Merge ecdsa.h into ec.h

Move the remaining ECDSA API into ec.h to match OpenSSL 1.1's interface
better.  In particular, the EC_KEY sign and verify method accessors are
moved to the right header. Whether the rest of the ECDSA stuff belongs
there is debatable, but that was upstream's choice.

ok jsing

4 files changed, 70 insertions, 186 deletions

diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index f711d55050..aac3537655 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.42 2023/07/05 17:10:10 tb Exp $ */
+/* $OpenBSD: ec.h,v 1.43 2023/07/28 09:16:17 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -326,6 +326,31 @@ void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
 const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
 EC_KEY *EC_KEY_new_method(ENGINE *engine);
+
+typedef struct ECDSA_SIG_st ECDSA_SIG;
+
+ECDSA_SIG *ECDSA_SIG_new(void);
+void ECDSA_SIG_free(ECDSA_SIG *sig);
+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+int ECDSA_size(const EC_KEY *eckey);
+
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *digest, int digest_len,
+    EC_KEY *eckey);
+int ECDSA_do_verify(const unsigned char *digest, int digest_len,
+    const ECDSA_SIG *sig, EC_KEY *eckey);
+
+int ECDSA_sign(int type, const unsigned char *digest, int digest_len,
+    unsigned char *signature, unsigned int *signature_len, EC_KEY *eckey);
+int ECDSA_verify(int type, const unsigned char *digest, int digest_len,
+    const unsigned char *signature, int signature_len, EC_KEY *eckey);
+
 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
 void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
 void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
@@ -340,6 +365,18 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
 void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
     int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
         void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+    int (*sign)(int type, const unsigned char *digest, int digest_len,
+        unsigned char *signature, unsigned int *signature_len,
+        const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
+    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp),
+    ECDSA_SIG *(*sign_sig)(const unsigned char *digest, int digest_len,
+        const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey));
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+    int (*verify)(int type, const unsigned char *digest, int digest_len,
+        const unsigned char *signature, int signature_len, EC_KEY *eckey),
+    int (*verify_sig)(const unsigned char *digest, int digest_len,
+        const ECDSA_SIG *sig, EC_KEY *eckey));
 void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
     int (**pinit)(EC_KEY *key),
     void (**pfinish)(EC_KEY *key),
@@ -352,6 +389,18 @@ void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
 void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
     int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
         void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+    int (**psign)(int type, const unsigned char *digest, int digest_len,
+        unsigned char *signature, unsigned int *signature_len,
+        const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
+    int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp),
+    ECDSA_SIG *(**psign_sig)(const unsigned char *digest, int digest_len,
+        const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey));
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+    int (**pverify)(int type, const unsigned char *digest, int digest_len,
+        const unsigned char *signature, int signature_len, EC_KEY *eckey),
+    int (**pverify_sig)(const unsigned char *digest, int digest_len,
+        const ECDSA_SIG *sig, EC_KEY *eckey));
 
 EC_KEY *ECParameters_dup(EC_KEY *key);
 
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index 4b4a10ced4..9f498eb4a2 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,142 +1,6 @@
-/* $OpenBSD: ecdsa.h,v 1.19 2023/07/28 09:08:31 tb Exp $ */
+/* $OpenBSD: ecdsa.h,v 1.20 2023/07/28 09:16:17 tb Exp $ */
 /*
- * Written by Nils Larsch for the OpenSSL project
+ * Public domain.
  */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDSA_H
-#define HEADER_ECDSA_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ECDSA
-#error ECDSA is disabled.
-#endif
 
