1 files changed, 5 insertions, 133 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index 6139dbac1a..2e6b672627 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,7 +1,6 @@
-/* $OpenBSD: ecdsa.h,v 1.15 2023/04/18 08:47:28 tb Exp $ */
+/* $OpenBSD: ecdsa.h,v 1.16 2023/06/19 09:12:41 tb Exp $ */
-/**
+/*
- * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
+ * Written by Nils Larsch for the OpenSSL project
- * \author Written by Nils Larsch for the OpenSSL project
 */
 /* ====================================================================
 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
@@ -88,7 +87,8 @@ struct ecdsa_method {
        char *app_data;
 };
-/* If this flag is set the ECDSA method is FIPS compliant and can be used
+/*
+ * If this flag is set, the ECDSA method is FIPS compliant and can be used
 * in FIPS mode. This is set in the validated module method. If an
 * application sets this flag in its own methods it is its responsibility
 * to ensure the result is compliant.
@@ -96,172 +96,44 @@ struct ecdsa_method {
 #define ECDSA_FLAG_FIPS_METHOD  0x1
-/** Allocates and initialize a ECDSA_SIG structure
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
 ECDSA_SIG *ECDSA_SIG_new(void);
-/** frees a ECDSA_SIG structure
- *  \param  sig  pointer to the ECDSA_SIG structure
- */
 void ECDSA_SIG_free(ECDSA_SIG *sig);
-/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
- *  (*pp += length of the DER encoded signature)).
- *  \param  sig  pointer to the ECDSA_SIG object
- *  \param  pp   pointer to a unsigned char pointer for the output or NULL
- *  \return the length of the DER encoded ECDSA_SIG object or 0
- */
 int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
- *  (*pp += len)).
- *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
- *  \param  pp   memory buffer with the DER encoded signature
- *  \param  len  length of the buffer
- *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
- */
 ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-/** Accessor for r and s fields of ECDSA_SIG
- *  \param  sig  pointer to ECDSA_SIG pointer
- *  \param  pr   pointer to BIGNUM pointer for r (may be NULL)
- *  \param  ps   pointer to BIGNUM pointer for s (may be NULL)
- */
 void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
 const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
 const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
-/** Setter for r and s fields of ECDSA_SIG
- *  \param  sig  pointer to ECDSA_SIG pointer
- *  \param  r    pointer to BIGNUM for r (may be NULL)
- *  \param  s    pointer to BIGNUM for s (may be NULL)
- */
 int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-/** Computes the ECDSA signature of the given hash value using
- *  the supplied private key and returns the created signature.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  eckey     EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
    EC_KEY *eckey);
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optional),
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
    const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-/** Verifies that the supplied signature is a valid ECDSA
- *  signature of the supplied hash value using the supplied public key.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  sig       ECDSA_SIG structure
- *  \param  eckey     EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
    const ECDSA_SIG *sig, EC_KEY* eckey);
 const ECDSA_METHOD *ECDSA_OpenSSL(void);
-/** Sets the default ECDSA method
- *  \param  meth  new default ECDSA_METHOD
- */
 void ECDSA_set_default_method(const ECDSA_METHOD *meth);
-/** Returns the default ECDSA method
- *  \return pointer to ECDSA_METHOD structure containing the default method
- */
 const ECDSA_METHOD *ECDSA_get_default_method(void);
-/** Sets method to be used for the ECDSA operations
- *  \param  eckey  EC_KEY object
- *  \param  meth   new method
- *  \return 1 on success and 0 otherwise
- */
 int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
-/** Returns the maximum length of the DER encoded signature
- *  \param  eckey  EC_KEY object
- *  \return numbers of bytes required for the DER encoded signature
- */
 int ECDSA_size(const EC_KEY *eckey);
-/** Precompute parts of the signing operation
- *  \param  eckey  EC_KEY object containing a private EC key
- *  \param  ctx    BN_CTX object (optional)
- *  \param  kinv   BIGNUM pointer for the inverse of k
- *  \param  rp     BIGNUM pointer for x coordinate of k * generator
- *  \return 1 on success and 0 otherwise
- */
 int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
    BIGNUM **rp);
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      memory for the DER encoded created signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
 int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
    unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      buffer to hold the DER encoded signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optional),
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
 int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
    unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
    const BIGNUM *rp, EC_KEY *eckey);
-/** Verifies that the given signature is valid ECDSA signature
- *  of the supplied hash value using the specified public key.
