1 files changed, 0 insertions, 403 deletions
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
deleted file mode 100644
index 1c34626a43..0000000000
--- a/src/lib/libcrypto/gost/gostr341001.c
+++ /dev/null
@@ -1,403 +0,0 @@
-/* $OpenBSD: gostr341001.c,v 1.12 2023/07/05 11:37:45 tb Exp $ */
-/*
- * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
- * Copyright (c) 2005-2006 Cryptocom LTD
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_GOST
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/gost.h>
-#include "bn_local.h"
-#include "ecdsa_local.h"
-#include "gost_local.h"
-/* Convert little-endian byte array into bignum */
-BIGNUM *
-GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn)
-{
-        unsigned char temp[64];
-        int i;
-        if (len > 64)
-                return NULL;
-        for (i = 0; i < len; i++) {
-                temp[len - 1 - i] = buf[i];
-        }
-        return BN_bin2bn(temp, len, bn);
-}
-int
-GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len)
-{
-        unsigned char temp[64];
-        int i, bytes;
-        bytes = BN_num_bytes(bn);
-        if (len > 64 || bytes > len)
-                return 0;
-        BN_bn2bin(bn, temp);
-        for (i = 0; i < bytes; i++) {
-                buf[bytes - 1 - i] = temp[i];
-        }
-        memset(buf + bytes, 0, len - bytes);
-        return 1;
-}
-int
-gost2001_compute_public(GOST_KEY *ec)
-{
-        const EC_GROUP *group = GOST_KEY_get0_group(ec);
-        EC_POINT *pub_key = NULL;
-        const BIGNUM *priv_key = NULL;
-        BN_CTX *ctx = NULL;
-        int ok = 0;
-        if (group == NULL) {
-                GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED);
-                return 0;
-        }
-        ctx = BN_CTX_new();
-        if (ctx == NULL) {
-                GOSTerror(ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        BN_CTX_start(ctx);
-        if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
-                goto err;
-        pub_key = EC_POINT_new(group);
-        if (pub_key == NULL)
-                goto err;
-        if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
-                goto err;
-        if (GOST_KEY_set_public_key(ec, pub_key) == 0)
-                goto err;
-        ok = 1;
-        if (ok == 0) {
-err:
-                GOSTerror(ERR_R_EC_LIB);
-        }
-        EC_POINT_free(pub_key);
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        return ok;
-}
-ECDSA_SIG *
-gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
-{
-        ECDSA_SIG *newsig = NULL;
-        BIGNUM *order = NULL;
-        const EC_GROUP *group;
-        const BIGNUM *priv_key;
-        BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
-            NULL, *e = NULL;
-        EC_POINT *C = NULL;
-        BN_CTX *ctx = BN_CTX_new();
-        int ok = 0;
-        if (ctx == NULL) {
-                GOSTerror(ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        BN_CTX_start(ctx);
-        newsig = ECDSA_SIG_new();
-        if (newsig == NULL) {
-                GOSTerror(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        s = newsig->s;
-        r = newsig->r;
-        group = GOST_KEY_get0_group(eckey);
-        if ((order = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, ctx) == 0)
-                goto err;
-        priv_key = GOST_KEY_get0_private_key(eckey);
-        if ((e = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (BN_mod_ct(e, md, order, ctx) == 0)
-                goto err;
-        if (BN_is_zero(e)) {
-                if (!BN_one(e))
-                        goto err;
-        }
-        if ((k = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((X = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((C = EC_POINT_new(group)) == NULL)
-                goto err;
-        do {
-                do {
-                        if (!BN_rand_range(k, order)) {
-                                GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-                                goto err;
-                        }
-                        /*
-                         * We do not want timing information to leak the length
-                         * of k, so we compute G*k using an equivalent scalar
-                         * of fixed bit-length.
