1 files changed, 0 insertions, 401 deletions
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
deleted file mode 100644
index c6221e4a01..0000000000
--- a/src/lib/libcrypto/gost/gostr341001.c
+++ /dev/null
@@ -1,401 +0,0 @@
-/* $OpenBSD: gostr341001.c,v 1.4 2015/02/14 06:40:04 jsing Exp $ */
-/*
- * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
- * Copyright (c) 2005-2006 Cryptocom LTD
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_GOST
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/gost.h>
-#include "gost_locl.h"
-/* Convert little-endian byte array into bignum */
-BIGNUM *
-GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn)
-{
-        unsigned char temp[64];
-        int i;
-        if (len > 64)
-                return NULL;
-        for (i = 0; i < len; i++) {
-                temp[len - 1 - i] = buf[i];
-        }
-        return BN_bin2bn(temp, len, bn);
-}
-int
-GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len)
-{
-        unsigned char temp[64];
-        int i, bytes;
-        bytes = BN_num_bytes(bn);
-        if (len > 64 || bytes > len)
-                return 0;
-        BN_bn2bin(bn, temp);
-        for (i = 0; i < bytes; i++) {
-                buf[bytes - 1 - i] = temp[i];
-        }
-        memset(buf + bytes, 0, len - bytes);
-        return 1;
-}
-int
-gost2001_compute_public(GOST_KEY *ec)
-{
-        const EC_GROUP *group = GOST_KEY_get0_group(ec);
-        EC_POINT *pub_key = NULL;
-        const BIGNUM *priv_key = NULL;
-        BN_CTX *ctx = NULL;
-        int ok = 0;
-        if (group == NULL) {
-                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
-                    GOST_R_KEY_IS_NOT_INITIALIZED);
-                return 0;
-        }
-        ctx = BN_CTX_new();
-        if (ctx == NULL) {
-                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
-                    ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        BN_CTX_start(ctx);
-        if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
-                goto err;
-        pub_key = EC_POINT_new(group);
-        if (pub_key == NULL)
-                goto err;
-        if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
-                goto err;
-        if (GOST_KEY_set_public_key(ec, pub_key) == 0)
-                goto err;
-        ok = 1;
-        if (ok == 0) {
-err:
-                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
-        }
-        EC_POINT_free(pub_key);
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        return ok;
-}
-ECDSA_SIG *
-gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
-{
-        ECDSA_SIG *newsig = NULL;
-        BIGNUM *order = NULL;
-        const EC_GROUP *group;
-        const BIGNUM *priv_key;
-        BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
-            NULL, *e = NULL;
-        EC_POINT *C = NULL;
-        BN_CTX *ctx = BN_CTX_new();
-        int ok = 0;
-        if (ctx == NULL) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        BN_CTX_start(ctx);
-        newsig = ECDSA_SIG_new();
-        if (newsig == NULL) {
-                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        s = newsig->s;
-        r = newsig->r;
-        group = GOST_KEY_get0_group(eckey);
-        if ((order = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, ctx) == 0)
-                goto err;
-        priv_key = GOST_KEY_get0_private_key(eckey);
-        if ((e = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (BN_mod(e, md, order, ctx) == 0)
-                goto err;
-        if (BN_is_zero(e))
-                BN_one(e);
-        if ((k = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((X = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((C = EC_POINT_new(group)) == NULL)
-                goto err;
-        do {
-                do {
-                        if (!BN_rand_range(k, order)) {
-                                GOSTerr(GOST_F_GOST2001_DO_SIGN,
-                                        GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-                                goto err;
-                        }
-                        /*
-                         * We do not want timing information to leak the length
-                         * of k, so we compute G*k using an equivalent scalar
-                         * of fixed bit-length.
