1 files changed, 29 insertions, 2 deletions
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
index c1b60bfcc4..78206d1223 100644
--- a/src/lib/libtls/tls_signer.c
+++ b/src/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.7 2023/06/18 17:24:09 tb Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.8 2023/06/18 17:50:28 tb Exp $ */
 /*
 * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
 *
@@ -423,6 +423,20 @@ EC_KEY_METHOD *
 tls_signer_ecdsa_method(void)
 {
        static EC_KEY_METHOD *ecdsa_method = NULL;
+        const EC_KEY_METHOD *default_method;
+        int (*keygen)(EC_KEY *key);
+        int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key,
+            EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out,
+            size_t *outlen));
+        int (*sign)(int type, const unsigned char *dgst, int dlen,
+            unsigned char *sig, unsigned int *siglen,
+            const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
+        int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+            BIGNUM **kinvp, BIGNUM **rp);
+        int (*verify)(int type, const unsigned char *dgst, int dgst_len,
+            const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+        int (*verify_sig)(const unsigned char *dgst, int dgst_len,
+            const ECDSA_SIG *sig, EC_KEY *eckey);
        pthread_mutex_lock(&signer_method_lock);
@@ -433,7 +447,20 @@ tls_signer_ecdsa_method(void)
        if (ecdsa_method == NULL)
                goto out;
-        EC_KEY_METHOD_set_sign(ecdsa_method, NULL, NULL, tls_ecdsa_do_sign);
+        default_method = EC_KEY_get_default_method();
+        EC_KEY_METHOD_get_keygen(default_method, &keygen);
+        EC_KEY_METHOD_set_keygen(ecdsa_method, keygen);
+        EC_KEY_METHOD_get_compute_key(default_method, &compute_key);
+        EC_KEY_METHOD_set_compute_key(ecdsa_method, compute_key);
+        EC_KEY_METHOD_get_sign(default_method, &sign, &sign_setup, NULL);
+        EC_KEY_METHOD_set_sign(ecdsa_method, sign, sign_setup,
+            tls_ecdsa_do_sign);
+        EC_KEY_METHOD_get_verify(default_method, &verify, &verify_sig);
+        EC_KEY_METHOD_set_verify(ecdsa_method, verify, verify_sig);
 out:
        pthread_mutex_unlock(&signer_method_lock);

diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c index c1b60bfcc4..78206d1223 100644 --- a/src/lib/libtls/tls_signer.c +++ b/src/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_signer.c,v 1.7 2023/06/18 17:24:09 tb Exp $ */	1	/* $OpenBSD: tls_signer.c,v 1.8 2023/06/18 17:50:28 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2021 Eric Faurot <eric@openbsd.org>	3	* Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
4	*	4	*
@@ -423,6 +423,20 @@ EC_KEY_METHOD *
423	tls_signer_ecdsa_method(void)	423	tls_signer_ecdsa_method(void)
424	{	424	{
425	static EC_KEY_METHOD *ecdsa_method = NULL;	425	static EC_KEY_METHOD *ecdsa_method = NULL;
		426	const EC_KEY_METHOD *default_method;
		427	int (keygen)(EC_KEY key);
		428	int (compute_key)(void out, size_t outlen, const EC_POINT *pub_key,
		429	EC_KEY ecdh, void (KDF) (const void in, size_t inlen, void *out,
		430	size_t *outlen));
		431	int (sign)(int type, const unsigned char dgst, int dlen,
		432	unsigned char sig, unsigned int siglen,
		433	const BIGNUM kinv, const BIGNUM r, EC_KEY *eckey);
		434	int (sign_setup)(EC_KEY eckey, BN_CTX *ctx_in,
		435	BIGNUM kinvp, BIGNUM rp);
		436	int (verify)(int type, const unsigned char dgst, int dgst_len,
		437	const unsigned char sigbuf, int sig_len, EC_KEY eckey);
		438	int (verify_sig)(const unsigned char dgst, int dgst_len,
		439	const ECDSA_SIG sig, EC_KEY eckey);
426		440
427	pthread_mutex_lock(&signer_method_lock);	441	pthread_mutex_lock(&signer_method_lock);
428		442
@@ -433,7 +447,20 @@ tls_signer_ecdsa_method(void)
433	if (ecdsa_method == NULL)	447	if (ecdsa_method == NULL)
434	goto out;	448	goto out;
435		449
436	EC_KEY_METHOD_set_sign(ecdsa_method, NULL, NULL, tls_ecdsa_do_sign);	450	default_method = EC_KEY_get_default_method();
		451
		452	EC_KEY_METHOD_get_keygen(default_method, &keygen);
		453	EC_KEY_METHOD_set_keygen(ecdsa_method, keygen);
		454
		455	EC_KEY_METHOD_get_compute_key(default_method, &compute_key);
		456	EC_KEY_METHOD_set_compute_key(ecdsa_method, compute_key);
		457
		458	EC_KEY_METHOD_get_sign(default_method, &sign, &sign_setup, NULL);
		459	EC_KEY_METHOD_set_sign(ecdsa_method, sign, sign_setup,
		460	tls_ecdsa_do_sign);
		461
		462	EC_KEY_METHOD_get_verify(default_method, &verify, &verify_sig);
		463	EC_KEY_METHOD_set_verify(ecdsa_method, verify, verify_sig);
437		464
438	out:	465	out:
439	pthread_mutex_unlock(&signer_method_lock);	466	pthread_mutex_unlock(&signer_method_lock);