-                         */
-                        if (BN_add(k, k, order) == 0)
-                                goto err;
-                        if (BN_num_bits(k) <= BN_num_bits(order))
-                                if (BN_add(k, k, order) == 0)
-                                        goto err;
-                        if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
-                                GOSTerror(ERR_R_EC_LIB);
-                                goto err;
-                        }
-                        if (EC_POINT_get_affine_coordinates(group, C, X,
-                            NULL, ctx) == 0) {
-                                GOSTerror(ERR_R_EC_LIB);
-                                goto err;
-                        }
-                        if (BN_nnmod(r, X, order, ctx) == 0)
-                                goto err;
-                } while (BN_is_zero(r));
-                /* s = (r*priv_key+k*e) mod order */
-                if (tmp == NULL) {
-                        if ((tmp = BN_CTX_get(ctx)) == NULL)
-                                goto err;
-                }
-                if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0)
-                        goto err;
-                if (tmp2 == NULL) {
-                        if ((tmp2 = BN_CTX_get(ctx)) == NULL)
-                                goto err;
-                }
-                if (BN_mod_mul(tmp2, k, e, order, ctx) == 0)
-                        goto err;
-                if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0)
-                        goto err;
-        } while (BN_is_zero(s));
-        ok = 1;
-err:
-        EC_POINT_free(C);
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        if (ok == 0) {
-                ECDSA_SIG_free(newsig);
-                newsig = NULL;
-        }
-        return newsig;
-}
-int
-gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
-{
-        BN_CTX *ctx = BN_CTX_new();
-        const EC_GROUP *group = GOST_KEY_get0_group(ec);
-        BIGNUM *order;
-        BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
-        BIGNUM *X = NULL, *tmp = NULL;
-        EC_POINT *C = NULL;
-        const EC_POINT *pub_key = NULL;
-        int ok = 0;
-        if (ctx == NULL)
-                goto err;
-        BN_CTX_start(ctx);
-        if ((order = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((e = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((z1 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((z2 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((tmp = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((X = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((R = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((v = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, ctx) == 0)
-                goto err;
-        pub_key = GOST_KEY_get0_public_key(ec);
-        if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
-            BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) {
-                GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
-                goto err;
-        }
-        if (BN_mod_ct(e, md, order, ctx) == 0)
-                goto err;
-        if (BN_is_zero(e)) {
-                if (!BN_one(e))
-                        goto err;
-        }
-        if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL)
-                goto err;
-        if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
-                goto err;
-        if (BN_sub(tmp, order, sig->r) == 0)
-                goto err;
-        if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
-                goto err;
-        if ((C = EC_POINT_new(group)) == NULL)
-                goto err;
-        if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
-                GOSTerror(ERR_R_EC_LIB);
-                goto err;
-        }
-        if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) {
-                GOSTerror(ERR_R_EC_LIB);
-                goto err;
-        }
-        if (BN_mod_ct(R, X, order, ctx) == 0)
-                goto err;
-        if (BN_cmp(R, sig->r) != 0) {
-                GOSTerror(GOST_R_SIGNATURE_MISMATCH);
-        } else {
-                ok = 1;
-        }
-err:
-        EC_POINT_free(C);
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        return ok;
-}
-/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
-int
-VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key,
-    const BIGNUM *ukm)
-{
-        BIGNUM *p = NULL, *order = NULL;
-        const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
-        const EC_GROUP *group = GOST_KEY_get0_group(priv_key);
-        const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
-        EC_POINT *pnt;
-        BN_CTX *ctx = NULL;
-        int ok = 0;
-        pnt = EC_POINT_new(group);
-        if (pnt == NULL)
-                goto err;
-        ctx = BN_CTX_new();
-        if (ctx == NULL)
-                goto err;
-        BN_CTX_start(ctx);
-        if ((p = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((order = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, ctx) == 0)
-                goto err;
-        if (BN_mod_mul(p, key, ukm, order, ctx) == 0)
-                goto err;
-        if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0)
-                goto err;
-        if (EC_POINT_get_affine_coordinates(group, pnt, X, Y, ctx) == 0)
-                goto err;
-        ok = 1;
-err:
-        if (ctx != NULL) {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-        }
-        EC_POINT_free(pnt);
-        return ok;
-}
-int
-gost2001_keygen(GOST_KEY *ec)
-{
-        BIGNUM *order = BN_new(), *d = BN_new();
-        const EC_GROUP *group = GOST_KEY_get0_group(ec);
-        int rc = 0;
-        if (order == NULL || d == NULL)
-                goto err;
-        if (EC_GROUP_get_order(group, order, NULL) == 0)
-                goto err;
-        do {
-                if (BN_rand_range(d, order) == 0) {
-                        GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
-                        goto err;
-                }
-        } while (BN_is_zero(d));
-        if (GOST_KEY_set_private_key(ec, d) == 0)
-                goto err;
-        rc = gost2001_compute_public(ec);
-err:
-        BN_free(d);
-        BN_free(order);
-        return rc;
-}
-#endif

diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c deleted file mode 100644 index 1c34626a43..0000000000 --- a/src/lib/libcrypto/gost/gostr341001.c +++ /dev/null
@@ -1,403 +0,0 @@
1	/* $OpenBSD: gostr341001.c,v 1.12 2023/07/05 11:37:45 tb Exp $ */
2	/*
3	* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4	* Copyright (c) 2005-2006 Cryptocom LTD
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in
15	* the documentation and/or other materials provided with the
16	* distribution.