-                         */
-                        if (BN_add(k, k, order) == 0)
-                                goto err;
-                        if (BN_num_bits(k) <= BN_num_bits(order))
-                                if (BN_add(k, k, order) == 0)
-                                        goto err;
-                        if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
-                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
-                                goto err;
-                        }
-                        if (EC_POINT_get_affine_coordinates_GFp(group, C, X,
-                            NULL, ctx) == 0) {
-                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
-                                goto err;
-                        }
-                        if (BN_nnmod(r, X, order, ctx) == 0)
-                                goto err;
-                } while (BN_is_zero(r));
-                /* s = (r*priv_key+k*e) mod order */
-                if (tmp == NULL) {
-                        if ((tmp = BN_CTX_get(ctx)) == NULL)
-                                goto err;
-                }
-                if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0)
-                        goto err;
-                if (tmp2 == NULL) {
-                        if ((tmp2 = BN_CTX_get(ctx)) == NULL)
-                                goto err;
-                }
-                if (BN_mod_mul(tmp2, k, e, order, ctx) == 0)
-                        goto err;
-                if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0)
-                        goto err;
-        } while (BN_is_zero(s));
-        ok = 1;
-err:
-        EC_POINT_free(C);
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        if (ok == 0) {
-                ECDSA_SIG_free(newsig);
-                newsig = NULL;
-        }
-        return newsig;
-}
-int
-gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
-{
-        BN_CTX *ctx = BN_CTX_new();
-        const EC_GROUP *group = GOST_KEY_get0_group(ec);
-        BIGNUM *order;
-        BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
-        BIGNUM *X = NULL, *tmp = NULL;
-        EC_POINT *C = NULL;
-        const EC_POINT *pub_key = NULL;
-        int ok = 0;
-        if (ctx == NULL)
-                goto err;
-        BN_CTX_start(ctx);
-        if ((order = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((e = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((z1 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((z2 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((tmp = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((X = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((R = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((v = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, ctx) == 0)
-                goto err;
-        pub_key = GOST_KEY_get0_public_key(ec);
-        if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
-            BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY,
-                    GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
-                goto err;
-        }
-        if (BN_mod(e, md, order, ctx) == 0)
-                goto err;
-        if (BN_is_zero(e))
-                BN_one(e);
-        if ((v = BN_mod_inverse(v, e, order, ctx)) == NULL)
-                goto err;
-        if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
-                goto err;
-        if (BN_sub(tmp, order, sig->r) == 0)
-                goto err;
-        if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
-                goto err;
-        if ((C = EC_POINT_new(group)) == NULL)
-                goto err;
-        if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
-                goto err;
-        }
-        if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
-                goto err;
-        }
-        if (BN_mod(R, X, order, ctx) == 0)
-                goto err;
-        if (BN_cmp(R, sig->r) != 0) {
-                GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
-        } else {
-                ok = 1;
-        }
-err:
-        EC_POINT_free(C);
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        return ok;
-}
-/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
-int
-VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key,
-    const BIGNUM *ukm)
-{
-        BIGNUM *p = NULL, *order = NULL;
-        const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
-        const EC_GROUP *group = GOST_KEY_get0_group(priv_key);
-        const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
-        EC_POINT *pnt;
-        BN_CTX *ctx = NULL;
-        int ok = 0;
-        pnt = EC_POINT_new(group);
-        if (pnt == NULL)
-                goto err;
-        ctx = BN_CTX_new();
-        if (ctx == NULL)
-                goto err;
-        BN_CTX_start(ctx);
-        if ((p = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((order = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, ctx) == 0)
-                goto err;
-        if (BN_mod_mul(p, key, ukm, order, ctx) == 0)
-                goto err;
-        if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0)
-                goto err;
-        if (EC_POINT_get_affine_coordinates_GFp(group, pnt, X, Y, ctx) == 0)
-                goto err;
-        ok = 1;
-err:
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        EC_POINT_free(pnt);
-        return ok;
-}
-int
-gost2001_keygen(GOST_KEY *ec)
-{
-        BIGNUM *order = BN_new(), *d = BN_new();
-        const EC_GROUP *group = GOST_KEY_get0_group(ec);
-        int rc = 0;
-        if (order == NULL || d == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, NULL) == 0)
-                goto err;
-        do {
-                if (BN_rand_range(d, order) == 0) {
-                        GOSTerr(GOST_F_GOST2001_KEYGEN,
-                                GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-                        goto err;
-                }
-        } while (BN_is_zero(d));
-        if (GOST_KEY_set_private_key(ec, d) == 0)
-                goto err;
-        rc = gost2001_compute_public(ec);
-err:
-        BN_free(d);
-        BN_free(order);
-        return rc;
-}
-#endif

diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c deleted file mode 100644 index c6221e4a01..0000000000 --- a/src/lib/libcrypto/gost/gostr341001.c +++ /dev/null
@@ -1,401 +0,0 @@
1	/* $OpenBSD: gostr341001.c,v 1.4 2015/02/14 06:40:04 jsing Exp $ */
2	/*
3	* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4	* Copyright (c) 2005-2006 Cryptocom LTD
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in
15	* the documentation and/or other materials provided with the
16	* distribution.
