sync

lib/libcrypto/ec/ec.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.41 2023/04/27 07:10:05 tb Exp $ */
+/* $OpenBSD: ec.h,v 1.42 2023/07/05 17:10:10 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -606,6 +606,7 @@ void ERR_load_EC_strings(void);
 /* Reason codes. */
 #define EC_R_ASN1_ERROR					 115
 #define EC_R_ASN1_UNKNOWN_FIELD				 116
+#define EC_R_BAD_SIGNATURE				 166
 #define EC_R_BIGNUM_OUT_OF_RANGE			 144
 #define EC_R_BUFFER_TOO_SMALL				 100
 #define EC_R_COORDINATES_OUT_OF_RANGE			 146
@@ -633,10 +634,13 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_PENTANOMIAL_BASIS			 132
 #define EC_R_INVALID_PRIVATE_KEY			 123
 #define EC_R_INVALID_TRINOMIAL_BASIS			 137
+#define EC_R_KDF_FAILED					 167
 #define EC_R_KDF_PARAMETER_ERROR			 148
+#define EC_R_KEY_TRUNCATION				 168
 #define EC_R_KEYS_NOT_SET				 140
 #define EC_R_MISSING_PARAMETERS				 124
 #define EC_R_MISSING_PRIVATE_KEY			 125
+#define EC_R_NEED_NEW_SETUP_VALUES			 170
 #define EC_R_NOT_A_NIST_PRIME				 135
 #define EC_R_NOT_A_SUPPORTED_NIST_PRIME			 136
 #define EC_R_NOT_IMPLEMENTED				 126
@@ -647,6 +651,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_PEER_KEY_ERROR				 149
 #define EC_R_PKPARAMETERS2GROUP_FAILURE			 127
 #define EC_R_POINT_AT_INFINITY				 106
+#define EC_R_POINT_ARITHMETIC_FAILURE			 169
 #define EC_R_POINT_IS_NOT_ON_CURVE			 107
 #define EC_R_SHARED_INFO_ERROR				 150
 #define EC_R_SLOT_FULL					 108

lib/libcrypto/ec/ec_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.38 2023/03/07 07:01:35 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.40 2023/07/03 09:25:44 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -367,23 +367,12 @@ int_ec_size(const EVP_PKEY *pkey)
 static int
 ec_bits(const EVP_PKEY *pkey)
 {
-	BIGNUM *order = BN_new();
 	const EC_GROUP *group;
-	int ret;
 
-	if (!order) {
-		ERR_clear_error();
+	if ((group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL)
 		return 0;
-	}
-	group = EC_KEY_get0_group(pkey->pkey.ec);
-	if (!EC_GROUP_get_order(group, order, NULL)) {
-		BN_free(order);
-		ERR_clear_error();
-		return 0;
-	}
-	ret = BN_num_bits(order);
-	BN_free(order);
-	return ret;
+
+	return EC_GROUP_order_bits(group);
 }
 
 static int
@@ -442,7 +431,7 @@ do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 	const char *ecstr;
 	size_t buf_len = 0, i;
 	int ret = 0, reason = ERR_R_BIO_LIB;
-	BIGNUM *pub_key = NULL, *order = NULL;
+	BIGNUM *pub_key = NULL;
 	BN_CTX *ctx = NULL;
 	const EC_GROUP *group;
 	const EC_POINT *public_key;
@@ -492,19 +481,13 @@ do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 
 	if (!BIO_indent(bp, off, 128))
 		goto err;
-	if ((order = BN_new()) == NULL)
-		goto err;
-	if (!EC_GROUP_get_order(group, order, NULL))
-		goto err;
 	if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
-		BN_num_bits(order)) <= 0)
+	    EC_GROUP_order_bits(group)) <= 0)
 		goto err;
 
-	if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key,
-		buffer, off))
+	if (!ASN1_bn_print(bp, "priv:", priv_key, buffer, off))
 		goto err;
-	if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,
-		buffer, off))
+	if (!ASN1_bn_print(bp, "pub: ", pub_key, buffer, off))
 		goto err;
 	if (!ECPKParameters_print(bp, group, off))
 		goto err;
@@ -513,7 +496,6 @@ do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 	if (!ret)
 		ECerror(reason);
 	BN_free(pub_key);
-	BN_free(order);
 	BN_CTX_free(ctx);
 	free(buffer);
 	return (ret);

lib/libcrypto/ec/ec_check.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_check.c,v 1.13 2023/04/11 18:58:20 jsing Exp $ */
+/* $OpenBSD: ec_check.c,v 1.14 2023/07/03 09:29:55 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -60,8 +60,8 @@ int
 EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 {
 	BN_CTX *ctx;
-	BIGNUM *order;
 	EC_POINT *point = NULL;
+	const BIGNUM *order;
 	int ret = 0;
 
 	if ((ctx = ctx_in) == NULL)
@@ -69,11 +69,6 @@ EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 	if (ctx == NULL)
 		goto err;
 
