Partial port of EC_KEY_METHOD from OpenSSL 1.1.

This commit adds missing API for ECDH/ECDSA_verify. from markus
author: tb <> 2019-01-19 01:12:48 +0000
committer: tb <> 2019-01-19 01:12:48 +0000
commit: dad3267aefbeab3a8910c1c59b2e5f7e9c12b048 (patch)
tree: 5ac3e1c2617f2fd9b71523bfd1836f187ba33661 /src/lib/libcrypto/ecdsa
parent: dc38b357c3a6e0db4a7172af29148961b86b0724 (diff)
download: openbsd-dad3267aefbeab3a8910c1c59b2e5f7e9c12b048.tar.gz
openbsd-dad3267aefbeab3a8910c1c59b2e5f7e9c12b048.tar.bz2
openbsd-dad3267aefbeab3a8910c1c59b2e5f7e9c12b048.zip
3 files changed, 64 insertions, 30 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index 12d6677ce3..71b8825436 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */
+/* $OpenBSD: ecdsa.h,v 1.7 2019/01/19 01:12:48 tb Exp $ */
 /**
 * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
 * \author Written by Nils Larsch for the OpenSSL project
@@ -279,6 +279,11 @@ void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
        EC_KEY *eckey));
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+    int (*verify)(int type, const unsigned char *dgst, int dgst_len,
+        const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
+    int (*verify_sig)(const unsigned char *dgst, int dgst_len,
+        const ECDSA_SIG *sig, EC_KEY *eckey));
 void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
    int (**psign)(int type, const unsigned char *dgst,
        int dlen, unsigned char *sig, unsigned int *siglen,
@@ -288,6 +293,12 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
    ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
        EC_KEY *eckey));
+void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
+    int (**pverify)(int type, const unsigned char *dgst, int dgst_len,
+        const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
+    int (**pverify_sig)(const unsigned char *dgst, int dgst_len,
+        const ECDSA_SIG *sig, EC_KEY *eckey));
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 4e05cb9aac..791a5c48e1 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project
 */
@@ -56,6 +56,8 @@
 *
 */
+#include <string.h>
 #include <openssl/opensslconf.h>
 #include <openssl/err.h>
@@ -421,6 +423,32 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
        return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);
 }
+int
+ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+    const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+        ECDSA_SIG *s;
+        unsigned char *der = NULL;
+        const unsigned char *p = sigbuf;
+        int derlen = -1;
+        int ret = -1;
+        if ((s = ECDSA_SIG_new()) == NULL)
+                return (ret);
+        if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+                goto err;
+        /* Ensure signature uses DER and doesn't have trailing garbage */
+        derlen = i2d_ECDSA_SIG(s, &der);
+        if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+                goto err;
+        ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+        freezero(der, derlen);
+        ECDSA_SIG_free(s);
+        return (ret);
+}
 static int
 ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
    EC_KEY *eckey)
@@ -524,3 +552,15 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
        EC_POINT_free(point);
        return ret;
 }
+/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */
+int
+ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+    const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+        ECDSA_DATA *ecdsa;
+        if ((ecdsa = ecdsa_check(eckey)) == NULL)
+                return 0;
+        return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
+}
diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c
index 270af94c0d..4c1bc85e06 100644
--- a/src/lib/libcrypto/ecdsa/ecs_vrf.c
+++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_vrf.c,v 1.6 2017/05/02 03:59:44 deraadt Exp $ */
+/* $OpenBSD: ecs_vrf.c,v 1.7 2019/01/19 01:12:48 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project
 */
@@ -56,10 +56,10 @@
 *
 */
-#include <string.h>
 #include <openssl/opensslconf.h>
 #include "ecs_locl.h"
+#include "ec_lcl.h"
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -73,11 +73,10 @@ int
 ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
    EC_KEY *eckey)
 {
-        ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+        if (eckey->meth->verify_sig != NULL)