17	*
18	* 3. All advertising materials mentioning features or use of this
19	* software must display the following acknowledgment:
20	* "This product includes software developed by the OpenSSL Project
21	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22	*
23	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24	* endorse or promote products derived from this software without
25	* prior written permission. For written permission, please contact
26	* openssl-core@openssl.org.
27	*
28	* 5. Products derived from this software may not be called "OpenSSL"
29	* nor may "OpenSSL" appear in their names without prior written
30	* permission of the OpenSSL Project.
31	*
32	* 6. Redistributions of any form whatsoever must retain the following
33	* acknowledgment:
34	* "This product includes software developed by the OpenSSL Project
35	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36	*
37	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48	* OF THE POSSIBILITY OF SUCH DAMAGE.
49	* ====================================================================
50	*/
51
52	#include <string.h>
53
54	#include <openssl/opensslconf.h>
55
56	#ifndef OPENSSL_NO_GOST
57	#include <openssl/bn.h>
58	#include <openssl/err.h>
59	#include <openssl/gost.h>
60	#include "gost_locl.h"
61
62	/* Convert little-endian byte array into bignum */
63	BIGNUM *
64	GOST_le2bn(const unsigned char buf, size_t len, BIGNUM bn)
65	{
66	unsigned char temp[64];
67	int i;
68
69	if (len > 64)
70	return NULL;
71
72	for (i = 0; i < len; i++) {
73	temp[len - 1 - i] = buf[i];
74	}
75
76	return BN_bin2bn(temp, len, bn);
77	}
78
79	int
80	GOST_bn2le(BIGNUM bn, unsigned char buf, int len)
81	{
82	unsigned char temp[64];
83	int i, bytes;
84
85	bytes = BN_num_bytes(bn);
86	if (len > 64 \|\| bytes > len)
87	return 0;
88
89	BN_bn2bin(bn, temp);
90
91	for (i = 0; i < bytes; i++) {
92	buf[bytes - 1 - i] = temp[i];
93	}
94
95	memset(buf + bytes, 0, len - bytes);
96
97	return 1;
98	}
99
100	int
101	gost2001_compute_public(GOST_KEY *ec)
102	{
103	const EC_GROUP *group = GOST_KEY_get0_group(ec);
104	EC_POINT *pub_key = NULL;
105	const BIGNUM *priv_key = NULL;
106	BN_CTX *ctx = NULL;
107	int ok = 0;
108
109	if (group == NULL) {
110	GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
111	GOST_R_KEY_IS_NOT_INITIALIZED);
112	return 0;
113	}
114	ctx = BN_CTX_new();
115	if (ctx == NULL) {
116	GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
117	ERR_R_MALLOC_FAILURE);
118	return 0;
119	}
120	BN_CTX_start(ctx);
121	if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
122	goto err;
123
124	pub_key = EC_POINT_new(group);
125	if (pub_key == NULL)
126	goto err;
127	if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
128	goto err;
129	if (GOST_KEY_set_public_key(ec, pub_key) == 0)
130	goto err;
131	ok = 1;
132
133	if (ok == 0) {
134	err:
135	GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
136	}
137	EC_POINT_free(pub_key);
138	if (ctx != NULL) {
139	BN_CTX_end(ctx);
140	BN_CTX_free(ctx);
141	}
142	return ok;
143	}
144
145	ECDSA_SIG *
146	gost2001_do_sign(BIGNUM md, GOST_KEY eckey)
147	{
148	ECDSA_SIG *newsig = NULL;
149	BIGNUM *order = NULL;
150	const EC_GROUP *group;
151	const BIGNUM *priv_key;
152	BIGNUM r = NULL, s = NULL, X = NULL, tmp = NULL, tmp2 = NULL, k =
