summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/Symbols.list6
-rw-r--r--src/lib/libcrypto/ec/ec.h12
-rw-r--r--src/lib/libcrypto/ec/ec_key.c13
-rw-r--r--src/lib/libcrypto/ec/ec_kmeth.c112
-rw-r--r--src/lib/libcrypto/ec/ec_lcl.h17
-rw-r--r--src/lib/libcrypto/ecdh/ech_key.c22
-rw-r--r--src/lib/libcrypto/ecdsa/ecdsa.h13
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_ossl.c42
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_vrf.c39
9 files changed, 213 insertions, 63 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 2734fed62a..98518fcf72 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -956,11 +956,17 @@ EC_GROUP_set_generator
956EC_GROUP_set_point_conversion_form 956EC_GROUP_set_point_conversion_form
957EC_GROUP_set_seed 957EC_GROUP_set_seed
958EC_KEY_METHOD_free 958EC_KEY_METHOD_free
959EC_KEY_METHOD_get_compute_key
959EC_KEY_METHOD_get_init 960EC_KEY_METHOD_get_init
961EC_KEY_METHOD_get_keygen
960EC_KEY_METHOD_get_sign 962EC_KEY_METHOD_get_sign
963EC_KEY_METHOD_get_verify
961EC_KEY_METHOD_new 964EC_KEY_METHOD_new
965EC_KEY_METHOD_set_compute_key
962EC_KEY_METHOD_set_init 966EC_KEY_METHOD_set_init
967EC_KEY_METHOD_set_keygen
963EC_KEY_METHOD_set_sign 968EC_KEY_METHOD_set_sign
969EC_KEY_METHOD_set_verify
964EC_KEY_OpenSSL 970EC_KEY_OpenSSL
965EC_KEY_check_key 971EC_KEY_check_key
966EC_KEY_clear_flags 972EC_KEY_clear_flags
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 1173459dae..0b8d2cb355 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec.h,v 1.14 2019/01/19 01:07:00 tb Exp $ */ 1/* $OpenBSD: ec.h,v 1.15 2019/01/19 01:12:48 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -966,6 +966,11 @@ void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
966 int (*set_group)(EC_KEY *key, const EC_GROUP *grp), 966 int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
967 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), 967 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
968 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); 968 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key));
969void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
970 int (*keygen)(EC_KEY *key));
971void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
972 int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
973 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
969void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, 974void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
970 int (**pinit)(EC_KEY *key), 975 int (**pinit)(EC_KEY *key),
971 void (**pfinish)(EC_KEY *key), 976 void (**pfinish)(EC_KEY *key),
@@ -973,6 +978,11 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
973 int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), 978 int (**pset_group)(EC_KEY *key, const EC_GROUP *grp),
974 int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), 979 int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key),
975 int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); 980 int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key));
981void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
982 int (**pkeygen)(EC_KEY *key));
983void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
984 int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
985 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
976 986
977EC_KEY *ECParameters_dup(EC_KEY *key); 987EC_KEY *ECParameters_dup(EC_KEY *key);
978 988
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index f57e078c7f..1d0a03ac88 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_key.c,v 1.23 2019/01/19 01:07:00 tb Exp $ */ 1/* $OpenBSD: ec_key.c,v 1.24 2019/01/19 01:12:48 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -247,9 +247,18 @@ EC_KEY_get_ex_data(const EC_KEY *r, int idx)
247 return CRYPTO_get_ex_data(&r->ex_data, idx); 247 return CRYPTO_get_ex_data(&r->ex_data, idx);
248} 248}
249 249
250int 250int
251EC_KEY_generate_key(EC_KEY *eckey) 251EC_KEY_generate_key(EC_KEY *eckey)
252{ 252{
253 if (eckey->meth->keygen != NULL)
254 return eckey->meth->keygen(eckey);
255 ECerror(EC_R_NOT_IMPLEMENTED);
256 return 0;
257}
258
259int
260ossl_ec_key_gen(EC_KEY *eckey)
261{
253 int ok = 0; 262 int ok = 0;
254 BN_CTX *ctx = NULL; 263 BN_CTX *ctx = NULL;
255 BIGNUM *priv_key = NULL, *order = NULL; 264 BIGNUM *priv_key = NULL, *order = NULL;
diff --git a/src/lib/libcrypto/ec/ec_kmeth.c b/src/lib/libcrypto/ec/ec_kmeth.c
index b714c62236..158f542d40 100644
--- a/src/lib/libcrypto/ec/ec_kmeth.c
+++ b/src/lib/libcrypto/ec/ec_kmeth.c
@@ -72,9 +72,15 @@ static const EC_KEY_METHOD openssl_ec_key_method = {
72 .set_private = NULL, 72 .set_private = NULL,
73 .set_public = NULL, 73 .set_public = NULL,
74 74
75 .keygen = ossl_ec_key_gen,
76 .compute_key = ossl_ecdh_compute_key,
77
75 .sign = ossl_ecdsa_sign, 78 .sign = ossl_ecdsa_sign,
76 .sign_setup = ossl_ecdsa_sign_setup, 79 .sign_setup = ossl_ecdsa_sign_setup,
77 .sign_sig = ossl_ecdsa_sign_sig, 80 .sign_sig = ossl_ecdsa_sign_sig,
81
82 .verify = ossl_ecdsa_verify,
83 .verify_sig = ossl_ecdsa_verify_sig,
78}; 84};
79 85
80const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method; 86const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