-	BN_CTX_start(ctx);
-
-	if ((order = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
 	/* check the discriminant */
 	if (!EC_GROUP_check_discriminant(group, ctx)) {
 		ECerror(EC_R_DISCRIMINANT_IS_ZERO);
@@ -91,7 +86,7 @@ EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 	/* check the order of the generator */
 	if ((point = EC_POINT_new(group)) == NULL)
 		goto err;
-	if (!EC_GROUP_get_order(group, order, ctx))
+	if ((order = EC_GROUP_get0_order(group)) == NULL)
 		goto err;
 	if (BN_is_zero(order)) {
 		ECerror(EC_R_UNDEFINED_ORDER);
@@ -107,8 +102,6 @@ EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 	ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-
 	if (ctx != ctx_in)
 		BN_CTX_free(ctx);
 

lib/libcrypto/ec/ec_err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_err.c,v 1.15 2022/11/19 07:00:57 tb Exp $ */
+/* $OpenBSD: ec_err.c,v 1.16 2023/07/05 17:10:10 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -74,6 +74,7 @@ static ERR_STRING_DATA EC_str_reasons[] =
 {
 	{ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
 	{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
+	{ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
 	{ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
 	{ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
 	{ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"},
@@ -101,10 +102,13 @@ static ERR_STRING_DATA EC_str_reasons[] =
 	{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
 	{ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
 	{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
+	{ERR_REASON(EC_R_KDF_FAILED), "kdf failed"},
 	{ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+	{ERR_REASON(EC_R_KEY_TRUNCATION), "key would be truncated"},
 	{ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
 	{ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
 	{ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+	{ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
 	{ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
 	{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME), "not a supported NIST prime"},
 	{ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
@@ -114,6 +118,7 @@ static ERR_STRING_DATA EC_str_reasons[] =
 	{ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
 	{ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"},
 	{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), "pkparameters2group failure"},
+	{ERR_REASON(EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
 	{ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
 	{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
 	{ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},

lib/libcrypto/ec/ec_key.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.33 2023/06/25 18:52:27 tb Exp $ */
+/* $OpenBSD: ec_key.c,v 1.35 2023/07/05 08:39:40 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -241,12 +241,11 @@ EC_KEY_generate_key(EC_KEY *eckey)
 }
 
 int
-ossl_ec_key_gen(EC_KEY *eckey)
+ec_key_gen(EC_KEY *eckey)
 {
-	BN_CTX *ctx = NULL;
 	BIGNUM *priv_key = NULL;
 	EC_POINT *pub_key = NULL;
-	BIGNUM *order;
+	const BIGNUM *order;
 	int ret = 0;
 
 	if (eckey == NULL || eckey->group == NULL) {
@@ -259,19 +258,11 @@ ossl_ec_key_gen(EC_KEY *eckey)
 	if ((pub_key = EC_POINT_new(eckey->group)) == NULL)
 		goto err;
 
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-
-	if ((order = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
-	if (!EC_GROUP_get_order(eckey->group, order, ctx))
+	if ((order = EC_GROUP_get0_order(eckey->group)) == NULL)
 		goto err;
 	if (!bn_rand_interval(priv_key, BN_value_one(), order))
 		goto err;
-	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL))
 		goto err;
 
 	BN_free(eckey->priv_key);
@@ -287,8 +278,6 @@ ossl_ec_key_gen(EC_KEY *eckey)
  err:
 	EC_POINT_free(pub_key);
 	BN_free(priv_key);
-	BN_CTX_end(ctx);
-	BN_CTX_free(ctx);
 
 	return ret;
 }
@@ -298,7 +287,7 @@ EC_KEY_check_key(const EC_KEY *eckey)
 {
 	BN_CTX *ctx = NULL;
 	EC_POINT *point = NULL;
-	BIGNUM *order;
+	const BIGNUM *order;
 	int ret = 0;
 
 	if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
@@ -314,11 +303,6 @@ EC_KEY_check_key(const EC_KEY *eckey)
 	if ((ctx = BN_CTX_new()) == NULL)
 		goto err;
 
