1 files changed, 41 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 4e05cb9aac..791a5c48e1 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project
 */
@@ -56,6 +56,8 @@
 *
 */
+#include <string.h>
 #include <openssl/opensslconf.h>
 #include <openssl/err.h>
@@ -421,6 +423,32 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
        return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);
 }
+int
+ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+    const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+        ECDSA_SIG *s;
+        unsigned char *der = NULL;
+        const unsigned char *p = sigbuf;
+        int derlen = -1;
+        int ret = -1;
+        if ((s = ECDSA_SIG_new()) == NULL)
+                return (ret);
+        if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+                goto err;
+        /* Ensure signature uses DER and doesn't have trailing garbage */
+        derlen = i2d_ECDSA_SIG(s, &der);
+        if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+                goto err;
+        ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+        freezero(der, derlen);
+        ECDSA_SIG_free(s);
+        return (ret);
+}
 static int
 ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
    EC_KEY *eckey)
@@ -524,3 +552,15 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
        EC_POINT_free(point);
        return ret;
 }
+/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */
+int
+ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+    const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+        ECDSA_DATA *ecdsa;
+        if ((ecdsa = ecdsa_check(eckey)) == NULL)
+                return 0;
+        return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
+}

diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 4e05cb9aac..791a5c48e1 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecs_ossl.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */	1	/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */
2	/*	2	/*
3	* Written by Nils Larsch for the OpenSSL project	3	* Written by Nils Larsch for the OpenSSL project
4	*/	4	*/
@@ -56,6 +56,8 @@
56	*	56	*
57	*/	57	*/
58		58
		59	#include <string.h>
		60
59	#include <openssl/opensslconf.h>	61	#include <openssl/opensslconf.h>
60		62
61	#include <openssl/err.h>	63	#include <openssl/err.h>
@@ -421,6 +423,32 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
421	return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);	423	return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);
422	}	424	}
423		425
		426	int
		427	ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
		428	const unsigned char sigbuf, int sig_len, EC_KEY eckey)
		429	{
		430	ECDSA_SIG *s;
		431	unsigned char *der = NULL;
		432	const unsigned char *p = sigbuf;
		433	int derlen = -1;
		434	int ret = -1;
		435
		436	if ((s = ECDSA_SIG_new()) == NULL)
		437	return (ret);
		438	if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
		439	goto err;
		440	/* Ensure signature uses DER and doesn't have trailing garbage */
		441	derlen = i2d_ECDSA_SIG(s, &der);
		442	if (derlen != sig_len \|\| memcmp(sigbuf, der, derlen))
		443	goto err;
		444	ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
		445
		446	err:
		447	freezero(der, derlen);
		448	ECDSA_SIG_free(s);
		449	return (ret);
		450	}
		451
424	static int	452	static int
425	ecdsa_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,	453	ecdsa_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,
426	EC_KEY *eckey)	454	EC_KEY *eckey)
@@ -524,3 +552,15 @@ ecdsa_do_verify(const unsigned char dgst, int dgst_len, const ECDSA_SIG sig,
524	EC_POINT_free(point);	552	EC_POINT_free(point);
525	return ret;	553	return ret;
526	}	554	}
		555
		556	/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */
		557	int
		558	ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
		559	const ECDSA_SIG sig, EC_KEY eckey)
		560	{
		561	ECDSA_DATA *ecdsa;
		562
		563	if ((ecdsa = ecdsa_check(eckey)) == NULL)
		564	return 0;
		565	return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
		566	}