-#include <openssl/bn.h>
 #include <openssl/ec.h>
-
-#include <openssl/ossl_typ.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct ECDSA_SIG_st ECDSA_SIG;
-
-/*
- * If this flag is set, the ECDSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its responsibility
- * to ensure the result is compliant.
- */
-
-#define ECDSA_FLAG_FIPS_METHOD  0x1
-
-ECDSA_SIG *ECDSA_SIG_new(void);
-void ECDSA_SIG_free(ECDSA_SIG *sig);
-int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-
-const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
-const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
-    EC_KEY *eckey);
-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-    const ECDSA_SIG *sig, EC_KEY* eckey);
-
-int ECDSA_size(const EC_KEY *eckey);
-
-int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
-    unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
-    const unsigned char *sig, int siglen, EC_KEY *eckey);
-
-/* XXX should be in ec.h, but needs ECDSA_SIG */
-void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
-    int (*sign)(int type, const unsigned char *dgst,
-        int dlen, unsigned char *sig, unsigned int *siglen,
-        const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
-    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
-        BIGNUM **kinvp, BIGNUM **rp),
-    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
-        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
-        EC_KEY *eckey));
-void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
-    int (*verify)(int type, const unsigned char *dgst, int dgst_len,
-        const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
-    int (*verify_sig)(const unsigned char *dgst, int dgst_len,
-        const ECDSA_SIG *sig, EC_KEY *eckey));
-void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
-    int (**psign)(int type, const unsigned char *dgst,
-        int dlen, unsigned char *sig, unsigned int *siglen,
-        const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
-    int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
-        BIGNUM **kinvp, BIGNUM **rp),
-    ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
-        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
-        EC_KEY *eckey));
-void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
-    int (**pverify)(int type, const unsigned char *dgst, int dgst_len,
-        const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
-    int (**pverify_sig)(const unsigned char *dgst, int dgst_len,
-        const ECDSA_SIG *sig, EC_KEY *eckey));
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/hidden/openssl/ec.h b/src/lib/libcrypto/hidden/openssl/ec.h
index 5e4121eac3..d2d65945e5 100644
--- a/src/lib/libcrypto/hidden/openssl/ec.h
+++ b/src/lib/libcrypto/hidden/openssl/ec.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: ec.h,v 1.3 2023/07/28 09:16:17 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -132,14 +132,31 @@ LCRYPTO_USED(EC_KEY_set_default_method);
 LCRYPTO_USED(EC_KEY_get_method);
 LCRYPTO_USED(EC_KEY_set_method);
 LCRYPTO_USED(EC_KEY_new_method);
+LCRYPTO_USED(ECDSA_SIG_new);
+LCRYPTO_USED(ECDSA_SIG_free);
+LCRYPTO_USED(i2d_ECDSA_SIG);
+LCRYPTO_USED(d2i_ECDSA_SIG);
+LCRYPTO_USED(ECDSA_SIG_get0_r);
+LCRYPTO_USED(ECDSA_SIG_get0_s);
+LCRYPTO_USED(ECDSA_SIG_get0);
+LCRYPTO_USED(ECDSA_SIG_set0);
+LCRYPTO_USED(ECDSA_size);
+LCRYPTO_USED(ECDSA_do_sign);
+LCRYPTO_USED(ECDSA_do_verify);
+LCRYPTO_USED(ECDSA_sign);
+LCRYPTO_USED(ECDSA_verify);
 LCRYPTO_USED(EC_KEY_METHOD_new);
 LCRYPTO_USED(EC_KEY_METHOD_free);
 LCRYPTO_USED(EC_KEY_METHOD_set_init);
 LCRYPTO_USED(EC_KEY_METHOD_set_keygen);
 LCRYPTO_USED(EC_KEY_METHOD_set_compute_key);
+LCRYPTO_USED(EC_KEY_METHOD_set_sign);
+LCRYPTO_USED(EC_KEY_METHOD_set_verify);
 LCRYPTO_USED(EC_KEY_METHOD_get_init);
 LCRYPTO_USED(EC_KEY_METHOD_get_keygen);
 LCRYPTO_USED(EC_KEY_METHOD_get_compute_key);
+LCRYPTO_USED(EC_KEY_METHOD_get_sign);
+LCRYPTO_USED(EC_KEY_METHOD_get_verify);
 LCRYPTO_USED(ECParameters_dup);
 LCRYPTO_USED(ERR_load_EC_strings);
 
diff --git a/src/lib/libcrypto/hidden/openssl/ecdsa.h b/src/lib/libcrypto/hidden/openssl/ecdsa.h
deleted file mode 100644
index 5846906be9..0000000000
--- a/src/lib/libcrypto/hidden/openssl/ecdsa.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/* $OpenBSD: ecdsa.h,v 1.5 2023/07/28 09:08:31 tb Exp $ */
-/*
- * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _LIBCRYPTO_ECDSA_H
-#define _LIBCRYPTO_ECDSA_H
-
-#ifndef _MSC_VER
-#include_next <openssl/ecdsa.h>
-#else
-#include "../include/openssl/ecdsa.h"
-#endif
-#include "crypto_namespace.h"
-
-LCRYPTO_USED(ECDSA_SIG_new);
-LCRYPTO_USED(ECDSA_SIG_free);
-LCRYPTO_USED(i2d_ECDSA_SIG);
-LCRYPTO_USED(d2i_ECDSA_SIG);
-LCRYPTO_USED(ECDSA_SIG_get0);
-LCRYPTO_USED(ECDSA_SIG_get0_r);
-LCRYPTO_USED(ECDSA_SIG_get0_s);
-LCRYPTO_USED(ECDSA_SIG_set0);
-LCRYPTO_USED(ECDSA_do_sign);
-LCRYPTO_USED(ECDSA_do_verify);
-LCRYPTO_USED(ECDSA_size);
-LCRYPTO_USED(ECDSA_sign);
-LCRYPTO_USED(ECDSA_verify);
-LCRYPTO_USED(EC_KEY_METHOD_set_sign);
-LCRYPTO_USED(EC_KEY_METHOD_set_verify);
-LCRYPTO_USED(EC_KEY_METHOD_get_sign);
-LCRYPTO_USED(EC_KEY_METHOD_get_verify);
-
-#endif /* _LIBCRYPTO_ECDSA_H */