diff options
-rw-r--r-- | lib/libcrypto/ec/ec_key.c | 4 | ||||
-rw-r--r-- | lib/libcrypto/ec/ec_kmeth.c | 16 | ||||
-rw-r--r-- | lib/libcrypto/ec/ec_local.h | 10 | ||||
-rw-r--r-- | lib/libcrypto/ecdh/ech_key.c | 29 | ||||
-rw-r--r-- | lib/libcrypto/ecdh/ech_lib.c | 4 | ||||
-rw-r--r-- | lib/libcrypto/ecdsa/ecs_lib.c | 8 | ||||
-rw-r--r-- | lib/libcrypto/ecdsa/ecs_local.h | 8 | ||||
-rw-r--r-- | lib/libcrypto/ecdsa/ecs_ossl.c | 13 |
8 files changed, 52 insertions, 40 deletions
diff --git a/lib/libcrypto/ec/ec_key.c b/lib/libcrypto/ec/ec_key.c index 1006d2d89da..a15d06b0197 100644 --- a/lib/libcrypto/ec/ec_key.c +++ b/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.34 2023/07/03 09:35:26 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.35 2023/07/05 08:39:40 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -241,7 +241,7 @@ EC_KEY_generate_key(EC_KEY *eckey) } int -ossl_ec_key_gen(EC_KEY *eckey) +ec_key_gen(EC_KEY *eckey) { BIGNUM *priv_key = NULL; EC_POINT *pub_key = NULL; diff --git a/lib/libcrypto/ec/ec_kmeth.c b/lib/libcrypto/ec/ec_kmeth.c index 4e296cfa688..65bf1f99c26 100644 --- a/lib/libcrypto/ec/ec_kmeth.c +++ b/lib/libcrypto/ec/ec_kmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_kmeth.c,v 1.8 2023/06/25 18:52:27 tb Exp $ */ +/* $OpenBSD: ec_kmeth.c,v 1.9 2023/07/05 08:39:40 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -74,15 +74,15 @@ static const EC_KEY_METHOD openssl_ec_key_method = { .set_private = NULL, .set_public = NULL, - .keygen = ossl_ec_key_gen, - .compute_key = ossl_ecdh_compute_key, + .keygen = ec_key_gen, + .compute_key = ecdh_compute_key, - .sign = ossl_ecdsa_sign, - .sign_setup = ossl_ecdsa_sign_setup, - .sign_sig = ossl_ecdsa_sign_sig, + .sign = ecdsa_sign, + .sign_setup = ecdsa_sign_setup, + .sign_sig = ecdsa_sign_sig, - .verify = ossl_ecdsa_verify, - .verify_sig = ossl_ecdsa_verify_sig, + .verify = ecdsa_verify, + .verify_sig = ecdsa_verify_sig, }; const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method; diff --git a/lib/libcrypto/ec/ec_local.h b/lib/libcrypto/ec/ec_local.h index 0d219e8e214..7a1f90886d1 100644 --- a/lib/libcrypto/ec/ec_local.h +++ b/lib/libcrypto/ec/ec_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_local.h,v 1.23 2023/07/03 07:26:40 tb Exp $ */ +/* $OpenBSD: ec_local.h,v 1.24 2023/07/05 08:39:40 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -341,12 +341,12 @@ struct ec_key_method_st { #define EC_KEY_METHOD_DYNAMIC 1 -int ossl_ec_key_gen(EC_KEY *eckey); -int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, +int ec_key_gen(EC_KEY *eckey); +int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); -int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, +int ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); -int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, +int ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); /* diff --git a/lib/libcrypto/ecdh/ech_key.c b/lib/libcrypto/ecdh/ech_key.c index bac5b6e28da..5efb49ba59e 100644 --- a/lib/libcrypto/ecdh/ech_key.c +++ b/lib/libcrypto/ecdh/ech_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_key.c,v 1.32 2023/07/02 11:29:36 tb Exp $ */ +/* $OpenBSD: ech_key.c,v 1.33 2023/07/05 08:39:40 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -85,12 +85,11 @@ */ /* XXX - KDF handling moved to ECDH_compute_key(). See OpenSSL e2285d87. */ int -ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - EC_KEY *ecdh, +ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { BN_CTX *ctx; - BIGNUM *x; + BIGNUM *cofactor, *x; const BIGNUM *priv_key; const EC_GROUP *group; EC_POINT *point = NULL; @@ -111,11 +110,8 @@ ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, if ((x = BN_CTX_get(ctx)) == NULL) goto err; - - if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) { - ECDHerror(ECDH_R_NO_PRIVATE_VALUE); + if ((cofactor = BN_CTX_get(ctx)) == NULL) goto err; - } if ((group = EC_KEY_get0_group(ecdh)) == NULL) goto err; @@ -128,6 +124,23 @@ ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, goto err; } + if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) { + ECDHerror(ECDH_R_NO_PRIVATE_VALUE); + goto err; + } + + if ((EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) != 0) { + if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) { + ECDHerror(ERR_R_EC_LIB); + goto