+                return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
-        if (ecdsa == NULL)
+        ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
-                return 0;
+        return 0;
-        return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
 }
 /* returns
@@ -89,25 +88,9 @@ int
 ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
    const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
 {
-        ECDSA_SIG *s;
+        if (eckey->meth->verify != NULL)
-        unsigned char *der = NULL;
+                return eckey->meth->verify(type, dgst, dgst_len,
-        const unsigned char *p = sigbuf;
+                    sigbuf, sig_len, eckey);
-        int derlen = -1;
+        ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
-        int ret = -1;
+        return 0;
-        s = ECDSA_SIG_new();
-        if (s == NULL)
-                return (ret);
-        if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
-                goto err;
-        /* Ensure signature uses DER and doesn't have trailing garbage */
-        derlen = i2d_ECDSA_SIG(s, &der);
-        if (derlen != sig_len || memcmp(sigbuf, der, derlen))
-                goto err;
-        ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
-err:
-        freezero(der, derlen);
-        ECDSA_SIG_free(s);
-        return (ret);
 }
author	tb <>	2019-01-19 01:12:48 +0000
committer	tb <>	2019-01-19 01:12:48 +0000
commit	dad3267aefbeab3a8910c1c59b2e5f7e9c12b048 (patch)
tree	5ac3e1c2617f2fd9b71523bfd1836f187ba33661 /src/lib/libcrypto/ecdsa
parent	dc38b357c3a6e0db4a7172af29148961b86b0724 (diff)
download	openbsd-dad3267aefbeab3a8910c1c59b2e5f7e9c12b048.tar.gz openbsd-dad3267aefbeab3a8910c1c59b2e5f7e9c12b048.tar.bz2 openbsd-dad3267aefbeab3a8910c1c59b2e5f7e9c12b048.zip

diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h index 12d6677ce3..71b8825436 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.h +++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecdsa.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */	1	/* $OpenBSD: ecdsa.h,v 1.7 2019/01/19 01:12:48 tb Exp $ */
2	/**	2	/**
3	* \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions	3	* \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
4	* \author Written by Nils Larsch for the OpenSSL project	4	* \author Written by Nils Larsch for the OpenSSL project
@@ -279,6 +279,11 @@ void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
279	ECDSA_SIG (sign_sig)(const unsigned char *dgst,	279	ECDSA_SIG (sign_sig)(const unsigned char *dgst,
280	int dgst_len, const BIGNUM in_kinv, const BIGNUM in_r,	280	int dgst_len, const BIGNUM in_kinv, const BIGNUM in_r,
281	EC_KEY *eckey));	281	EC_KEY *eckey));
		282	void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
		283	int (verify)(int type, const unsigned char dgst, int dgst_len,
		284	const unsigned char sigbuf, int sig_len, EC_KEY eckey),
		285	int (verify_sig)(const unsigned char dgst, int dgst_len,
		286	const ECDSA_SIG sig, EC_KEY eckey));
282	void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,	287	void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
283	int (*psign)(int type, const unsigned char dgst,	288	int (*psign)(int type, const unsigned char dgst,
284	int dlen, unsigned char sig, unsigned int siglen,	289	int dlen, unsigned char sig, unsigned int siglen,
@@ -288,6 +293,12 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
288	ECDSA_SIG (psign_sig)(const unsigned char dgst,	293	ECDSA_SIG (psign_sig)(const unsigned char dgst,
289	int dgst_len, const BIGNUM in_kinv, const BIGNUM in_r,	294	int dgst_len, const BIGNUM in_kinv, const BIGNUM in_r,
290	EC_KEY *eckey));	295	EC_KEY *eckey));
		296	void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
		297	int (*pverify)(int type, const unsigned char dgst, int dgst_len,
		298	const unsigned char sigbuf, int sig_len, EC_KEY eckey),
		299	int (*pverify_sig)(const unsigned char dgst, int dgst_len,
		300	const ECDSA_SIG sig, EC_KEY eckey));
		301
291		302
292	/* BEGIN ERROR CODES */	303	/* BEGIN ERROR CODES */
293	/* The following lines are auto generated by the script mkerr.pl. Any changes	304	/* The following lines are auto generated by the script mkerr.pl. Any changes


diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 4e05cb9aac..791a5c48e1 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecs_ossl.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */	1	/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */
