4 files changed, 33 insertions, 25 deletions
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 6b5d7b4af7..f711d55050 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.41 2023/04/27 07:10:05 tb Exp $ */
+/* $OpenBSD: ec.h,v 1.42 2023/07/05 17:10:10 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -606,6 +606,7 @@ void ERR_load_EC_strings(void);
 /* Reason codes. */
 #define EC_R_ASN1_ERROR                                  115
 #define EC_R_ASN1_UNKNOWN_FIELD                          116
+#define EC_R_BAD_SIGNATURE                               166
 #define EC_R_BIGNUM_OUT_OF_RANGE                         144
 #define EC_R_BUFFER_TOO_SMALL                            100
 #define EC_R_COORDINATES_OUT_OF_RANGE                    146
@@ -633,10 +634,13 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_PENTANOMIAL_BASIS                   132
 #define EC_R_INVALID_PRIVATE_KEY                         123
 #define EC_R_INVALID_TRINOMIAL_BASIS                     137
+#define EC_R_KDF_FAILED                                  167
 #define EC_R_KDF_PARAMETER_ERROR                         148
+#define EC_R_KEY_TRUNCATION                              168
 #define EC_R_KEYS_NOT_SET                                140
 #define EC_R_MISSING_PARAMETERS                          124
 #define EC_R_MISSING_PRIVATE_KEY                         125
+#define EC_R_NEED_NEW_SETUP_VALUES                       170
 #define EC_R_NOT_A_NIST_PRIME                            135
 #define EC_R_NOT_A_SUPPORTED_NIST_PRIME                  136
 #define EC_R_NOT_IMPLEMENTED                             126
@@ -647,6 +651,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_PEER_KEY_ERROR                              149
 #define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
 #define EC_R_POINT_AT_INFINITY                           106
+#define EC_R_POINT_ARITHMETIC_FAILURE                    169
 #define EC_R_POINT_IS_NOT_ON_CURVE                       107
 #define EC_R_SHARED_INFO_ERROR                           150
 #define EC_R_SLOT_FULL                                   108
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index be6a284599..d10b8e6f7d 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_err.c,v 1.15 2022/11/19 07:00:57 tb Exp $ */
+/* $OpenBSD: ec_err.c,v 1.16 2023/07/05 17:10:10 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -74,6 +74,7 @@ static ERR_STRING_DATA EC_str_reasons[] =
 {
        {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
        {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
+        {ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
        {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
        {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
        {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"},
@@ -101,10 +102,13 @@ static ERR_STRING_DATA EC_str_reasons[] =
        {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
        {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
        {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
+        {ERR_REASON(EC_R_KDF_FAILED), "kdf failed"},
        {ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+        {ERR_REASON(EC_R_KEY_TRUNCATION), "key would be truncated"},
        {ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
        {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
        {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+        {ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
        {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
        {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME), "not a supported NIST prime"},
        {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
@@ -114,6 +118,7 @@ static ERR_STRING_DATA EC_str_reasons[] =
        {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
        {ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"},
        {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), "pkparameters2group failure"},
+        {ERR_REASON(EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
        {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
        {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
        {ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},
diff --git a/src/lib/libcrypto/ecdh/ecdh.c b/src/lib/libcrypto/ecdh/ecdh.c
index d0486777e3..1179564030 100644
--- a/src/lib/libcrypto/ecdh/ecdh.c
+++ b/src/lib/libcrypto/ecdh/ecdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdh.c,v 1.2 2023/07/05 14:39:05 tb Exp $ */
+/* $OpenBSD: ecdh.c,v 1.3 2023/07/05 17:10:10 tb Exp $ */
 /* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
@@ -187,7 +187,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
        }
        if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) {
-                ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
+                ECerror(EC_R_MISSING_PRIVATE_KEY);
                goto err;
        }
@@ -204,12 +204,12 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
        }
        if (!EC_POINT_mul(group, point, NULL, pub_key, priv_key, ctx)) {
-                ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
+                ECerror(EC_R_POINT_ARITHMETIC_FAILURE);
                goto err;
        }
        if (!EC_POINT_get_affine_coordinates(group, point, x, NULL, ctx)) {
-                ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
+                ECerror(EC_R_POINT_ARITHMETIC_FAILURE);
                goto err;
        }
@@ -219,7 +219,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
        }
        if (KDF == NULL && outlen < buflen) {
                /* The resulting key would be truncated. */
-                ECDHerror(ECDH_R_KEY_TRUNCATION);
+                ECerror(EC_R_KEY_TRUNCATION);
                goto err;
        }
        if ((buf = malloc(buflen)) == NULL) {
@@ -233,7 +233,7 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh
        if (KDF != NULL) {
                if (KDF(buf, buflen, out, &outlen) == NULL) {
-                        ECDHerror(ECDH_R_KDF_FAILED);
+                        ECerror(EC_R_KDF_FAILED);
                        goto err;
                }
        } else {
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c
index 5d6175a787..b9c7ea6381 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.c
+++ b/src/lib/libcrypto/ecdsa/ecdsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.c,v 1.9 2023/07/05 14:41:18 tb Exp $ */
+/* $OpenBSD: ecdsa.c,v 1.10 2023/07/05 17:10:10 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -315,10 +315,8 @@ ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r)
        /* Step 11: repeat until r != 0. */
        do {
                /* Step 3: generate random k. */
-                if (!bn_rand_interval(k, BN_value_one(), order)) {
+                if (!bn_rand_interval(k, BN_value_one(), order))
-                        ECDSAerror(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
                        goto err;
-                }
                /*
                 * We do not want timing information to leak the length of k,
@@ -436,7 +434,7 @@ ecdsa_compute_s(BIGNUM **out_s, const BIGNUM *e, const BIGNUM *kinv,
         * can't rely on this being the case.