err; + } + if (!BN_mul(cofactor, cofactor, priv_key, ctx)) { + ECDHerror(ERR_R_BN_LIB); + goto err; + } + priv_key = cofactor; + } + if (!EC_POINT_mul(group, point, NULL, pub_key, priv_key, ctx)) { ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; diff --git a/lib/libcrypto/ecdh/ech_lib.c b/lib/libcrypto/ecdh/ech_lib.c index eb1b6bfebcb..52019b01c13 100644 --- a/lib/libcrypto/ecdh/ech_lib.c +++ b/lib/libcrypto/ecdh/ech_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_lib.c,v 1.22 2023/06/25 19:17:43 tb Exp $ */ +/* $OpenBSD: ech_lib.c,v 1.23 2023/07/05 08:39:40 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -90,7 +90,7 @@ static const ECDH_METHOD *default_ECDH_method = NULL; static const ECDH_METHOD openssl_ecdh_meth = { .name = "OpenSSL ECDH method", - .compute_key = ossl_ecdh_compute_key, + .compute_key = ecdh_compute_key, }; const ECDH_METHOD * diff --git a/lib/libcrypto/ecdsa/ecs_lib.c b/lib/libcrypto/ecdsa/ecs_lib.c index 743d5171657..69aa1b732be 100644 --- a/lib/libcrypto/ecdsa/ecs_lib.c +++ b/lib/libcrypto/ecdsa/ecs_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_lib.c,v 1.22 2023/06/25 19:33:39 tb Exp $ */ +/* $OpenBSD: ecs_lib.c,v 1.23 2023/07/05 08:39:40 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * @@ -70,9 +70,9 @@ static const ECDSA_METHOD *default_ECDSA_method = NULL; static const ECDSA_METHOD openssl_ecdsa_meth = { .name = "OpenSSL ECDSA method", - .ecdsa_do_sign = ossl_ecdsa_sign_sig, - .ecdsa_sign_setup = ossl_ecdsa_sign_setup, - .ecdsa_do_verify = ossl_ecdsa_verify_sig, + .ecdsa_do_sign = ecdsa_sign_sig, + .ecdsa_sign_setup = ecdsa_sign_setup, + .ecdsa_do_verify = ecdsa_verify_sig, }; const ECDSA_METHOD * diff --git a/lib/libcrypto/ecdsa/ecs_local.h b/lib/libcrypto/ecdsa/ecs_local.h index 20ad0c246e6..4f1140483fc 100644 --- a/lib/libcrypto/ecdsa/ecs_local.h +++ b/lib/libcrypto/ecdsa/ecs_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_local.h,v 1.3 2023/06/25 18:45:56 tb Exp $ */ +/* $OpenBSD: ecs_local.h,v 1.4 2023/07/05 08:39:40 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -68,12 +68,12 @@ struct ECDSA_SIG_st { BIGNUM *s; }; -int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); -int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, +int ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); -ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, +ECDSA_SIG *ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey); __END_HIDDEN_DECLS diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c index 0ca2651f255..223cc655da8 100644 --- a/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/lib/libcrypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.71 2023/07/04 15:09:31 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.72 2023/07/05 08:39:40 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -97,7 +97,7 @@ ecdsa_prepare_digest(const unsigned char *digest, int digest_len, } int -ossl_ecdsa_sign(int type, const unsigned char *digest, int digest_len, +ecdsa_sign(int type, const unsigned char *digest, int digest_len, unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *key) { @@ -128,8 +128,7 @@ ossl_ecdsa_sign(int type, const unsigned char *digest, int digest_len, */ int -ossl_ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, - BIGNUM **out_r) +ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r) { const EC_GROUP *group; EC_POINT *point = NULL; @@ -392,7 +391,7 @@ ecdsa_compute_s(BIGNUM **out_s, const BIGNUM *e, const BIGNUM *kinv, */ ECDSA_SIG * -ossl_ecdsa_sign_sig(const unsigned char *digest, int digest_len, +ecdsa_sign_sig(const unsigned char *digest, int digest_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *key) { BN_CTX *ctx = NULL; @@ -485,7 +484,7 @@ ossl_ecdsa_sign_sig(const unsigned char *digest, int digest_len, } int -ossl_ecdsa_verify(int type, const unsigned char *digest, int digest_len, +ecdsa_verify(int type, const unsigned char *digest, int digest_len, const unsigned char *sigbuf, int sig_len, EC_KEY *key) { ECDSA_SIG *s; @@ -522,7 +521,7 @@ ossl_ecdsa_verify(int type, const unsigned char *digest, int digest_len, */ int -ossl_ecdsa_verify_sig(const unsigned char *digest, int digest_len, +ecdsa_verify_sig(const unsigned char *digest, int digest_len, const ECDSA_SIG *sig, EC_KEY *key) { const EC_GROUP *group; |