@@ -197,6 +203,65 @@ EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
197} 203}
198 204
199void 205void
206EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
207 int (*init)(EC_KEY *key),
208 void (*finish)(EC_KEY *key),
209 int (*copy)(EC_KEY *dest, const EC_KEY *src),
210 int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
211 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
212 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key))
213{
214 meth->init = init;
215 meth->finish = finish;
216 meth->copy = copy;
217 meth->set_group = set_group;
218 meth->set_private = set_private;
219 meth->set_public = set_public;
220}
221
222void
223EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, int (*keygen)(EC_KEY *key))
224{
225 meth->keygen = keygen;
226}
227
228void
229EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
230 int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
231 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)))
232{
233 meth->compute_key = ckey;
234}
235
236void
237EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
238 int (*sign)(int type, const unsigned char *dgst,
239 int dlen, unsigned char *sig, unsigned int *siglen,
240 const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
241 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
242 BIGNUM **kinvp, BIGNUM **rp),
243 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
244 int dgst_len, const BIGNUM *in_kinv,
245 const BIGNUM *in_r, EC_KEY *eckey))
246{
247 meth->sign = sign;
248 meth->sign_setup = sign_setup;
249 meth->sign_sig = sign_sig;
250}
251
252void
253EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
254 int (*verify)(int type, const unsigned char *dgst, int dgst_len,
255 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
256 int (*verify_sig)(const unsigned char *dgst, int dgst_len,
257 const ECDSA_SIG *sig, EC_KEY *eckey))
258{
259 meth->verify = verify;
260 meth->verify_sig = verify_sig;
261}
262
263
264void
200EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, 265EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
201 int (**pinit)(EC_KEY *key), 266 int (**pinit)(EC_KEY *key),
202 void (**pfinish)(EC_KEY *key), 267 void (**pfinish)(EC_KEY *key),
@@ -220,20 +285,20 @@ EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
220} 285}
221 286
222void 287void
223EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, 288EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
224 int (*init)(EC_KEY *key), 289 int (**pkeygen)(EC_KEY *key))
225 void (*finish)(EC_KEY *key),
226 int (*copy)(EC_KEY *dest, const EC_KEY *src),
227 int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
228 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
229 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key))
230{ 290{
231 meth->init = init; 291 if (pkeygen != NULL)
232 meth->finish = finish; 292 *pkeygen = meth->keygen;
233 meth->copy = copy; 293}
234 meth->set_group = set_group; 294
235 meth->set_private = set_private; 295void
236 meth->set_public = set_public; 296EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
297 int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
298 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)))
299{
300 if (pck != NULL)
301 *pck = meth->compute_key;
237} 302}
238 303
239void 304void
@@ -256,17 +321,14 @@ EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
256} 321}
257 322
258void 323void
259EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, 324EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
260 int (*sign)(int type, const unsigned char *dgst, 325 int (**pverify)(int type, const unsigned char *dgst, int dgst_len,
261 int dlen, unsigned char *sig, unsigned int *siglen, 326 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
262 const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), 327 int (**pverify_sig)(const unsigned char *dgst, int dgst_len,
263 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, 328 const ECDSA_SIG *sig, EC_KEY *eckey))
264 BIGNUM **kinvp, BIGNUM **rp),
265 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
266 int dgst_len, const BIGNUM *in_kinv,
267 const BIGNUM *in_r, EC_KEY *eckey))
268{ 329{
269 meth->sign = sign; 330 if (pverify != NULL)
270 meth->sign_setup = sign_setup; 331 *pverify = meth->verify;
271 meth->sign_sig = sign_sig; 332 if (pverify_sig != NULL)
333 *pverify_sig = meth->verify_sig;
272} 334}
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
index cff0892e89..8948e51d69 100644
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ b/src/lib/libcrypto/ec/ec_lcl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_lcl.h,v 1.12 2019/01/19 01:07:00 tb Exp $ */ 1/* $OpenBSD: ec_lcl.h,v 1.13 2019/01/19 01:12:48 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -457,6 +457,9 @@ struct ec_key_method_st {
457 int (*set_group)(EC_KEY *key, const EC_GROUP *grp); 457 int (*set_group)(EC_KEY *key, const EC_GROUP *grp);
458 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key); 458 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
459 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key); 459 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
