-/* $OpenBSD: ech_key.c,v 1.14 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: ech_key.c,v 1.15 2023/06/25 18:41:36 tb Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
#include "ech_local.h"
#include "ec_local.h"
-static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
- EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-
/*
* This implementation is based on the following primitives in the IEEE 1363
* standard:
* - ECSVDP-DH
* Finally an optional KDF is applied.
*/
-static int
-ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+int
+ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
EC_KEY *ecdh,
void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
{
static ECDH_METHOD openssl_ecdh_meth = {
.name = "OpenSSL ECDH method",
- .compute_key = ecdh_compute_key
+ .compute_key = ossl_ecdh_compute_key,
};
const ECDH_METHOD *
return &openssl_ecdh_meth;
}
-/* replace w/ ecdh_compute_key() when ECDH_METHOD gets removed */
-int
-ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- EC_KEY *eckey,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
-{
- ECDH_DATA *ecdh;
-
- if ((ecdh = ecdh_check(eckey)) == NULL)
- return 0;
- return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
-}
-
int
ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
EC_KEY *eckey,
-/* $OpenBSD: ecs_ossl.c,v 1.34 2023/06/25 18:35:28 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.35 2023/06/25 18:41:36 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project
*/
static int ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len,
BIGNUM *order, BIGNUM *ret);
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
- const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp);
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
static ECDSA_METHOD openssl_ecdsa_meth = {
.name = "OpenSSL ECDSA method",
- .ecdsa_do_sign = ecdsa_do_sign,
- .ecdsa_sign_setup = ecdsa_sign_setup,
- .ecdsa_do_verify = ecdsa_do_verify
+ .ecdsa_do_sign = ossl_ecdsa_sign_sig,
+ .ecdsa_sign_setup = ossl_ecdsa_sign_setup,
+ .ecdsa_do_verify = ossl_ecdsa_verify_sig,
};
const ECDSA_METHOD *
return ret;
}
-static int
-ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+int
+ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
BN_CTX *ctx = ctx_in;
BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
return (ret);
}
-/* replace w/ ecdsa_sign_setup() when ECDSA_METHOD gets removed */
-int
-ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-{
- ECDSA_DATA *ecdsa;
-
- if ((ecdsa = ecdsa_check(eckey)) == NULL)
- return 0;
- return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
-}
-
-
/*
* It is too expensive to check curve parameters on every sign operation.
* Instead, cap the number of retries. A single retry is very unlikely, so
*/
#define ECDSA_MAX_SIGN_ITERATIONS 32
-static ECDSA_SIG *
-ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+ECDSA_SIG *
+ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
{
BIGNUM *b = NULL, *binv = NULL, *bm = NULL, *bxr = NULL;
return ret;
}
-/* replace w/ ecdsa_do_sign() when ECDSA_METHOD gets removed */
-ECDSA_SIG *
-ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
- const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-{
- ECDSA_DATA *ecdsa;
-
- if ((ecdsa = ecdsa_check(eckey)) == NULL)
- return NULL;
- return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey);
-}
-
int
ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
return (ret);
}
-static int
-ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
+int
+ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
EC_KEY *eckey)
{
BN_CTX *ctx;
return ret;
}
-/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */
-int
-ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey)
-{
- ECDSA_DATA *ecdsa;
-
- if ((ecdsa = ecdsa_check(eckey)) == NULL)
- return 0;
- return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
-}
-
ECDSA_SIG *
ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
{
projects / openbsd / commitdiff