From fa967534d69c9861c498a06f91c766ca96aab0ea Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 25 Jun 2023 18:41:36 +0000 Subject: [PATCH] Remove method wrappers that use {ecdh,ecdsa}_check() Now that it is no longer possible to set a custom {ECDH,ECDSA}_METHOD, EC_KEY_METHOD can just call the relevant method directly without the need for this extra contortion. ok jsing --- lib/libcrypto/ecdh/ech_key.c | 25 +++----------- lib/libcrypto/ecdsa/ecs_ossl.c | 62 ++++++---------------------------- 2 files changed, 14 insertions(+), 73 deletions(-) diff --git a/lib/libcrypto/ecdh/ech_key.c b/lib/libcrypto/ecdh/ech_key.c index a5c6371f911..108a5ff8f67 100644 --- a/lib/libcrypto/ecdh/ech_key.c +++ b/lib/libcrypto/ecdh/ech_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_key.c,v 1.14 2022/11/26 16:08:52 tb Exp $ */ +/* $OpenBSD: ech_key.c,v 1.15 2023/06/25 18:41:36 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -81,10 +81,6 @@ #include "ech_local.h" #include "ec_local.h" -static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, - EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); - /* * This implementation is based on the following primitives in the IEEE 1363 * standard: @@ -92,8 +88,8 @@ static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, * - ECSVDP-DH * Finally an optional KDF is applied. */ -static int -ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, +int +ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { @@ -195,7 +191,7 @@ err: static ECDH_METHOD openssl_ecdh_meth = { .name = "OpenSSL ECDH method", - .compute_key = ecdh_compute_key + .compute_key = ossl_ecdh_compute_key, }; const ECDH_METHOD * @@ -204,19 +200,6 @@ ECDH_OpenSSL(void) return &openssl_ecdh_meth; } -/* replace w/ ecdh_compute_key() when ECDH_METHOD gets removed */ -int -ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - EC_KEY *eckey, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) -{ - ECDH_DATA *ecdh; - - if ((ecdh = ecdh_check(eckey)) == NULL) - return 0; - return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); -} - int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey, diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c index 02e38109bc1..5df87f224b2 100644 --- a/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/lib/libcrypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.34 2023/06/25 18:35:28 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.35 2023/06/25 18:41:36 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -71,18 +71,12 @@ static int ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, BIGNUM *order, BIGNUM *ret); -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, - const BIGNUM *, const BIGNUM *, EC_KEY *eckey); -static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); static ECDSA_METHOD openssl_ecdsa_meth = { .name = "OpenSSL ECDSA method", - .ecdsa_do_sign = ecdsa_do_sign, - .ecdsa_sign_setup = ecdsa_sign_setup, - .ecdsa_do_verify = ecdsa_do_verify + .ecdsa_do_sign = ossl_ecdsa_sign_sig, + .ecdsa_sign_setup = ossl_ecdsa_sign_setup, + .ecdsa_do_verify = ossl_ecdsa_verify_sig, }; const ECDSA_METHOD * @@ -139,8 +133,8 @@ ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *si return ret; } -static int -ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +int +ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { BN_CTX *ctx = ctx_in; BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; @@ -260,18 +254,6 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) return (ret); } -/* replace w/ ecdsa_sign_setup() when ECDSA_METHOD gets removed */ -int -ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) -{ - ECDSA_DATA *ecdsa; - - if ((ecdsa = ecdsa_check(eckey)) == NULL) - return 0; - return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); -} - - /* * It is too expensive to check curve parameters on every sign operation. * Instead, cap the number of retries. A single retry is very unlikely, so @@ -279,8 +261,8 @@ ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp */ #define ECDSA_MAX_SIGN_ITERATIONS 32 -static ECDSA_SIG * -ecdsa_do_sign(const unsigned char *dgst, int dgst_len, +ECDSA_SIG * +ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) { BIGNUM *b = NULL, *binv = NULL, *bm = NULL, *bxr = NULL; @@ -432,18 +414,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, return ret; } -/* replace w/ ecdsa_do_sign() when ECDSA_METHOD gets removed */ -ECDSA_SIG * -ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) -{ - ECDSA_DATA *ecdsa; - - if ((ecdsa = ecdsa_check(eckey)) == NULL) - return NULL; - return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey); -} - int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) @@ -470,8 +440,8 @@ ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, return (ret); } -static int -ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, +int +ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { BN_CTX *ctx; @@ -561,18 +531,6 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, return ret; } -/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */ -int -ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) -{ - ECDSA_DATA *ecdsa; - - if ((ecdsa = ecdsa_check(eckey)) == NULL) - return 0; - return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); -} - ECDSA_SIG * ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { -- 2.20.1