/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
static EC_KEY *eckey_type2param(int ptype, const void *pval)
{
EC_KEY *eckey = NULL;
+ EC_GROUP *group = NULL;
+
if (ptype == V_ASN1_SEQUENCE) {
const ASN1_STRING *pstr = pval;
- const unsigned char *pm = NULL;
- int pmlen;
- pm = pstr->data;
- pmlen = pstr->length;
+ const unsigned char *pm = pstr->data;
+ int pmlen = pstr->length;
+
if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
const ASN1_OBJECT *poid = pval;
- EC_GROUP *group;
/*
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
ecerr:
EC_KEY_free(eckey);
+ EC_GROUP_free(group);
return NULL;
}
static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+
if (group == NULL)
return 0;
if (to->pkey.ec == NULL) {
to->pkey.ec = EC_KEY_new();
if (to->pkey.ec == NULL)
- return 0;
+ goto err;
}
if (EC_KEY_set_group(to->pkey.ec, group) == 0)
- return 0;
+ goto err;
EC_GROUP_free(group);
return 1;
+ err:
+ EC_GROUP_free(group);
+ return 0;
}
static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
- return 2;
+ return 1;
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
}
+static int ec_pkey_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /* stay consistent to what EVP_PKEY_check demands */
+ if (eckey->priv_key == NULL) {
+ ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY);
+ return 0;
+ }
+
+ return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /*
+ * Note: it unnecessary to check eckey->pub_key here since
+ * it will be checked in EC_KEY_check_key(). In fact, the
+ * EC_KEY_check_key() mainly checks the public key, and checks
+ * the private key optionally (only if there is one). So if
+ * someone passes a whole EC key (public + private), this
+ * will also work...
+ */
+
+ return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /* stay consistent to what EVP_PKEY_check demands */
+ if (eckey->group == NULL) {
+ ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ return EC_GROUP_check(eckey->group, NULL);
+}
+
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
EVP_PKEY_EC,
EVP_PKEY_EC,
int_ec_free,
ec_pkey_ctrl,
old_ec_priv_decode,
- old_ec_priv_encode
+ old_ec_priv_encode,
+
+ 0, 0, 0,
+
+ ec_pkey_check,
+ ec_pkey_public_check,
+ ec_pkey_param_check
+};
+
+#if !defined(OPENSSL_NO_SM2)
+const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
+ EVP_PKEY_SM2,
+ EVP_PKEY_EC,
+ ASN1_PKEY_ALIAS
};
+#endif
int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
{
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
return 0;
- if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+ if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
return 0;
kdf_md = EVP_get_digestbynid(kdfmd_nid);
ecdh_nid = NID_dh_cofactor_kdf;
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
- kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+ kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else