	72	#include "err_local.h"
74		73
75	EC_KEY *	74	EC_KEY *
@@ -236,7 +235,7 @@ EC_KEY_generate_key(EC_KEY *eckey)
236	LCRYPTO_ALIAS(EC_KEY_generate_key);	235	LCRYPTO_ALIAS(EC_KEY_generate_key);
237		236
238	static int	237	static int
239	ec_key_gen(EC_KEY *eckey)	238	ec_key_generate_key(EC_KEY *eckey)
240	{	239	{
241	BIGNUM *priv_key = NULL;	240	BIGNUM *priv_key = NULL;
242	EC_POINT *pub_key = NULL;	241	EC_POINT *pub_key = NULL;
@@ -771,15 +770,15 @@ static const EC_KEY_METHOD openssl_ec_key_method = {
771	.set_private = NULL,	770	.set_private = NULL,
772	.set_public = NULL,	771	.set_public = NULL,
773		772
774	.keygen = ec_key_gen,	773	.keygen = ec_key_generate_key,
775	.compute_key = ecdh_compute_key,	774	.compute_key = ec_key_ecdh_compute_key,
776		775
777	.sign = ecdsa_sign,	776	.sign = ec_key_ecdsa_sign,
778	.sign_setup = ecdsa_sign_setup,	777	.sign_setup = ec_key_ecdsa_sign_setup,
779	.sign_sig = ecdsa_sign_sig,	778	.sign_sig = ec_key_ecdsa_sign_sig,
780		779
781	.verify = ecdsa_verify,	780	.verify = ec_key_ecdsa_verify,
782	.verify_sig = ecdsa_verify_sig,	781	.verify_sig = ec_key_ecdsa_verify_sig,
783	};	782	};
784		783
785	const EC_KEY_METHOD *	784	const EC_KEY_METHOD *


diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h index d84e92767c..cb7612b39f 100644 --- a/src/lib/libcrypto/ec/ec_local.h +++ b/src/lib/libcrypto/ec/ec_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_local.h,v 1.73 2025/12/26 18:42:33 tb Exp $ */	1	/* $OpenBSD: ec_local.h,v 1.74 2026/03/18 08:02:40 tb Exp $ */
2	/*	2	/*
3	* Originally written by Bodo Moeller for the OpenSSL project.	3	* Originally written by Bodo Moeller for the OpenSSL project.
4	*/	4	*/
@@ -256,11 +256,19 @@ struct ec_key_st {
256	} /* EC_KEY */;	256	} /* EC_KEY */;
257		257
258	int eckey_compute_pubkey(EC_KEY *eckey);	258	int eckey_compute_pubkey(EC_KEY *eckey);
259	int ecdh_compute_key(unsigned char *out, size_t out_len,	259
		260	int ec_key_ecdh_compute_key(unsigned char *out, size_t out_len,
260	const EC_POINT pub_key, const EC_KEY ecdh);	261	const EC_POINT pub_key, const EC_KEY ecdh);
261	int ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,	262	int ec_key_ecdsa_sign_setup(EC_KEY eckey, BN_CTX in_ctx, BIGNUM **out_kinv,
		263	BIGNUM **out_r);
		264	int ec_key_ecdsa_sign(int type, const unsigned char *digest, int digest_len,
		265	unsigned char signature, unsigned int signature_len, const BIGNUM *kinv,
		266	const BIGNUM r, EC_KEY eckey);
		267	ECDSA_SIG ec_key_ecdsa_sign_sig(const unsigned char digest, int digest_len,
		268	const BIGNUM in_kinv, const BIGNUM in_r, EC_KEY *eckey);
		269	int ec_key_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
262	const unsigned char sigbuf, int sig_len, EC_KEY eckey);	270	const unsigned char sigbuf, int sig_len, EC_KEY eckey);
263	int ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,	271	int ec_key_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
264	const ECDSA_SIG sig, EC_KEY eckey);	272	const ECDSA_SIG sig, EC_KEY eckey);
265		273
266	/*	274	/*