-	BN_CTX_start(ctx);
-
-	if ((order = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
 	if ((point = EC_POINT_new(eckey->group)) == NULL)
 		goto err;
 
@@ -329,7 +313,7 @@ EC_KEY_check_key(const EC_KEY *eckey)
 	}
 
 	/* Ensure public key multiplied by the order is the point at infinity. */
-	if (!EC_GROUP_get_order(eckey->group, order, ctx)) {
+	if ((order = EC_GROUP_get0_order(eckey->group)) == NULL) {
 		ECerror(EC_R_INVALID_GROUP_ORDER);
 		goto err;
 	}
@@ -366,7 +350,6 @@ EC_KEY_check_key(const EC_KEY *eckey)
 	ret = 1;
 
  err:
-	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
 	EC_POINT_free(point);
 

lib/libcrypto/ec/ec_kmeth.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ec_kmeth.c,v 1.8 2023/06/25 18:52:27 tb Exp $	*/
+/*	$OpenBSD: ec_kmeth.c,v 1.10 2023/07/05 11:37:46 tb Exp $	*/
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -60,7 +60,7 @@
 
 #include "bn_local.h"
 #include "ec_local.h"
-#include "ecs_local.h"
+#include "ecdsa_local.h"
 
 static const EC_KEY_METHOD openssl_ec_key_method = {
 	.name = "OpenSSL EC_KEY method",
@@ -74,15 +74,15 @@ static const EC_KEY_METHOD openssl_ec_key_method = {
 	.set_private = NULL,
 	.set_public = NULL,
 
-	.keygen = ossl_ec_key_gen,
-	.compute_key = ossl_ecdh_compute_key,
+	.keygen = ec_key_gen,
+	.compute_key = ecdh_compute_key,
 
-	.sign = ossl_ecdsa_sign,
-	.sign_setup = ossl_ecdsa_sign_setup,
-	.sign_sig = ossl_ecdsa_sign_sig,
+	.sign = ecdsa_sign,
+	.sign_setup = ecdsa_sign_setup,
+	.sign_sig = ecdsa_sign_sig,
 
-	.verify = ossl_ecdsa_verify,
-	.verify_sig = ossl_ecdsa_verify_sig,
+	.verify = ecdsa_verify,
+	.verify_sig = ecdsa_verify_sig,
 };
 
 const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;

lib/libcrypto/ec/ec_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.61 2023/06/25 18:52:27 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.62 2023/07/03 07:26:40 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -357,7 +357,6 @@ EC_GROUP_get0_generator(const EC_GROUP *group)
 	return group->generator;
 }
 
-
 int
 EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
 {
@@ -367,6 +366,12 @@ EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
 	return !BN_is_zero(order);
 }
 
+const BIGNUM *
+EC_GROUP_get0_order(const EC_GROUP *group)
+{
+	return &group->order;
+}
+
 int
 EC_GROUP_order_bits(const EC_GROUP *group)
 {

lib/libcrypto/ec/ec_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.22 2023/06/27 07:31:18 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.24 2023/07/05 08:39:40 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -341,12 +341,12 @@ struct ec_key_method_st {
 
 #define EC_KEY_METHOD_DYNAMIC   1
 
-int ossl_ec_key_gen(EC_KEY *eckey);
-int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+int ec_key_gen(EC_KEY *eckey);
+int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
     void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
-int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+int ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
     const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+int ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
     const ECDSA_SIG *sig, EC_KEY *eckey);
 
 /*
@@ -360,4 +360,7 @@ int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p,
 int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
     const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
 
+/* Public API in OpenSSL */
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+
 __END_HIDDEN_DECLS

lib/libcrypto/ec/eck_prn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: eck_prn.c,v 1.21 2023/06/27 07:32:29 tb Exp $ */
+/* $OpenBSD: eck_prn.c,v 1.27 2023/07/06 15:18:02 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -69,6 +69,8 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
+#include "ec_local.h"
+
 int
 ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
 {
@@ -157,155 +159,156 @@ static int
 print_bin(BIO *fp, const char *str, const unsigned char *num,
     size_t len, int off);
 