17	*
18	* 3. All advertising materials mentioning features or use of this
19	* software must display the following acknowledgment:
20	* "This product includes software developed by the OpenSSL Project
21	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22	*
23	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24	* endorse or promote products derived from this software without
25	* prior written permission. For written permission, please contact
26	* openssl-core@openssl.org.
27	*
28	* 5. Products derived from this software may not be called "OpenSSL"
29	* nor may "OpenSSL" appear in their names without prior written
30	* permission of the OpenSSL Project.
31	*
32	* 6. Redistributions of any form whatsoever must retain the following
33	* acknowledgment:
34	* "This product includes software developed by the OpenSSL Project
35	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36	*
37	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48	* OF THE POSSIBILITY OF SUCH DAMAGE.
49	* ====================================================================
50	*/
51
52	#include <string.h>
53
54	#include <openssl/opensslconf.h>
55
56	#ifndef OPENSSL_NO_GOST
57	#include <openssl/bn.h>
58	#include <openssl/err.h>
59	#include <openssl/gost.h>
60
61	#include "bn_local.h"
62	#include "ecdsa_local.h"
63	#include "gost_local.h"
64
65	/* Convert little-endian byte array into bignum */
66	BIGNUM *
67	GOST_le2bn(const unsigned char buf, size_t len, BIGNUM bn)
68	{
69	unsigned char temp[64];
70	int i;
71
72	if (len > 64)
73	return NULL;
74
75	for (i = 0; i < len; i++) {
76	temp[len - 1 - i] = buf[i];
77	}
78
79	return BN_bin2bn(temp, len, bn);
80	}
81
82	int
83	GOST_bn2le(BIGNUM bn, unsigned char buf, int len)
84	{
85	unsigned char temp[64];
86	int i, bytes;
87
88	bytes = BN_num_bytes(bn);
89	if (len > 64 \|\| bytes > len)
90	return 0;
91
92	BN_bn2bin(bn, temp);
93
94	for (i = 0; i < bytes; i++) {
95	buf[bytes - 1 - i] = temp[i];
96	}
97
98	memset(buf + bytes, 0, len - bytes);
99
100	return 1;
101	}
102
103	int
104	gost2001_compute_public(GOST_KEY *ec)
105	{
106	const EC_GROUP *group = GOST_KEY_get0_group(ec);
107	EC_POINT *pub_key = NULL;
108	const BIGNUM *priv_key = NULL;
109	BN_CTX *ctx = NULL;
110	int ok = 0;
111
112	if (group == NULL) {
113	GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED);
114	return 0;
115	}
116	ctx = BN_CTX_new();
117	if (ctx == NULL) {
118	GOSTerror(ERR_R_MALLOC_FAILURE);
119	return 0;
120	}
121	BN_CTX_start(ctx);
122	if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL)
123	goto err;
124
125	pub_key = EC_POINT_new(group);
126	if (pub_key == NULL)
127	goto err;
128	if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0)
129	goto err;
130	if (GOST_KEY_set_public_key(ec, pub_key) == 0)
131	goto err;
132	ok = 1;
133
134	if (ok == 0) {
135	err:
136	GOSTerror(ERR_R_EC_LIB);
137	}
138	EC_POINT_free(pub_key);
139	if (ctx != NULL) {
140	BN_CTX_end(ctx);
141	BN_CTX_free(ctx);
142	}
143	return ok;
144	}
145
146	ECDSA_SIG *
147	gost2001_do_sign(BIGNUM md, GOST_KEY eckey)
148	{
149	ECDSA_SIG *newsig = NULL;
150	BIGNUM *order = NULL;
151	const EC_GROUP *group;
152	const BIGNUM *priv_key;