460 int (*keygen)(EC_KEY *key);
461 int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
462 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
460 int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char 463 int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
461 *sig, unsigned int *siglen, const BIGNUM *kinv, 464 *sig, unsigned int *siglen, const BIGNUM *kinv,
462 const BIGNUM *r, EC_KEY *eckey); 465 const BIGNUM *r, EC_KEY *eckey);
@@ -465,10 +468,22 @@ struct ec_key_method_st {
465 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, 468 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
466 const BIGNUM *in_kinv, const BIGNUM *in_r, 469 const BIGNUM *in_kinv, const BIGNUM *in_r,
467 EC_KEY *eckey); 470 EC_KEY *eckey);
471 int (*verify)(int type, const unsigned char *dgst, int dgst_len,
472 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
473 int (*verify_sig)(const unsigned char *dgst, int dgst_len,
474 const ECDSA_SIG *sig, EC_KEY *eckey);
468} /* EC_KEY_METHOD */; 475} /* EC_KEY_METHOD */;
469 476
470#define EC_KEY_METHOD_DYNAMIC 1 477#define EC_KEY_METHOD_DYNAMIC 1
471 478
479int ossl_ec_key_gen(EC_KEY *eckey);
480int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
481 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
482int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
483 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
484int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
485 const ECDSA_SIG *sig, EC_KEY *eckey);
486
472/* method functions in ecp_nistp521.c */ 487/* method functions in ecp_nistp521.c */
473int ec_GFp_nistp521_group_init(EC_GROUP *group); 488int ec_GFp_nistp521_group_init(EC_GROUP *group);
474int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *); 489int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
diff --git a/src/lib/libcrypto/ecdh/ech_key.c b/src/lib/libcrypto/ecdh/ech_key.c
index 6911f1e341..378912cacb 100644
--- a/src/lib/libcrypto/ecdh/ech_key.c
+++ b/src/lib/libcrypto/ecdh/ech_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ech_key.c,v 1.8 2018/09/02 17:20:31 tb Exp $ */ 1/* $OpenBSD: ech_key.c,v 1.9 2019/01/19 01:12:48 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 * 4 *
@@ -78,6 +78,7 @@
78#include <openssl/sha.h> 78#include <openssl/sha.h>
79 79
80#include "ech_locl.h" 80#include "ech_locl.h"
81#include "ec_lcl.h"
81 82
82static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, 83static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
83 EC_KEY *ecdh, 84 EC_KEY *ecdh,
@@ -215,13 +216,26 @@ ECDH_OpenSSL(void)
215 return &openssl_ecdh_meth; 216 return &openssl_ecdh_meth;
216} 217}
217 218
219/* replace w/ ecdh_compute_key() when ECDH_METHOD gets removed */
218int 220int
219ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, 221ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
220 EC_KEY *eckey, 222 EC_KEY *eckey,
221 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) 223 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
222{ 224{
223 ECDH_DATA *ecdh = ecdh_check(eckey); 225 ECDH_DATA *ecdh;
224 if (ecdh == NULL) 226
227 if ((ecdh = ecdh_check(eckey)) == NULL)
225 return 0; 228 return 0;
226 return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); 229 return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
227} 230}
231
232int
233ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
234 EC_KEY *eckey,
235 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
236{
237 if (eckey->meth->compute_key != NULL)
238 return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
239 ECerror(EC_R_NOT_IMPLEMENTED);
240 return 0;
241}
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index 12d6677ce3..71b8825436 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecdsa.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */ 1/* $OpenBSD: ecdsa.h,v 1.7 2019/01/19 01:12:48 tb Exp $ */
2/** 2/**
3 * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions 3 * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
4 * \author Written by Nils Larsch for the OpenSSL project 4 * \author Written by Nils Larsch for the OpenSSL project
@@ -279,6 +279,11 @@ void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
279 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, 279 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
280 int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, 280 int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
281 EC_KEY *eckey)); 281 EC_KEY *eckey));
282void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
283 int (*verify)(int type, const unsigned char *dgst, int dgst_len,
284 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
285 int (*verify_sig)(const unsigned char *dgst, int dgst_len,
286 const ECDSA_SIG *sig, EC_KEY *eckey));
282void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, 287void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
283 int (**psign)(int type, const unsigned char *dgst, 288 int (**psign)(int type, const unsigned char *dgst,
284 int dlen, unsigned char *sig, unsigned int *siglen, 289 int dlen, unsigned char *sig, unsigned int *siglen,