-int
-ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+static int
+ecpk_print_asn1_parameters(BIO *bp, const EC_GROUP *group, int off)
 {
-	unsigned char *buffer = NULL;
-	size_t buf_len = 0, i;
-	int ret = 0, reason = ERR_R_BIO_LIB;
+	const char *nist_name;
 	int nid;
-	BN_CTX *ctx = NULL;
-	const EC_POINT *point = NULL;
-	BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, *order = NULL,
-	*cofactor = NULL;
-	const unsigned char *seed;
-	size_t seed_len = 0;
-	const char *nname;
+	int ret = 0;
 
-	static const char *gen_compressed = "Generator (compressed):";
-	static const char *gen_uncompressed = "Generator (uncompressed):";
-	static const char *gen_hybrid = "Generator (hybrid):";
-
-	if (!x) {
-		reason = ERR_R_PASSED_NULL_PARAMETER;
+	if (!BIO_indent(bp, off, 128)) {
+		ECerror(ERR_R_BIO_LIB);
 		goto err;
 	}
-	ctx = BN_CTX_new();
-	if (ctx == NULL) {
-		reason = ERR_R_MALLOC_FAILURE;
+
+	if ((nid = EC_GROUP_get_curve_name(group)) == NID_undef) {
+		ECerror(ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
-	if (EC_GROUP_get_asn1_flag(x)) {
-		/* the curve parameter are given by an asn1 OID */
-		if (!BIO_indent(bp, off, 128))
-			goto err;
 
-		nid = EC_GROUP_get_curve_name(x);
-		if (nid == 0)
-			goto err;
-
-		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-			goto err;
-		if (BIO_printf(bp, "\n") <= 0)
-			goto err;
-
-		nname = EC_curve_nid2nist(nid);
-		if (nname) {
-			if (!BIO_indent(bp, off, 128))
-				goto err;
-			if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
-				goto err;
-		}
-	} else {
-		/* explicit parameters */
-		point_conversion_form_t form;
-
-		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-		    (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-		    (cofactor = BN_new()) == NULL) {
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-		}
-		if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-
-		if ((point = EC_GROUP_get0_generator(x)) == NULL) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-		if (!EC_GROUP_get_order(x, order, NULL) ||
-		    !EC_GROUP_get_cofactor(x, cofactor, NULL)) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-		form = EC_GROUP_get_point_conversion_form(x);
-
-		if ((gen = EC_POINT_point2bn(x, point,
-			    form, NULL, ctx)) == NULL) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-		buf_len = (size_t) BN_num_bytes(p);
-		if (buf_len < (i = (size_t) BN_num_bytes(a)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(b)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(gen)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(order)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(cofactor)))
-			buf_len = i;
-
-		if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-			seed_len = EC_GROUP_get_seed_len(x);
-
-		buf_len += 10;
-		if ((buffer = malloc(buf_len)) == NULL) {
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-		}
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-		/* print the 'short name' of the field type */
-		if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(nid)) <= 0)
-			goto err;
-
-		if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off))
-			goto err;
-		if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, buffer, off))
-			goto err;
-		if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, buffer, off))
-			goto err;
-		if (form == POINT_CONVERSION_COMPRESSED) {
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
-				buffer, off))
-				goto err;
-		} else if (form == POINT_CONVERSION_UNCOMPRESSED) {
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
-				buffer, off))
-				goto err;
-		} else {	/* form == POINT_CONVERSION_HYBRID */
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
-				buffer, off))
-				goto err;
-		}
-		if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
-			buffer, off))
-			goto err;
-		if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
-			buffer, off))
-			goto err;
-		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-			goto err;
+	if (BIO_printf(bp, "ASN1 OID: %s\n", OBJ_nid2sn(nid)) <= 0) {
+		ECerror(ERR_R_BIO_LIB);
+		goto err;
 	}
+
+	if ((nist_name = EC_curve_nid2nist(nid)) != NULL) {
+		if (!BIO_indent(bp, off, 128)) {
+			ECerror(ERR_R_BIO_LIB);
+			goto err;
+		}
+		if (BIO_printf(bp, "NIST CURVE: %s\n", nist_name) <= 0) {
+			ECerror(ERR_R_BIO_LIB);
+			goto err;
+		}
+	}
+
 	ret = 1;
  err:
-	if (!ret)
-		ECerror(reason);
-	BN_free(p);
-	BN_free(a);
-	BN_free(b);
-	BN_free(gen);
-	BN_free(order);
-	BN_free(cofactor);
+
+	return ret;
+}
+
+static int
+ecpk_print_explicit_parameters(BIO *bp, const EC_GROUP *group, int off)
+{
+	BN_CTX *ctx = NULL;
+	const BIGNUM *order;
+	BIGNUM *p, *a, *b, *cofactor;
+	BIGNUM *gen = NULL;
+	const EC_POINT *generator;
+	const char *conversion_form;
+	const unsigned char *seed;
+	size_t seed_len;
+	point_conversion_form_t form;
+	int nid;
+	int ret = 0;
+
+	if ((ctx = BN_CTX_new()) == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	BN_CTX_start(ctx);
+
+	if ((p = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((a = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((b = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((cofactor = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((gen = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	if ((order = EC_GROUP_get0_order(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+
+	if ((generator = EC_GROUP_get0_generator(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	form = EC_GROUP_get_point_conversion_form(group);
+	if (EC_POINT_point2bn(group, generator, form, gen, ctx) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+
+	if (!BIO_indent(bp, off, 128))
+		goto err;
+
+	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+	if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(nid)) <= 0)
+		goto err;
+
+	if (!bn_printf(bp, p, off, "Prime:"))
+		goto err;
+	if (!bn_printf(bp, a, off, "A:   "))
+		goto err;
+	if (!bn_printf(bp, b, off, "B:   "))
+		goto err;
+
+	if (form == POINT_CONVERSION_COMPRESSED)
+		conversion_form = "compressed";
+	else if (form == POINT_CONVERSION_UNCOMPRESSED)
+		conversion_form = "uncompressed";
+	else if (form == POINT_CONVERSION_HYBRID)
+		conversion_form = "hybrid";
+	else
+		conversion_form = "unknown";
+	if (!bn_printf(bp, gen, off, "Generator (%s):", conversion_form))
+		goto err;
+
+	if (!bn_printf(bp, order, off, "Order: "))
+		goto err;
+	if (!bn_printf(bp, cofactor, off, "Cofactor: "))
+		goto err;
+	if ((seed = EC_GROUP_get0_seed(group)) != NULL) {
+		seed_len = EC_GROUP_get_seed_len(group);
+		if (!print_bin(bp, "Seed:", seed, seed_len, off))
+			goto err;
+	}
+
+	ret = 1;
+ err:
+	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
-	free(buffer);
-	return (ret);
+
+	return ret;
+}
+
+int
+ECPKParameters_print(BIO *bp, const EC_GROUP *group, int off)
+{
+	if (group == NULL) {
+		ECerror(ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+	}
+
+	if (EC_GROUP_get_asn1_flag(group))
+		return ecpk_print_asn1_parameters(bp, group, off);
+
+	return ecpk_print_explicit_parameters(bp, group, off);
 }
 