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value
- *  \param  dgstlen  length of the hash value
- *  \param  sig      pointer to the DER encoded signature
- *  \param  siglen   length of the DER encoded signature
- *  \param  eckey    EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
 int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
    const unsigned char *sig, int siglen, EC_KEY *eckey);
-/* the standard ex_data functions */
 int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
 void *ECDSA_get_ex_data(EC_KEY *d, int idx);
 /* XXX should be in ec.h, but needs ECDSA_SIG */
 void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
    int (*sign)(int type, const unsigned char *dgst,

diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h index 6139dbac1a..2e6b672627 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.h +++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,7 +1,6 @@
1	/* $OpenBSD: ecdsa.h,v 1.15 2023/04/18 08:47:28 tb Exp $ */	1	/* $OpenBSD: ecdsa.h,v 1.16 2023/06/19 09:12:41 tb Exp $ */
2	/**	2	/*
3	* \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions	3	* Written by Nils Larsch for the OpenSSL project
4	* \author Written by Nils Larsch for the OpenSSL project
5	*/	4	*/
6	/* ====================================================================	5	/* ====================================================================
7	* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.	6	* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
@@ -88,7 +87,8 @@ struct ecdsa_method {
88	char *app_data;	87	char *app_data;
89	};	88	};
90		89
91	/* If this flag is set the ECDSA method is FIPS compliant and can be used	90	/*
		91	* If this flag is set, the ECDSA method is FIPS compliant and can be used
92	* in FIPS mode. This is set in the validated module method. If an	92	* in FIPS mode. This is set in the validated module method. If an
93	* application sets this flag in its own methods it is its responsibility	93	* application sets this flag in its own methods it is its responsibility
94	* to ensure the result is compliant.	94	* to ensure the result is compliant.
@@ -96,172 +96,44 @@ struct ecdsa_method {
96		96
97	#define ECDSA_FLAG_FIPS_METHOD 0x1	97	#define ECDSA_FLAG_FIPS_METHOD 0x1
98		98
99	/** Allocates and initialize a ECDSA_SIG structure
100	* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
101	*/
102	ECDSA_SIG *ECDSA_SIG_new(void);	99	ECDSA_SIG *ECDSA_SIG_new(void);
103
104	/** frees a ECDSA_SIG structure
105	* \param sig pointer to the ECDSA_SIG structure
106	*/
107	void ECDSA_SIG_free(ECDSA_SIG *sig);	100	void ECDSA_SIG_free(ECDSA_SIG *sig);
108
109	/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
110	* (*pp += length of the DER encoded signature)).
111	* \param sig pointer to the ECDSA_SIG object
112	* \param pp pointer to a unsigned char pointer for the output or NULL
113	* \return the length of the DER encoded ECDSA_SIG object or 0
114	*/
115	int i2d_ECDSA_SIG(const ECDSA_SIG sig, unsigned char *pp);	101	int i2d_ECDSA_SIG(const ECDSA_SIG sig, unsigned char *pp);
116
117	/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
118	* (*pp += len)).
