From e1991105df8fe12032795b7f34ed61fd9272e525 Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 18 Mar 2026 08:02:40 +0000 Subject: libcrypto: prefix EC_KEY methods with ec_key_ We received reports that the too generic internal ecdsa_{sign,verify}() symbol names clash in some static links. The naming here is annoying because the EC_KEY_METHOD amalgamated the no longer existing ECDH and ECDSA methods which themselves had poorly chosen method names, still reflected in public API. There are various messes here. The ECDSA verify methods are declared in ec_local.h, whereas the ECDSA sign methods are in ecdsa_local.h (which is itself pretty useless and really only about EC_KEY_METHOD). I therefore merged the ECDSA method declarations into ec_local.h and deleted ecdsa_local.h since I see no real benefit to the latter. ecdsa.c needs ec_local.h anyway. Having the method declarations next to EC_KEY_METHOD seems sensible. I left the order as it was, matching ecdsa.c. The eckey_compute_pubkey() prototype should probably be moved down. With one exception I just added an ec_key_ prefix. This leads to a a repetition of 'key' in ec_key_ecdh_compute_key() which I chose to live with because it matches the public ECDH_compute_key() (mostly used by SSH implementations). The exception is ec_key_generate_key() where I expanded the gen() leading to another _key repetition but this then matches EC_KEY_generate_key(). Thanks to Rosen Penev for reporting and sending an initial diff. See also https://github.com/gsliepen/tinc/issues/478 ok jsing --- src/lib/libcrypto/ec/ec_key.c | 19 +++++---- src/lib/libcrypto/ec/ec_local.h | 16 ++++++-- src/lib/libcrypto/ecdh/ecdh.c | 6 +-- src/lib/libcrypto/ecdsa/ecdsa.c | 14 +++---- src/lib/libcrypto/ecdsa/ecdsa_local.h | 76 ----------------------------------- 5 files changed, 31 insertions(+), 100 deletions(-) delete mode 100644 src/lib/libcrypto/ecdsa/ecdsa_local.h (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index e9777019c8..a32533ec73 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.52 2025/05/10 05:54:38 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.53 2026/03/18 08:02:40 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -69,7 +69,6 @@ #include "bn_local.h" #include "ec_local.h" -#include "ecdsa_local.h" #include "err_local.h" EC_KEY * @@ -236,7 +235,7 @@ EC_KEY_generate_key(EC_KEY *eckey) LCRYPTO_ALIAS(EC_KEY_generate_key); static int -ec_key_gen(EC_KEY *eckey) +ec_key_generate_key(EC_KEY *eckey) { BIGNUM *priv_key = NULL; EC_POINT *pub_key = NULL; @@ -771,15 +770,15 @@ static const EC_KEY_METHOD openssl_ec_key_method = { .set_private = NULL, .set_public = NULL, - .keygen = ec_key_gen, - .compute_key = ecdh_compute_key, + .keygen = ec_key_generate_key, + .compute_key = ec_key_ecdh_compute_key, - .sign = ecdsa_sign, - .sign_setup = ecdsa_sign_setup, - .sign_sig = ecdsa_sign_sig, + .sign = ec_key_ecdsa_sign, + .sign_setup = ec_key_ecdsa_sign_setup, + .sign_sig = ec_key_ecdsa_sign_sig, - .verify = ecdsa_verify, - .verify_sig = ecdsa_verify_sig, + .verify = ec_key_ecdsa_verify, + .verify_sig = ec_key_ecdsa_verify_sig, }; const EC_KEY_METHOD * diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h index d84e92767c..cb7612b39f 100644 --- a/src/lib/libcrypto/ec/ec_local.h +++ b/src/lib/libcrypto/ec/ec_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_local.h,v 1.73 2025/12/26 18:42:33 tb Exp $ */ +/* $OpenBSD: ec_local.h,v 1.74 2026/03/18 08:02:40 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -256,11 +256,19 @@ struct ec_key_st { } /* EC_KEY */; int eckey_compute_pubkey(EC_KEY *eckey); -int ecdh_compute_key(unsigned char **out, size_t *out_len, + +int ec_key_ecdh_compute_key(unsigned char **out, size_t *out_len, const EC_POINT *pub_key, const EC_KEY *ecdh); -int ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, +int ec_key_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, + BIGNUM **out_r); +int ec_key_ecdsa_sign(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, + const