         */
        if (BN_cmp(r, BN_value_one()) < 0 || BN_cmp(r, order) >= 0) {
-                ECDSAerror(ECDSA_R_BAD_SIGNATURE);
+                ECerror(EC_R_BAD_SIGNATURE);
                goto err;
        }
@@ -552,7 +550,7 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len,
                /* Steps 3-8: calculate kinv and r. */
                if (!caller_supplied_values) {
                        if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) {
-                                ECDSAerror(ERR_R_ECDSA_LIB);
+                                ECerror(ERR_R_EC_LIB);
                                goto err;
                        }
                }
@@ -566,7 +564,7 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len,
                        break;
                if (caller_supplied_values) {
-                        ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES);
+                        ECerror(EC_R_NEED_NEW_SETUP_VALUES);
                        goto err;
                }
@@ -648,15 +646,15 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len,
        int ret = -1;
        if (key == NULL || sig == NULL) {
-                ECDSAerror(ECDSA_R_MISSING_PARAMETERS);
+                ECerror(EC_R_MISSING_PARAMETERS);
                goto err;
        }
        if ((group = EC_KEY_get0_group(key)) == NULL) {
-                ECDSAerror(ECDSA_R_MISSING_PARAMETERS);
+                ECerror(EC_R_MISSING_PARAMETERS);
                goto err;
        }
        if ((pub_key = EC_KEY_get0_public_key(key)) == NULL) {
-                ECDSAerror(ECDSA_R_MISSING_PARAMETERS);
+                ECerror(EC_R_MISSING_PARAMETERS);
                goto err;
        }
@@ -685,12 +683,12 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len,
        /* Step 1: verify that r and s are in the range [1, order). */
        if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_cmp(sig->r, order) >= 0) {
-                ECDSAerror(ECDSA_R_BAD_SIGNATURE);
+                ECerror(EC_R_BAD_SIGNATURE);
                ret = 0;
                goto err;
        }
        if (BN_cmp(sig->s, BN_value_one()) < 0 || BN_cmp(sig->s, order) >= 0) {
-                ECDSAerror(ECDSA_R_BAD_SIGNATURE);
+                ECerror(EC_R_BAD_SIGNATURE);
                ret = 0;
                goto err;
        }
@@ -759,7 +757,7 @@ ECDSA_do_sign_ex(const unsigned char *digest, int digest_len,
    const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key)
 {
        if (key->meth->sign_sig == NULL) {
-                ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+                ECerror(EC_R_NOT_IMPLEMENTED);
                return 0;
        }
        return key->meth->sign_sig(digest, digest_len, kinv, out_r, key);
@@ -779,7 +777,7 @@ ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len,
    const BIGNUM *r, EC_KEY *key)
 {
        if (key->meth->sign == NULL) {
-                ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+                ECerror(EC_R_NOT_IMPLEMENTED);
                return 0;
        }
        return key->meth->sign(type, digest, digest_len, signature,
@@ -791,7 +789,7 @@ ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv,
    BIGNUM **out_r)
 {
        if (key->meth->sign_setup == NULL) {
-                ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+                ECerror(EC_R_NOT_IMPLEMENTED);
                return 0;
        }
        return key->meth->sign_setup(key, in_ctx, out_kinv, out_r);
@@ -802,7 +800,7 @@ ECDSA_do_verify(const unsigned char *digest, int digest_len,
    const ECDSA_SIG *sig, EC_KEY *key)
 {
        if (key->meth->verify_sig == NULL) {
-                ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+                ECerror(EC_R_NOT_IMPLEMENTED);
                return 0;
        }
        return key->meth->verify_sig(digest, digest_len, sig, key);
@@ -813,7 +811,7 @@ ECDSA_verify(int type, const unsigned char *digest, int digest_len,
    const unsigned char *sigbuf, int sig_len, EC_KEY *key)
 {
        if (key->meth->verify == NULL) {
-                ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+                ECerror(EC_R_NOT_IMPLEMENTED);
                return 0;
        }
        return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key);