153	NULL, *e = NULL;
154	EC_POINT *C = NULL;
155	BN_CTX *ctx = BN_CTX_new();
156	int ok = 0;
157
158	if (ctx == NULL) {
159	GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
160	return NULL;
161	}
162	BN_CTX_start(ctx);
163	newsig = ECDSA_SIG_new();
164	if (newsig == NULL) {
165	GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
166	goto err;
167	}
168	s = newsig->s;
169	r = newsig->r;
170	group = GOST_KEY_get0_group(eckey);
171	if ((order = BN_CTX_get(ctx)) == NULL)
172	goto err;
173	if (EC_GROUP_get_order(group, order, ctx) == 0)
174	goto err;
175	priv_key = GOST_KEY_get0_private_key(eckey);
176	if ((e = BN_CTX_get(ctx)) == NULL)
177	goto err;
178	if (BN_mod(e, md, order, ctx) == 0)
179	goto err;
180	if (BN_is_zero(e))
181	BN_one(e);
182	if ((k = BN_CTX_get(ctx)) == NULL)
183	goto err;
184	if ((X = BN_CTX_get(ctx)) == NULL)
185	goto err;
186	if ((C = EC_POINT_new(group)) == NULL)
187	goto err;
188	do {
189	do {
190	if (!BN_rand_range(k, order)) {
191	GOSTerr(GOST_F_GOST2001_DO_SIGN,
192	GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
193	goto err;
194	}
195	/*
196	* We do not want timing information to leak the length
197	* of k, so we compute G*k using an equivalent scalar
198	* of fixed bit-length.
199	*/
200	if (BN_add(k, k, order) == 0)
201	goto err;
202	if (BN_num_bits(k) <= BN_num_bits(order))
203	if (BN_add(k, k, order) == 0)
204	goto err;
205
206	if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
207	GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
208	goto err;
209	}
210	if (EC_POINT_get_affine_coordinates_GFp(group, C, X,
211	NULL, ctx) == 0) {
212	GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
213	goto err;
214	}
215	if (BN_nnmod(r, X, order, ctx) == 0)
216	goto err;
217	} while (BN_is_zero(r));
218	/* s = (rpriv_key+ke) mod order */
219	if (tmp == NULL) {
220	if ((tmp = BN_CTX_get(ctx)) == NULL)
221	goto err;
222	}
223	if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0)
224	goto err;
225	if (tmp2 == NULL) {
226	if ((tmp2 = BN_CTX_get(ctx)) == NULL)
227	goto err;
228	}
229	if (BN_mod_mul(tmp2, k, e, order, ctx) == 0)
230	goto err;
231	if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0)
232	goto err;
233	} while (BN_is_zero(s));
234	ok = 1;
235
236	err:
237	EC_POINT_free(C);
238	if (ctx != NULL) {
239	BN_CTX_end(ctx);
240	BN_CTX_free(ctx);
241	}
242	if (ok == 0) {
243	ECDSA_SIG_free(newsig);
244	newsig = NULL;
245	}
246	return newsig;
247	}
248
249	int
250	gost2001_do_verify(BIGNUM md, ECDSA_SIG sig, GOST_KEY *ec)
251	{
252	BN_CTX *ctx = BN_CTX_new();
253	const EC_GROUP *group = GOST_KEY_get0_group(ec);
254	BIGNUM *order;
255	BIGNUM e = NULL, R = NULL, v = NULL, z1 = NULL, *z2 = NULL;
256	BIGNUM X = NULL, tmp = NULL;
257	EC_POINT *C = NULL;
258	const EC_POINT *pub_key = NULL;
259	int ok = 0;
260
261	if (ctx == NULL)
262	goto err;
263	BN_CTX_start(ctx);
264	if ((order = BN_CTX_get(ctx)) == NULL)
265	goto err;
266	if ((e = BN_CTX_get(ctx)) == NULL)
267	goto err;
268	if ((z1 = BN_CTX_get(ctx)) == NULL)
269	goto err;
270	if ((z2 = BN_CTX_get(ctx)) == NULL)
271	goto err;
272	if ((tmp = BN_CTX_get(ctx)) == NULL)
273	goto err;
274	if ((X = BN_CTX_get(ctx)) == NULL)
275	goto err;
276	if ((R = BN_CTX_get(ctx)) == NULL)
