From d2dc663eb59b23045f0d0e1c184a58d901071261 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 28 Jul 2023 09:16:17 +0000 Subject: [PATCH] Merge ecdsa.h into ec.h Move the remaining ECDSA API into ec.h to match OpenSSL 1.1's interface better. In particular, the EC_KEY sign and verify method accessors are moved to the right header. Whether the rest of the ECDSA stuff belongs there is debatable, but that was upstream's choice. ok jsing --- lib/libcrypto/ec/ec.h | 51 +++++++++- lib/libcrypto/ecdsa/ecdsa.h | 140 +-------------------------- lib/libcrypto/hidden/openssl/ec.h | 19 +++- lib/libcrypto/hidden/openssl/ecdsa.h | 46 --------- 4 files changed, 70 insertions(+), 186 deletions(-) delete mode 100644 lib/libcrypto/hidden/openssl/ecdsa.h diff --git a/lib/libcrypto/ec/ec.h b/lib/libcrypto/ec/ec.h index f711d550503..aac3537655a 100644 --- a/lib/libcrypto/ec/ec.h +++ b/lib/libcrypto/ec/ec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.h,v 1.42 2023/07/05 17:10:10 tb Exp $ */ +/* $OpenBSD: ec.h,v 1.43 2023/07/28 09:16:17 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -326,6 +326,31 @@ void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); EC_KEY *EC_KEY_new_method(ENGINE *engine); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +ECDSA_SIG *ECDSA_SIG_new(void); +void ECDSA_SIG_free(ECDSA_SIG *sig); +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +int ECDSA_size(const EC_KEY *eckey); + +ECDSA_SIG *ECDSA_do_sign(const unsigned char *digest, int digest_len, + EC_KEY *eckey); +int ECDSA_do_verify(const unsigned char *digest, int digest_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +int ECDSA_sign(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, EC_KEY *eckey); +int ECDSA_verify(int type, const unsigned char *digest, int digest_len, + const unsigned char *signature, int signature_len, EC_KEY *eckey); + EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, @@ -340,6 +365,18 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))); +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *digest, int digest_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)); +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned char *digest, int digest_len, + const unsigned char *signature, int signature_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *digest, int digest_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, int (**pinit)(EC_KEY *key), void (**pfinish)(EC_KEY *key), @@ -352,6 +389,18 @@ void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))); +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *digest, int digest_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)); +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned char *digest, int digest_len, + const unsigned char *signature, int signature_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *digest, int digest_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); EC_KEY *ECParameters_dup(EC_KEY *key); diff --git a/lib/libcrypto/ecdsa/ecdsa.h b/lib/libcrypto/ecdsa/ecdsa.h index 4b4a10ced43..9f498eb4a25 100644 --- a/lib/libcrypto/ecdsa/ecdsa.h +++ b/lib/libcrypto/ecdsa/ecdsa.h @@ -1,142 +1,6 @@ -/* $OpenBSD: ecdsa.h,v 1.19 2023/07/28 09:08:31 tb Exp $ */ +/* $OpenBSD: ecdsa.h,v 1.20 2023/07/28 09:16:17 tb Exp $ */ /* - * Written by Nils Larsch for the OpenSSL project + * Public domain. */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#ifndef HEADER_ECDSA_H -#define HEADER_ECDSA_H - -#include - -#ifdef OPENSSL_NO_ECDSA -#error ECDSA is disabled. -#endif -#include #include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct ECDSA_SIG_st ECDSA_SIG; - -/* - * If this flag is set, the ECDSA method is FIPS compliant and can be used - * in FIPS mode. This is set in the validated module method. If an - * application sets this flag in its own methods it is its responsibility - * to ensure the result is compliant. - */ - -#define ECDSA_FLAG_FIPS_METHOD 0x1 - -ECDSA_SIG *ECDSA_SIG_new(void); -void ECDSA_SIG_free(ECDSA_SIG *sig); -int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); -void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); - -const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); -const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); - -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, - EC_KEY *eckey); -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY* eckey); - -int ECDSA_size(const EC_KEY *eckey); - -int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, EC_KEY *eckey); - -/* XXX should be in ec.h, but needs ECDSA_SIG */ -void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, - int (*sign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), - int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, - int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey)); -void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, - int (*verify)(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), - int (*verify_sig)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey)); -void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, - int (**psign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), - int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, - int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey)); -void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, - int (**pverify)(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), - int (**pverify_sig)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey)); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/lib/libcrypto/hidden/openssl/ec.h b/lib/libcrypto/hidden/openssl/ec.h index 5e4121eac3f..d2d65945e5d 100644 --- a/lib/libcrypto/hidden/openssl/ec.h +++ b/lib/libcrypto/hidden/openssl/ec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: ec.h,v 1.3 2023/07/28 09:16:17 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -132,14 +132,31 @@ LCRYPTO_USED(EC_KEY_set_default_method); LCRYPTO_USED(EC_KEY_get_method); LCRYPTO_USED(EC_KEY_set_method); LCRYPTO_USED(EC_KEY_new_method); +LCRYPTO_USED(ECDSA_SIG_new); +LCRYPTO_USED(ECDSA_SIG_free); +LCRYPTO_USED(i2d_ECDSA_SIG); +LCRYPTO_USED(d2i_ECDSA_SIG); +LCRYPTO_USED(ECDSA_SIG_get0_r); +LCRYPTO_USED(ECDSA_SIG_get0_s); +LCRYPTO_USED(ECDSA_SIG_get0); +LCRYPTO_USED(ECDSA_SIG_set0); +LCRYPTO_USED(ECDSA_size); +LCRYPTO_USED(ECDSA_do_sign); +LCRYPTO_USED(ECDSA_do_verify); +LCRYPTO_USED(ECDSA_sign); +LCRYPTO_USED(ECDSA_verify); LCRYPTO_USED(EC_KEY_METHOD_new); LCRYPTO_USED(EC_KEY_METHOD_free); LCRYPTO_USED(EC_KEY_METHOD_set_init); LCRYPTO_USED(EC_KEY_METHOD_set_keygen); LCRYPTO_USED(EC_KEY_METHOD_set_compute_key); +LCRYPTO_USED(EC_KEY_METHOD_set_sign); +LCRYPTO_USED(EC_KEY_METHOD_set_verify); LCRYPTO_USED(EC_KEY_METHOD_get_init); LCRYPTO_USED(EC_KEY_METHOD_get_keygen); LCRYPTO_USED(EC_KEY_METHOD_get_compute_key); +LCRYPTO_USED(EC_KEY_METHOD_get_sign); +LCRYPTO_USED(EC_KEY_METHOD_get_verify); LCRYPTO_USED(ECParameters_dup); LCRYPTO_USED(ERR_load_EC_strings); diff --git a/lib/libcrypto/hidden/openssl/ecdsa.h b/lib/libcrypto/hidden/openssl/ecdsa.h deleted file mode 100644 index 5846906be9e..00000000000 --- a/lib/libcrypto/hidden/openssl/ecdsa.h +++ /dev/null @@ -1,46 +0,0 @@ -/* $OpenBSD: ecdsa.h,v 1.5 2023/07/28 09:08:31 tb Exp $ */ -/* - * Copyright (c) 2023 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBCRYPTO_ECDSA_H -#define _LIBCRYPTO_ECDSA_H - -#ifndef _MSC_VER -#include_next -#else -#include "../include/openssl/ecdsa.h" -#endif -#include "crypto_namespace.h" - -LCRYPTO_USED(ECDSA_SIG_new); -LCRYPTO_USED(ECDSA_SIG_free); -LCRYPTO_USED(i2d_ECDSA_SIG); -LCRYPTO_USED(d2i_ECDSA_SIG); -LCRYPTO_USED(ECDSA_SIG_get0); -LCRYPTO_USED(ECDSA_SIG_get0_r); -LCRYPTO_USED(ECDSA_SIG_get0_s); -LCRYPTO_USED(ECDSA_SIG_set0); -LCRYPTO_USED(ECDSA_do_sign); -LCRYPTO_USED(ECDSA_do_verify); -LCRYPTO_USED(ECDSA_size); -LCRYPTO_USED(ECDSA_sign); -LCRYPTO_USED(ECDSA_verify); -LCRYPTO_USED(EC_KEY_METHOD_set_sign); -LCRYPTO_USED(EC_KEY_METHOD_set_verify); -LCRYPTO_USED(EC_KEY_METHOD_get_sign); -LCRYPTO_USED(EC_KEY_METHOD_get_verify); - -#endif /* _LIBCRYPTO_ECDSA_H */ -- 2.20.1