From dc38b357c3a6e0db4a7172af29148961b86b0724 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 19 Jan 2019 01:07:00 +0000
Subject: Partial port of EC_KEY_METHOD from OpenSSL 1.1. This commit adds
 init/free, support for signing, setting and getting the method, engine
 support as well as extra data.

from markus
---
 src/lib/libcrypto/ecdsa/ecdsa.h    | 22 ++++++++++++++++++++-
 src/lib/libcrypto/ecdsa/ecs_locl.h | 10 +++++++++-
 src/lib/libcrypto/ecdsa/ecs_ossl.c | 39 +++++++++++++++++++++++++++++++++++++-
 src/lib/libcrypto/ecdsa/ecs_sign.c | 38 ++++++++++++++++---------------------
 4 files changed, 84 insertions(+), 25 deletions(-)

(limited to 'src/lib/libcrypto/ecdsa')

diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index 9c53230a88..12d6677ce3 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.h,v 1.5 2018/03/17 15:24:44 tb Exp $ */
+/* $OpenBSD: ecdsa.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */
 /**
  * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
  * \author Written by Nils Larsch for the OpenSSL project
@@ -269,6 +269,26 @@ int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
 void *ECDSA_get_ex_data(EC_KEY *d, int idx);
 
 
+/* XXX should be in ec.h, but needs ECDSA_SIG */
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+    int (*sign)(int type, const unsigned char *dgst,
+	int dlen, unsigned char *sig, unsigned int *siglen,
+	const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
+    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+	BIGNUM **kinvp, BIGNUM **rp),
+    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+	int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
+	EC_KEY *eckey));
+void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
+    int (**psign)(int type, const unsigned char *dgst,
+	int dlen, unsigned char *sig, unsigned int *siglen,
+	const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
+    int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+	BIGNUM **kinvp, BIGNUM **rp),
+    ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+	int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
+	EC_KEY *eckey));
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libcrypto/ecdsa/ecs_locl.h b/src/lib/libcrypto/ecdsa/ecs_locl.h
index 94e8874332..0a9f17908b 100644
--- a/src/lib/libcrypto/ecdsa/ecs_locl.h
+++ b/src/lib/libcrypto/ecdsa/ecs_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_locl.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */
+/* $OpenBSD: ecs_locl.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -81,6 +81,14 @@ typedef struct ecdsa_data_st {
  */
 ECDSA_DATA *ecdsa_check(EC_KEY *eckey);
 
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+    BIGNUM **rp);
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+    unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+    const BIGNUM *r, EC_KEY *eckey);
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+    const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey);
+
 __END_HIDDEN_DECLS
 
 #endif /* HEADER_ECS_LOCL_H */
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 87d80642df..4e05cb9aac 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.16 2018/07/10 21:36:02 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -111,6 +111,21 @@ ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, BIGNUM *order,
 	return 1;
 }
 
+int
+ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+    unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
+{
+	ECDSA_SIG *s;
+
+	if ((s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey)) == NULL) {
+		*siglen = 0;
+		return 0;
+	}
+	*siglen = i2d_ECDSA_SIG(s, &sig);
+	ECDSA_SIG_free(s);
+	return 1;
+}
+
 static int
 ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 {
@@ -234,6 +249,16 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	return (ret);
 }
 
+/* replace w/ ecdsa_sign_setup() when ECDSA_METHOD gets removed */
+int
+ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+{
+	ECDSA_DATA *ecdsa;
+
+	if ((ecdsa = ecdsa_check(eckey)) == NULL)
+		return 0;
+	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
+}
 
 static ECDSA_SIG *
 ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
@@ -384,6 +409,18 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 	return ret;
 }
 
+/* replace w/ ecdsa_do_sign() when ECDSA_METHOD gets removed */
+ECDSA_SIG *
+ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+    const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+{
+	ECDSA_DATA *ecdsa;
+
+	if ((ecdsa = ecdsa_check(eckey)) == NULL)
+		return NULL;
+	return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);
+}
+
 static int
 ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
     EC_KEY *eckey)
diff --git a/src/lib/libcrypto/ecdsa/ecs_sign.c b/src/lib/libcrypto/ecdsa/ecs_sign.c
index 029a0cb562..5beb853b94 100644
--- a/src/lib/libcrypto/ecdsa/ecs_sign.c
+++ b/src/lib/libcrypto/ecdsa/ecs_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_sign.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */
+/* $OpenBSD: ecs_sign.c,v 1.7 2019/01/19 01:07:00 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -55,11 +55,13 @@
 
 #include <openssl/opensslconf.h>
 
-#include "ecs_locl.h"
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 
+#include "ecs_locl.h"
+#include "ec_lcl.h"
+
 ECDSA_SIG *
 ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
 {
@@ -70,11 +72,10 @@ ECDSA_SIG *
 ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, const BIGNUM *kinv,
     const BIGNUM *rp, EC_KEY *eckey)
 {
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-
-	if (ecdsa == NULL)
-		return NULL;
-	return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
+	if (eckey->meth->sign_sig != NULL)
+		return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey);
+	ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+	return 0;
 }
 
 int
@@ -88,24 +89,17 @@ int
 ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
     unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
 {
-	ECDSA_SIG *s;
-
-	s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
-	if (s == NULL) {
-		*siglen = 0;
-		return 0;
-	}
-	*siglen = i2d_ECDSA_SIG(s, &sig);
-	ECDSA_SIG_free(s);
-	return 1;
+	if (eckey->meth->sign != NULL)
+		return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey);
+	ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+	return 0;
 }
 
 int
 ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 {
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-
-	if (ecdsa == NULL)
-		return 0;
-	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
+	if (eckey->meth->sign_setup != NULL)
+		return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp);
+	ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED);
+	return 0;
 }
-- 
cgit v1.2.3-55-g6feb