277	goto err;
278	if ((v = BN_CTX_get(ctx)) == NULL)
279	goto err;
280
281	if (EC_GROUP_get_order(group, order, ctx) == 0)
282	goto err;
283	pub_key = GOST_KEY_get0_public_key(ec);
284	if (BN_is_zero(sig->s) \|\| BN_is_zero(sig->r) \|\|
285	BN_cmp(sig->s, order) >= 1 \|\| BN_cmp(sig->r, order) >= 1) {
286	GOSTerr(GOST_F_GOST2001_DO_VERIFY,
287	GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
288	goto err;
289	}
290
291	if (BN_mod(e, md, order, ctx) == 0)
292	goto err;
293	if (BN_is_zero(e))
294	BN_one(e);
295	if ((v = BN_mod_inverse(v, e, order, ctx)) == NULL)
296	goto err;
297	if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
298	goto err;
299	if (BN_sub(tmp, order, sig->r) == 0)
300	goto err;
301	if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
302	goto err;
303	if ((C = EC_POINT_new(group)) == NULL)
304	goto err;
305	if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
306	GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
307	goto err;
308	}
309	if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) {
310	GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
311	goto err;
312	}
313	if (BN_mod(R, X, order, ctx) == 0)
314	goto err;
315	if (BN_cmp(R, sig->r) != 0) {
316	GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
317	} else {
318	ok = 1;
319	}
320	err:
321	EC_POINT_free(C);
322	if (ctx != NULL) {
323	BN_CTX_end(ctx);
324	BN_CTX_free(ctx);
325	}
326	return ok;
327	}
328
329	/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
330	int
331	VKO_compute_key(BIGNUM X, BIGNUM Y, const GOST_KEY pkey, GOST_KEY priv_key,
332	const BIGNUM *ukm)
333	{
334	BIGNUM p = NULL, order = NULL;
335	const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
336	const EC_GROUP *group = GOST_KEY_get0_group(priv_key);
337	const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
338	EC_POINT *pnt;
339	BN_CTX *ctx = NULL;
340	int ok = 0;
341
342	pnt = EC_POINT_new(group);
343	if (pnt == NULL)
344	goto err;
345	ctx = BN_CTX_new();
346	if (ctx == NULL)
347	goto err;
348	BN_CTX_start(ctx);
349	if ((p = BN_CTX_get(ctx)) == NULL)
350	goto err;
351	if ((order = BN_CTX_get(ctx)) == NULL)
352	goto err;
353	if (EC_GROUP_get_order(group, order, ctx) == 0)
354	goto err;
355	if (BN_mod_mul(p, key, ukm, order, ctx) == 0)
356	goto err;
357	if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0)
358	goto err;
359	if (EC_POINT_get_affine_coordinates_GFp(group, pnt, X, Y, ctx) == 0)
360	goto err;
361	ok = 1;
362
363	err:
364	if (ctx != NULL) {
365	BN_CTX_end(ctx);
366	BN_CTX_free(ctx);
367	}
368	EC_POINT_free(pnt);
369	return ok;
370	}
371
372	int
373	gost2001_keygen(GOST_KEY *ec)
374	{
375	BIGNUM order = BN_new(), d = BN_new();
376	const EC_GROUP *group = GOST_KEY_get0_group(ec);
377	int rc = 0;
378
379	if (order == NULL \|\| d == NULL)
380	goto err;
381	if (EC_GROUP_get_order(group, order, NULL) == 0)
382	goto err;
383
384	do {
385	if (BN_rand_range(d, order) == 0) {
386	GOSTerr(GOST_F_GOST2001_KEYGEN,
387	GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
388	goto err;
389	}
390	} while (BN_is_zero(d));
391
392	if (GOST_KEY_set_private_key(ec, d) == 0)
393	goto err;
394	rc = gost2001_compute_public(ec);
395
396	err:
397	BN_free(d);
398	BN_free(order);
399	return rc;
400	}
401	#endif