From 218661de900da92c9972c9c1086ae16097930ac2 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 28 Jul 2023 08:57:46 +0000 Subject: [PATCH] Place public ECDSA API next to the internal methods It is hard to remember that ECDSA_do_{sign,verify}() call ecdsa_sign_sig(). Especially since the distinction to ECDSA_{sign,verify}() isn't clear from the names. To add to the confusion, the public API is ordered differently than the methods they call. So in this case it seems tidier to place the public API next to the methods. ok jsing --- lib/libcrypto/ecdsa/ecdsa.c | 99 ++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 51 deletions(-) diff --git a/lib/libcrypto/ecdsa/ecdsa.c b/lib/libcrypto/ecdsa/ecdsa.c index fea05649467..38ae4152772 100644 --- a/lib/libcrypto/ecdsa/ecdsa.c +++ b/lib/libcrypto/ecdsa/ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.c,v 1.14 2023/07/28 08:54:41 tb Exp $ */ +/* $OpenBSD: ecdsa.c,v 1.15 2023/07/28 08:57:46 tb Exp $ */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -71,9 +71,6 @@ #include "ec_local.h" #include "ecdsa_local.h" -static int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv, - BIGNUM **out_r); - static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { { .flags = 0, @@ -254,6 +251,19 @@ ecdsa_sign(int type, const unsigned char *digest, int digest_len, return ret; } +int +ECDSA_sign(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, EC_KEY *key) +{ + if (key->meth->sign == NULL) { + ECerror(EC_R_NOT_IMPLEMENTED); + return 0; + } + return key->meth->sign(type, digest, digest_len, signature, + signature_len, NULL, NULL, key); +} +LCRYPTO_ALIAS(ECDSA_sign); + /* * FIPS 186-5, section 6.4.1, steps 3-8 and 11: Generate k, calculate r and * kinv. If r == 0, try again with a new random k. @@ -399,6 +409,17 @@ ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r) return ret; } +static int +ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, + BIGNUM **out_r) +{ + if (key->meth->sign_setup == NULL) { + ECerror(EC_R_NOT_IMPLEMENTED); + return 0; + } + return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); +} + /* * FIPS 186-5, section 6.4.1, step 9: compute s = inv(k)(e + xr) mod order. * In order to reduce the possibility of a side-channel attack, the following @@ -592,6 +613,17 @@ ecdsa_sign_sig(const unsigned char *digest, int digest_len, return sig; } +ECDSA_SIG * +ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) +{ + if (key->meth->sign_sig == NULL) { + ECerror(EC_R_NOT_IMPLEMENTED); + return 0; + } + return key->meth->sign_sig(digest, digest_len, NULL, NULL, key); +} +LCRYPTO_ALIAS(ECDSA_do_sign); + int ecdsa_verify(int type, const unsigned char *digest, int digest_len, const unsigned char *sigbuf, int sig_len, EC_KEY *key) @@ -624,6 +656,18 @@ ecdsa_verify(int type, const unsigned char *digest, int digest_len, return ret; } +int +ECDSA_verify(int type, const unsigned char *digest, int digest_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *key) +{ + if (key->meth->verify == NULL) { + ECerror(EC_R_NOT_IMPLEMENTED); + return 0; + } + return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key); +} +LCRYPTO_ALIAS(ECDSA_verify); + /* * FIPS 186-5, section 6.4.2: ECDSA signature verification. * The caller provides us with the hash of the message, so has performed step 2. @@ -742,41 +786,6 @@ ecdsa_verify_sig(const unsigned char *digest, int digest_len, return ret; } -ECDSA_SIG * -ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key) -{ - if (key->meth->sign_sig == NULL) { - ECerror(EC_R_NOT_IMPLEMENTED); - return 0; - } - return key->meth->sign_sig(digest, digest_len, NULL, NULL, key); -} -LCRYPTO_ALIAS(ECDSA_do_sign); - -int -ECDSA_sign(int type, const unsigned char *digest, int digest_len, - unsigned char *signature, unsigned int *signature_len, EC_KEY *key) -{ - if (key->meth->sign == NULL) { - ECerror(EC_R_NOT_IMPLEMENTED); - return 0; - } - return key->meth->sign(type, digest, digest_len, signature, - signature_len, NULL, NULL, key); -} -LCRYPTO_ALIAS(ECDSA_sign); - -static int -ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, - BIGNUM **out_r) -{ - if (key->meth->sign_setup == NULL) { - ECerror(EC_R_NOT_IMPLEMENTED); - return 0; - } - return key->meth->sign_setup(key, in_ctx, out_kinv, out_r); -} - int ECDSA_do_verify(const unsigned char *digest, int digest_len, const ECDSA_SIG *sig, EC_KEY *key) @@ -788,15 +797,3 @@ ECDSA_do_verify(const unsigned char *digest, int digest_len, return key->meth->verify_sig(digest, digest_len, sig, key); } LCRYPTO_ALIAS(ECDSA_do_verify); - -int -ECDSA_verify(int type, const unsigned char *digest, int digest_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *key) -{ - if (key->meth->verify == NULL) { - ECerror(EC_R_NOT_IMPLEMENTED); - return 0; - } - return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key); -} -LCRYPTO_ALIAS(ECDSA_verify); -- 2.20.1