@@ -288,6 +293,12 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
288 ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, 293 ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
289 int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, 294 int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
290 EC_KEY *eckey)); 295 EC_KEY *eckey));
296void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
297 int (**pverify)(int type, const unsigned char *dgst, int dgst_len,
298 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
299 int (**pverify_sig)(const unsigned char *dgst, int dgst_len,
300 const ECDSA_SIG *sig, EC_KEY *eckey));
301
291 302
292/* BEGIN ERROR CODES */ 303/* BEGIN ERROR CODES */
293/* The following lines are auto generated by the script mkerr.pl. Any changes 304/* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 4e05cb9aac..791a5c48e1 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_ossl.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */ 1/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -56,6 +56,8 @@
56 * 56 *
57 */ 57 */
58 58
59#include <string.h>
60
59#include <openssl/opensslconf.h> 61#include <openssl/opensslconf.h>
60 62
61#include <openssl/err.h> 63#include <openssl/err.h>
@@ -421,6 +423,32 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
421 return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey); 423 return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);
422} 424}
423 425
426int
427ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
428 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
429{
430 ECDSA_SIG *s;
431 unsigned char *der = NULL;
432 const unsigned char *p = sigbuf;
433 int derlen = -1;
434 int ret = -1;
435
436 if ((s = ECDSA_SIG_new()) == NULL)
437 return (ret);
438 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
439 goto err;
440 /* Ensure signature uses DER and doesn't have trailing garbage */
441 derlen = i2d_ECDSA_SIG(s, &der);
442 if (derlen != sig_len || memcmp(sigbuf, der, derlen))
443 goto err;
444 ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
445
446 err:
447 freezero(der, derlen);
448 ECDSA_SIG_free(s);
449 return (ret);
450}
451
424static int 452static int
425ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, 453ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
426 EC_KEY *eckey) 454 EC_KEY *eckey)
@@ -524,3 +552,15 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
524 EC_POINT_free(point); 552 EC_POINT_free(point);
525 return ret; 553 return ret;
526} 554}
555
556/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */
557int
558ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
559 const ECDSA_SIG *sig, EC_KEY *eckey)
560{
561 ECDSA_DATA *ecdsa;
562
563 if ((ecdsa = ecdsa_check(eckey)) == NULL)
564 return 0;
565 return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
566}
diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c
index 270af94c0d..4c1bc85e06 100644
--- a/src/lib/libcrypto/ecdsa/ecs_vrf.c
+++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_vrf.c,v 1.6 2017/05/02 03:59:44 deraadt Exp $ */ 1/* $OpenBSD: ecs_vrf.c,v 1.7 2019/01/19 01:12:48 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -56,10 +56,10 @@
56 * 56 *
57 */ 57 */
58 58
59#include <string.h>
60#include <openssl/opensslconf.h> 59#include <openssl/opensslconf.h>
61 60
62#include "ecs_locl.h" 61#include "ecs_locl.h"
62#include "ec_lcl.h"
63#ifndef OPENSSL_NO_ENGINE 63#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h> 64#include <openssl/engine.h>
65#endif 65#endif
@@ -73,11 +73,10 @@ int
73ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, 73ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
74 EC_KEY *eckey) 74 EC_KEY *eckey)
75{ 75{
76 ECDSA_DATA *ecdsa = ecdsa_check(eckey); 76 if (eckey->meth->verify_sig != NULL)
77 77 return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
78 if (ecdsa == NULL) 78 ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
79 return 0; 79 return 0;
80 return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
81} 80}
82 81
83/* returns 82/* returns
@@ -89,25 +88,9 @@ int
89ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, 88ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
90 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) 89 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
91{ 90{
92 ECDSA_SIG *s; 91 if (eckey->meth->verify != NULL)
93 unsigned char *der = NULL; 92 return eckey->meth->verify(type, dgst, dgst_len,
94 const unsigned char *p = sigbuf; 93 sigbuf, sig_len, eckey);
95 int derlen = -1; 94 ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
96 int ret = -1; 95 return 0;
97
98 s = ECDSA_SIG_new();
99 if (s == NULL)
100 return (ret);
101 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
102 goto err;
103 /* Ensure signature uses DER and doesn't have trailing garbage */
104 derlen = i2d_ECDSA_SIG(s, &der);
105 if (derlen != sig_len || memcmp(sigbuf, der, derlen))
106 goto err;
107 ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
108
109err:
110 freezero(der, derlen);
111 ECDSA_SIG_free(s);
112 return (ret);
113} 96}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 04:28:57 +0000