119	* \param sig pointer to ECDSA_SIG pointer (may be NULL)
120	* \param pp memory buffer with the DER encoded signature
121	* \param len length of the buffer
122	* \return pointer to the decoded ECDSA_SIG structure (or NULL)
123	*/
124	ECDSA_SIG d2i_ECDSA_SIG(ECDSA_SIG sig, const unsigned char *pp, long len);	102	ECDSA_SIG d2i_ECDSA_SIG(ECDSA_SIG sig, const unsigned char *pp, long len);
125
126	/** Accessor for r and s fields of ECDSA_SIG
127	* \param sig pointer to ECDSA_SIG pointer
128	* \param pr pointer to BIGNUM pointer for r (may be NULL)
129	* \param ps pointer to BIGNUM pointer for s (may be NULL)
130	*/
131	void ECDSA_SIG_get0(const ECDSA_SIG sig, const BIGNUM pr, const BIGNUM *ps);	103	void ECDSA_SIG_get0(const ECDSA_SIG sig, const BIGNUM pr, const BIGNUM *ps);
132		104
133	const BIGNUM ECDSA_SIG_get0_r(const ECDSA_SIG sig);	105	const BIGNUM ECDSA_SIG_get0_r(const ECDSA_SIG sig);
134	const BIGNUM ECDSA_SIG_get0_s(const ECDSA_SIG sig);	106	const BIGNUM ECDSA_SIG_get0_s(const ECDSA_SIG sig);
135
136	/** Setter for r and s fields of ECDSA_SIG
137	* \param sig pointer to ECDSA_SIG pointer
138	* \param r pointer to BIGNUM for r (may be NULL)
139	* \param s pointer to BIGNUM for s (may be NULL)
140	*/
141	int ECDSA_SIG_set0(ECDSA_SIG sig, BIGNUM r, BIGNUM *s);	107	int ECDSA_SIG_set0(ECDSA_SIG sig, BIGNUM r, BIGNUM *s);
142		108
143	/** Computes the ECDSA signature of the given hash value using
144	* the supplied private key and returns the created signature.
145	* \param dgst pointer to the hash value
146	* \param dgst_len length of the hash value
147	* \param eckey EC_KEY object containing a private EC key
148	* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
149	*/
150	ECDSA_SIG ECDSA_do_sign(const unsigned char dgst, int dgst_len,	109	ECDSA_SIG ECDSA_do_sign(const unsigned char dgst, int dgst_len,
151	EC_KEY *eckey);	110	EC_KEY *eckey);
152
153	/** Computes ECDSA signature of a given hash value using the supplied
154	* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
155	* \param dgst pointer to the hash value to sign
156	* \param dgstlen length of the hash value
157	* \param kinv BIGNUM with a pre-computed inverse k (optional)
158	* \param rp BIGNUM with a pre-computed rp value (optional),
159	* see ECDSA_sign_setup
160	* \param eckey EC_KEY object containing a private EC key
161	* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
162	*/
163	ECDSA_SIG ECDSA_do_sign_ex(const unsigned char dgst, int dgstlen,	111	ECDSA_SIG ECDSA_do_sign_ex(const unsigned char dgst, int dgstlen,
164	const BIGNUM kinv, const BIGNUM rp, EC_KEY *eckey);	112	const BIGNUM kinv, const BIGNUM rp, EC_KEY *eckey);
165
166	/** Verifies that the supplied signature is a valid ECDSA
167	* signature of the supplied hash value using the supplied public key.
168	* \param dgst pointer to the hash value
169	* \param dgst_len length of the hash value
170	* \param sig ECDSA_SIG structure
171	* \param eckey EC_KEY object containing a public EC key
172	* \return 1 if the signature is valid, 0 if the signature is invalid
173	* and -1 on error
174	*/
175	int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,	113	int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
176	const ECDSA_SIG sig, EC_KEY eckey);	114	const ECDSA_SIG sig, EC_KEY eckey);
177		115
178	const ECDSA_METHOD *ECDSA_OpenSSL(void);	116	const ECDSA_METHOD *ECDSA_OpenSSL(void);
179
180	/** Sets the default ECDSA method
181	* \param meth new default ECDSA_METHOD
182	*/
183	void ECDSA_set_default_method(const ECDSA_METHOD *meth);	117	void ECDSA_set_default_method(const ECDSA_METHOD *meth);
184
185	/** Returns the default ECDSA method
186	* \return pointer to ECDSA_METHOD structure containing the default method
187	*/
188	const ECDSA_METHOD *ECDSA_get_default_method(void);	118	const ECDSA_METHOD *ECDSA_get_default_method(void);
189
190	/** Sets method to be used for the ECDSA operations
191	* \param eckey EC_KEY object
192	* \param meth new method
193	* \return 1 on success and 0 otherwise
194	*/
195	int ECDSA_set_method(EC_KEY eckey, const ECDSA_METHOD meth);	119	int ECDSA_set_method(EC_KEY eckey, const ECDSA_METHOD meth);
196