153	BIGNUM r = NULL, s = NULL, X = NULL, tmp = NULL, tmp2 = NULL, k =
154	NULL, *e = NULL;
155	EC_POINT *C = NULL;
156	BN_CTX *ctx = BN_CTX_new();
157	int ok = 0;
158
159	if (ctx == NULL) {
160	GOSTerror(ERR_R_MALLOC_FAILURE);
161	return NULL;
162	}
163	BN_CTX_start(ctx);
164	newsig = ECDSA_SIG_new();
165	if (newsig == NULL) {
166	GOSTerror(ERR_R_MALLOC_FAILURE);
167	goto err;
168	}
169	s = newsig->s;
170	r = newsig->r;
171	group = GOST_KEY_get0_group(eckey);
172	if ((order = BN_CTX_get(ctx)) == NULL)
173	goto err;
174	if (EC_GROUP_get_order(group, order, ctx) == 0)
175	goto err;
176	priv_key = GOST_KEY_get0_private_key(eckey);
177	if ((e = BN_CTX_get(ctx)) == NULL)
178	goto err;
179	if (BN_mod_ct(e, md, order, ctx) == 0)
180	goto err;
181	if (BN_is_zero(e)) {
182	if (!BN_one(e))
183	goto err;
184	}
185	if ((k = BN_CTX_get(ctx)) == NULL)
186	goto err;
187	if ((X = BN_CTX_get(ctx)) == NULL)
188	goto err;
189	if ((C = EC_POINT_new(group)) == NULL)
190	goto err;
191	do {
192	do {
193	if (!BN_rand_range(k, order)) {
194	GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
195	goto err;
196	}
197	/*
198	* We do not want timing information to leak the length
199	* of k, so we compute G*k using an equivalent scalar
200	* of fixed bit-length.
201	*/
202	if (BN_add(k, k, order) == 0)
203	goto err;
204	if (BN_num_bits(k) <= BN_num_bits(order))
205	if (BN_add(k, k, order) == 0)
206	goto err;
207
208	if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) {
209	GOSTerror(ERR_R_EC_LIB);
210	goto err;
211	}
212	if (EC_POINT_get_affine_coordinates(group, C, X,
213	NULL, ctx) == 0) {
214	GOSTerror(ERR_R_EC_LIB);
215	goto err;
216	}
217	if (BN_nnmod(r, X, order, ctx) == 0)
218	goto err;
219	} while (BN_is_zero(r));
220	/* s = (rpriv_key+ke) mod order */
221	if (tmp == NULL) {
222	if ((tmp = BN_CTX_get(ctx)) == NULL)
223	goto err;
224	}
225	if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0)
226	goto err;
227	if (tmp2 == NULL) {
228	if ((tmp2 = BN_CTX_get(ctx)) == NULL)
229	goto err;
230	}
231	if (BN_mod_mul(tmp2, k, e, order, ctx) == 0)
232	goto err;
233	if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0)
234	goto err;
235	} while (BN_is_zero(s));
236	ok = 1;
237
238	err:
239	EC_POINT_free(C);
240	if (ctx != NULL) {
241	BN_CTX_end(ctx);
242	BN_CTX_free(ctx);
243	}
244	if (ok == 0) {
245	ECDSA_SIG_free(newsig);
246	newsig = NULL;
247	}
248	return newsig;
249	}
250
251	int
252	gost2001_do_verify(BIGNUM md, ECDSA_SIG sig, GOST_KEY *ec)
253	{
254	BN_CTX *ctx = BN_CTX_new();
255	const EC_GROUP *group = GOST_KEY_get0_group(ec);
256	BIGNUM *order;
257	BIGNUM e = NULL, R = NULL, v = NULL, z1 = NULL, *z2 = NULL;
258	BIGNUM X = NULL, tmp = NULL;
259	EC_POINT *C = NULL;
260	const EC_POINT *pub_key = NULL;
261	int ok = 0;
262
263	if (ctx == NULL)
264	goto err;
265	BN_CTX_start(ctx);
266	if ((order = BN_CTX_get(ctx)) == NULL)
267	goto err;
268	if ((e = BN_CTX_get(ctx)) == NULL)
269	goto err;
270	if ((z1 = BN_CTX_get(ctx)) == NULL)
271	goto err;
272	if ((z2 = BN_CTX_get(ctx)) == NULL)
273	goto err;
274	if ((tmp = BN_CTX_get(ctx)) == NULL)
275	goto err;
276	if ((X = BN_CTX_get(ctx)) == NULL)
277	goto err;
