/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
}
penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey));
- if (penc == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ if (penc == NULL)
return 0;
- }
if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) {
OPENSSL_free(penc);
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_X509_LIB);
return 0;
}
return 1;
penclen = i2d_ASN1_OCTET_STRING(&oct, &penc);
if (penclen < 0) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB);
return 0;
}
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
V_ASN1_UNDEF, NULL, penc, penclen)) {
OPENSSL_clear_free(penc, penclen);
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB);
return 0;
}
{
if (IS25519(pkey->ameth->pkey_id)) {
return X25519_BITS;
- } else if(ISX448(pkey->ameth->pkey_id)) {
+ } else if (ISX448(pkey->ameth->pkey_id)) {
return X448_BITS;
} else {
return ED448_BITS;
ECX_KEY *ecx = NULL;
if (pkey->keymgmt != NULL)
- libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt));
+ libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt));
ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id,
KEY_OP_PRIVATE, libctx, NULL);
ECX_KEY *ecx = NULL;
if (pkey->keymgmt != NULL)
- libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt));
+ libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt));
ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id,
KEY_OP_PUBLIC, libctx, NULL);
pctx->propquery);
if (ecx == NULL) {
- ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_DH, ERR_R_EC_LIB);
return 0;
}
return 2;
}
+static int ecd_item_sign(X509_ALGOR *alg1, X509_ALGOR *alg2, int nid)
+{
+ /* Note that X509_ALGOR_set0(..., ..., V_ASN1_UNDEF, ...) cannot fail */
+ /* Set algorithms identifiers */
+ (void)X509_ALGOR_set0(alg1, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+ if (alg2 != NULL)
+ (void)X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+ /* Algorithm identifiers set: carry on as normal */
+ return 3;
+}
+
static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it,
const void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *str)
{
- /* Set algorithms identifiers */
- X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
- if (alg2)
- X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
- /* Algorithm identifiers set: carry on as normal */
- return 3;
+ return ecd_item_sign(alg1, alg2, NID_ED25519);
}
static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *str)
{
- /* Set algorithm identifier */
- X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
- if (alg2 != NULL)
- X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
- /* Algorithm identifier set: carry on as normal */
- return 3;
+ return ecd_item_sign(alg1, alg2, NID_ED448);
}
static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
ECX_KEY *ecx = ossl_ecx_key_op(NULL, NULL, 0, ctx->pmeth->pkey_id,
- KEY_OP_PUBLIC, NULL, NULL);
+ KEY_OP_KEYGEN, NULL, NULL);
if (ecx != NULL) {
EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, ecx);
ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET);
return 0;
}
- ecxkey = ctx->pkey->pkey.ecx;
- peerkey = EVP_PKEY_get0(ctx->peerkey);
+ ecxkey = evp_pkey_get_legacy(ctx->pkey);
+ peerkey = evp_pkey_get_legacy(ctx->peerkey);
if (ecxkey == NULL || ecxkey->privkey == NULL) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY);
return 0;
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
+
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
if (sig == NULL) {
*siglen = ED25519_SIGSIZE;
return 0;
}
- if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
- NULL) == 0)
+ if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey,
+ 0, 0, 0,
+ NULL, 0,
+ NULL, NULL) == 0)
return 0;
*siglen = ED25519_SIGSIZE;
return 1;
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
+
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
if (sig == NULL) {
*siglen = ED448_SIGSIZE;
}
if (ossl_ed448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey,
- edkey->privkey, NULL, 0, edkey->propq) == 0)
+ edkey->privkey, NULL, 0, 0, edkey->propq) == 0)
return 0;
*siglen = ED448_SIGSIZE;
return 1;
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
+
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
if (siglen != ED25519_SIGSIZE)
return 0;
return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey,
+ 0, 0, 0,
+ NULL, 0,
edkey->libctx, edkey->propq);
}
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
+
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
if (siglen != ED448_SIGSIZE)
return 0;
return ossl_ed448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey,
- NULL, 0, edkey->propq);
+ NULL, 0, 0, edkey->propq);
}
static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
privkey = ossl_ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN, 0) <= 0)
goto err;
privkey[0] &= 248;
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
privkey = ossl_ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN, 0) <= 0)
goto err;
privkey[0] &= 252;
int rv;
if (key == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
privkey = ossl_ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0)
goto err;
md = EVP_MD_fetch(ctx->libctx, "SHA512", ctx->propquery);
int rv;
if (key == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
privkey = ossl_ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN, 0) <= 0)
goto err;
hashctx = EVP_MD_CTX_new();
{
const unsigned char *privkey, *pubkey;
- if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+ || (key != NULL
+ && s390x_x25519_mul(key, privkey, pubkey) == 0))
return 0;
-
- if (key != NULL)
- return s390x_x25519_mul(key, pubkey, privkey);
-
*keylen = X25519_KEYLEN;
return 1;
}
{
const unsigned char *privkey, *pubkey;
- if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+ || (key != NULL
+ && s390x_x448_mul(key, pubkey, privkey) == 0))
return 0;
-
- if (key != NULL)
- return s390x_x448_mul(key, pubkey, privkey);
-
*keylen = X448_KEYLEN;
return 1;
}
} ed25519;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
int rc;
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
+
if (sig == NULL) {
*siglen = ED25519_SIGSIZE;
return 1;
} ed448;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
int rc;
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
+
if (sig == NULL) {
*siglen = ED448_SIGSIZE;
return 1;
} ed25519;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
+
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
if (siglen != ED25519_SIGSIZE)
return 0;
} ed448;
unsigned long long buff[512];
} param;
- const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
+
+ if (edkey == NULL) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
+ return 0;
+ }
if (siglen != ED448_SIGSIZE)
return 0;