Make extended ECDSA signing routines internal

ECDSA_sign_setup() permits precomputing the values of the inverse of the
random k and the corresponding r. These can then be fed into the signing
routines ECDSA_{do_,}sign_ex() multiple times if needed. This is not a
great idea and the interface adds a lot of unwanted complexity.

Not to mention that nothing ever used this correctly - if s works out to
0, a special error code is thrown requesting that the caller provide new
kinv and r values. Unsurprisingly, nobody ever checked for that special
error code.

ok jsing

This commit marks the start of a libcrypto major bump. Do not build the
tree until I bumped the shlib_version and synced file sets (in about 35
commits).

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 626cd78..00d9cfa 100644 (file)
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -1028,7 +1028,6 @@ ECDSA_SIG_it
 ECDSA_SIG_new
 ECDSA_SIG_set0
 ECDSA_do_sign
-ECDSA_do_sign_ex
 ECDSA_do_verify
 ECDSA_get_default_method
 ECDSA_get_ex_data
@@ -1037,8 +1036,6 @@ ECDSA_set_default_method
 ECDSA_set_ex_data
 ECDSA_set_method
 ECDSA_sign
-ECDSA_sign_ex
-ECDSA_sign_setup
 ECDSA_size
 ECDSA_verify
 ECPARAMETERS_free

diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index 60d6195..186e065 100644 (file)
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace
@@ -1429,16 +1429,13 @@ _libre_ECDSA_SIG_get0_r
 _libre_ECDSA_SIG_get0_s
 _libre_ECDSA_SIG_set0
 _libre_ECDSA_do_sign
-_libre_ECDSA_do_sign_ex
 _libre_ECDSA_do_verify
 _libre_ECDSA_OpenSSL
 _libre_ECDSA_set_default_method
 _libre_ECDSA_get_default_method
 _libre_ECDSA_set_method
 _libre_ECDSA_size
-_libre_ECDSA_sign_setup
 _libre_ECDSA_sign
-_libre_ECDSA_sign_ex
 _libre_ECDSA_verify
 _libre_ECDSA_get_ex_new_index
 _libre_ECDSA_set_ex_data

diff --git a/lib/libcrypto/ecdsa/ecdsa.c b/lib/libcrypto/ecdsa/ecdsa.c
index e47ec21..17f968f 100644 (file)
--- a/lib/libcrypto/ecdsa/ecdsa.c
+++ b/lib/libcrypto/ecdsa/ecdsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.c,v 1.12 2023/07/10 19:10:51 tb Exp $ */
+/* $OpenBSD: ecdsa.c,v 1.13 2023/07/28 08:49:43 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -71,6 +71,14 @@
 #include "ec_local.h"
 #include "ecdsa_local.h"
 
+static ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+    const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+static int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+    unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+    const BIGNUM *rp, EC_KEY *eckey);
+static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
+    BIGNUM **out_r);
+
 static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = {
        {
                .flags = 0,
@@ -762,7 +770,7 @@ ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key)
 }
 LCRYPTO_ALIAS(ECDSA_do_sign);
 
-ECDSA_SIG *
+static ECDSA_SIG *
 ECDSA_do_sign_ex(const unsigned char *digest, int digest_len,
     const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key)
 {
@@ -772,7 +780,6 @@ ECDSA_do_sign_ex(const unsigned char *digest, int digest_len,
        }
        return key->meth->sign_sig(digest, digest_len, kinv, out_r, key);
 }
-LCRYPTO_ALIAS(ECDSA_do_sign_ex);
 
 int
 ECDSA_sign(int type, const unsigned char *digest, int digest_len,
@@ -783,7 +790,7 @@ ECDSA_sign(int type, const unsigned char *digest, int digest_len,
 }
 LCRYPTO_ALIAS(ECDSA_sign);
 
-int
+static int
 ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len,
     unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
     const BIGNUM *r, EC_KEY *key)
@@ -795,9 +802,8 @@ ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len,
        return key->meth->sign(type, digest, digest_len, signature,
            signature_len, kinv, r, key);
 }
-LCRYPTO_ALIAS(ECDSA_sign_ex);
 
-int
+static int
 ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv,
     BIGNUM **out_r)
 {
@@ -807,7 +813,6 @@ ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv,
        }
        return key->meth->sign_setup(key, in_ctx, out_kinv, out_r);
 }
-LCRYPTO_ALIAS(ECDSA_sign_setup);
 
 int
 ECDSA_do_verify(const unsigned char *digest, int digest_len,

diff --git a/lib/libcrypto/ecdsa/ecdsa.h b/lib/libcrypto/ecdsa/ecdsa.h
index 2e6b672..9960a4b 100644 (file)
--- a/lib/libcrypto/ecdsa/ecdsa.h
+++ b/lib/libcrypto/ecdsa/ecdsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.h,v 1.16 2023/06/19 09:12:41 tb Exp $ */
+/* $OpenBSD: ecdsa.h,v 1.17 2023/07/28 08:49:43 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -108,8 +108,6 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
 
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
     EC_KEY *eckey);
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
-    const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
     const ECDSA_SIG *sig, EC_KEY* eckey);
 
@@ -119,13 +117,8 @@ const ECDSA_METHOD *ECDSA_get_default_method(void);
 int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
 int ECDSA_size(const EC_KEY *eckey);
 
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
-    BIGNUM **rp);
 int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
     unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
-    unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
-    const BIGNUM *rp, EC_KEY *eckey);
 int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
     const unsigned char *sig, int siglen, EC_KEY *eckey);
 

diff --git a/lib/libcrypto/hidden/openssl/ecdsa.h b/lib/libcrypto/hidden/openssl/ecdsa.h
index ef8a789..b2563ed 100644 (file)
--- a/lib/libcrypto/hidden/openssl/ecdsa.h
+++ b/lib/libcrypto/hidden/openssl/ecdsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: ecdsa.h,v 1.3 2023/07/28 08:49:43 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -34,16 +34,13 @@ LCRYPTO_USED(ECDSA_SIG_get0_r);
 LCRYPTO_USED(ECDSA_SIG_get0_s);
 LCRYPTO_USED(ECDSA_SIG_set0);
 LCRYPTO_USED(ECDSA_do_sign);
-LCRYPTO_USED(ECDSA_do_sign_ex);
 LCRYPTO_USED(ECDSA_do_verify);
 LCRYPTO_USED(ECDSA_OpenSSL);
 LCRYPTO_USED(ECDSA_set_default_method);
 LCRYPTO_USED(ECDSA_get_default_method);
 LCRYPTO_USED(ECDSA_set_method);
 LCRYPTO_USED(ECDSA_size);
-LCRYPTO_USED(ECDSA_sign_setup);
 LCRYPTO_USED(ECDSA_sign);
-LCRYPTO_USED(ECDSA_sign_ex);
 LCRYPTO_USED(ECDSA_verify);
 LCRYPTO_USED(ECDSA_get_ex_new_index);
 LCRYPTO_USED(ECDSA_set_ex_data);