278	if ((R = BN_CTX_get(ctx)) == NULL)
279	goto err;
280	if ((v = BN_CTX_get(ctx)) == NULL)
281	goto err;
282
283	if (EC_GROUP_get_order(group, order, ctx) == 0)
284	goto err;
285	pub_key = GOST_KEY_get0_public_key(ec);
286	if (BN_is_zero(sig->s) \|\| BN_is_zero(sig->r) \|\|
287	BN_cmp(sig->s, order) >= 1 \|\| BN_cmp(sig->r, order) >= 1) {
288	GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
289	goto err;
290	}
291
292	if (BN_mod_ct(e, md, order, ctx) == 0)
293	goto err;
294	if (BN_is_zero(e)) {
295	if (!BN_one(e))
296	goto err;
297	}
298	if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL)
299	goto err;
300	if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
301	goto err;
302	if (BN_sub(tmp, order, sig->r) == 0)
303	goto err;
304	if (BN_mod_mul(z2, tmp, v, order, ctx) == 0)
305	goto err;
306	if ((C = EC_POINT_new(group)) == NULL)
307	goto err;
308	if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) {
309	GOSTerror(ERR_R_EC_LIB);
310	goto err;
311	}
312	if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) {
313	GOSTerror(ERR_R_EC_LIB);
314	goto err;
315	}
316	if (BN_mod_ct(R, X, order, ctx) == 0)
317	goto err;
318	if (BN_cmp(R, sig->r) != 0) {
319	GOSTerror(GOST_R_SIGNATURE_MISMATCH);
320	} else {
321	ok = 1;
322	}
323	err:
324	EC_POINT_free(C);
325	if (ctx != NULL) {
326	BN_CTX_end(ctx);
327	BN_CTX_free(ctx);
328	}
329	return ok;
330	}
331
332	/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
333	int
334	VKO_compute_key(BIGNUM X, BIGNUM Y, const GOST_KEY pkey, GOST_KEY priv_key,
335	const BIGNUM *ukm)
336	{
337	BIGNUM p = NULL, order = NULL;
338	const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
339	const EC_GROUP *group = GOST_KEY_get0_group(priv_key);
340	const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
341	EC_POINT *pnt;
342	BN_CTX *ctx = NULL;
343	int ok = 0;
344
345	pnt = EC_POINT_new(group);
346	if (pnt == NULL)
347	goto err;
348	ctx = BN_CTX_new();
349	if (ctx == NULL)
350	goto err;
351	BN_CTX_start(ctx);
352	if ((p = BN_CTX_get(ctx)) == NULL)
353	goto err;
354	if ((order = BN_CTX_get(ctx)) == NULL)
355	goto err;
356	if (EC_GROUP_get_order(group, order, ctx) == 0)
357	goto err;
358	if (BN_mod_mul(p, key, ukm, order, ctx) == 0)
359	goto err;
360	if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0)
361	goto err;
362	if (EC_POINT_get_affine_coordinates(group, pnt, X, Y, ctx) == 0)
363	goto err;
364	ok = 1;
365
366	err:
367	if (ctx != NULL) {
368	BN_CTX_end(ctx);
369	BN_CTX_free(ctx);
370	}
371	EC_POINT_free(pnt);
372	return ok;
373	}
374
375	int
376	gost2001_keygen(GOST_KEY *ec)
377	{
378	BIGNUM order = BN_new(), d = BN_new();
379	const EC_GROUP *group = GOST_KEY_get0_group(ec);
380	int rc = 0;
381
382	if (order == NULL \|\| d == NULL)
383	goto err;
384	if (EC_GROUP_get_order(group, order, NULL) == 0)
385	goto err;
386
387	do {
388	if (BN_rand_range(d, order) == 0) {
389	GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
390	goto err;
391	}
392	} while (BN_is_zero(d));
393
394	if (GOST_KEY_set_private_key(ec, d) == 0)
395	goto err;
396	rc = gost2001_compute_public(ec);
397
398	err:
399	BN_free(d);
400	BN_free(order);
401	return rc;
402	}
403	#endif