197	/** Returns the maximum length of the DER encoded signature
198	* \param eckey EC_KEY object
199	* \return numbers of bytes required for the DER encoded signature
200	*/
201	int ECDSA_size(const EC_KEY *eckey);	120	int ECDSA_size(const EC_KEY *eckey);
202		121
203	/** Precompute parts of the signing operation
204	* \param eckey EC_KEY object containing a private EC key
205	* \param ctx BN_CTX object (optional)
206	* \param kinv BIGNUM pointer for the inverse of k
207	* \param rp BIGNUM pointer for x coordinate of k * generator
208	* \return 1 on success and 0 otherwise
209	*/
210	int ECDSA_sign_setup(EC_KEY eckey, BN_CTX ctx, BIGNUM **kinv,	122	int ECDSA_sign_setup(EC_KEY eckey, BN_CTX ctx, BIGNUM **kinv,
211	BIGNUM **rp);	123	BIGNUM **rp);
212
213	/** Computes ECDSA signature of a given hash value using the supplied
214	* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
215	* \param type this parameter is ignored
216	* \param dgst pointer to the hash value to sign
217	* \param dgstlen length of the hash value
218	* \param sig memory for the DER encoded created signature
219	* \param siglen pointer to the length of the returned signature
220	* \param eckey EC_KEY object containing a private EC key
221	* \return 1 on success and 0 otherwise
222	*/
223	int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,	124	int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
224	unsigned char sig, unsigned int siglen, EC_KEY *eckey);	125	unsigned char sig, unsigned int siglen, EC_KEY *eckey);
225
226
227	/** Computes ECDSA signature of a given hash value using the supplied
228	* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
229	* \param type this parameter is ignored
230	* \param dgst pointer to the hash value to sign
231	* \param dgstlen length of the hash value
232	* \param sig buffer to hold the DER encoded signature
233	* \param siglen pointer to the length of the returned signature
234	* \param kinv BIGNUM with a pre-computed inverse k (optional)
235	* \param rp BIGNUM with a pre-computed rp value (optional),
236	* see ECDSA_sign_setup
237	* \param eckey EC_KEY object containing a private EC key
238	* \return 1 on success and 0 otherwise
239	*/
240	int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,	126	int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
241	unsigned char sig, unsigned int siglen, const BIGNUM *kinv,	127	unsigned char sig, unsigned int siglen, const BIGNUM *kinv,
242	const BIGNUM rp, EC_KEY eckey);	128	const BIGNUM rp, EC_KEY eckey);
243
244	/** Verifies that the given signature is valid ECDSA signature
245	* of the supplied hash value using the specified public key.
246	* \param type this parameter is ignored
247	* \param dgst pointer to the hash value
248	* \param dgstlen length of the hash value
249	* \param sig pointer to the DER encoded signature
250	* \param siglen length of the DER encoded signature
251	* \param eckey EC_KEY object containing a public EC key
252	* \return 1 if the signature is valid, 0 if the signature is invalid
253	* and -1 on error
254	*/
255	int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,	129	int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
256	const unsigned char sig, int siglen, EC_KEY eckey);	130	const unsigned char sig, int siglen, EC_KEY eckey);
257		131
258	/* the standard ex_data functions */
259	int ECDSA_get_ex_new_index(long argl, void argp, CRYPTO_EX_new new_func,	132	int ECDSA_get_ex_new_index(long argl, void argp, CRYPTO_EX_new new_func,
260	CRYPTO_EX_dup dup_func, CRYPTO_EX_free free_func);	133	CRYPTO_EX_dup dup_func, CRYPTO_EX_free free_func);
261	int ECDSA_set_ex_data(EC_KEY d, int idx, void arg);	134	int ECDSA_set_ex_data(EC_KEY d, int idx, void arg);
262	void ECDSA_get_ex_data(EC_KEY d, int idx);	135	void ECDSA_get_ex_data(EC_KEY d, int idx);
263		136
264
265	/* XXX should be in ec.h, but needs ECDSA_SIG */	137	/* XXX should be in ec.h, but needs ECDSA_SIG */
266	void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,	138	void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
267	int (sign)(int type, const unsigned char dgst,	139	int (sign)(int type, const unsigned char dgst,