BIGNUM *r, EC_KEY *eckey); +ECDSA_SIG *ec_key_ecdsa_sign_sig(const unsigned char *digest, int digest_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey); +int ec_key_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); -int ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, +int ec_key_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); /* diff --git a/src/lib/libcrypto/ecdh/ecdh.c b/src/lib/libcrypto/ecdh/ecdh.c index c3affed682..f970db7750 100644 --- a/src/lib/libcrypto/ecdh/ecdh.c +++ b/src/lib/libcrypto/ecdh/ecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdh.c,v 1.12 2025/05/10 05:54:38 tb Exp $ */ +/* $OpenBSD: ecdh.c,v 1.13 2026/03/18 08:02:40 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -143,8 +143,8 @@ ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, * Based on the ECKAS-DH1 and ECSVDP-DH primitives in the IEEE 1363 standard. */ int -ecdh_compute_key(unsigned char **out, size_t *out_len, const EC_POINT *pub_key, - const EC_KEY *ecdh) +ec_key_ecdh_compute_key(unsigned char **out, size_t *out_len, + const EC_POINT *pub_key, const EC_KEY *ecdh) { BN_CTX *ctx; BIGNUM *x; diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c index 1be139a695..735b165568 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.c +++ b/src/lib/libcrypto/ecdsa/ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.c,v 1.21 2026/03/16 22:19:32 tb Exp $ */ +/* $OpenBSD: ecdsa.c,v 1.22 2026/03/18 08:02:40 tb Exp $ */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -64,7 +64,6 @@ #include "bn_local.h" #include "ec_local.h" -#include "ecdsa_local.h" #include "err_local.h" struct ECDSA_SIG_st { @@ -222,7 +221,7 @@ ecdsa_prepare_digest(const unsigned char *digest, int digest_len, } int -ecdsa_sign(int type, const unsigned char *digest, int digest_len, +ec_key_ecdsa_sign(int type, const unsigned char *digest, int digest_len, unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *key) { @@ -271,7 +270,8 @@ LCRYPTO_ALIAS(ECDSA_sign); */ int -ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r) +ec_key_ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, + BIGNUM **out_r) { const EC_GROUP *group; EC_POINT *point = NULL; @@ -522,7 +522,7 @@ ecdsa_compute_s(BIGNUM **out_s, const BIGNUM *e, const BIGNUM *kinv, */ ECDSA_SIG * -ecdsa_sign_sig(const unsigned char *digest, int digest_len, +ec_key_ecdsa_sign_sig(const unsigned char *digest, int digest_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *key) { BN_CTX *ctx = NULL; @@ -605,7 +605,7 @@ ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) LCRYPTO_ALIAS(ECDSA_do_sign); int -ecdsa_verify(int type, const unsigned char *digest, int digest_len, +ec_key_ecdsa_verify(int type, const unsigned char *digest, int digest_len, const unsigned char *sigbuf, int sig_len, EC_KEY *key) { ECDSA_SIG *s; @@ -654,7 +654,7 @@ LCRYPTO_ALIAS(ECDSA_verify); */ int -ecdsa_verify_sig(const unsigned char *digest, int digest_len, +ec_key_ecdsa_verify_sig(const unsigned char *digest, int digest_len, const ECDSA_SIG *sig, EC_KEY *key) { const EC_GROUP *group; diff --git a/src/lib/libcrypto/ecdsa/ecdsa_local.h b/src/lib/libcrypto/ecdsa/ecdsa_local.h deleted file mode 100644 index f254d39323..0000000000 --- a/src/lib/libcrypto/ecdsa/ecdsa_local.h +++ /dev/null @@ -1,76 +0,0 @@ -/* $OpenBSD: ecdsa_local.h,v 1.3 2026/03/16 22:19:32 tb Exp $ */ -/* - * Written by Nils Larsch for the OpenSSL project - */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_ECS_LOCAL_H -#define HEADER_ECS_LOCAL_H - -#include - -__BEGIN_HIDDEN_DECLS - -int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, - BIGNUM **out_r); -int ecdsa_sign(int type, const unsigned char *digest, int digest_len, - unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, - const BIGNUM *r, EC_KEY *eckey); -ECDSA_SIG *ecdsa_sign_sig(const unsigned char *digest, int digest_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_ECS_LOCAL_H */ -- cgit v1.2.3-55-g6feb