 static int

lib/libcrypto/ec/ecp_smpl.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.44 2023/04/11 18:58:20 jsing Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.45 2023/06/30 18:19:35 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -162,7 +162,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP *group,
 
  err:
 	BN_CTX_end(ctx);
-	
+
 	return ret;
 }
 

lib/libcrypto/ec/ecx_methods.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ecx_methods.c,v 1.5 2023/03/15 06:34:07 tb Exp $ */
+/*	$OpenBSD: ecx_methods.c,v 1.7 2023/07/05 20:56:29 bcook Exp $ */
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
  *
@@ -486,7 +486,7 @@ ecx_free(EVP_PKEY *pkey)
 {
 	struct ecx_key_st *ecx_key = pkey->pkey.ecx;
 
-	return ecx_key_free(ecx_key);
+	ecx_key_free(ecx_key);
 }
 
 static int
@@ -683,11 +683,11 @@ ecx_item_verify(EVP_MD_CTX *md_ctx, const ASN1_ITEM *it, void *asn,
 
 	if (nid != NID_ED25519 || param_type != V_ASN1_UNDEF) {
 		ECerror(EC_R_INVALID_ENCODING);
-		return 0;
+		return -1;
 	}
 
 	if (!EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, pkey))
-		return 0;
+		return -1;
 
 	return 2;
 }
@@ -757,9 +757,9 @@ pkey_ecx_digestverify(EVP_MD_CTX *md_ctx, const unsigned char *sig,
 	ecx_key = pkey_ctx->pkey->pkey.ecx;
 
 	if (ecx_key == NULL || ecx_key->pub_key == NULL)
-		return 0;
+		return -1;
 	if (sig_len != ecx_sig_size(pkey_ctx->pkey))
-		return 0;
+		return -1;
 
 	return ED25519_verify(message, message_len, sig, ecx_key->pub_key);
 }