2	/*	2	/*
3	* Written by Nils Larsch for the OpenSSL project	3	* Written by Nils Larsch for the OpenSSL project
4	*/	4	*/
@@ -56,6 +56,8 @@
56	*	56	*
57	*/	57	*/
58		58
		59	#include <string.h>
		60
59	#include <openssl/opensslconf.h>	61	#include <openssl/opensslconf.h>
60		62
61	#include <openssl/err.h>	63	#include <openssl/err.h>
@@ -421,6 +423,32 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
421	return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);	423	return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);
422	}	424	}
423		425
		426	int
		427	ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
		428	const unsigned char sigbuf, int sig_len, EC_KEY eckey)
		429	{
		430	ECDSA_SIG *s;
		431	unsigned char *der = NULL;
		432	const unsigned char *p = sigbuf;
		433	int derlen = -1;
		434	int ret = -1;
		435
		436	if ((s = ECDSA_SIG_new()) == NULL)
		437	return (ret);
		438	if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
		439	goto err;
		440	/* Ensure signature uses DER and doesn't have trailing garbage */
		441	derlen = i2d_ECDSA_SIG(s, &der);
		442	if (derlen != sig_len \|\| memcmp(sigbuf, der, derlen))
		443	goto err;
		444	ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
		445
		446	err:
		447	freezero(der, derlen);
		448	ECDSA_SIG_free(s);
		449	return (ret);
		450	}
		451
424	static int	452	static int
425	ecdsa_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,	453	ecdsa_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,
426	EC_KEY *eckey)	454	EC_KEY *eckey)
@@ -524,3 +552,15 @@ ecdsa_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,
524	EC_POINT_free(point);	552	EC_POINT_free(point);
525	return ret;	553	return ret;
526	}	554	}
		555
		556	/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */
		557	int
		558	ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
		559	const ECDSA_SIG sig, EC_KEY eckey)
		560	{
		561	ECDSA_DATA *ecdsa;
		562
		563	if ((ecdsa = ecdsa_check(eckey)) == NULL)
		564	return 0;
		565	return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
		566	}


diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c index 270af94c0d..4c1bc85e06 100644 --- a/src/lib/libcrypto/ecdsa/ecs_vrf.c +++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecs_vrf.c,v 1.6 2017/05/02 03:59:44 deraadt Exp $ */	1	/* $OpenBSD: ecs_vrf.c,v 1.7 2019/01/19 01:12:48 tb Exp $ */
2	/*	2	/*
3	* Written by Nils Larsch for the OpenSSL project	3	* Written by Nils Larsch for the OpenSSL project
4	*/	4	*/
@@ -56,10 +56,10 @@
56	*	56	*
57	*/	57	*/
58		58
59	#include <string.h>
60	#include <openssl/opensslconf.h>	59	#include <openssl/opensslconf.h>
61		60
62	#include "ecs_locl.h"	61	#include "ecs_locl.h"
		62	#include "ec_lcl.h"
63	#ifndef OPENSSL_NO_ENGINE	63	#ifndef OPENSSL_NO_ENGINE
64	#include <openssl/engine.h>	64	#include <openssl/engine.h>
65	#endif	65	#endif
@@ -73,11 +73,10 @@ int
73	ECDSA_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,	73	ECDSA_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,
74	EC_KEY *eckey)	74	EC_KEY *eckey)
75	{	75	{
76	ECDSA_DATA *ecdsa = ecdsa_check(eckey);	76	if (eckey->meth->verify_sig != NULL)
77		77	return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
78	if (ecdsa == NULL)	78	ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
79	return 0;	79	return 0;
80	return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
81	}	80	}
82		81
83	/* returns	82	/* returns
@@ -89,25 +88,9 @@ int
89	ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,	88	ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
90	const unsigned char sigbuf, int sig_len, EC_KEY eckey)	89	const unsigned char sigbuf, int sig_len, EC_KEY eckey)
91	{	90	{
92	ECDSA_SIG *s;	91	if (eckey->meth->verify != NULL)
93	unsigned char *der = NULL;	92	return eckey->meth->verify(type, dgst, dgst_len,
94	const unsigned char *p = sigbuf;	93	sigbuf, sig_len, eckey);
95	int derlen = -1;	94	ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
96	int ret = -1;	95	return 0;
97
98	s = ECDSA_SIG_new();
99	if (s == NULL)
100	return (ret);
101	if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
102	goto err;
103	/* Ensure signature uses DER and doesn't have trailing garbage */
104	derlen = i2d_ECDSA_SIG(s, &der);
105	if (derlen != sig_len \|\| memcmp(sigbuf, der, derlen))
106	goto err;
107	ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
108
109	err:
110	freezero(der, derlen);
111	ECDSA_SIG_free(s);
112	return (ret);
113	}	96	}